infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-29 00:16:32 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #14993 from rocky-linux/develop

Browse Source 
Develop
This commit is contained in:
Louis Abel 2021-08-28 16:08:15 -07:00 committed by GitHub
commit daa4610720
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
ansible/README.md
View File

@ -6,8 +6,6 @@ Each playbook should have comments or a name descriptor that explains what the p
## Management Node Structure ## Management Node Structure
Loosely copied from the CentOS ansible infrastructure.
``` ```
. .
├── ansible.cfg ├── ansible.cfg
@ -262,7 +260,8 @@ init-rocky-system-config.yml
│   │   │   │   └── custom │   │   │   │   └── custom
│   │   │   │   └── sssd-rocky │   │   │   │   └── sssd-rocky
│   │   │   │   ├── CentOS-8-system-auth -> RedHat-8-system-auth │   │   │   │   ├── CentOS-8-system-auth -> RedHat-8-system-auth
│   │   │   │   └── RedHat-8-system-auth │   │   │   │   ├── RedHat-8-system-auth
│   │   │   │   └── Rocky-8-system-auth -> RedHat-8-system-auth
│   │   │   ├── gitlab │   │   │   ├── gitlab
│   │   │   ├── pam.d │   │   │   ├── pam.d
│   │   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac │   │   │   │   ├── CentOS-7-system-auth-ac -> RedHat-7-system-auth-ac
@ -299,7 +298,8 @@ init-rocky-system-config.yml
│   ├── init-rocky-noggin.yml │   ├── init-rocky-noggin.yml
│   ├── init-rocky-repo-servers.yml │   ├── init-rocky-repo-servers.yml
│   ├── init-rocky-system-config.yml │   ├── init-rocky-system-config.yml
│   ├── rocky-rocky-gitlab-ee.yml │   ├── role-rocky-bootstrap_staging.yml
│   ├── role-rocky-gitlab-ee.yml
│   ├── role-rocky-gitlab-runner.yml │   ├── role-rocky-gitlab-runner.yml
│   ├── role-rocky-graylog.yml │   ├── role-rocky-graylog.yml
│   ├── role-rocky-ipa-client.yml │   ├── role-rocky-ipa-client.yml
@ -313,9 +313,12 @@ init-rocky-system-config.yml
│   ├── role-rocky-monitoring.yml │   ├── role-rocky-monitoring.yml
│   ├── role-rocky-mqtt.yml │   ├── role-rocky-mqtt.yml
│   ├── role-rocky-node_exporter.yml │   ├── role-rocky-node_exporter.yml
│   ├── role-rocky-pinnwand.yml
│   ├── role-rocky-rabbitmq.yml │   ├── role-rocky-rabbitmq.yml
│   ├── role-rocky-repopool.yml
│   ├── role-rocky-sigul-bridge.yml │   ├── role-rocky-sigul-bridge.yml
│   ├── role-rocky-sigul-server.yml │   ├── role-rocky-sigul-server.yml
│   ├── role-rocky-srpmproc.yml
│   ├── role-rocky-wikijs.yml │   ├── role-rocky-wikijs.yml
│   ├── tasks │   ├── tasks
│   │   ├── account_services.yml │   │   ├── account_services.yml
@ -324,6 +327,7 @@ init-rocky-system-config.yml
│   │   ├── bugzilla_install.yml │   │   ├── bugzilla_install.yml
│   │   ├── bugzilla.yml │   │   ├── bugzilla.yml
│   │   ├── chrony.yml │   │   ├── chrony.yml
│   │   ├── efs_mount.yml
│   │   ├── gitlab-reconfigure.yml │   │   ├── gitlab-reconfigure.yml
│   │   ├── gitlab-runner.yml │   │   ├── gitlab-runner.yml
│   │   ├── grub.yml │   │   ├── grub.yml
@ -338,6 +342,7 @@ init-rocky-system-config.yml
│   │   ├── rabbitmq-reconfigure.yml │   │   ├── rabbitmq-reconfigure.yml
│   │   ├── repository.yml │   │   ├── repository.yml
│   │   ├── scripts.yml │   │   ├── scripts.yml
│   │   ├── srpmproc.yml
│   │   ├── ssh_config.yml │   │   ├── ssh_config.yml
│   │   └── variable_loader_common.yml │   │   └── variable_loader_common.yml
│   ├── templates │   ├── templates
@ -367,7 +372,8 @@ init-rocky-system-config.yml
│   │   │   │   ├── CentOS-7-sshd_config.j2 -> RedHat-7-sshd_config.j2 │   │   │   │   ├── CentOS-7-sshd_config.j2 -> RedHat-7-sshd_config.j2
│   │   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2 │   │   │   │   ├── CentOS-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   │   ├── RedHat-7-sshd_config.j2 │   │   │   │   ├── RedHat-7-sshd_config.j2
│   │   │   │   └── RedHat-8-sshd_config.j2 │   │   │   │   ├── RedHat-8-sshd_config.j2
│   │   │   │   └── Rocky-8-sshd_config.j2 -> RedHat-8-sshd_config.j2
│   │   │   └── sssd │   │   │   └── sssd
│   │   ├── hidden │   │   ├── hidden
│   │   │   ├── home │   │   │   ├── home
@ -382,6 +388,10 @@ init-rocky-system-config.yml
│   │   │   ├── binder_template.update │   │   │   ├── binder_template.update
│   │   │   ├── binder.update │   │   │   ├── binder.update
│   │   │   └── mantis_import.sql.j2 │   │   │   └── mantis_import.sql.j2
│   │   ├── usr
│   │   │   └── local
│   │   │   └── bin
│   │   │   └── fix_gitlab_certs.sh
│   │   └── var │   │   └── var
│   │   └── www │   │   └── www
│   │   ├── bugzilla │   │   ├── bugzilla
@ -420,13 +430,19 @@ init-rocky-system-config.yml
│   ├── monitoring │   ├── monitoring
│   │   └── README.md │   │   └── README.md
│   ├── monitoring.yml │   ├── monitoring.yml
│   ├── mounts
│   │   ├── bootstrap_staging.yml
│   │   ├── repopool.yml
│   │   └── srpmproc.yml
│   ├── mqtt.yml │   ├── mqtt.yml
│   ├── pinnwand.yml
│   ├── production │   ├── production
│   │   ├── koji-common.yml │   │   ├── koji-common.yml
│   │   ├── kojid.yml │   │   ├── kojid.yml
│   │   └── kojihub.yml │   │   └── kojihub.yml
│   ├── rabbitmq.yml │   ├── rabbitmq.yml
│   ├── RedHat.yml │   ├── RedHat.yml
│   ├── Rocky.yml -> RedHat.yml
│   ├── sigul_bridge.yml │   ├── sigul_bridge.yml
│   ├── sigul_server.yml │   ├── sigul_server.yml
│   ├── staging │   ├── staging

2
ansible/playbooks/adhoc-ipagetcert.yml
View File

@ -9,6 +9,7 @@
# -> getcert_postcmd: command to run after a certificate renews # -> getcert_postcmd: command to run after a certificate renews
# -> getcert_chain: true/false, should cert and key be chained together # -> getcert_chain: true/false, should cert and key be chained together
# -> getcert_chain_location: location for the chain # -> getcert_chain_location: location for the chain
# -> getcert_service: service name (eg HTTP, host), defaults to host
# TODO: Add CNAME/SAN support # TODO: Add CNAME/SAN support
- name: Request and sign an IPA Certificate - name: Request and sign an IPA Certificate
@ -23,6 +24,7 @@
nss_db_dir: "{{ getcert_nss_db_dir|default('/etc/pki/tls/db') }}" nss_db_dir: "{{ getcert_nss_db_dir|default('/etc/pki/tls/db') }}"
nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}" nss_nickname: "{{ getcert_nss_nickname|default(ansible_fqdn) }}"
postcmd: "{{ getcert_postcmd|default(false) }}" postcmd: "{{ getcert_postcmd|default(false) }}"
service: "{{ getcert_service|default('host') }}"
ipa_getcert_chain: "{{ getcert_chain|default(false) }}" ipa_getcert_chain: "{{ getcert_chain|default(false) }}"
ipa_getcert_chain_location: "{{ getcert_chain_location|default('/etc/pki/tls/chain') }}" ipa_getcert_chain_location: "{{ getcert_chain_location|default('/etc/pki/tls/chain') }}"
ipa_getcert_nss: "{{ getcert_nss|default(false) }}" ipa_getcert_nss: "{{ getcert_nss|default(false) }}"

2
ansible/playbooks/templates/etc/gitlab/rocky_gitlab.rb
View File

@ -44,7 +44,7 @@ gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
user_filter: '{{ gitlab_ldap_user_filter }}' user_filter: '{{ gitlab_ldap_user_filter }}'
group_base: '{{ gitlab_ldap_group_dn }}' group_base: '{{ gitlab_ldap_group_dn }}'
admin_group: '{{ gitlab_ldap_admin_group }}' admin_group: '{{ gitlab_ldap_admin_group }}'
sync_ssh_keys: true sync_ssh_keys: 'ipaSshPubKey'
attributes: attributes:
username: ['uid'] username: ['uid']
email: ['mail'] email: ['mail']