nazunalika
d2dc1bef07
Add missing service account and privs
2021-01-01 20:50:00 -07:00
nazunalika
8e2f81c415
Ansible 2.7+ Best Practices and GetKeyTab Fixes
...
-> Changed specific pieces that are recommended to be changed in Ansible
2.7 and higher (such as using fail_msg and success_msg, not just msg for
assertions
-> Improved the getkeytab adhoc playbook for flexibility and delegations
against a IPA server, as well as forcing the choice of the user with
permissions that can perform the action rather than the default "admin"
user in FreeIPA as a security fix.
2021-01-01 20:14:24 -07:00
nazunalika
17b7ef186e
fixing spacing and tab issues
2020-12-31 20:05:27 -07:00
nazunalika
4ff14a8641
kojihub changes
2020-12-31 14:49:48 -07:00
nazunalika
99e163b220
slurry of changes and fixes
2020-12-30 02:22:58 -07:00
nazunalika
7d8ed3bbe5
adhoc rabbitmq user
2020-12-29 17:03:36 -07:00
nazunalika
b8ea1c51a1
gitlab external database prep
2020-12-28 20:43:17 -07:00
nazunalika
5f2426d840
Add requirements and fix ipa vars
2020-12-27 19:27:45 -07:00
nazunalika
928c944bb4
rabbitmq
2020-12-27 13:04:13 -07:00
nazunalika
ca68f884b7
Updating/Adding rabbitmq vars and playbooks
2020-12-26 20:39:02 -07:00
nazunalika
496e2d208d
Updating/Adding rabbitmq vars and playbooks
2020-12-26 20:36:14 -07:00
nazunalika
6c27e93d7d
add rabbitmq requirement
2020-12-26 09:55:46 -07:00
nazunalika
942da4ce48
quick correction on vars for koji
2020-12-24 10:45:17 -07:00
nazunalika
503235ecd3
gitlab ssl changes
2020-12-23 17:02:40 -07:00
nazunalika
83b76d9393
ipa groups
2020-12-23 16:19:28 -07:00
nazunalika
d30b1e6d9a
add a note
2020-12-23 12:25:41 -07:00
nazunalika
fe7fb4bb07
quick fixes
2020-12-23 05:21:01 -07:00
nazunalika
7a010775c9
adding kojihub
2020-12-23 03:52:34 -07:00
nazunalika
8c1a54dafb
Add ipa-getkeytab playbook
2020-12-20 22:45:55 -07:00
nazunalika
4a15dfc093
Adding in missing adhoc playbook
2020-12-20 22:34:55 -07:00
nazunalika
8dc0268a50
IPA Privileges
...
This release adds support for privileges and roles for the initial IPA
team accounts.
2020-12-20 22:05:52 -07:00
Chris Cowley
bae96c0431
Add a section to the repo for architecture ( #14944 )
...
* Proposal for monitoring responsibilities
* added an architecture diagram for Prometheus
* install graphviz
* Only run the diagrams action when someone commits a diagram
* Filled out the architecture README
* Install node Prometheus Node Exporter on all hosts
Co-authored-by: Chris Cowley <chris.cowley@fr.clara.net>
2020-12-18 16:03:49 -05:00
nazunalika
c0c8ea1ec6
fixing spelling errors
2020-12-18 01:17:53 -07:00
nazunalika
239ae1a025
Attempt Lab Rollout
2020-12-18 00:43:21 -07:00
nazunalika
e3b6aa652f
add custom gitlab template
2020-12-18 00:39:37 -07:00
nazunalika
c6323199f4
Infrastructure GitLab Updates
...
In this push, we are making a decent amount of updates to the gitlab
playbooks as well as updating the README. See below for the changes:
* README updated for further clarity
* GitLab role with further reconfiguration for group lookups
* GitLab role with further reconfiguration to disable built-in nginx
* nginx configuration added and provided to work with omnibus
* GitLab variables updated
2020-12-17 23:40:14 -07:00
Louis Abel
5383853681
Merge pull request #14947 from nasirhm/add_gitlab_ee_role
...
[init] Initialize Gitlab EE Role
2020-12-17 14:59:12 -07:00
nasirhm
83283fcf4e
🔧 fix LDAP and Domain name
...
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-18 02:47:46 +05:00
nazunalika
309b6739b8
ipsilon missing a few vars
2020-12-16 19:35:30 -07:00
nazunalika
f15a9d3db0
adding gitlab primers with ipa fixes
2020-12-16 19:34:13 -07:00
nasirhm
ec22cb4773
🔧 Fix ansible YAML
...
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-17 01:31:42 +05:00
nazunalika
1ab71a2d4d
repo changes and ipa fqdn notes
2020-12-16 00:09:58 -07:00
nazunalika
8e98dc04e0
Ipsilon Ready
...
This push is here to note that ipsilon is completed and ready to go. The
infrastructure team at some point will need certificates, whether this
is from let's encrypt or otherwise if this service is used.
2020-12-15 20:15:50 -07:00
nazunalika
06f3c0d338
fixing additional errors from testing
2020-12-15 18:26:57 -07:00
nazunalika
1811f9343e
make linter happy
2020-12-14 17:52:49 -07:00
nazunalika
08f6ff985b
make linter happy
2020-12-14 17:47:22 -07:00
nazunalika
de05e55cef
IdM and Variable Fixes
...
Identity management Team in their testing found several issues while
testing the playbooks. To ensure they continue working on deployment and
in testing, we have identified and fixed the following issues:
- Inventory variables moved to separate main.yml files were not in yaml
format
- role-rocky-ipa-client.yml was not directly pointing to its
collection/role
- role-rocky-ipa-replica.yml was not directly pointing to its
collection/role
2020-12-14 16:33:16 -07:00
nazunalika
b282c97daa
making sure all systems get the ipa client vars
2020-12-14 14:31:01 -07:00
nasirhm
8f3bf01869
🎉 Initialized Playbook for Gitlab EE configuration.
...
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-15 01:57:09 +05:00
Derek Page
c76c58b139
\#14939 - Fixing .com to .org - It was bothering me
2020-12-14 08:55:08 -05:00
Alexander Gabert
b68cf49de9
typo
2020-12-14 11:20:20 +01:00
nazunalika
ce8ba1d52b
had a duplicate ipsilon role file
2020-12-14 02:23:36 -07:00
nazunalika
f32720f0de
adding ipsilon
2020-12-14 02:01:23 -07:00
nazunalika
7a1de933d4
making linter happy
2020-12-14 00:06:29 -07:00
nazunalika
353d4bb0cf
fixing issue #582
2020-12-13 23:57:25 -07:00
Louis Abel
e9106cdb69
Merge pull request #581 from derekmpage/issue-183/chrony
...
Issue #183/chrony
2020-12-13 22:35:38 -07:00
Derek Page
9caf9ced6b
issue-183 - make lint happy
2020-12-13 23:09:20 -05:00
Derek Page
faf9e6fd48
issue-183 - make lint happy
2020-12-13 23:04:42 -05:00
Derek Page
5c50c36a69
issue-183 - add chrony server/client playbooks
2020-12-13 22:49:57 -05:00
nazunalika
868c9fc772
fixing some little mistakes
2020-12-13 20:06:42 -07:00
bluikko
ea56897fe3
Real changed_when for galaxy installs
...
Instead of always claiming nothing changed, set changed when something was installed.
2020-12-14 08:42:30 +07:00
danielkubat
dec785e225
make linter happy
2020-12-13 19:46:38 +01:00
danielkubat
dca7691f4a
grub tasks moved to separate file
2020-12-13 19:41:26 +01:00
Louis Abel
3379f4d1eb
Merge pull request #576 from danielkubat/auditd
...
auditd moved to separate tasks file
2020-12-13 10:44:35 -07:00
danielkubat
6ccae2ef4e
handler removed, auditd can't be managed manually
2020-12-13 18:24:14 +01:00
danielkubat
c8cb5ef4cf
auditd move to separate tasks file
2020-12-13 18:22:55 +01:00
Pavlos Daoglou
77bebb1a08
updates syntax and deprecated include statements
2020-12-13 13:54:31 +02:00
nazunalika
cdd0e25232
fixing latest / present lint
2020-12-13 03:09:00 -07:00
nazunalika
6822dfe739
prepping for ipsilon role
2020-12-13 03:00:33 -07:00
nazunalika
63abc4341d
lnting, removing redundant requirements
2020-12-12 14:42:03 -07:00
Louis Abel
107081378b
Merge pull request #186 from chriscowley/main
...
WIP: Added some code to install a Prometheus server
2020-12-12 14:33:13 -07:00
danielkubat
e7c8997f9f
Lint fixes
2020-12-12 22:31:26 +01:00
Chris Cowley
1ec706d2f4
Add an example config for nodes
2020-12-12 22:24:01 +01:00
Chris Cowley
e1085d7e22
Do not open up FW port for Prometheus.
2020-12-12 22:14:57 +01:00
Chris Cowley
9b52bb2110
Add monitoring roles to requirements.yml
2020-12-12 22:12:50 +01:00
danielkubat
706c504431
Make yamllint happy, formatting fixes
2020-12-12 22:02:53 +01:00
Chris Cowley
e1bd3b1eb1
Install Prometheus
2020-12-12 21:34:59 +01:00
nazunalika
242c506bcd
authentication - prepping system build
2020-12-12 12:58:00 -07:00
nazunalika
1b185b581d
linting changes, prepping for pam/authselect
2020-12-12 11:46:20 -07:00
nazunalika
525802e753
fixing linting errors
2020-12-12 11:16:37 -07:00
Pascal Watteel
ec056805ff
changed the structure to reflect more modern ansible best practices
...
moved inv vars to group vars
moved roles to collections and fixed playbooks
added a prepare ansible host playbook to download needed roles and playbooks
modified public roles and collection paths to install inside our dir structure to keep them from global installation
2020-12-12 18:13:38 +04:00
nazunalika
bbf1976a5f
starting auth section
2020-12-12 05:39:37 -07:00
bluikko
534c1f8a48
Add Ansible Lint action and fix lint errors
2020-12-12 15:16:44 +07:00
bluikko
c41119f58a
Comment out unfinished task
2020-12-12 14:57:10 +07:00
danielkubat
c3dcc26f29
Comment not indented like content
2020-12-12 03:32:37 +01:00
danielkubat
af0b20f7a8
Sudoers include defined as file
2020-12-12 03:28:20 +01:00
danielkubat
458d5db418
Empty line deleted
2020-12-12 03:11:06 +01:00
danielkubat
4032d4ce1d
Make yamllint happy
2020-12-12 03:10:29 +01:00
danielkubat
893c8a343b
Use pam_limits module to set limits
2020-12-12 02:52:30 +01:00
danielkubat
10f14194fe
Formatting fixes
2020-12-12 02:12:11 +01:00
danielkubat
902cc8536e
Use template to generate modprobe settings
2020-12-12 02:11:30 +01:00
Louis Abel
1f20af2331
Merge pull request #17 from danielkubat/ssh
...
Ensure SSH daemon is enabled
2020-12-11 17:40:54 -07:00
danielkubat
69f3fe199f
Ensure SSH daemon is enabled, better wording
2020-12-12 01:31:23 +01:00
nazunalika
67e17edf7a
hardening corrections
2020-12-11 17:31:21 -07:00
nazunalika
42abf5df58
ansible lint fixes
2020-12-11 16:54:32 -07:00
danielkubat
fb29ea7a85
Formatting fixes
2020-12-12 00:07:58 +01:00
nazunalika
2eff99f318
linting test and some fixes for #15
2020-12-11 15:20:26 -07:00
nazunalika
33a6d29608
linting, ipa rdns
2020-12-11 14:00:14 -07:00
nazunalika
085c9ae83e
additional hardening - preparing for test
2020-12-11 12:15:17 -07:00
nazunalika
801e586c97
yaml and ansible linting
2020-12-11 01:13:16 -07:00
nazunalika
eeed6dbcb2
yaml and ansible linting
2020-12-11 00:39:15 -07:00
nazunalika
ee72d1960f
linting
2020-12-10 16:40:49 -07:00
nazunalika
e2626acf9f
docs and bugfixes
2020-12-10 16:11:41 -07:00
nazunalika
348b543cb3
automated test failure: wrong file name
2020-12-10 14:31:39 -07:00
nazunalika
d80300602d
hardening and sysconfig
2020-12-10 12:59:59 -07:00
nazunalika
523d673038
restructure
2020-12-10 12:28:25 -07:00
nazunalika
0e156c8808
restructure
2020-12-10 12:26:11 -07:00