-> Changed specific pieces that are recommended to be changed in Ansible
2.7 and higher (such as using fail_msg and success_msg, not just msg for
assertions
-> Improved the getkeytab adhoc playbook for flexibility and delegations
against a IPA server, as well as forcing the choice of the user with
permissions that can perform the action rather than the default "admin"
user in FreeIPA as a security fix.
* Proposal for monitoring responsibilities
* added an architecture diagram for Prometheus
* install graphviz
* Only run the diagrams action when someone commits a diagram
* Filled out the architecture README
* Install node Prometheus Node Exporter on all hosts
Co-authored-by: Chris Cowley <chris.cowley@fr.clara.net>
In this push, we are making a decent amount of updates to the gitlab
playbooks as well as updating the README. See below for the changes:
* README updated for further clarity
* GitLab role with further reconfiguration for group lookups
* GitLab role with further reconfiguration to disable built-in nginx
* nginx configuration added and provided to work with omnibus
* GitLab variables updated
This push is here to note that ipsilon is completed and ready to go. The
infrastructure team at some point will need certificates, whether this
is from let's encrypt or otherwise if this service is used.
Identity management Team in their testing found several issues while
testing the playbooks. To ensure they continue working on deployment and
in testing, we have identified and fixed the following issues:
- Inventory variables moved to separate main.yml files were not in yaml
format
- role-rocky-ipa-client.yml was not directly pointing to its
collection/role
- role-rocky-ipa-replica.yml was not directly pointing to its
collection/role