From 703eb27176c62512064cea0e697819000895f914 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 23 Jan 2021 14:37:28 -0700 Subject: [PATCH 1/3] add ipauser disable --- .../production/group_vars/rabbitmq/main.yml | 2 +- .../staging/group_vars/rabbitmq/main.yml | 2 +- ansible/playbooks/adhoc-ipauser-disable.yml | 29 +++++++++++++++++++ ansible/playbooks/adhoc-ipauser-enable.yml | 29 +++++++++++++++++++ ansible/playbooks/role-rocky-rabbitmq.yml | 2 +- 5 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 ansible/playbooks/adhoc-ipauser-disable.yml create mode 100644 ansible/playbooks/adhoc-ipauser-enable.yml diff --git a/ansible/inventories/production/group_vars/rabbitmq/main.yml b/ansible/inventories/production/group_vars/rabbitmq/main.yml index 15ef793..16dd22f 100644 --- a/ansible/inventories/production/group_vars/rabbitmq/main.yml +++ b/ansible/inventories/production/group_vars/rabbitmq/main.yml @@ -1,5 +1,5 @@ --- # RabbitMQ Staging Vars -rabbitmq_cluster_name: "rabbitprod" +rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_env: "production" diff --git a/ansible/inventories/staging/group_vars/rabbitmq/main.yml b/ansible/inventories/staging/group_vars/rabbitmq/main.yml index 035c0fa..efe73c5 100644 --- a/ansible/inventories/staging/group_vars/rabbitmq/main.yml +++ b/ansible/inventories/staging/group_vars/rabbitmq/main.yml @@ -1,5 +1,5 @@ --- # RabbitMQ Staging Vars -rabbitmq_cluster_name: "rabbitstage" +rabbitmq_cluster_name: "rabbit" rabbitmq_cluster_list: "{{ groups['rabbitmq'] }}" rabbitmq_env: "staging" diff --git a/ansible/playbooks/adhoc-ipauser-disable.yml b/ansible/playbooks/adhoc-ipauser-disable.yml new file mode 100644 index 0000000..956f695 --- /dev/null +++ b/ansible/playbooks/adhoc-ipauser-disable.yml @@ -0,0 +1,29 @@ +--- +# This playbook is meant to be used with callable variables, like adhoc or AWX. +# What: Creates users in the idm infrastructure based on the variables provided. + +- name: Create a User + hosts: ipaserver + become: false + gather_facts: false + vars_files: + - vars/vaults/encpass.yml + + tasks: + - name: "Checking for user variables" + assert: + that: + - ipa_admin | mandatory + - ipaadmin_password | mandatory + - ipa_name | mandatory + success_msg: "Required variables provided" + fail_msg: "We are missing user information or ipa admin password" + + - name: "Creating User Account" + freeipa.ansible_freeipa.ipauser: + ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_password: "{{ ipaadmin_password }}" + name: "{{ ipa_name }}" + state: disabled + tags: + - users diff --git a/ansible/playbooks/adhoc-ipauser-enable.yml b/ansible/playbooks/adhoc-ipauser-enable.yml new file mode 100644 index 0000000..4bf1ad1 --- /dev/null +++ b/ansible/playbooks/adhoc-ipauser-enable.yml @@ -0,0 +1,29 @@ +--- +# This playbook is meant to be used with callable variables, like adhoc or AWX. +# What: Creates users in the idm infrastructure based on the variables provided. + +- name: Create a User + hosts: ipaserver + become: false + gather_facts: false + vars_files: + - vars/vaults/encpass.yml + + tasks: + - name: "Checking for user variables" + assert: + that: + - ipa_admin | mandatory + - ipaadmin_password | mandatory + - ipa_name | mandatory + success_msg: "Required variables provided" + fail_msg: "We are missing user information or ipa admin password" + + - name: "Creating User Account" + freeipa.ansible_freeipa.ipauser: + ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_password: "{{ ipaadmin_password }}" + name: "{{ ipa_name }}" + state: enabled + tags: + - users diff --git a/ansible/playbooks/role-rocky-rabbitmq.yml b/ansible/playbooks/role-rocky-rabbitmq.yml index e837a1a..8fd9985 100644 --- a/ansible/playbooks/role-rocky-rabbitmq.yml +++ b/ansible/playbooks/role-rocky-rabbitmq.yml @@ -54,7 +54,7 @@ # rocky-release-rabbitmq repo - name: Install centos rabbitmq yum: - name: centos-release-rabbitmq + name: centos-release-rabbitmq-38 state: present tags: - packages From 62974f97c2d908745b9e2dc4be9851edb212fe50 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 23 Jan 2021 14:38:54 -0700 Subject: [PATCH 2/3] fixing names --- ansible/playbooks/adhoc-ipauser-disable.yml | 2 +- ansible/playbooks/adhoc-ipauser-enable.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/playbooks/adhoc-ipauser-disable.yml b/ansible/playbooks/adhoc-ipauser-disable.yml index 956f695..cea43e6 100644 --- a/ansible/playbooks/adhoc-ipauser-disable.yml +++ b/ansible/playbooks/adhoc-ipauser-disable.yml @@ -19,7 +19,7 @@ success_msg: "Required variables provided" fail_msg: "We are missing user information or ipa admin password" - - name: "Creating User Account" + - name: "Disabling User Account" freeipa.ansible_freeipa.ipauser: ipaadmin_principal: "{{ ipa_admin }}" ipaadmin_password: "{{ ipaadmin_password }}" diff --git a/ansible/playbooks/adhoc-ipauser-enable.yml b/ansible/playbooks/adhoc-ipauser-enable.yml index 4bf1ad1..6043238 100644 --- a/ansible/playbooks/adhoc-ipauser-enable.yml +++ b/ansible/playbooks/adhoc-ipauser-enable.yml @@ -19,7 +19,7 @@ success_msg: "Required variables provided" fail_msg: "We are missing user information or ipa admin password" - - name: "Creating User Account" + - name: "Enabling User Account" freeipa.ansible_freeipa.ipauser: ipaadmin_principal: "{{ ipa_admin }}" ipaadmin_password: "{{ ipaadmin_password }}" From 12767283c6d7dedc2bdb25b96604c5e896f65dfa Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sat, 23 Jan 2021 15:51:55 -0700 Subject: [PATCH 3/3] service accounts --- ansible/playbooks/adhoc-ipadnsrecord.yml | 2 +- ansible/playbooks/adhoc-ipadnszone.yml | 2 +- ansible/playbooks/adhoc-ipagetkeytab.yml | 3 ++- ansible/playbooks/adhoc-ipagroup.yml | 2 +- ansible/playbooks/adhoc-ipaservice.yml | 2 +- ansible/playbooks/adhoc-ipauser-disable.yml | 2 +- ansible/playbooks/adhoc-ipauser-enable.yml | 2 +- ansible/playbooks/adhoc-ipauser.yml | 2 +- ansible/playbooks/vars/ipa/ipaprivs.yml | 7 +++++++ 9 files changed, 16 insertions(+), 8 deletions(-) diff --git a/ansible/playbooks/adhoc-ipadnsrecord.yml b/ansible/playbooks/adhoc-ipadnsrecord.yml index e95a1a1..53ed07f 100644 --- a/ansible/playbooks/adhoc-ipadnsrecord.yml +++ b/ansible/playbooks/adhoc-ipadnsrecord.yml @@ -16,7 +16,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/hostman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipadnszone.yml b/ansible/playbooks/adhoc-ipadnszone.yml index 5fd76fd..b24f588 100644 --- a/ansible/playbooks/adhoc-ipadnszone.yml +++ b/ansible/playbooks/adhoc-ipadnszone.yml @@ -8,7 +8,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/hostman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipagetkeytab.yml b/ansible/playbooks/adhoc-ipagetkeytab.yml index e610693..c89d3d7 100644 --- a/ansible/playbooks/adhoc-ipagetkeytab.yml +++ b/ansible/playbooks/adhoc-ipagetkeytab.yml @@ -18,12 +18,13 @@ become: true gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/kerbman.yml tasks: - name: "Checking for user variables" assert: that: + - ipa_admin | mandatory - ipaadmin_password | mandatory - ipa_service | mandatory - ipa_keytab_fullpath | mandatory diff --git a/ansible/playbooks/adhoc-ipagroup.yml b/ansible/playbooks/adhoc-ipagroup.yml index ef2d525..793eb11 100644 --- a/ansible/playbooks/adhoc-ipagroup.yml +++ b/ansible/playbooks/adhoc-ipagroup.yml @@ -10,7 +10,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipaservice.yml b/ansible/playbooks/adhoc-ipaservice.yml index b93527f..d4f0fd5 100644 --- a/ansible/playbooks/adhoc-ipaservice.yml +++ b/ansible/playbooks/adhoc-ipaservice.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/kerbman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipauser-disable.yml b/ansible/playbooks/adhoc-ipauser-disable.yml index cea43e6..dd0153b 100644 --- a/ansible/playbooks/adhoc-ipauser-disable.yml +++ b/ansible/playbooks/adhoc-ipauser-disable.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipauser-enable.yml b/ansible/playbooks/adhoc-ipauser-enable.yml index 6043238..1ccea7e 100644 --- a/ansible/playbooks/adhoc-ipauser-enable.yml +++ b/ansible/playbooks/adhoc-ipauser-enable.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/adhoc-ipauser.yml b/ansible/playbooks/adhoc-ipauser.yml index 8c51c4e..2019125 100644 --- a/ansible/playbooks/adhoc-ipauser.yml +++ b/ansible/playbooks/adhoc-ipauser.yml @@ -7,7 +7,7 @@ become: false gather_facts: false vars_files: - - vars/vaults/encpass.yml + - vars/vaults/userman.yml tasks: - name: "Checking for user variables" diff --git a/ansible/playbooks/vars/ipa/ipaprivs.yml b/ansible/playbooks/vars/ipa/ipaprivs.yml index dd17ddd..00260f2 100644 --- a/ansible/playbooks/vars/ipa/ipaprivs.yml +++ b/ansible/playbooks/vars/ipa/ipaprivs.yml @@ -26,6 +26,13 @@ iparoles: - "Netgroups Administrators" user: - hostman + - role: Kerberos Managers + description: Kerberos Key Managers + privileges: + - "Privileges - Kerberos Managers" + - "Service Administrators" + user: + - kerbman - role: IPA User Managers description: Rocky IPA User Managers responsible for idm flow privileges: