mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-01 09:50:18 +08:00
113 lines
2.4 KiB
YAML
113 lines
2.4 KiB
YAML
- name: install needed packages for scripts
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- python3-freeipa
|
|
- python3-requests-gssapi
|
|
tags:
|
|
- ipa/server
|
|
- packages
|
|
|
|
|
|
#
|
|
# Cleanup stage users
|
|
#
|
|
- name: Create the service for stage users
|
|
include_role:
|
|
name: keytab/service
|
|
apply:
|
|
tags:
|
|
- ipa/server
|
|
- config
|
|
- keytab
|
|
vars:
|
|
host: "{{ ipa_server }}"
|
|
service: stage-users
|
|
|
|
|
|
- name: Create the Stage User Administrator role
|
|
ipa_role:
|
|
name: "Stage User Administrator"
|
|
description: "Role for users that need to perform admin tasks on stage users."
|
|
privilege:
|
|
- "Stage User Administrators"
|
|
service:
|
|
- "stage-users/{{ ipa_server }}"
|
|
ipa_host: "{{ inventory_hostname }}"
|
|
ipa_user: admin
|
|
ipa_pass: "{{ipa_admin_password}}"
|
|
validate_certs: no
|
|
run_once: yes
|
|
delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
tags:
|
|
- ipa/server
|
|
- config
|
|
|
|
|
|
- name: Deploy the stage users cleanup script
|
|
copy:
|
|
src: cleanup-stage-users.py
|
|
dest: /etc/cron.daily/cleanup-stage-users
|
|
mode: 0755
|
|
# Only run the cron job on one server
|
|
run_once: yes
|
|
delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"
|
|
tags:
|
|
- ipa/server
|
|
- config
|
|
|
|
|
|
#
|
|
# OTP check for sysadmins
|
|
#
|
|
- name: Copy file for checking if sysadmins have otp set
|
|
template:
|
|
src: check_sysadmin_otp.py.j2
|
|
dest: /root/check_sysadmin_otp.py
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- ipa/server
|
|
- otp_script
|
|
|
|
|
|
#
|
|
# Collectd statistics plugin
|
|
# Requires the stage-users service to have been defined (above) with the
|
|
# corresponding permissions. That's why I'm keeping this block here and not as
|
|
# a subrole of the collectd role.
|
|
#
|
|
- name: Install and setup collectd-ipa
|
|
block:
|
|
- name: install collectd-ipa
|
|
package:
|
|
state: present
|
|
name: python3-collectd-ipa
|
|
tags:
|
|
- packages
|
|
- collectd
|
|
|
|
- name: install collectd ipa config
|
|
template:
|
|
src: "ipa.collectd.conf.j2"
|
|
dest: "/etc/collectd.d/ipa.conf"
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
tags:
|
|
- collectd
|
|
- config
|
|
notify: restart collectd
|
|
|
|
- name: Let collectd talk to the RabbitMQ management interface
|
|
seboolean:
|
|
name: collectd_tcp_network_connect
|
|
state: yes
|
|
persistent: yes
|
|
tags:
|
|
- collectd
|
|
# Only collect stats on one server
|
|
run_once: yes
|
|
delegate_to: "ipa01{{ env_suffix }}.iad2.fedoraproject.org"
|