Commit Graph

251 Commits

Author SHA1 Message Date
nazunalika
db25755b52
reduce banner 2021-01-21 15:12:18 -07:00
nazunalika
d20f9a5e61
fix hardening 2021-01-21 15:05:35 -07:00
nazunalika
a283fd378f
mantis 2021-01-20 17:55:13 -07:00
nazunalika
992f4cddd9
naming consistency 2021-01-20 16:56:01 -07:00
nazunalika
ccebf54810 forgot sigul service 2021-01-19 22:17:01 -07:00
nazunalika
87bd02945a sigul and koji 2021-01-19 22:05:28 -07:00
nazunalika
1747f1f76e noggin theme 2021-01-17 23:34:42 -07:00
nazunalika
b032f130b8 merging some internal changes for awx 2021-01-17 20:46:06 -07:00
nazunalika
a3c3ae91d6 ipa changes 2021-01-17 18:49:28 -07:00
nazunalika
dc1f097622 add in binder adhoc 2021-01-17 15:15:39 -07:00
nazunalika
4f1ae71031 getcert 2021-01-17 14:41:18 -07:00
nazunalika
a784cdd6cc ipa getcert adhoc 2021-01-17 13:04:57 -07:00
nazunalika
608c1e24c8 fixes 2021-01-14 21:28:47 -07:00
nazunalika
a01b607299 ignoring inventories 2021-01-14 21:19:35 -07:00
nazunalika
5b3293c2f5 email uniqueness constraints 2021-01-10 16:47:00 -07:00
nazunalika
852be5c8cd fixing other bits 2021-01-10 03:22:41 -07:00
nazunalika
31d777eebe dynamic updates should be true 2021-01-10 03:08:32 -07:00
nazunalika
ad81b58d3c prepping for AWX future 2021-01-09 21:47:18 -07:00
nazunalika
60580742fc upcoming bz and account services 2021-01-09 17:49:05 -07:00
nazunalika
8686535611 add support for member managers 2021-01-05 15:51:17 -07:00
nazunalika
80a4efd099 force ipa_admin requirement in some adhoc 2021-01-05 15:24:00 -07:00
nazunalika
9928289f2e rename to hidden 2021-01-05 14:29:47 -07:00
nazunalika
adfb259cbf preparing for account services 2021-01-05 14:27:14 -07:00
nazunalika
ca80358b46 ipsilon changes 2021-01-05 13:46:08 -07:00
nazunalika
91caf03464 fix gitignore for vaults 2021-01-04 13:25:16 -07:00
nazunalika
abbfcad909 removing vaults 2021-01-04 13:20:32 -07:00
nazunalika
8a8958b46c ignoring vaults 2021-01-04 13:19:24 -07:00
nazunalika
786be11457 preparing account services 2021-01-04 12:31:13 -07:00
nazunalika
6c05b159cc vars for vaults 2021-01-04 12:01:44 -07:00
nazunalika
cdce2cc45e keytab checks 2021-01-04 01:38:13 -07:00
nazunalika
b60dcb31c4 kojid 2021-01-04 01:25:53 -07:00
nazunalika
96bb3a6b5a ipa dns recorder 2021-01-03 13:07:12 -07:00
nazunalika
cb69d9eca9 rearranging 2021-01-02 22:20:20 -07:00
nazunalika
b45404cdc2 rearranging 2021-01-02 22:18:47 -07:00
nazunalika
d2dc1bef07 Add missing service account and privs 2021-01-01 20:50:00 -07:00
nazunalika
8e2f81c415 Ansible 2.7+ Best Practices and GetKeyTab Fixes
-> Changed specific pieces that are recommended to be changed in Ansible
2.7 and higher (such as using fail_msg and success_msg, not just msg for
  assertions
-> Improved the getkeytab adhoc playbook for flexibility and delegations
against a IPA server, as well as forcing the choice of the user with
permissions that can perform the action rather than the default "admin"
user in FreeIPA as a security fix.
2021-01-01 20:14:24 -07:00
nazunalika
17b7ef186e fixing spacing and tab issues 2020-12-31 20:05:27 -07:00
nazunalika
4ff14a8641 kojihub changes 2020-12-31 14:49:48 -07:00
nazunalika
99e163b220 slurry of changes and fixes 2020-12-30 02:22:58 -07:00
nazunalika
7d8ed3bbe5 adhoc rabbitmq user 2020-12-29 17:03:36 -07:00
nazunalika
b8ea1c51a1 gitlab external database prep 2020-12-28 20:43:17 -07:00
nazunalika
5f2426d840 Add requirements and fix ipa vars 2020-12-27 19:27:45 -07:00
nazunalika
928c944bb4 rabbitmq 2020-12-27 13:04:13 -07:00
nazunalika
ca68f884b7 Updating/Adding rabbitmq vars and playbooks 2020-12-26 20:39:02 -07:00
nazunalika
496e2d208d Updating/Adding rabbitmq vars and playbooks 2020-12-26 20:36:14 -07:00
nazunalika
6c27e93d7d add rabbitmq requirement 2020-12-26 09:55:46 -07:00
Louis Abel
7bfc3c3b27
Merge pull request #14956 from rocky-linux/develop
Holiday End of Development - IPA, Koji, plus other fixes
2020-12-24 10:51:25 -07:00
nazunalika
942da4ce48 quick correction on vars for koji 2020-12-24 10:45:17 -07:00
Louis Abel
319584355f
Merge pull request #14955 from samveen/langcheck
minor language nits picked
2020-12-24 10:42:52 -07:00
nazunalika
503235ecd3 gitlab ssl changes 2020-12-23 17:02:40 -07:00
nazunalika
83b76d9393 ipa groups 2020-12-23 16:19:28 -07:00
nazunalika
d30b1e6d9a add a note 2020-12-23 12:25:41 -07:00
nazunalika
fe7fb4bb07 quick fixes 2020-12-23 05:21:01 -07:00
nazunalika
7a010775c9 adding kojihub 2020-12-23 03:52:34 -07:00
nazunalika
8c1a54dafb Add ipa-getkeytab playbook 2020-12-20 22:45:55 -07:00
nazunalika
4a15dfc093 Adding in missing adhoc playbook 2020-12-20 22:34:55 -07:00
nazunalika
8dc0268a50 IPA Privileges
This release adds support for privileges and roles for the initial IPA
team accounts.
2020-12-20 22:05:52 -07:00
nazunalika
a491898f28 staging idea for koji 2020-12-18 15:52:05 -07:00
Chris Cowley
bae96c0431
Add a section to the repo for architecture (#14944)
* Proposal for monitoring responsibilities
* added an architecture diagram for Prometheus
* install graphviz
* Only run the diagrams action when someone commits a diagram
* Filled out the architecture README
* Install node Prometheus Node Exporter on all hosts

Co-authored-by: Chris Cowley <chris.cowley@fr.clara.net>
2020-12-18 16:03:49 -05:00
nazunalika
c0c8ea1ec6 fixing spelling errors 2020-12-18 01:17:53 -07:00
nazunalika
239ae1a025 Attempt Lab Rollout 2020-12-18 00:43:21 -07:00
nazunalika
e3b6aa652f add custom gitlab template 2020-12-18 00:39:37 -07:00
nazunalika
c6323199f4 Infrastructure GitLab Updates
In this push, we are making a decent amount of updates to the gitlab
playbooks as well as updating the README. See below for the changes:

* README updated for further clarity
* GitLab role with further reconfiguration for group lookups
* GitLab role with further reconfiguration to disable built-in nginx
* nginx configuration added and provided to work with omnibus
* GitLab variables updated
2020-12-17 23:40:14 -07:00
Louis Abel
5383853681
Merge pull request #14947 from nasirhm/add_gitlab_ee_role
[init] Initialize Gitlab EE Role
2020-12-17 14:59:12 -07:00
nasirhm
83283fcf4e
🔧 fix LDAP and Domain name
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-18 02:47:46 +05:00
nazunalika
309b6739b8 ipsilon missing a few vars 2020-12-16 19:35:30 -07:00
nazunalika
f15a9d3db0 adding gitlab primers with ipa fixes 2020-12-16 19:34:13 -07:00
nasirhm
ec22cb4773
🔧 Fix ansible YAML
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-17 01:31:42 +05:00
nazunalika
1ab71a2d4d repo changes and ipa fqdn notes 2020-12-16 00:09:58 -07:00
nazunalika
8e98dc04e0 Ipsilon Ready
This push is here to note that ipsilon is completed and ready to go. The
infrastructure team at some point will need certificates, whether this
is from let's encrypt or otherwise if this service is used.
2020-12-15 20:15:50 -07:00
nazunalika
06f3c0d338 fixing additional errors from testing 2020-12-15 18:26:57 -07:00
nazunalika
8e5cae005d updating ansible readme for lint 2020-12-15 00:31:41 -07:00
Samveen Gulati
2c398aefc2 minor language nits picked 2020-12-15 10:43:04 +05:30
nazunalika
1811f9343e make linter happy 2020-12-14 17:52:49 -07:00
nazunalika
08f6ff985b make linter happy 2020-12-14 17:47:22 -07:00
nazunalika
de05e55cef IdM and Variable Fixes
Identity management Team in their testing found several issues while
testing the playbooks. To ensure they continue working on deployment and
in testing, we have identified and fixed the following issues:

- Inventory variables moved to separate main.yml files were not in yaml
  format
- role-rocky-ipa-client.yml was not directly pointing to its
  collection/role
- role-rocky-ipa-replica.yml was not directly pointing to its
  collection/role
2020-12-14 16:33:16 -07:00
nazunalika
b282c97daa making sure all systems get the ipa client vars 2020-12-14 14:31:01 -07:00
nasirhm
8f3bf01869
🎉 Initialized Playbook for Gitlab EE configuration.
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-15 01:57:09 +05:00
Derek Page
c76c58b139 \#14939 - Fixing .com to .org - It was bothering me 2020-12-14 08:55:08 -05:00
Alexander Gabert
b68cf49de9
typo 2020-12-14 11:20:20 +01:00
nazunalika
ce8ba1d52b had a duplicate ipsilon role file 2020-12-14 02:23:36 -07:00
nazunalika
875a3bf917 community.mysql should be a collection 2020-12-14 02:17:52 -07:00
nazunalika
e19edd02ff make linter happy 2020-12-14 02:14:48 -07:00
nazunalika
73b304758e make linter happy 2020-12-14 02:04:40 -07:00
nazunalika
f32720f0de adding ipsilon 2020-12-14 02:01:23 -07:00
nazunalika
7a1de933d4 making linter happy 2020-12-14 00:06:29 -07:00
nazunalika
353d4bb0cf fixing issue #582 2020-12-13 23:57:25 -07:00
Louis Abel
e9106cdb69
Merge pull request #581 from derekmpage/issue-183/chrony
Issue #183/chrony
2020-12-13 22:35:38 -07:00
Derek Page
9caf9ced6b issue-183 - make lint happy 2020-12-13 23:09:20 -05:00
Derek Page
faf9e6fd48 issue-183 - make lint happy 2020-12-13 23:04:42 -05:00
Derek Page
5c50c36a69 issue-183 - add chrony server/client playbooks 2020-12-13 22:49:57 -05:00
Louis Abel
46c00c6139
Merge pull request #580 from bluikko/requirements-ipsilon
Fix branch name for ipsilon role requirement
2020-12-13 20:08:08 -07:00
nazunalika
868c9fc772 fixing some little mistakes 2020-12-13 20:06:42 -07:00
bluikko
fea1a13b73
Fix branch name for ipsilon role requirement 2020-12-14 08:51:18 +07:00
bluikko
ea56897fe3
Real changed_when for galaxy installs
Instead of always claiming nothing changed, set changed when something was installed.
2020-12-14 08:42:30 +07:00
danielkubat
dec785e225 make linter happy 2020-12-13 19:46:38 +01:00
danielkubat
dca7691f4a grub tasks moved to separate file 2020-12-13 19:41:26 +01:00
Louis Abel
3379f4d1eb
Merge pull request #576 from danielkubat/auditd
auditd moved to separate tasks file
2020-12-13 10:44:35 -07:00
danielkubat
6ccae2ef4e handler removed, auditd can't be managed manually 2020-12-13 18:24:14 +01:00
danielkubat
c8cb5ef4cf auditd move to separate tasks file 2020-12-13 18:22:55 +01:00
Pavlos Daoglou
77bebb1a08 updates syntax and deprecated include statements 2020-12-13 13:54:31 +02:00
nazunalika
cdd0e25232 fixing latest / present lint 2020-12-13 03:09:00 -07:00
nazunalika
6822dfe739 prepping for ipsilon role 2020-12-13 03:00:33 -07:00
nazunalika
63abc4341d lnting, removing redundant requirements 2020-12-12 14:42:03 -07:00
Louis Abel
107081378b
Merge pull request #186 from chriscowley/main
WIP: Added some code to install a Prometheus server
2020-12-12 14:33:13 -07:00
danielkubat
e7c8997f9f Lint fixes 2020-12-12 22:31:26 +01:00
Chris Cowley
1ec706d2f4 Add an example config for nodes 2020-12-12 22:24:01 +01:00
Chris Cowley
e1085d7e22 Do not open up FW port for Prometheus. 2020-12-12 22:14:57 +01:00
Chris Cowley
9b52bb2110 Add monitoring roles to requirements.yml 2020-12-12 22:12:50 +01:00
danielkubat
706c504431 Make yamllint happy, formatting fixes 2020-12-12 22:02:53 +01:00
Chris Cowley
e1bd3b1eb1 Install Prometheus 2020-12-12 21:34:59 +01:00
nazunalika
242c506bcd authentication - prepping system build 2020-12-12 12:58:00 -07:00
nazunalika
1b185b581d linting changes, prepping for pam/authselect 2020-12-12 11:46:20 -07:00
nazunalika
525802e753 fixing linting errors 2020-12-12 11:16:37 -07:00
Pascal Watteel
ec056805ff changed the structure to reflect more modern ansible best practices
moved inv vars to group vars
moved roles to collections and fixed playbooks
added a prepare ansible host playbook to download needed roles and playbooks
modified public roles and collection paths to install inside our dir structure to keep them from global installation
2020-12-12 18:13:38 +04:00
nazunalika
bbf1976a5f starting auth section 2020-12-12 05:39:37 -07:00
bluikko
534c1f8a48
Add Ansible Lint action and fix lint errors 2020-12-12 15:16:44 +07:00
bluikko
c41119f58a
Comment out unfinished task 2020-12-12 14:57:10 +07:00
danielkubat
c3dcc26f29 Comment not indented like content 2020-12-12 03:32:37 +01:00
danielkubat
af0b20f7a8 Sudoers include defined as file 2020-12-12 03:28:20 +01:00
danielkubat
458d5db418 Empty line deleted 2020-12-12 03:11:06 +01:00
danielkubat
4032d4ce1d Make yamllint happy 2020-12-12 03:10:29 +01:00
danielkubat
893c8a343b Use pam_limits module to set limits 2020-12-12 02:52:30 +01:00
danielkubat
10f14194fe Formatting fixes 2020-12-12 02:12:11 +01:00
danielkubat
902cc8536e Use template to generate modprobe settings 2020-12-12 02:11:30 +01:00
Louis Abel
1f20af2331
Merge pull request #17 from danielkubat/ssh
Ensure SSH daemon is enabled
2020-12-11 17:40:54 -07:00
danielkubat
69f3fe199f Ensure SSH daemon is enabled, better wording 2020-12-12 01:31:23 +01:00
nazunalika
67e17edf7a hardening corrections 2020-12-11 17:31:21 -07:00
nazunalika
42abf5df58 ansible lint fixes 2020-12-11 16:54:32 -07:00
danielkubat
fb29ea7a85 Formatting fixes 2020-12-12 00:07:58 +01:00
nazunalika
2eff99f318 linting test and some fixes for #15 2020-12-11 15:20:26 -07:00
nazunalika
33a6d29608 linting, ipa rdns 2020-12-11 14:00:14 -07:00
nazunalika
085c9ae83e additional hardening - preparing for test 2020-12-11 12:15:17 -07:00
nazunalika
b0c2eb1abb update readme for ansible 2020-12-11 03:47:36 -07:00
nazunalika
3ab07302dd update readme for ansible 2020-12-11 03:30:37 -07:00
nazunalika
801e586c97 yaml and ansible linting 2020-12-11 01:13:16 -07:00
nazunalika
eeed6dbcb2 yaml and ansible linting 2020-12-11 00:39:15 -07:00
nazunalika
ee72d1960f linting 2020-12-10 16:40:49 -07:00
nazunalika
e2626acf9f docs and bugfixes 2020-12-10 16:11:41 -07:00
nazunalika
348b543cb3 automated test failure: wrong file name 2020-12-10 14:31:39 -07:00
nazunalika
d80300602d hardening and sysconfig 2020-12-10 12:59:59 -07:00
nazunalika
523d673038 restructure 2020-12-10 12:28:25 -07:00
nazunalika
0e156c8808 restructure 2020-12-10 12:26:11 -07:00
nazunalika
e22874986a docs and change from role to init 2020-12-10 11:19:24 -07:00
nazunalika
d6ec1cc605 adding prechecks to roles 2020-12-10 11:07:43 -07:00
Louis Abel
9a62020a48
Merge pull request #4 from SherifNagy/kvmhosts-playbook
KVM host initial playbook
2020-12-10 10:50:36 -07:00
nazunalika
6d133a5f96 documentation 2020-12-10 10:48:58 -07:00
Sherif Nagy
ff54f8249e
KVM host initial playbook 2020-12-10 17:38:37 +00:00
nazunalika
a9a483b546 Fix DNS for replica rollout plus info 2020-12-10 01:43:19 -07:00
nazunalika
d07670d7e2 Additional comments and docs 2020-12-10 00:42:05 -07:00