From de05e55cefb57d5f753424994f7ce94c5ac95a03 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Mon, 14 Dec 2020 16:33:16 -0700
Subject: [PATCH] IdM and Variable Fixes

Identity management Team in their testing found several issues while
testing the playbooks. To ensure they continue working on deployment and
in testing, we have identified and fixed the following issues:

- Inventory variables moved to separate main.yml files were not in yaml
  format
- role-rocky-ipa-client.yml was not directly pointing to its
  collection/role
- role-rocky-ipa-replica.yml was not directly pointing to its
  collection/role
---
 .yamllint                                     |  4 ++++
 .../group_vars/chronyservers/main.yml         |  4 ++--
 .../production/group_vars/ipaclients/main.yml | 10 ++++----
 .../group_vars/ipareplicas/main.yml           | 24 +++++++++----------
 .../production/group_vars/ipaserver/main.yml  | 15 ++++++++++++
 .../production/group_vars/ipaservers/main.yml | 14 -----------
 ansible/playbooks/role-rocky-ipa-client.yml   |  2 +-
 ansible/playbooks/role-rocky-ipa-replica.yml  |  2 +-
 8 files changed, 40 insertions(+), 35 deletions(-)
 create mode 100644 ansible/inventories/production/group_vars/ipaserver/main.yml
 delete mode 100644 ansible/inventories/production/group_vars/ipaservers/main.yml

diff --git a/.yamllint b/.yamllint
index 0f25798..186d524 100644
--- a/.yamllint
+++ b/.yamllint
@@ -5,3 +5,7 @@ rules:
   line-length:
     max: 160
     level: warning
+
+ignore: |
+  .travis.yml
+  .github
diff --git a/ansible/inventories/production/group_vars/chronyservers/main.yml b/ansible/inventories/production/group_vars/chronyservers/main.yml
index d398e01..354d2aa 100644
--- a/ansible/inventories/production/group_vars/chronyservers/main.yml
+++ b/ansible/inventories/production/group_vars/chronyservers/main.yml
@@ -1,4 +1,4 @@
 ---
 
-chrony_server = true
-chrony_allow_cidr = "10.0.0.0/16"
+chrony_server: true
+chrony_allow_cidr: "10.0.0.0/16"
diff --git a/ansible/inventories/production/group_vars/ipaclients/main.yml b/ansible/inventories/production/group_vars/ipaclients/main.yml
index 3ded04c..0c6edac 100644
--- a/ansible/inventories/production/group_vars/ipaclients/main.yml
+++ b/ansible/inventories/production/group_vars/ipaclients/main.yml
@@ -1,7 +1,7 @@
 ---
 
-ipaclient_domain = rockylinux.org
-ipaclient_realm = ROCKYLINUX.ORG
-ipaadmin_principal = admin
-ipaclient_no_ntp = true
-ipaclient_mkhomedir = true
+ipaclient_domain: rockylinux.org
+ipaclient_realm: ROCKYLINUX.ORG
+ipaadmin_principal: admin
+ipaclient_no_ntp: true
+ipaclient_mkhomedir: true
diff --git a/ansible/inventories/production/group_vars/ipareplicas/main.yml b/ansible/inventories/production/group_vars/ipareplicas/main.yml
index e9e570e..d04be2b 100644
--- a/ansible/inventories/production/group_vars/ipareplicas/main.yml
+++ b/ansible/inventories/production/group_vars/ipareplicas/main.yml
@@ -1,14 +1,14 @@
 ---
 
-ipaadmin_principal = admin
-ipaclient_no_ntp = true
-ipaclient_mkhomedir = true
-ipaserver_realm = ROCKYLINUX.ORG
-ipaserver_hostname = ipa002.rockylinux.org
-ipareplica_domain = rockylinux.org
-ipareplica_auto_forwarders = true
-ipareplica_setup_firewalld = true
-ipareplica_setup_ca = true
-ipareplica_setup_kra = true
-ipareplica_setup_dns = true
-ipa_dns_master = 10.100.1.110
+ipaadmin_principal: admin
+ipaclient_no_ntp: true
+ipaclient_mkhomedir: true
+ipaserver_realm: ROCKYLINUX.ORG
+ipaserver_hostname: ipa002.rockylinux.org
+ipareplica_domain: rockylinux.org
+ipareplica_auto_forwarders: true
+ipareplica_setup_firewalld: true
+ipareplica_setup_ca: true
+ipareplica_setup_kra: true
+ipareplica_setup_dns: true
+ipa_dns_master: 10.100.1.110
diff --git a/ansible/inventories/production/group_vars/ipaserver/main.yml b/ansible/inventories/production/group_vars/ipaserver/main.yml
new file mode 100644
index 0000000..c09acd8
--- /dev/null
+++ b/ansible/inventories/production/group_vars/ipaserver/main.yml
@@ -0,0 +1,15 @@
+---
+
+ipaserver_domain: rockylinux.org
+ipaserver_realm: ROCKYLINUX.ORG
+ipaserver_setup_dns: true
+ipaserver_setup_kra: true
+ipaserver_auto_forwarders: true
+ipaserver_no_host_dns: true
+ipaserver_hostname: ipa001.rockylinux.org
+ipaserver_allow_zone_overlap: true
+ipaserver_setup_firewalld: true
+ipaclient_no_ntp: true
+ipaclient_mkhomedir: true
+ipaserver_no_hbac_allow: true
+ipaserver_reverse_zones: ["1.100.10.in-addr.arpa."]
diff --git a/ansible/inventories/production/group_vars/ipaservers/main.yml b/ansible/inventories/production/group_vars/ipaservers/main.yml
deleted file mode 100644
index 20606d7..0000000
--- a/ansible/inventories/production/group_vars/ipaservers/main.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-
-ipaserver_domain = rockylinux.org
-ipaserver_realm = ROCKYLINUX.ORG
-ipaserver_setup_dns = true
-ipaserver_setup_kra = true
-ipaserver_auto_forwarders = true
-ipaserver_no_host_dns = true
-ipaserver_hostname = ipa001.rockylinux.org
-ipaserver_allow_zone_overlap = true
-ipaserver_setup_firewalld = true
-ipaclient_no_ntp = true
-ipaclient_mkhomedir = true
-ipaserver_reverse_zones = ["1.100.10.in-addr.arpa."]
diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml
index 3307275..a75eccb 100644
--- a/ansible/playbooks/role-rocky-ipa-client.yml
+++ b/ansible/playbooks/role-rocky-ipa-client.yml
@@ -24,7 +24,7 @@
 
 
   roles:
-    - role: ipaclient
+    - role: freeipa.ansible_freeipa.ipaclient
       state: present
 
   post_tasks:
diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml
index 4226d7e..df13c85 100644
--- a/ansible/playbooks/role-rocky-ipa-replica.yml
+++ b/ansible/playbooks/role-rocky-ipa-replica.yml
@@ -50,7 +50,7 @@
         - reload_networkmanager
 
   roles:
-    - role: ipareplica
+    - role: freeipa.ansible_freeipa.ipareplica
       state: present
 
   post_tasks: