changed the structure to reflect more modern ansible best practices

moved inv vars to group vars
moved roles to collections and fixed playbooks
added a prepare ansible host playbook to download needed roles and playbooks
modified public roles and collection paths to install inside our dir structure to keep them from global installation
This commit is contained in:
Pascal Watteel 2020-12-12 18:13:38 +04:00
parent 4cb73e39b0
commit ec056805ff
25 changed files with 228 additions and 75 deletions

8
.idea/.gitignore vendored Normal file
View File

@ -0,0 +1,8 @@
# Default ignored files
/shelf/
/workspace.xml
# Datasource local storage ignored files
/../../../../../../:\Users\pwatteel\PycharmProjects\infrastructure\.idea/dataSources/
/dataSources.local.xml
# Editor-based HTTP Client requests
/httpRequests/

11
ansible/.gitignore vendored Normal file
View File

@ -0,0 +1,11 @@
#keep tmp folder empty
tmp/*
!tmp/Readme.md
#keep folder holding public roles empty
roles/public/*
!roles/public/Readme.md
#keep fodler holding ansible collections empty
collections/*
!README.md

View File

@ -13,19 +13,23 @@ Loosely copied from the CentOS ansible infrastructure.
├── ansible.cfg
├── files -> playbooks/files
├── handlers -> playbooks/handlers
├── inventory
├── inventories
│ ├── production
│ | ├── group_vars
│ | ├── host_vars
│ | hosts
│ ├── staging
│ ├── devellopment
├── pkistore
├── playbooks
│ ├── files
│ ├── group_vars
│ ├── host_vars
│ ├── handlers
│ ├── tasks
│ ├── templates
│ ├── vars
│ └── requirements.yml
├── roles
├── roles/local
│ └── <role-name>
| └── requirements.yml
├── tasks -> playbooks/tasks
├── templates -> playbooks/templates
└── vars -> playbooks/vars

View File

@ -1 +1,69 @@
# Empty
[defaults]
########################################
# Display settings
########################################
# Output display
force_color = 1
nocows = True
# Note: http://docs.ansible.com/ansible/intro_configuration.html#ansible-managed
ansible_managed = Ansible managed
#ansible_managed = Ansible managed - {file} on {host}
# Warn when ansible think it is better to use module.
# Note: http://docs.ansible.com/ansible/intro_configuration.html#id88
command_warnings = True
# Enable this to debug tasks calls
display_args_to_stdout = False
display_skipped_hosts = false
########################################
# Playbook settings
########################################
# Default strategy
strategy = free
# Number of hosts processed in parallel
forks = 20
########################################
# Behaviour settings
########################################
# Make role variables private
retry_files_enabled = True
# Fact options
gathering = smart
#gathering = !all
#gathering = smart,network,hardware,virtual,ohai,facter
#gathering = network,!hardware,virtual,!ohai,!facter
# facts caching
#fact_caching_connection = tmp/facts_cache
#fact_caching = json
fact_caching = memory
fact_caching_timeout = 1800
# Enable or disable logs
# Note put to false in prod
no_log = False
########################################
# Common destinations
########################################
log_path = tmp/ansible.log
known_hosts = tmp/known_hosts
roles_path = roles/local:roles/public
collections_paths = collections

View File

@ -0,0 +1 @@
Leave empty, this is a placeholder folder for ansible collections

View File

@ -0,0 +1,6 @@
---
ipaclient_domain = rockylinux.org
ipaadmin_principal = admin
ipaclient_no_ntp = true
ipaclient_mkhomedir = true

View File

@ -0,0 +1,14 @@
---
ipaadmin_principal = admin
ipaclient_no_ntp = true
ipaclient_mkhomedir = true
ipaserver_realm = ROCKYLINUX.ORG
ipaserver_hostname = ipa002.rockylinux.org
ipareplica_domain = rockylinux.org
ipareplica_auto_forwarders = true
ipareplica_setup_firewalld = true
ipareplica_setup_ca = true
ipareplica_setup_kra = true
ipareplica_setup_dns = true
ipa_dns_master = 10.100.1.110

View File

@ -0,0 +1,14 @@
---
ipaserver_domain = rockylinux.org
ipaserver_realm = ROCKYLINUX.ORG
ipaserver_setup_dns = true
ipaserver_setup_kra = true
ipaserver_auto_forwarders = true
ipaserver_no_host_dns = true
ipaserver_hostname = ipa001.rockylinux.org
ipaserver_allow_zone_overlap = true
ipaserver_setup_firewalld = true
ipaclient_no_ntp = true
ipaclient_mkhomedir = true
ipaserver_reverse_zones = ["1.100.10.in-addr.arpa."]

View File

@ -0,0 +1,24 @@
# Generic inventory hosts
[kvm]
kvm001 ansible_host=10.100.2.110
kvm002 ansible_host=10.100.2.111
kvm003 ansible_host=10.100.2.112
[ipa:children]
ipaserver
ipareplicas
ipaclients
[ipsilon]
idp001 ansible_host=10.100.x.x
# Playbook and role specific inventory hosts and groups
[ipaserver]
ipa001 ansible_host=10.100.1.110
[ipareplicas]
ipa002 ansible_host=10.100.1.111
[ipaclients]
build-a-box ansible_host=10.100.1.112

View File

@ -1,3 +0,0 @@
# Placeholder
[ipsilon]
idp.rockylinux.org

View File

@ -1,48 +0,0 @@
[ipaservers]
ipa001.rockylinux.org ansible_host=10.100.1.110
ipa002.rockylinux.org ansible_host=10.100.1.111
[ipaserver]
ipa001.rockylinux.org ansible_host=10.100.1.110
[ipaserver:vars]
ipaserver_domain=rockylinux.org
ipaserver_realm=ROCKYLINUX.ORG
ipaserver_setup_dns=true
ipaserver_setup_kra=true
ipaserver_auto_forwarders=true
ipaserver_no_host_dns=true
ipaserver_hostname=ipa001.rockylinux.org
ipaserver_allow_zone_overlap=true
ipaserver_setup_firewalld=true
ipaclient_no_ntp=true
ipaclient_mkhomedir=true
ipaserver_reverse_zones=["1.100.10.in-addr.arpa."]
[ipareplicas]
ipa002.rockylinux.org ansible_host=10.100.1.111
[ipareplicas:vars]
ipaadmin_principal=admin
ipaclient_no_ntp=true
ipaclient_mkhomedir=true
ipaserver_realm=ROCKYLINUX.ORG
ipaserver_hostname=ipa002.rockylinux.org
ipareplica_domain=rockylinux.org
ipareplica_auto_forwarders=true
ipareplica_setup_firewalld=true
ipareplica_setup_ca=true
ipareplica_setup_kra=true
ipareplica_setup_dns=true
ipa_dns_master=10.100.1.110
# This is for example purposes - it is likely we'll use "all" instead of
# putting everything under an ipaclient
[ipaclients]
build-a-box.rockylinux.org ansible_host=10.100.1.112
[ipaclients:vars]
ipaclient_domain=rockylinux.org
ipaadmin_principal=admin
ipaclient_no_ntp=true
ipaclient_mkhomedir=true

View File

@ -1,4 +0,0 @@
[kvmhosts]
kvm001.rockylinux.org ansible_host=10.100.2.110
kvm002.rockylinux.org ansible_host=10.100.2.111
kvm003.rockylinux.org ansible_host=10.100.2.112

View File

@ -0,0 +1,49 @@
---
- hosts: localhost
connection: local
vars:
force_purge: true
roles_installation_dir: roles/public
collection_installation_dir: collections
installation_prefix: ../
pre_tasks:
# example prepare ansible box for execution
# - name: install required pip modules on the host running ansible
# pip:
# name:
# - jmespath
# - netaddr
# - python-consul
# - pyvmomi
# - python-ldap
# - twine
- name: Remove existing public roles
file:
path: "{{ installation_prefix }}{{ roles_installation_dir }}"
state: absent
when: force_purge | bool
- name: Install all public roles
command: >
ansible-galaxy role install
{{ ( force_purge | bool ) | ternary('--force','') }}
--role-file {{ installation_prefix }}roles/requirements.yml
--roles-path {{ installation_prefix }}{{ roles_installation_dir }}
- name: Install needed collections
command: >
ansible-galaxy collection install
{{ ( force_purge | bool ) | ternary('--force-with-deps','') }}
-r {{ installation_prefix }}roles/requirements.yml
-p {{ installation_prefix }}{{ collection_installation_dir }}
- name: cleanup old ssh known_hosts
file:
path: "../tmp/known_hosts"
state: absent
- file:
path: "../tmp/known_hosts"
state: touch

View File

@ -3,7 +3,7 @@
# Created: @SherifNagy
# Modified to current standards: @nazunalika
- name: Configure KVM host
hosts: kvmhosts
hosts: kvm
become: true
pre_tasks:

View File

@ -1,7 +0,0 @@
---
collections:
- freeipa.ansible_freeipa
- community.general
roles:
- name: geerlingguy.mysql

View File

@ -1,6 +1,6 @@
---
# Configures an IPA client for the Rocky infrastructure
# Variables are in inventory/ipainventory
- name: Configure IPA client
hosts: ipaclients
become: true

View File

@ -1,6 +1,6 @@
---
# Creates an IPA replica
# Variables are in inventory/ipainventory
- name: Configure IPA server
hosts: ipareplicas
become: true

View File

@ -1,6 +1,5 @@
---
# Creates the first server for an IPA infrastructure
# Variables for the infrastructure are in inventory/ipainventory
# Recommended specs for the IPA systems, that scale based on number of objects:
# CPU: 2 cores
# Memory: 4GB
@ -44,7 +43,7 @@
- reload_networkmanager
roles:
- role: ipaserver
- role: freeipa.ansible_freeipa.ipaserver
state: present
post_tasks:

View File

@ -10,7 +10,7 @@
include_vars: "{{ item }}"
with_first_found:
- "ipaserver.yml"
when: "'ipaservers' in group_names"
when: "'ipa' in group_names"
- name: Check if system is EFI
stat:

View File

@ -0,0 +1 @@
Put all local roles here

View File

@ -0,0 +1 @@
Do not put any roles here, This is a placeholder for public roles installed via galaxy

View File

@ -0,0 +1,10 @@
---
roles:
- name: geerlingguy.mysql
collections:
# freeipa
- name: freeipa.ansible_freeipa
version: 0.3.1
- name: community.general

4
ansible/ssh_config Normal file
View File

@ -0,0 +1,4 @@
ControlMaster auto
ControlPersist 30m
UserKnownHostsFile tmp/known_hosts
HashKnownHosts no

1
ansible/tmp/Readme.md Normal file
View File

@ -0,0 +1 @@
Keep folder empty