WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
03865d03b3167d807717955987055e70020d227e
fedora-infra_ansible/playbooks/groups/ipatuura.yml
Aurélien Bompard cb4cb65387 IPA-tuura: configure sssd ourselves 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2025-10-23 18:05:53 +02:00

101 lines
2.5 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml"
vars:
myhosts: "ipatuura_stg"
- name: Setup the database
hosts: db-fas01.stg.rdu3.fedoraproject.org
gather_facts: no
become: yes
become_user: postgres
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- /srv/private/ansible/vars.yml
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: IPA-tuura DB user
community.postgresql.postgresql_user:
name: ipatuura
password: "{{ (env == 'production') | ternary(ipatuura_db_password_prod, ipatuura_db_password_stg) }}"
- name: IPA-tuura database creation
community.postgresql.postgresql_db:
name: ipatuura
owner: ipatuura
encoding: UTF-8
- name: Make the box be real
hosts: ipatuura_stg
user: root
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
roles:
- base
- rkhunter
- nagios_client
#- zabbix/zabbix_agent
- hosts
- rsyncd
- sudo
- collectd/base
- {role: openvpn/client,
when: env != "staging"}
- mod_wsgi
- ipa/client
- ipatuura
pre_tasks:
- import_tasks: "{{ tasks_path }}/yumrepos.yml"
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"
# - name: Deploy
#  hosts: ipatuura_stg
#  user: root
#  gather_facts: true
# 
#  vars_files:
#  - /srv/web/infra/ansible/vars/global.yml
#  - "/srv/private/ansible/vars.yml"
#  - "{{ vars_path }}/{{ ansible_distribution }}.yml"
# 
#  roles:
#  - ipatuura
# 
#  handlers:
#  - import_tasks: "{{ handlers_path }}/restart_services.yml"
# This next block configures IPA, it only needs to be run on one member of the cluster.
# Run it after setting up Ipsilon because the host need to be declared in IPA already.
- name: Setup IPA
hosts: ipa_rdu3[0]:ipa_stg_rdu3[0]
user: root
gather_facts: true
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Allow login through IPA-tuura
ipahbacrule:
name: hostgroup/ipatuura/login
description: Login through an IPA/OIDC gateway
hbacsvc:
- login
usercategory: all
host: "{{ (env == 'production')|ternary(groups['ipatuura'], groups['ipatuura_stg']) }}"
ipaadmin_password: "{{ ipa_admin_password }}"
tags:
- ipatuura
Reference in New Issue View Git Blame Copy Permalink