mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
commit
e823e87708
6
ansible/.gitignore
vendored
6
ansible/.gitignore
vendored
@ -6,10 +6,14 @@ tmp/*
|
||||
roles/public/*
|
||||
!roles/public/Readme.md
|
||||
|
||||
#keep fodler holding ansible collections empty
|
||||
#keep folder holding ansible collections empty
|
||||
collections/*
|
||||
!README.md
|
||||
|
||||
# Ignore all vaults
|
||||
playbooks/vars/vaults/*
|
||||
!playbooks/vars/vaults/README.md
|
||||
|
||||
# Ignore hidden configs
|
||||
playbooks/templates/hidden/*
|
||||
!playbooks/templates/hidden/README.md
|
||||
|
@ -14,6 +14,7 @@
|
||||
- name: "Checking for user variables"
|
||||
assert:
|
||||
that:
|
||||
- ipa_admin | mandatory
|
||||
- ipaadmin_password | mandatory
|
||||
- ipa_zone | mandatory
|
||||
success_msg: "Required variables provided"
|
||||
@ -21,6 +22,7 @@
|
||||
|
||||
- name: "Creating DNS Zone"
|
||||
freeipa.ansible_freeipa.ipadnszone:
|
||||
ipaadmin_principal: "{{ ipa_admin }}"
|
||||
ipaadmin_password: "{{ ipaadmin_password }}"
|
||||
name: "{{ ipa_zone }}"
|
||||
tags:
|
||||
|
49
ansible/playbooks/adhoc-ipagroup.yml
Normal file
49
ansible/playbooks/adhoc-ipagroup.yml
Normal file
@ -0,0 +1,49 @@
|
||||
---
|
||||
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||
# What: Creates groups in the idm infrastructure based on the variables provided
|
||||
# You MUST provide an ipa_admin user to run this.
|
||||
# If group is going to be a fas group (exposed in noggin), ensure ipa_fas is
|
||||
# set to true.
|
||||
|
||||
- name: Create our initial users
|
||||
hosts: ipaserver
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
assert:
|
||||
that:
|
||||
- ipa_admin | mandatory
|
||||
- ipaadmin_password | mandatory
|
||||
- ipa_group | mandatory
|
||||
- ipa_description | mandatory
|
||||
- ipa_nonposix | mandatory
|
||||
success_msg: "Required variables provided"
|
||||
fail_msg: "We are missing group information or ipa admin password"
|
||||
|
||||
- name: "Creating New Group"
|
||||
freeipa.ansible_freeipa.ipagroup:
|
||||
ipaadmin_principal: "{{ ipa_admin }}"
|
||||
ipaadmin_password: "{{ ipaadmin_password }}"
|
||||
name: "{{ ipa_group }}"
|
||||
description: "{{ ipa_description }}"
|
||||
nonposix: "{{ ipa_nonposix }}"
|
||||
membermanager_user: "{{ ipa_group_manager_user | default(omit) }}"
|
||||
membermanager_group: "{{ ipa_group_manager_group | default(omit) }}"
|
||||
tags:
|
||||
- groups
|
||||
|
||||
- name: "Prepare FAS if required"
|
||||
shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}"
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
when: ipa_fas
|
||||
|
||||
- name: "Apply FAS"
|
||||
command: "ipa group-mod --fasgroup {{ ipa_group }}"
|
||||
check_mode: false
|
||||
changed_when: "1 != 1"
|
||||
when: ipa_fas
|
@ -1,30 +0,0 @@
|
||||
---
|
||||
# This playbook is meant to be used with callable variables, like adhoc or AWX.
|
||||
# What: Creates groups in the idm infrastructure based on the variables provided
|
||||
|
||||
- name: Create our initial users
|
||||
hosts: ipaserver
|
||||
become: false
|
||||
gather_facts: false
|
||||
vars_files:
|
||||
- vars/vaults/encpass.yml
|
||||
|
||||
tasks:
|
||||
- name: "Checking for user variables"
|
||||
assert:
|
||||
that:
|
||||
- ipaadmin_password | mandatory
|
||||
- ipa_group | mandatory
|
||||
- ipa_description | mandatory
|
||||
- ipa_posix | mandatory
|
||||
success_msg: "Required variables provided"
|
||||
fail_msg: "We are missing group information or ipa admin password"
|
||||
|
||||
- name: "Creating Mandatory Groups"
|
||||
freeipa.ansible_freeipa.ipagroup:
|
||||
ipaadmin_password: "{{ ipaadmin_password }}"
|
||||
name: "{{ ipa_group }}"
|
||||
description: "{{ ipa_description }}"
|
||||
nonposix: "{{ ipa_posix }}"
|
||||
tags:
|
||||
- groups
|
@ -13,6 +13,7 @@
|
||||
- name: "Checking for user variables"
|
||||
assert:
|
||||
that:
|
||||
- ipa_admin | mandatory
|
||||
- ipaadmin_password | mandatory
|
||||
- ipa_service | mandatory
|
||||
success_msg: "Required variables provided"
|
||||
@ -20,6 +21,7 @@
|
||||
|
||||
- name: "Creating Kerberos Service"
|
||||
freeipa.ansible_freeipa.ipaservice:
|
||||
ipaadmin_principal: "{{ ipa_admin }}"
|
||||
ipaadmin_password: "{{ ipaadmin_password }}"
|
||||
name: "{{ ipa_service }}"
|
||||
skip_host_check: "{{ ipa_skip_host_check | default(false) }}"
|
||||
|
@ -13,6 +13,7 @@
|
||||
- name: "Checking for user variables"
|
||||
assert:
|
||||
that:
|
||||
- ipa_admin | mandatory
|
||||
- ipaadmin_password | mandatory
|
||||
- ipa_name | mandatory
|
||||
- ipa_first | mandatory
|
||||
@ -25,6 +26,7 @@
|
||||
|
||||
- name: "Creating User Account"
|
||||
freeipa.ansible_freeipa.ipauser:
|
||||
ipaadmin_principal: "{{ ipa_admin }}"
|
||||
ipaadmin_password: "{{ ipaadmin_password }}"
|
||||
name: "{{ ipa_name }}"
|
||||
first: "{{ ipa_first }}"
|
@ -7,6 +7,8 @@
|
||||
description: "{{ item.description }}"
|
||||
nonposix: false
|
||||
user: "{{ item.user | default(none) }}"
|
||||
membermanager_user: "{{ item.managers_users | default(omit) }}"
|
||||
membermanager_group: "{{ item.managers_groups | default(omit) }}"
|
||||
loop: "{{ ipagroups }}"
|
||||
tags:
|
||||
- groups
|
||||
|
5
ansible/playbooks/templates/hidden/README.md
Normal file
5
ansible/playbooks/templates/hidden/README.md
Normal file
@ -0,0 +1,5 @@
|
||||
These contain configs that are considered "secret" and should not be part of any git commits. This directory still follows the basic format of where the file will be located.
|
||||
|
||||
```
|
||||
hidden/etc/somefile.cfg
|
||||
```
|
2
ansible/playbooks/vars/ipa/agreements.yml
Normal file
2
ansible/playbooks/vars/ipa/agreements.yml
Normal file
@ -0,0 +1,2 @@
|
||||
---
|
||||
# Vars for Agreements for the Rocky Linux Project
|
@ -52,6 +52,13 @@ ipagroups:
|
||||
- tg
|
||||
- hbjy
|
||||
- rockyautomation
|
||||
managers_users:
|
||||
- label
|
||||
- neil
|
||||
- rlh
|
||||
- rfelsburg
|
||||
- tg
|
||||
- hbjy
|
||||
- group: services
|
||||
description: Rocky Linux Service Accounts
|
||||
user:
|
||||
@ -65,9 +72,13 @@ ipagroups:
|
||||
description: Rocky Linux Identity Management
|
||||
user:
|
||||
- label
|
||||
managers_users:
|
||||
- label
|
||||
- group: releng
|
||||
description: Rocky Linux Release Engineering
|
||||
user:
|
||||
- label
|
||||
managers_users:
|
||||
- label
|
||||
- group: mq_pub_readonly
|
||||
description: RabbitMQ ReadOnly
|
||||
|
@ -15,6 +15,7 @@ ipsilon_db_name: rockyipsilon
|
||||
ipsilon_httpd_hostname: "{{ inventory_hostname }}"
|
||||
|
||||
# apache configuration for ipsilon
|
||||
apache_configure: false
|
||||
apache_listen_port: 80
|
||||
apache_listen_port_ssl: 443
|
||||
apache_create_vhosts: true
|
||||
|
Loading…
Reference in New Issue
Block a user