From bbf1976a5f724d1da9f5e134937c5106d63cf138 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 12 Dec 2020 05:39:37 -0700 Subject: [PATCH] starting auth section --- .github/workflows/ansible-lint.yml | 2 +- ansible/inventory/idpinventory | 3 +++ ansible/playbooks/init-rocky-system-config.yml | 3 +++ ansible/playbooks/requirements.yml | 3 +++ ansible/playbooks/tasks/authentication.yml | 3 +++ 5 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 ansible/inventory/idpinventory create mode 100644 ansible/playbooks/tasks/authentication.yml diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 0147f84..95864af 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -23,7 +23,7 @@ jobs: echo 'collections_paths = ./collections' >> ansible.cfg - name: Install requirements - run: ansible-galaxy collection install -r ansible/playbooks/requirements.yml -p collections + run: ansible-galaxy install -r ansible/playbooks/requirements.yml - name: Ansible Lint uses: ansible/ansible-lint-action@master diff --git a/ansible/inventory/idpinventory b/ansible/inventory/idpinventory new file mode 100644 index 0000000..29c704b --- /dev/null +++ b/ansible/inventory/idpinventory @@ -0,0 +1,3 @@ +# Placeholder +[ipsilon] +idp.rockylinux.org diff --git a/ansible/playbooks/init-rocky-system-config.yml b/ansible/playbooks/init-rocky-system-config.yml index 2c01324..11d6e0b 100644 --- a/ansible/playbooks/init-rocky-system-config.yml +++ b/ansible/playbooks/init-rocky-system-config.yml @@ -30,6 +30,9 @@ - name: Configure harden settings include: tasks/harden.yml + - name: Configure PAM and SSSD + include: tasks/authentication.yml + post_tasks: - name: Touching run file that ansible has ran here file: diff --git a/ansible/playbooks/requirements.yml b/ansible/playbooks/requirements.yml index d964f74..79df8b8 100644 --- a/ansible/playbooks/requirements.yml +++ b/ansible/playbooks/requirements.yml @@ -2,3 +2,6 @@ collections: - freeipa.ansible_freeipa - community.general + +roles: + - name: geerlingguy.mysql diff --git a/ansible/playbooks/tasks/authentication.yml b/ansible/playbooks/tasks/authentication.yml new file mode 100644 index 0000000..6521ec9 --- /dev/null +++ b/ansible/playbooks/tasks/authentication.yml @@ -0,0 +1,3 @@ +--- +# Configures PAM and SSSD post-ipa client installation. It is recommended that +# that we use a custom authselect profile and build it out from there.