Commit Graph

147 Commits

Author SHA1 Message Date
nazunalika
d2dc1bef07 Add missing service account and privs 2021-01-01 20:50:00 -07:00
nazunalika
8e2f81c415 Ansible 2.7+ Best Practices and GetKeyTab Fixes
-> Changed specific pieces that are recommended to be changed in Ansible
2.7 and higher (such as using fail_msg and success_msg, not just msg for
  assertions
-> Improved the getkeytab adhoc playbook for flexibility and delegations
against a IPA server, as well as forcing the choice of the user with
permissions that can perform the action rather than the default "admin"
user in FreeIPA as a security fix.
2021-01-01 20:14:24 -07:00
nazunalika
17b7ef186e fixing spacing and tab issues 2020-12-31 20:05:27 -07:00
nazunalika
4ff14a8641 kojihub changes 2020-12-31 14:49:48 -07:00
nazunalika
99e163b220 slurry of changes and fixes 2020-12-30 02:22:58 -07:00
nazunalika
7d8ed3bbe5 adhoc rabbitmq user 2020-12-29 17:03:36 -07:00
nazunalika
b8ea1c51a1 gitlab external database prep 2020-12-28 20:43:17 -07:00
nazunalika
5f2426d840 Add requirements and fix ipa vars 2020-12-27 19:27:45 -07:00
nazunalika
928c944bb4 rabbitmq 2020-12-27 13:04:13 -07:00
nazunalika
ca68f884b7 Updating/Adding rabbitmq vars and playbooks 2020-12-26 20:39:02 -07:00
nazunalika
496e2d208d Updating/Adding rabbitmq vars and playbooks 2020-12-26 20:36:14 -07:00
nazunalika
6c27e93d7d add rabbitmq requirement 2020-12-26 09:55:46 -07:00
nazunalika
942da4ce48 quick correction on vars for koji 2020-12-24 10:45:17 -07:00
nazunalika
503235ecd3 gitlab ssl changes 2020-12-23 17:02:40 -07:00
nazunalika
83b76d9393 ipa groups 2020-12-23 16:19:28 -07:00
nazunalika
d30b1e6d9a add a note 2020-12-23 12:25:41 -07:00
nazunalika
fe7fb4bb07 quick fixes 2020-12-23 05:21:01 -07:00
nazunalika
7a010775c9 adding kojihub 2020-12-23 03:52:34 -07:00
nazunalika
8c1a54dafb Add ipa-getkeytab playbook 2020-12-20 22:45:55 -07:00
nazunalika
4a15dfc093 Adding in missing adhoc playbook 2020-12-20 22:34:55 -07:00
nazunalika
8dc0268a50 IPA Privileges
This release adds support for privileges and roles for the initial IPA
team accounts.
2020-12-20 22:05:52 -07:00
Chris Cowley
bae96c0431
Add a section to the repo for architecture (#14944)
* Proposal for monitoring responsibilities
* added an architecture diagram for Prometheus
* install graphviz
* Only run the diagrams action when someone commits a diagram
* Filled out the architecture README
* Install node Prometheus Node Exporter on all hosts

Co-authored-by: Chris Cowley <chris.cowley@fr.clara.net>
2020-12-18 16:03:49 -05:00
nazunalika
c0c8ea1ec6 fixing spelling errors 2020-12-18 01:17:53 -07:00
nazunalika
239ae1a025 Attempt Lab Rollout 2020-12-18 00:43:21 -07:00
nazunalika
e3b6aa652f add custom gitlab template 2020-12-18 00:39:37 -07:00
nazunalika
c6323199f4 Infrastructure GitLab Updates
In this push, we are making a decent amount of updates to the gitlab
playbooks as well as updating the README. See below for the changes:

* README updated for further clarity
* GitLab role with further reconfiguration for group lookups
* GitLab role with further reconfiguration to disable built-in nginx
* nginx configuration added and provided to work with omnibus
* GitLab variables updated
2020-12-17 23:40:14 -07:00
Louis Abel
5383853681
Merge pull request #14947 from nasirhm/add_gitlab_ee_role
[init] Initialize Gitlab EE Role
2020-12-17 14:59:12 -07:00
nasirhm
83283fcf4e
🔧 fix LDAP and Domain name
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-18 02:47:46 +05:00
nazunalika
309b6739b8 ipsilon missing a few vars 2020-12-16 19:35:30 -07:00
nazunalika
f15a9d3db0 adding gitlab primers with ipa fixes 2020-12-16 19:34:13 -07:00
nasirhm
ec22cb4773
🔧 Fix ansible YAML
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-17 01:31:42 +05:00
nazunalika
1ab71a2d4d repo changes and ipa fqdn notes 2020-12-16 00:09:58 -07:00
nazunalika
8e98dc04e0 Ipsilon Ready
This push is here to note that ipsilon is completed and ready to go. The
infrastructure team at some point will need certificates, whether this
is from let's encrypt or otherwise if this service is used.
2020-12-15 20:15:50 -07:00
nazunalika
06f3c0d338 fixing additional errors from testing 2020-12-15 18:26:57 -07:00
nazunalika
1811f9343e make linter happy 2020-12-14 17:52:49 -07:00
nazunalika
08f6ff985b make linter happy 2020-12-14 17:47:22 -07:00
nazunalika
de05e55cef IdM and Variable Fixes
Identity management Team in their testing found several issues while
testing the playbooks. To ensure they continue working on deployment and
in testing, we have identified and fixed the following issues:

- Inventory variables moved to separate main.yml files were not in yaml
  format
- role-rocky-ipa-client.yml was not directly pointing to its
  collection/role
- role-rocky-ipa-replica.yml was not directly pointing to its
  collection/role
2020-12-14 16:33:16 -07:00
nazunalika
b282c97daa making sure all systems get the ipa client vars 2020-12-14 14:31:01 -07:00
nasirhm
8f3bf01869
🎉 Initialized Playbook for Gitlab EE configuration.
Signed-off-by: nasirhm <nasirhussainm14@gmail.com>
2020-12-15 01:57:09 +05:00
Derek Page
c76c58b139 \#14939 - Fixing .com to .org - It was bothering me 2020-12-14 08:55:08 -05:00
Alexander Gabert
b68cf49de9
typo 2020-12-14 11:20:20 +01:00
nazunalika
ce8ba1d52b had a duplicate ipsilon role file 2020-12-14 02:23:36 -07:00
nazunalika
f32720f0de adding ipsilon 2020-12-14 02:01:23 -07:00
nazunalika
7a1de933d4 making linter happy 2020-12-14 00:06:29 -07:00
nazunalika
353d4bb0cf fixing issue #582 2020-12-13 23:57:25 -07:00
Louis Abel
e9106cdb69
Merge pull request #581 from derekmpage/issue-183/chrony
Issue #183/chrony
2020-12-13 22:35:38 -07:00
Derek Page
9caf9ced6b issue-183 - make lint happy 2020-12-13 23:09:20 -05:00
Derek Page
faf9e6fd48 issue-183 - make lint happy 2020-12-13 23:04:42 -05:00
Derek Page
5c50c36a69 issue-183 - add chrony server/client playbooks 2020-12-13 22:49:57 -05:00
nazunalika
868c9fc772 fixing some little mistakes 2020-12-13 20:06:42 -07:00
bluikko
ea56897fe3
Real changed_when for galaxy installs
Instead of always claiming nothing changed, set changed when something was installed.
2020-12-14 08:42:30 +07:00
danielkubat
dec785e225 make linter happy 2020-12-13 19:46:38 +01:00
danielkubat
dca7691f4a grub tasks moved to separate file 2020-12-13 19:41:26 +01:00
Louis Abel
3379f4d1eb
Merge pull request #576 from danielkubat/auditd
auditd moved to separate tasks file
2020-12-13 10:44:35 -07:00
danielkubat
6ccae2ef4e handler removed, auditd can't be managed manually 2020-12-13 18:24:14 +01:00
danielkubat
c8cb5ef4cf auditd move to separate tasks file 2020-12-13 18:22:55 +01:00
Pavlos Daoglou
77bebb1a08 updates syntax and deprecated include statements 2020-12-13 13:54:31 +02:00
nazunalika
cdd0e25232 fixing latest / present lint 2020-12-13 03:09:00 -07:00
nazunalika
6822dfe739 prepping for ipsilon role 2020-12-13 03:00:33 -07:00
nazunalika
63abc4341d lnting, removing redundant requirements 2020-12-12 14:42:03 -07:00
Louis Abel
107081378b
Merge pull request #186 from chriscowley/main
WIP: Added some code to install a Prometheus server
2020-12-12 14:33:13 -07:00
danielkubat
e7c8997f9f Lint fixes 2020-12-12 22:31:26 +01:00
Chris Cowley
1ec706d2f4 Add an example config for nodes 2020-12-12 22:24:01 +01:00
Chris Cowley
e1085d7e22 Do not open up FW port for Prometheus. 2020-12-12 22:14:57 +01:00
Chris Cowley
9b52bb2110 Add monitoring roles to requirements.yml 2020-12-12 22:12:50 +01:00
danielkubat
706c504431 Make yamllint happy, formatting fixes 2020-12-12 22:02:53 +01:00
Chris Cowley
e1bd3b1eb1 Install Prometheus 2020-12-12 21:34:59 +01:00
nazunalika
242c506bcd authentication - prepping system build 2020-12-12 12:58:00 -07:00
nazunalika
1b185b581d linting changes, prepping for pam/authselect 2020-12-12 11:46:20 -07:00
nazunalika
525802e753 fixing linting errors 2020-12-12 11:16:37 -07:00
Pascal Watteel
ec056805ff changed the structure to reflect more modern ansible best practices
moved inv vars to group vars
moved roles to collections and fixed playbooks
added a prepare ansible host playbook to download needed roles and playbooks
modified public roles and collection paths to install inside our dir structure to keep them from global installation
2020-12-12 18:13:38 +04:00
nazunalika
bbf1976a5f starting auth section 2020-12-12 05:39:37 -07:00
bluikko
534c1f8a48
Add Ansible Lint action and fix lint errors 2020-12-12 15:16:44 +07:00
bluikko
c41119f58a
Comment out unfinished task 2020-12-12 14:57:10 +07:00
danielkubat
c3dcc26f29 Comment not indented like content 2020-12-12 03:32:37 +01:00
danielkubat
af0b20f7a8 Sudoers include defined as file 2020-12-12 03:28:20 +01:00
danielkubat
458d5db418 Empty line deleted 2020-12-12 03:11:06 +01:00
danielkubat
4032d4ce1d Make yamllint happy 2020-12-12 03:10:29 +01:00
danielkubat
893c8a343b Use pam_limits module to set limits 2020-12-12 02:52:30 +01:00
danielkubat
10f14194fe Formatting fixes 2020-12-12 02:12:11 +01:00
danielkubat
902cc8536e Use template to generate modprobe settings 2020-12-12 02:11:30 +01:00
Louis Abel
1f20af2331
Merge pull request #17 from danielkubat/ssh
Ensure SSH daemon is enabled
2020-12-11 17:40:54 -07:00
danielkubat
69f3fe199f Ensure SSH daemon is enabled, better wording 2020-12-12 01:31:23 +01:00
nazunalika
67e17edf7a hardening corrections 2020-12-11 17:31:21 -07:00
nazunalika
42abf5df58 ansible lint fixes 2020-12-11 16:54:32 -07:00
danielkubat
fb29ea7a85 Formatting fixes 2020-12-12 00:07:58 +01:00
nazunalika
2eff99f318 linting test and some fixes for #15 2020-12-11 15:20:26 -07:00
nazunalika
33a6d29608 linting, ipa rdns 2020-12-11 14:00:14 -07:00
nazunalika
085c9ae83e additional hardening - preparing for test 2020-12-11 12:15:17 -07:00
nazunalika
801e586c97 yaml and ansible linting 2020-12-11 01:13:16 -07:00
nazunalika
eeed6dbcb2 yaml and ansible linting 2020-12-11 00:39:15 -07:00
nazunalika
ee72d1960f linting 2020-12-10 16:40:49 -07:00
nazunalika
e2626acf9f docs and bugfixes 2020-12-10 16:11:41 -07:00
nazunalika
348b543cb3 automated test failure: wrong file name 2020-12-10 14:31:39 -07:00
nazunalika
d80300602d hardening and sysconfig 2020-12-10 12:59:59 -07:00
nazunalika
523d673038 restructure 2020-12-10 12:28:25 -07:00
nazunalika
0e156c8808 restructure 2020-12-10 12:26:11 -07:00