infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-11-25 22:46:28 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #14963 from rocky-linux/develop

Browse Source 
Deployment Prep
This commit is contained in:
Louis Abel 2021-01-06 20:41:24 -07:00 committed by GitHub
commit e823e87708
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 81 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/.gitignore vendored
View File

@ -6,10 +6,14 @@ tmp/*
roles/public/* roles/public/*
!roles/public/Readme.md !roles/public/Readme.md
#keep fodler holding ansible collections empty #keep folder holding ansible collections empty
collections/* collections/*
!README.md !README.md
# Ignore all vaults # Ignore all vaults
playbooks/vars/vaults/* playbooks/vars/vaults/*
!playbooks/vars/vaults/README.md !playbooks/vars/vaults/README.md
# Ignore hidden configs
playbooks/templates/hidden/*
!playbooks/templates/hidden/README.md

2
ansible/playbooks/adhoc-ipadns.yml
View File

@ -14,6 +14,7 @@
- name: "Checking for user variables" - name: "Checking for user variables"
assert: assert:
that: that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
- ipa_zone | mandatory - ipa_zone | mandatory
success_msg: "Required variables provided" success_msg: "Required variables provided"
@ -21,6 +22,7 @@
- name: "Creating DNS Zone" - name: "Creating DNS Zone"
freeipa.ansible_freeipa.ipadnszone: freeipa.ansible_freeipa.ipadnszone:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}" ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_zone }}" name: "{{ ipa_zone }}"
tags: tags:

49
ansible/playbooks/adhoc-ipagroup.yml Normal file
View File

@ -0,0 +1,49 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Creates groups in the idm infrastructure based on the variables provided
# You MUST provide an ipa_admin user to run this.
# If group is going to be a fas group (exposed in noggin), ensure ipa_fas is
# set to true.
- name: Create our initial users
hosts: ipaserver
become: false
gather_facts: false
vars_files:
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"
assert:
that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory
- ipa_group | mandatory
- ipa_description | mandatory
- ipa_nonposix | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing group information or ipa admin password"
- name: "Creating New Group"
freeipa.ansible_freeipa.ipagroup:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_group }}"
description: "{{ ipa_description }}"
nonposix: "{{ ipa_nonposix }}"
membermanager_user: "{{ ipa_group_manager_user | default(omit) }}"
membermanager_group: "{{ ipa_group_manager_group | default(omit) }}"
tags:
- groups
- name: "Prepare FAS if required"
shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}"
check_mode: false
changed_when: "1 != 1"
when: ipa_fas
- name: "Apply FAS"
command: "ipa group-mod --fasgroup {{ ipa_group }}"
check_mode: false
changed_when: "1 != 1"
when: ipa_fas

30
ansible/playbooks/adhoc-ipagroups.yml
View File

@ -1,30 +0,0 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Creates groups in the idm infrastructure based on the variables provided
- name: Create our initial users
hosts: ipaserver
become: false
gather_facts: false
vars_files:
- vars/vaults/encpass.yml
tasks:
- name: "Checking for user variables"
assert:
that:
- ipaadmin_password | mandatory
- ipa_group | mandatory
- ipa_description | mandatory
- ipa_posix | mandatory
success_msg: "Required variables provided"
fail_msg: "We are missing group information or ipa admin password"
- name: "Creating Mandatory Groups"
freeipa.ansible_freeipa.ipagroup:
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_group }}"
description: "{{ ipa_description }}"
nonposix: "{{ ipa_posix }}"
tags:
- groups

2
ansible/playbooks/adhoc-ipaservice.yml
View File

@ -13,6 +13,7 @@
- name: "Checking for user variables" - name: "Checking for user variables"
assert: assert:
that: that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
- ipa_service | mandatory - ipa_service | mandatory
success_msg: "Required variables provided" success_msg: "Required variables provided"
@ -20,6 +21,7 @@
- name: "Creating Kerberos Service" - name: "Creating Kerberos Service"
freeipa.ansible_freeipa.ipaservice: freeipa.ansible_freeipa.ipaservice:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}" ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_service }}" name: "{{ ipa_service }}"
skip_host_check: "{{ ipa_skip_host_check | default(false) }}" skip_host_check: "{{ ipa_skip_host_check | default(false) }}"

2
ansible/playbooks/adhoc-ipausers.yml → ansible/playbooks/adhoc-ipauser.yml
View File

@ -13,6 +13,7 @@
- name: "Checking for user variables" - name: "Checking for user variables"
assert: assert:
that: that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
- ipa_name | mandatory - ipa_name | mandatory
- ipa_first | mandatory - ipa_first | mandatory
@ -25,6 +26,7 @@
- name: "Creating User Account" - name: "Creating User Account"
freeipa.ansible_freeipa.ipauser: freeipa.ansible_freeipa.ipauser:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}" ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_name }}" name: "{{ ipa_name }}"
first: "{{ ipa_first }}" first: "{{ ipa_first }}"

2
ansible/playbooks/import-rockygroups.yml
View File

@ -7,6 +7,8 @@
description: "{{ item.description }}" description: "{{ item.description }}"
nonposix: false nonposix: false
user: "{{ item.user | default(none) }}" user: "{{ item.user | default(none) }}"
membermanager_user: "{{ item.managers_users | default(omit) }}"
membermanager_group: "{{ item.managers_groups | default(omit) }}"
loop: "{{ ipagroups }}" loop: "{{ ipagroups }}"
tags: tags:
- groups - groups

5
ansible/playbooks/templates/hidden/README.md Normal file
View File

@ -0,0 +1,5 @@
These contain configs that are considered "secret" and should not be part of any git commits. This directory still follows the basic format of where the file will be located.
```
hidden/etc/somefile.cfg
```

2
ansible/playbooks/vars/ipa/agreements.yml Normal file
View File

@ -0,0 +1,2 @@
---
# Vars for Agreements for the Rocky Linux Project

11
ansible/playbooks/vars/ipa/groups.yml
View File

@ -52,6 +52,13 @@ ipagroups:
- tg - tg
- hbjy - hbjy
- rockyautomation - rockyautomation
managers_users:
- label
- neil
- rlh
- rfelsburg
- tg
- hbjy
- group: services - group: services
description: Rocky Linux Service Accounts description: Rocky Linux Service Accounts
user: user:
@ -65,9 +72,13 @@ ipagroups:
description: Rocky Linux Identity Management description: Rocky Linux Identity Management
user: user:
- label - label
managers_users:
- label
- group: releng - group: releng
description: Rocky Linux Release Engineering description: Rocky Linux Release Engineering
user: user:
- label - label
managers_users:
- label
- group: mq_pub_readonly - group: mq_pub_readonly
description: RabbitMQ ReadOnly description: RabbitMQ ReadOnly

1
ansible/playbooks/vars/ipsilon.yml
View File

@ -15,6 +15,7 @@ ipsilon_db_name: rockyipsilon
ipsilon_httpd_hostname: "{{ inventory_hostname }}" ipsilon_httpd_hostname: "{{ inventory_hostname }}"
# apache configuration for ipsilon # apache configuration for ipsilon
apache_configure: false
apache_listen_port: 80 apache_listen_port: 80
apache_listen_port_ssl: 443 apache_listen_port_ssl: 443
apache_create_vhosts: true apache_create_vhosts: true