diff --git a/.yamllint b/.yamllint index 3199669..3990f33 100644 --- a/.yamllint +++ b/.yamllint @@ -1,11 +1,11 @@ --- yaml-files: - - '*.yaml' - - '*.yml' - - '.yamllint' + - "*.yaml" + - "*.yml" + - .yamllint rules: truthy: allowed-values: - - 'true' - - 'false' + - "true" + - "false" diff --git a/collections/requirements.yml b/collections/requirements.yml index 6af99f4..d30d2b0 100644 --- a/collections/requirements.yml +++ b/collections/requirements.yml @@ -1,43 +1,43 @@ --- collections: - name: ansible.posix - version: '1.5.4' + version: 1.5.4 - name: ansible.utils - version: '5.0.0' + version: 5.0.0 - name: ansible.eda - version: '1.4.7' + version: 1.4.7 - name: ansible.netcommon - version: '7.0.0' + version: 7.0.0 - name: ansible.controller - version: '4.5.7' + version: 4.5.7 - name: community.crypto - version: '2.20.0' + version: 2.20.0 - name: community.general - version: '8.3.0' + version: 8.3.0 - name: community.dns - version: '3.0.1' + version: 3.0.1 - name: azure.azcollection - version: '2.4.0' + version: 2.4.0 - name: redhat.rhel_idm - version: '1.12.1' + version: 1.12.1 - name: redhat.rhel_system_roles - version: '1.23.0' + version: 1.23.0 - name: redhat.satellite_operations - version: '3.0.0' + version: 3.0.0 - name: redhat.satellite - version: '4.0.0' + version: 4.0.0 - name: infra.aap_utilities - version: '2.5.1' + version: 2.5.1 - name: infra.controller_configuration - version: '2.7.1' + version: 2.7.1 - name: infra.ee_utilities - version: '3.2.0' + version: 3.2.0 - name: infra.ah_configuration - version: '2.0.6' + version: 2.0.6 - name: infra.leapp - version: '1.3.1' + version: 1.3.1 - name: containers.podman - version: '1.13.0' + version: 1.13.0 roles: - name: RedHatOfficial.rhel9_cis diff --git a/mkdocs.yml b/mkdocs.yml index 099cc2f..50518af 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -25,36 +25,36 @@ markdown_extensions: - attr_list - md_in_html - pymdownx.emoji: - emoji_index: !!python/name:material.extensions.emoji.twemoji - emoji_generator: !!python/name:material.extensions.emoji.to_svg + emoji_index: !!%20python/name:material.extensions.emoji.twemoji + emoji_generator: !!%20python/name:material.extensions.emoji.to_svg nav: - Home: - - index.md - - where_to_start.md + - index.md + - where_to_start.md - Infrastructure: - - Identity Management: idm_architecture.md - - Ansible Automation Platform: aap_architecture.md - - Red Hat Satellite: satellite_architecture.md + - Identity Management: idm_architecture.md + - Ansible Automation Platform: aap_architecture.md + - Red Hat Satellite: satellite_architecture.md - RHEL: - - live_kernel.md + - live_kernel.md - Ansible: - - ansible_practices.md - - manage_credentials.md - - gitops_ansible.md - - azure_ansible_integration.md + - ansible_practices.md + - manage_credentials.md + - gitops_ansible.md + - azure_ansible_integration.md - Azure: - - network_design.md - - cost_estimation.md - - azure_rhib_integration.md - - azure_start_stop_function.md + - network_design.md + - cost_estimation.md + - azure_rhib_integration.md + - azure_start_stop_function.md - General: - - general_guidelines.md - - onboarding.md - - subscriptions.md - - git_cheat_sheet.md - - github_user.md - - sign_commits.md - - branch_standards.md - - naming_scheme.md - - configure_workstation_for_bastion.md - - slack_integration.md \ No newline at end of file + - general_guidelines.md + - onboarding.md + - subscriptions.md + - git_cheat_sheet.md + - github_user.md + - sign_commits.md + - branch_standards.md + - naming_scheme.md + - configure_workstation_for_bastion.md + - slack_integration.md diff --git a/playbooks/function_aap_configure.yml b/playbooks/function_aap_configure.yml index 32e3f8c..edb322e 100644 --- a/playbooks/function_aap_configure.yml +++ b/playbooks/function_aap_configure.yml @@ -6,7 +6,7 @@ pre_tasks: - name: Wait for Controller to come up ansible.builtin.uri: - url: "https://{{ groups.aap_controller | first }}/api/v2/ping" + url: https://{{ groups.aap_controller | first }}/api/v2/ping status_code: 200 register: result until: result.status == 200 diff --git a/playbooks/function_ca_create.yml b/playbooks/function_ca_create.yml index ccfbd6b..ae81a30 100644 --- a/playbooks/function_ca_create.yml +++ b/playbooks/function_ca_create.yml @@ -20,4 +20,4 @@ tags: git_repo_commit vars: git_repo_commit_repository: "{{ github_inventory_repo_path }}" - git_repo_commit_file: { src: "{{ __path_file_encrypted }}", dest: "group_vars/all/" } + git_repo_commit_file: { src: "{{ __path_file_encrypted }}", dest: group_vars/all/ } diff --git a/playbooks/function_enable_live_kernel.yml b/playbooks/function_enable_live_kernel.yml index 7f86e78..d52d988 100644 --- a/playbooks/function_enable_live_kernel.yml +++ b/playbooks/function_enable_live_kernel.yml @@ -14,23 +14,23 @@ - name: Deploy / update related Kernel Patch for Live Kernel Patching ansible.builtin.package: - name: "kpatch-patch = {{ ansible_kernel }}" + name: kpatch-patch = {{ ansible_kernel }} state: "{{ package_state | default(omit) }}" register: __package_install - name: Get status of kpatch-dnf ansible.builtin.command: - cmd: "dnf kpatch status" + cmd: dnf kpatch status register: __status_dnf_kpatch changed_when: false - name: Enable DNF plugin for auto install live patches ansible.builtin.command: - cmd: "dnf -y kpatch auto" + cmd: dnf -y kpatch auto changed_when: true when: "'Kpatch update setting: manual' in __status_dnf_kpatch.stdout" rescue: - name: Rescue message ansible.builtin.debug: - msg: "No kernel live patch update package exist or system is not subscribed to the repository" + msg: No kernel live patch update package exist or system is not subscribed to the repository diff --git a/playbooks/function_github_runner_create.yml b/playbooks/function_github_runner_create.yml index 391684d..45922e6 100644 --- a/playbooks/function_github_runner_create.yml +++ b/playbooks/function_github_runner_create.yml @@ -81,6 +81,6 @@ - name: Create cron job to ensure Docker socket link at boot ansible.builtin.cron: - name: "Ensure Docker socket link at boot" + name: Ensure Docker socket link at boot special_time: reboot job: "{{ ansible_env.HOME }}/create-docker-sock-link.sh" diff --git a/playbooks/function_leapp_test.yml b/playbooks/function_leapp_test.yml index 5079716..e240c70 100644 --- a/playbooks/function_leapp_test.yml +++ b/playbooks/function_leapp_test.yml @@ -6,5 +6,5 @@ tasks: - name: Check that you can connect (GET) to a page and it returns a status 200 ansible.builtin.uri: - url: "http://{{ host }}" + url: http://{{ host }} delegate_to: "{{ groups.aap_controller[0] }}" diff --git a/playbooks/function_satellite_promote_ccv.yml b/playbooks/function_satellite_promote_ccv.yml index 5720893..c654cdf 100644 --- a/playbooks/function_satellite_promote_ccv.yml +++ b/playbooks/function_satellite_promote_ccv.yml @@ -1,6 +1,6 @@ --- - name: RH Satellite - Promote CCV to Lifecycle - hosts: "satellite" + hosts: satellite gather_facts: false tasks: diff --git a/playbooks/function_satellite_publish_cvs.yml b/playbooks/function_satellite_publish_cvs.yml index def36ff..9508561 100644 --- a/playbooks/function_satellite_publish_cvs.yml +++ b/playbooks/function_satellite_publish_cvs.yml @@ -1,6 +1,6 @@ --- - name: RH Satellite - Publish CVs - hosts: "satellite" + hosts: satellite gather_facts: false tasks: diff --git a/playbooks/landscape_init.yml b/playbooks/landscape_init.yml index 1fb93d0..7ec754d 100644 --- a/playbooks/landscape_init.yml +++ b/playbooks/landscape_init.yml @@ -1,3 +1,3 @@ --- -- name: "Phase 0 - Initialize Local Environment" +- name: Phase 0 - Initialize Local Environment ansible.builtin.import_playbook: function_init_environment.yml diff --git a/playbooks/landscape_site.yml b/playbooks/landscape_site.yml index 27b25d7..503ace4 100644 --- a/playbooks/landscape_site.yml +++ b/playbooks/landscape_site.yml @@ -1,26 +1,26 @@ --- -- name: "Phase 1 - Create Bastion VM" +- name: Phase 1 - Create Bastion VM ansible.builtin.import_playbook: type_bastion_create.yml -- name: "Phase 2 - Create RootCA VM" +- name: Phase 2 - Create RootCA VM ansible.builtin.import_playbook: type_rootca_create.yml -- name: "Phase 3 - Create Github Runner VM" +- name: Phase 3 - Create Github Runner VM ansible.builtin.import_playbook: type_github_runner_create.yml -- name: "Phase 4.1 - Create IdM ipaserver" +- name: Phase 4.1 - Create IdM ipaserver ansible.builtin.import_playbook: type_ipaserver_create.yml -- name: "Phase 4.2 - Create IdM ipareplicas" +- name: Phase 4.2 - Create IdM ipareplicas ansible.builtin.import_playbook: type_ipareplicas_create.yml -- name: "Phase 4.3 - Configure IdM" +- name: Phase 4.3 - Configure IdM ansible.builtin.import_playbook: type_ipa_config.yml -- name: "Phase 5.1 - Install Satellite" +- name: Phase 5.1 - Install Satellite ansible.builtin.import_playbook: type_satellite_install.yml -- name: "Phase Intermediary - Deploy Azure Resources for Workload Intra" +- name: Phase Intermediary - Deploy Azure Resources for Workload Intra ansible.builtin.import_playbook: type_workload_intra_resources_create.yml # RHIS project currently not deploying workload resources in DMZ. @@ -28,23 +28,23 @@ # - name: "Phase Intermediary - Deploy Azure Resources for Workload Intra" # ansible.builtin.import_playbook: type_workload_dmz_resources_create.yml -- name: "Phase 5.2 - Configure Satellite" +- name: Phase 5.2 - Configure Satellite ansible.builtin.import_playbook: type_satellite_configure.yml -- name: "Phase 6.1 - Create AAP VMs" +- name: Phase 6.1 - Create AAP VMs ansible.builtin.import_playbook: type_aap_create_infrastructure.yml -- name: "Phase Intermediary - Register Management VMs to IdM and Satellite" +- name: Phase Intermediary - Register Management VMs to IdM and Satellite ansible.builtin.import_playbook: type_idm_satellite_register.yml -- name: "Phase 6.2 - Install AAP" +- name: Phase 6.2 - Install AAP ansible.builtin.import_playbook: type_aap_install.yml -- name: "Phase 6.2 - Configure AAP" +- name: Phase 6.2 - Configure AAP ansible.builtin.import_playbook: type_aap_configure.yml -- name: "Phase 7 - Create Reverse Proxy" +- name: Phase 7 - Create Reverse Proxy ansible.builtin.import_playbook: type_reverse_proxy_create.yml -- name: "Phase X - Enforce CIS on all hosts" +- name: Phase X - Enforce CIS on all hosts ansible.builtin.import_playbook: type_cis_enforce.yml diff --git a/playbooks/toolbox_satellite_hostgroup_change.yml b/playbooks/toolbox_satellite_hostgroup_change.yml index 7569e06..5fa61ab 100644 --- a/playbooks/toolbox_satellite_hostgroup_change.yml +++ b/playbooks/toolbox_satellite_hostgroup_change.yml @@ -3,27 +3,26 @@ hosts: "{{ host | default('localhost') }}" gather_facts: true tasks: - - name: Get host's satellite information - redhat.satellite.host_info: + register: __out + theforeman.foreman.host_info: username: "{{ hostvars[groups['satellite'][0]]['satellite_username'] }}" password: "{{ hostvars[groups['satellite'][0]]['satellite_password'] }}" server_url: "{{ hostvars[groups['satellite'][0]]['satellite_server_url'] }}" name: "{{ host }}" - register: __out - name: Set new host group if it's a parent host group ansible.builtin.set_fact: - satellite_hostgroup_post: "hg_rhel{{ ansible_distribution_version }}" - when: ((__out.host.hostgroup_title.split('/') | map('trim'))[:-1] | join('/')) == "" + satellite_hostgroup_post: hg_rhel{{ ansible_distribution_version }} + when: ((__out.host.hostgroup_title.split('/') | map('trim'))[:-1] | join('/')) | length == 0 - name: Set new host group if it's not a parent host group ansible.builtin.set_fact: satellite_hostgroup_post: "{{ (__out.host.hostgroup_title.split('/') | map('trim'))[:-1] | join('/') }}/hg_rhel{{ ansible_distribution_version }}" - when: ((__out.host.hostgroup_title.split('/') | map('trim'))[:-1] | join('/')) != "" + when: ((__out.host.hostgroup_title.split('/') | map('trim'))[:-1] | join('/')) | length > 0 - name: Update satellite hostgroup - redhat.satellite.host: + awx.awx.host: username: "{{ hostvars[groups['satellite'][0]]['satellite_username'] }}" password: "{{ hostvars[groups['satellite'][0]]['satellite_password'] }}" server_url: "{{ hostvars[groups['satellite'][0]]['satellite_server_url'] }}" diff --git a/playbooks/type_aap_configure.yml b/playbooks/type_aap_configure.yml index 961a656..232883c 100644 --- a/playbooks/type_aap_configure.yml +++ b/playbooks/type_aap_configure.yml @@ -1,5 +1,5 @@ --- -- name: "AAP Configuration" +- name: AAP Configuration ansible.builtin.import_playbook: function_aap_configure.yml vars: host: aap_controller diff --git a/playbooks/type_aap_create_infrastructure.yml b/playbooks/type_aap_create_infrastructure.yml index fa77e85..be7744b 100644 --- a/playbooks/type_aap_create_infrastructure.yml +++ b/playbooks/type_aap_create_infrastructure.yml @@ -1,5 +1,5 @@ --- -- name: "AAP VMs - Create" +- name: AAP VMs - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -9,21 +9,21 @@ tags: - aap_vm_create -- name: "AAP VM - Check if Reachable" +- name: AAP VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: aap_intra tags: - aap_vm_create -- name: "AAP VM - Post Configure" +- name: AAP VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: aap_intra tags: - aap_vm_post_conf -- name: "AAP VM - Create Managed Disk" +- name: AAP VM - Create Managed Disk ansible.builtin.import_playbook: function_azure_managed_disk_create.yml when: - bootstrap_target is defined @@ -33,7 +33,7 @@ tags: - aap_vm_post_conf -- name: "AAP VM - Run RHEL Storage" +- name: AAP VM - Run RHEL Storage ansible.builtin.import_playbook: function_rhel_managed_disk_configure.yml vars: host: aap_intra diff --git a/playbooks/type_aap_install.yml b/playbooks/type_aap_install.yml index eeae096..b01e16a 100644 --- a/playbooks/type_aap_install.yml +++ b/playbooks/type_aap_install.yml @@ -1,12 +1,12 @@ --- -- name: "AAP - Generate Host Certificates" +- name: AAP - Generate Host Certificates ansible.builtin.import_playbook: function_idm_generate_certs.yml vars: host: aap_intra tags: - aap_cert_generate -- name: "AAP - Install" +- name: AAP - Install ansible.builtin.import_playbook: function_aap_install.yml vars: host: bastion diff --git a/playbooks/type_bastion_create.yml b/playbooks/type_bastion_create.yml index dc506b2..2fb1a1f 100644 --- a/playbooks/type_bastion_create.yml +++ b/playbooks/type_bastion_create.yml @@ -1,5 +1,5 @@ --- -- name: "Bastion VM - Create" +- name: Bastion VM - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -11,7 +11,7 @@ - bastion_vm_post_conf - bastion_vm_conf_squid -- name: "Bastion VM - Check if Reachable" +- name: Bastion VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: bastion @@ -20,7 +20,7 @@ - bastion_vm_post_conf - bastion_vm_conf_squid -- name: "Bastion VM - Post Configure" +- name: Bastion VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: bastion @@ -28,7 +28,7 @@ - bastion_vm_post_conf - bastion_vm_conf_squid -- name: "Bastion VM - Configure Squid" +- name: Bastion VM - Configure Squid ansible.builtin.import_playbook: function_squid_configure.yml vars: host: bastion diff --git a/playbooks/type_github_runner_create.yml b/playbooks/type_github_runner_create.yml index c4fda9f..ec36f6c 100644 --- a/playbooks/type_github_runner_create.yml +++ b/playbooks/type_github_runner_create.yml @@ -1,5 +1,5 @@ --- -- name: "Github Runner VM - Create" +- name: Github Runner VM - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -9,21 +9,21 @@ tags: - github_runner_vm_create -- name: "Github Runner VM - Check if Reachable" +- name: Github Runner VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: github_runner tags: - github_runner_vm_create -- name: "Github Runner VM - Post Configure" +- name: Github Runner VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: github_runner tags: - github_runner_vm_post_conf -- name: "Github Runner VM - Create Github Runner" +- name: Github Runner VM - Create Github Runner ansible.builtin.import_playbook: function_github_runner_create.yml vars: host: github_runner diff --git a/playbooks/type_idm_satellite_register.yml b/playbooks/type_idm_satellite_register.yml index b381146..ff5646b 100644 --- a/playbooks/type_idm_satellite_register.yml +++ b/playbooks/type_idm_satellite_register.yml @@ -1,33 +1,33 @@ --- -- name: "Management Tools - Register to IdM" +- name: Management Tools - Register to IdM ansible.builtin.import_playbook: function_idm_register.yml vars: host: misc:aap_intra tags: - mgmt_tools_register -- name: "Management Tools - Register to Satellite" +- name: Management Tools - Register to Satellite ansible.builtin.import_playbook: function_satellite_register.yml vars: host: misc:aap_intra:idm tags: - mgmt_tools_register -- name: "Bastion - Register to IdM" +- name: Bastion - Register to IdM ansible.builtin.import_playbook: function_idm_register.yml vars: host: bastion tags: - bastion_register -- name: "Bastion - Register to Satellite" +- name: Bastion - Register to Satellite ansible.builtin.import_playbook: function_satellite_register.yml vars: host: bastion tags: - bastion_register -- name: "Azure private DNS clean up" +- name: Azure private DNS clean up ansible.builtin.import_playbook: function_azure_private_dns_clean.yml vars: host: all:!rootca diff --git a/playbooks/type_ipa_config.yml b/playbooks/type_ipa_config.yml index c74e1b7..406c82c 100644 --- a/playbooks/type_ipa_config.yml +++ b/playbooks/type_ipa_config.yml @@ -1,5 +1,5 @@ --- -- name: "IDM Configuration" +- name: IDM Configuration ansible.builtin.import_playbook: function_idm_configuration.yml vars: host: ipahidden diff --git a/playbooks/type_ipareplicas_create.yml b/playbooks/type_ipareplicas_create.yml index 4d78260..455bf4a 100644 --- a/playbooks/type_ipareplicas_create.yml +++ b/playbooks/type_ipareplicas_create.yml @@ -1,5 +1,5 @@ --- -- name: "IDM replicas VM - Create" +- name: IDM replicas VM - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -9,21 +9,21 @@ tags: - idm_vm_create -- name: "IDM VM - Check if Reachable" +- name: IDM VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: ipareplicas tags: - idm_vm_create -- name: "IDM VM - Post Configure" +- name: IDM VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: ipareplicas tags: - idm_vm_post_conf -- name: "IDM VM - IDM Deploy Replica" +- name: IDM VM - IDM Deploy Replica ansible.builtin.import_playbook: function_idm_ipareplicas_install.yml vars: host: ipareplicas diff --git a/playbooks/type_ipaserver_create.yml b/playbooks/type_ipaserver_create.yml index 7fc8298..ebe8053 100644 --- a/playbooks/type_ipaserver_create.yml +++ b/playbooks/type_ipaserver_create.yml @@ -1,5 +1,5 @@ --- -- name: "IDM ipaserver VM - Create" +- name: IDM ipaserver VM - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -9,21 +9,21 @@ tags: - idm_vm_create -- name: "IDM VM - Check if Reachable" +- name: IDM VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: ipaserver tags: - idm_vm_create -- name: "IDM VM - Post Configure" +- name: IDM VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: ipaserver tags: - idm_vm_post_conf -- name: "IDM VM - IDM Create Certificate Sign Request" +- name: IDM VM - IDM Create Certificate Sign Request ansible.builtin.import_playbook: function_idm_csr_create.yml vars: host: ipaserver @@ -31,7 +31,7 @@ - idm_install - idm_create_csr -- name: "RootCA VM - Sign CSR" +- name: RootCA VM - Sign CSR ansible.builtin.import_playbook: function_idm_sign_csr.yml vars: host: "{{ groups.rootca | first }}" @@ -39,7 +39,7 @@ - idm_install - idm_sign_csr -- name: "IDM VM - Install IDM with Signed Certificate" +- name: IDM VM - Install IDM with Signed Certificate ansible.builtin.import_playbook: function_idm_ipaserver_install.yml vars: host: ipaserver @@ -47,7 +47,7 @@ - idm_install - idm_install_server -- name: "Root VM - Shutdown and Lock VM" +- name: Root VM - Shutdown and Lock VM ansible.builtin.import_playbook: function_azure_lock_vm.yml when: - bootstrap_target is defined diff --git a/playbooks/type_reverse_proxy_create.yml b/playbooks/type_reverse_proxy_create.yml index 8378b75..a6ea6f7 100644 --- a/playbooks/type_reverse_proxy_create.yml +++ b/playbooks/type_reverse_proxy_create.yml @@ -1,5 +1,5 @@ --- -- name: "Bastion VM - Create Public Trusted SSL Certificate" +- name: Bastion VM - Create Public Trusted SSL Certificate ansible.builtin.import_playbook: function_public_certificate_create.yml vars: host: bastion @@ -7,7 +7,7 @@ - bastion_vm_public_certificate - bastion_vm_conf_nginx -- name: "Bastion VM - Configure Nginx" +- name: Bastion VM - Configure Nginx ansible.builtin.import_playbook: function_reverse_proxy_configure.yml vars: host: bastion diff --git a/playbooks/type_rootca_create.yml b/playbooks/type_rootca_create.yml index 85e259d..9b9b233 100644 --- a/playbooks/type_rootca_create.yml +++ b/playbooks/type_rootca_create.yml @@ -1,5 +1,5 @@ --- -- name: "RootCA VM - Create" +- name: RootCA VM - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -11,7 +11,7 @@ - rootca_vm_post_conf - rootca_vm_create_ca -- name: "RootCA VM - Check if Reachable" +- name: RootCA VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: rootca @@ -20,7 +20,7 @@ - rootca_vm_post_conf - rootca_vm_conf_squid -- name: "RootCA VM - Post Configure" +- name: RootCA VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: rootca @@ -28,7 +28,7 @@ - rootca_vm_post_conf - rootca_vm_create_ca -- name: "RootCA VM - Create CA" +- name: RootCA VM - Create CA ansible.builtin.import_playbook: function_ca_create.yml vars: host: rootca diff --git a/playbooks/type_satellite_configure.yml b/playbooks/type_satellite_configure.yml index 94121cb..84199fe 100644 --- a/playbooks/type_satellite_configure.yml +++ b/playbooks/type_satellite_configure.yml @@ -1,5 +1,5 @@ --- -- name: "Satellite VM - Configure Satellite" +- name: Satellite VM - Configure Satellite ansible.builtin.import_playbook: function_satellite_configure.yml vars: host: satellite diff --git a/playbooks/type_satellite_install.yml b/playbooks/type_satellite_install.yml index ea241c0..e15f8c1 100644 --- a/playbooks/type_satellite_install.yml +++ b/playbooks/type_satellite_install.yml @@ -1,5 +1,5 @@ --- -- name: "Satellite VM - Create" +- name: Satellite VM - Create ansible.builtin.import_playbook: function_azure_vm_create.yml when: - bootstrap_target is defined @@ -9,21 +9,21 @@ tags: - satellite_vm_create -- name: "Satellite VM - Check if Reachable" +- name: Satellite VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml vars: host: satellite tags: - satellite_vm_create -- name: "Satellite VM - Post Configure" +- name: Satellite VM - Post Configure ansible.builtin.import_playbook: function_vm_post_configure.yml vars: host: satellite tags: - satellite_vm_post_conf -- name: "Satellite VM - Create Managed Disk" +- name: Satellite VM - Create Managed Disk ansible.builtin.import_playbook: function_azure_managed_disk_create.yml when: - bootstrap_target is defined @@ -33,21 +33,21 @@ tags: - satellite_vm_managed_disk -- name: "Satellite VM - Run RHEL Storage" +- name: Satellite VM - Run RHEL Storage ansible.builtin.import_playbook: function_rhel_managed_disk_configure.yml vars: host: satellite tags: - satellite_vm_managed_disk -- name: "Satellite VM - Register IdM" +- name: Satellite VM - Register IdM ansible.builtin.import_playbook: function_idm_register.yml vars: host: satellite tags: - satellite_vm_register_idm -- name: "Satellite VM - Generate Host Certificates" +- name: Satellite VM - Generate Host Certificates ansible.builtin.import_playbook: function_idm_generate_certs.yml vars: host: satellite @@ -56,7 +56,7 @@ - satellite_install - satellite_install_server -- name: "Satellite VM - Install Satellite" +- name: Satellite VM - Install Satellite ansible.builtin.import_playbook: function_satellite_install.yml vars: host: satellite diff --git a/playbooks/type_workload_dmz_resources_create.yml b/playbooks/type_workload_dmz_resources_create.yml index bba0df3..db59685 100644 --- a/playbooks/type_workload_dmz_resources_create.yml +++ b/playbooks/type_workload_dmz_resources_create.yml @@ -1,5 +1,5 @@ --- -- name: "Workload DMZ - Create Temp Host for Management" +- name: Workload DMZ - Create Temp Host for Management ansible.builtin.import_playbook: toolbox_add_temp_host_to_group.yml vars: host: bastion @@ -8,7 +8,7 @@ tags: - workload_dmz_temp_host_mgmt -- name: "Workload DMZ - Create Network for Management" +- name: Workload DMZ - Create Network for Management ansible.builtin.import_playbook: function_azure_network_create.yml when: - bootstrap_target is defined @@ -18,14 +18,14 @@ tags: - workload_dmz_network_create_mgmt -- name: "Workload DMZ - Create Images for Management" +- name: Workload DMZ - Create Images for Management ansible.builtin.import_playbook: function_imagebuilder_create.yml vars: host: temp_host_mgmt_tools_dmz tags: - workload_dmz_images_create_mgmt -- name: "Workload DMZ - Create Temp Host for Workloads" +- name: Workload DMZ - Create Temp Host for Workloads ansible.builtin.import_playbook: toolbox_add_temp_host_to_group.yml vars: host: bastion @@ -34,7 +34,7 @@ tags: - workload_dmz_temp_host_workloads -- name: "Workload DMZ - Create Network for Workloads" +- name: Workload DMZ - Create Network for Workloads ansible.builtin.import_playbook: function_azure_network_create.yml when: - bootstrap_target is defined @@ -44,7 +44,7 @@ tags: - workload_dmz_network_create_workloads -- name: "Workload DMZ - Create Images for Workloads" +- name: Workload DMZ - Create Images for Workloads ansible.builtin.import_playbook: function_imagebuilder_create.yml vars: host: temp_host_workload_servers_dmz diff --git a/playbooks/type_workload_intra_resources_create.yml b/playbooks/type_workload_intra_resources_create.yml index 8cfd9cc..4c2329f 100644 --- a/playbooks/type_workload_intra_resources_create.yml +++ b/playbooks/type_workload_intra_resources_create.yml @@ -1,5 +1,5 @@ --- -- name: "Workload Intra - Create Temp Host" +- name: Workload Intra - Create Temp Host ansible.builtin.import_playbook: toolbox_add_temp_host_to_group.yml vars: host: bastion @@ -8,7 +8,7 @@ tags: - workload_intra_temp_host -- name: "Workload Intra - Create Network" +- name: Workload Intra - Create Network ansible.builtin.import_playbook: function_azure_network_create.yml when: - bootstrap_target is defined @@ -18,7 +18,7 @@ tags: - workload_intra_network_create -- name: "Workload Intra - Create Images" +- name: Workload Intra - Create Images ansible.builtin.import_playbook: function_imagebuilder_create.yml vars: host: temp_host_workload_servers_intra diff --git a/playbooks/type_workload_vm_create.yml b/playbooks/type_workload_vm_create.yml index 768d473..b65b41f 100644 --- a/playbooks/type_workload_vm_create.yml +++ b/playbooks/type_workload_vm_create.yml @@ -1,9 +1,9 @@ --- -- name: "Workload Intra VM - Create" +- name: Workload Intra VM - Create ansible.builtin.import_playbook: function_satellite_vm_deploy.yml -- name: "Workload Intra VM - Check if Reachable" +- name: Workload Intra VM - Check if Reachable ansible.builtin.import_playbook: toolbox_vm_wait_response.yml -- name: "Workload Intra VM - Run Post Configuration" +- name: Workload Intra VM - Run Post Configuration ansible.builtin.import_playbook: function_vm_post_configure.yml diff --git a/roles/aap_config/tasks/create_token.yml b/roles/aap_config/tasks/create_token.yml index b806e1b..b84cd4b 100644 --- a/roles/aap_config/tasks/create_token.yml +++ b/roles/aap_config/tasks/create_token.yml @@ -1,7 +1,7 @@ --- - name: Check if admin token exists ansible.builtin.uri: - url: "https://{{ controller_hostname | regex_replace('(/+)$') }}/api/v2/tokens/?search={{ __controller_tokens.application.split()[0] }}" + url: https://{{ controller_hostname | regex_replace('(/+)$') }}/api/v2/tokens/?search={{ __controller_tokens.application.split()[0] }} method: GET validate_certs: true user: "{{ controller_username }}" @@ -11,7 +11,9 @@ register: __aap_token - name: Create a new token using username/password - ansible.controller.token: + register: aap_token_output + when: __aap_token.json.count < 1 + awx.awx.token: application: "{{ __controller_tokens.application }}" description: "{{ __controller_tokens.description | default(omit, true) }}" scope: "{{ __controller_tokens.scope | default(omit, true) }}" @@ -19,13 +21,11 @@ controller_host: "{{ controller_hostname }}" controller_username: "{{ controller_username }}" controller_password: "{{ controller_password }}" - register: aap_token_output - when: __aap_token.json.count < 1 - name: Copy Token to a file for a backup become: true ansible.builtin.copy: content: "{{ aap_token_output.ansible_facts.controller_token.token }}" - dest: "/root//{{ __controller_tokens.application.split()[0] + '.token' }}" + dest: /root//{{ __controller_tokens.application.split()[0] + '.token' }} mode: "0600" when: __aap_token.json.count < 1 diff --git a/roles/aap_config/tasks/custom_ee.yml b/roles/aap_config/tasks/custom_ee.yml index 587f66c..97a46c4 100644 --- a/roles/aap_config/tasks/custom_ee.yml +++ b/roles/aap_config/tasks/custom_ee.yml @@ -4,7 +4,7 @@ block: - name: Enable AAP repository community.general.rhsm_repository: - name: "ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms" + name: ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms state: enabled - name: Ensure ansible-builder and podman installed @@ -34,7 +34,7 @@ when: ansible_user_uid is not defined - name: Run loginctl enable-linger - ansible.builtin.command: "loginctl enable-linger {{ ansible_user_uid }}" + ansible.builtin.command: loginctl enable-linger {{ ansible_user_uid }} register: __cmd_out changed_when: __cmd_out.changed diff --git a/roles/aap_install/defaults/main.yml b/roles/aap_install/defaults/main.yml index 36a2409..510da94 100644 --- a/roles/aap_install/defaults/main.yml +++ b/roles/aap_install/defaults/main.yml @@ -1,7 +1,7 @@ --- -aap_install_repo_name: "Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64 Files" -aap_install_product: "Red Hat Ansible Automation Platform" -aap_install_search_param: "name ~ platform-setup" -aap_install_destination_dir: "/var/aap-install" +aap_install_repo_name: Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64 Files +aap_install_product: Red Hat Ansible Automation Platform +aap_install_search_param: name ~ platform-setup +aap_install_destination_dir: /var/aap-install aap_install_certs_dir: "{{ aap_install_destination_dir }}/certs" -aap_install_aap_bundle_file: "ansible-automation-platform-setup-2.4-7.tar.gz" +aap_install_aap_bundle_file: ansible-automation-platform-setup-2.4-7.tar.gz diff --git a/roles/aap_install/tasks/get_aap_installer_bundle.yml b/roles/aap_install/tasks/get_aap_installer_bundle.yml index abb4cf7..95d5c0f 100644 --- a/roles/aap_install/tasks/get_aap_installer_bundle.yml +++ b/roles/aap_install/tasks/get_aap_installer_bundle.yml @@ -1,33 +1,33 @@ --- -- name: "Get the file repository info" - redhat.satellite.repository_info: +- name: Get the file repository info + register: __result + theforeman.foreman.repository_info: username: "{{ hostvars[groups.satellite | first]['satellite_username'] }}" password: "{{ hostvars[groups.satellite | first]['satellite_password'] }}" - server_url: "https://{{ groups.satellite | first }}" + server_url: https://{{ groups.satellite | first }} organization: "{{ hostvars[groups.satellite | first]['satellite_initial_organization'] }}" name: "{{ aap_install_repo_name }}" product: "{{ aap_install_product }}" - register: __result -- name: "Determine the base url" +- name: Determine the base url ansible.builtin.set_fact: __software_baseurl: "{{ __result.repository.full_path }}" -- name: "Get the name of the bundle file" - redhat.satellite.resource_info: +- name: Get the name of the bundle file + register: __files + theforeman.foreman.resource_info: username: "{{ hostvars[groups.satellite | first]['satellite_username'] }}" password: "{{ hostvars[groups.satellite | first]['satellite_password'] }}" - server_url: "https://{{ groups.satellite | first }}" + server_url: https://{{ groups.satellite | first }} organization: "{{ hostvars[groups.satellite | first]['satellite_initial_organization'] }}" resource: file_units search: "{{ aap_install_search_param }}" - register: __files -- name: "Set the path for the download" +- name: Set the path for the download ansible.builtin.set_fact: __download_path: "{{ __software_baseurl }}/{{ __files.resources[0].name }}" -- name: "Ensure the destination directory exists" +- name: Ensure the destination directory exists become: true ansible.builtin.file: path: "{{ aap_install_destination_dir }}" @@ -36,7 +36,7 @@ group: "{{ vm_user }}" mode: "0750" -- name: "Clean up any failed downloads" +- name: Clean up any failed downloads ansible.builtin.file: path: "{{ aap_install_destination_dir }}/{{ aap_install_aap_bundle_file }}" state: absent diff --git a/roles/aap_install/tasks/get_host_ssl_files.yml b/roles/aap_install/tasks/get_host_ssl_files.yml index 18f4403..6d6b295 100644 --- a/roles/aap_install/tasks/get_host_ssl_files.yml +++ b/roles/aap_install/tasks/get_host_ssl_files.yml @@ -2,7 +2,7 @@ - name: Handle SSL certificates become: true block: - - name: "Ensure the destination directory exists" + - name: Ensure the destination directory exists ansible.builtin.file: path: "{{ aap_install_certs_dir }}" state: directory @@ -12,7 +12,7 @@ - name: Read host SSL cert ansible.builtin.slurp: - src: "/etc/ipa/private/{{ delegated_host }}.crt" + src: /etc/ipa/private/{{ delegated_host }}.crt delegate_to: "{{ delegated_host }}" register: __host_ssl_cert @@ -26,7 +26,7 @@ - name: Read host SSL key ansible.builtin.slurp: - src: "/etc/ipa/private/{{ delegated_host }}.key" + src: /etc/ipa/private/{{ delegated_host }}.key delegate_to: "{{ delegated_host }}" register: __host_ssl_key diff --git a/roles/aap_install/tasks/launch_setup.yml b/roles/aap_install/tasks/launch_setup.yml index bd2f6b7..dc651a7 100644 --- a/roles/aap_install/tasks/launch_setup.yml +++ b/roles/aap_install/tasks/launch_setup.yml @@ -1,8 +1,8 @@ --- - name: Run Setup Ansible Automation Platform - ansible.builtin.shell: "./setup.sh -e @ldapextras.yml" # noqa: command-instead-of-shell + ansible.builtin.shell: ./setup.sh -e @ldapextras.yml # noqa: command-instead-of-shell environment: - ANSIBLE_BECOME_METHOD: "sudo" + ANSIBLE_BECOME_METHOD: sudo ANSIBLE_BECOME: "true" ANSIBLE_HOST_KEY_CHECKING: "false" args: diff --git a/roles/azure_dns/defaults/main.yml b/roles/azure_dns/defaults/main.yml index e83237d..99f03c5 100644 --- a/roles/azure_dns/defaults/main.yml +++ b/roles/azure_dns/defaults/main.yml @@ -1,3 +1,3 @@ --- -azure_dns_zone_state: "present" +azure_dns_zone_state: present azure_dns_registration_enabled: true diff --git a/roles/azure_dns/tasks/private_dns_zone.yml b/roles/azure_dns/tasks/private_dns_zone.yml index 5875bfc..78f8a99 100644 --- a/roles/azure_dns/tasks/private_dns_zone.yml +++ b/roles/azure_dns/tasks/private_dns_zone.yml @@ -9,4 +9,4 @@ resource_group: "{{ azure_rg | default(omit) }}" name: "{{ azure_dns_private_dns_zone | default(omit) }}" register: __output - failed_when: "__output.msg is defined and 'Another operation is pending for requested object.' not in __output.msg" + failed_when: __output.msg is defined and 'Another operation is pending for requested object.' not in __output.msg diff --git a/roles/azure_dns/tasks/private_dns_zone_link.yml b/roles/azure_dns/tasks/private_dns_zone_link.yml index c6c8b7e..68d7714 100644 --- a/roles/azure_dns/tasks/private_dns_zone_link.yml +++ b/roles/azure_dns/tasks/private_dns_zone_link.yml @@ -12,4 +12,4 @@ virtual_network: "{{ azure_vnet }}" registration_enabled: "{{ azure_dns_registration_enabled }}" register: __output - failed_when: "__output.msg is defined and 'Another operation is pending for requested object.' not in __output.msg" + failed_when: __output.msg is defined and 'Another operation is pending for requested object.' not in __output.msg diff --git a/roles/azure_managed_disk/defaults/main.yml b/roles/azure_managed_disk/defaults/main.yml index 08f7831..6d18ac0 100644 --- a/roles/azure_managed_disk/defaults/main.yml +++ b/roles/azure_managed_disk/defaults/main.yml @@ -1,2 +1,2 @@ --- -azure_managed_disk_state: "present" +azure_managed_disk_state: present diff --git a/roles/azure_network/defaults/main.yml b/roles/azure_network/defaults/main.yml index f78bec8..bd19593 100644 --- a/roles/azure_network/defaults/main.yml +++ b/roles/azure_network/defaults/main.yml @@ -1,7 +1,7 @@ --- -azure_network_vnet_state: "present" -azure_network_vnet_peering_state: "present" -azure_network_subnet_state: "present" +azure_network_vnet_state: present +azure_network_vnet_peering_state: present +azure_network_subnet_state: present azure_network_allow_virtual_network_access: true azure_network_allow_forwarded_traffic: false diff --git a/roles/azure_network/tasks/manage_vnet_peering.yml b/roles/azure_network/tasks/manage_vnet_peering.yml index 4b2aac3..e82f723 100644 --- a/roles/azure_network/tasks/manage_vnet_peering.yml +++ b/roles/azure_network/tasks/manage_vnet_peering.yml @@ -9,8 +9,7 @@ resource_group: "{{ vnet_peer_var.azure_rg | default(omit) }}" virtual_network: "{{ vnet_peer_var.azure_vnet | default(omit) }}" name: "{{ vnet_peer_var.azure_vnet_peer | default(omit) }}" - remote_virtual_network: "/subscriptions/{{ azure_subscription_id }}/resourceGroups/\ - {{ azure_rg }}/providers/Microsoft.Network/virtualNetworks/{{ azure_vnet }}" + remote_virtual_network: /subscriptions/{{ azure_subscription_id }}/resourceGroups/{{ azure_rg }}/providers/Microsoft.Network/virtualNetworks/{{ azure_vnet }} allow_virtual_network_access: "{{ azure_network_allow_virtual_network_access }}" allow_forwarded_traffic: "{{ azure_network_allow_forwarded_traffic }}" diff --git a/roles/azure_resource_group/defaults/main.yml b/roles/azure_resource_group/defaults/main.yml index 343f770..2acd7c5 100644 --- a/roles/azure_resource_group/defaults/main.yml +++ b/roles/azure_resource_group/defaults/main.yml @@ -1,3 +1,3 @@ --- -azure_resource_group_state: "present" +azure_resource_group_state: present azure_resource_group_teardown: false diff --git a/roles/azure_snapshot/tasks/main.yml b/roles/azure_snapshot/tasks/main.yml index fd9062a..99dfaba 100644 --- a/roles/azure_snapshot/tasks/main.yml +++ b/roles/azure_snapshot/tasks/main.yml @@ -44,7 +44,7 @@ incremental: true creation_data: create_option: Copy - source_id: /subscriptions/{{ azure_subscription_id }}/resourceGroups/{{ azure_rg }}/providers/Microsoft.Compute/disks/{{ inventory_hostname_short }}-osdisk # noqa yaml[line-length] + source_id: /subscriptions/{{ azure_subscription_id }}/resourceGroups/{{ azure_rg }}/providers/Microsoft.Compute/disks/{{ inventory_hostname_short }}-osdisk # noqa yaml[line-length] - name: Delete the snapshots when: azure_snapshot_state is defined and azure_snapshot_state == 'absent' diff --git a/roles/azure_vm_deploy/defaults/main.yml b/roles/azure_vm_deploy/defaults/main.yml index 8a5ff60..7eb5262 100644 --- a/roles/azure_vm_deploy/defaults/main.yml +++ b/roles/azure_vm_deploy/defaults/main.yml @@ -1,7 +1,7 @@ --- -azure_vm_deploy_public_ip_allocation_method: "static" -azure_vm_deploy_vm_size: "Standard_B4ms" -azure_vm_deploy_image_name: "image-rhel-94" +azure_vm_deploy_public_ip_allocation_method: static +azure_vm_deploy_vm_size: Standard_B4ms +azure_vm_deploy_image_name: image-rhel-94 azure_vm_deploy_user: "{{ vm_user }}" azure_vm_deploy_user_public_key: "{{ vm_user_public_key }}" azure_vm_deploy_tags: "{{ vm_tags }}" diff --git a/roles/azure_vm_deploy/tasks/main.yml b/roles/azure_vm_deploy/tasks/main.yml index b3ef73b..4777f5e 100644 --- a/roles/azure_vm_deploy/tasks/main.yml +++ b/roles/azure_vm_deploy/tasks/main.yml @@ -50,7 +50,7 @@ os_disk_name: "{{ inventory_hostname }}-os-disk" network_interface_names: - "{{ azure_nic_name | default(omit) }}" - availability_set: null + availability_set: ssh_public_keys: - path: /home/{{ azure_vm_deploy_user }}/.ssh/authorized_keys key_data: "{{ azure_vm_deploy_user_public_key }}" diff --git a/roles/azure_vm_lock/defaults/main.yml b/roles/azure_vm_lock/defaults/main.yml index f32ad03..44c57ec 100644 --- a/roles/azure_vm_lock/defaults/main.yml +++ b/roles/azure_vm_lock/defaults/main.yml @@ -1,2 +1,2 @@ --- -azure_vm_lock_state: "present" +azure_vm_lock_state: present diff --git a/roles/git_repo_commit/tasks/main.yml b/roles/git_repo_commit/tasks/main.yml index 5900e25..1a90982 100644 --- a/roles/git_repo_commit/tasks/main.yml +++ b/roles/git_repo_commit/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: "Set Repo absolute path" +- name: Set Repo absolute path ansible.builtin.set_fact: __repo_absolute_path: "{{ git_repo_commit_repo_path }}/{{ git_repo_commit_repository }}" @@ -9,12 +9,12 @@ name: - git - pinentry - state: "present" + state: present when: ansible_distribution == "RedHat" - name: Ensure the repository is cloned ansible.builtin.git: - repo: "https://{{ git_repo_commit_github_pat }}@github.com/{{ git_repo_commit_repository }}" + repo: https://{{ git_repo_commit_github_pat }}@github.com/{{ git_repo_commit_repository }} dest: "{{ __repo_absolute_path }}" version: "{{ git_repo_commit_branch }}" update: true @@ -31,7 +31,7 @@ remote_src: true - name: Stage files # noqa: command-instead-of-module - ansible.builtin.command: "git add -A" + ansible.builtin.command: git add -A args: chdir: "{{ __repo_absolute_path }}" register: __return @@ -39,7 +39,7 @@ changed_when: __return.changed - name: Commit changes # noqa: command-instead-of-module - ansible.builtin.command: "git commit -S -m '{{ git_repo_commit_commit_message }}'" + ansible.builtin.command: git commit -S -m '{{ git_repo_commit_commit_message }}' args: chdir: "{{ __repo_absolute_path }}" register: __return @@ -47,7 +47,7 @@ changed_when: __return.changed - name: Push changes # noqa: command-instead-of-module - ansible.builtin.command: "git push" + ansible.builtin.command: git push args: chdir: "{{ __repo_absolute_path }}" register: __return diff --git a/roles/idm_config/tasks/idm_ensure_records.yml b/roles/idm_config/tasks/idm_ensure_records.yml index d9d801c..f1d7060 100644 --- a/roles/idm_config/tasks/idm_ensure_records.yml +++ b/roles/idm_config/tasks/idm_ensure_records.yml @@ -1,17 +1,17 @@ --- - name: Find out IP address for A record - ansible.builtin.command: "dig {{ __a_records_var.nameserver }} +short" + ansible.builtin.command: dig {{ __a_records_var.nameserver }} +short register: __ip_a_records_var changed_when: __ip_a_records_var.failed tags: idm_dns_records -- name: "Ensure PTR records for the existing A Records" - redhat.rhel_idm.ipadnsrecord: +- name: Ensure PTR records for the existing A Records + tags: idm_dns_records + freeipa.ansible_freeipa.ipadnsrecord: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" zone_name: "{{ idm_default_dns_zone }}" record_name: "{{ __a_records_var.nameserver | split('.') | first }}" record_value: "{{ __ip_a_records_var.stdout }}" - record_type: "A" + record_type: A create_reverse: true - tags: idm_dns_records diff --git a/roles/idm_config/tasks/idm_manage_dns.yml b/roles/idm_config/tasks/idm_manage_dns.yml index 3645cea..1662f1a 100644 --- a/roles/idm_config/tasks/idm_manage_dns.yml +++ b/roles/idm_config/tasks/idm_manage_dns.yml @@ -1,6 +1,10 @@ --- -- name: "Create reverse DNS zones" - redhat.rhel_idm.ipadnszone: +- name: Create reverse DNS zones + loop: "{{ idm_config_reverse_dns_networks }}" + loop_control: + loop_var: subnets_var + when: idm_config_reverse_dns_networks | length() + freeipa.ansible_freeipa.ipadnszone: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" allow_sync_ptr: "{{ idm_config_allow_sync_ptr }}" @@ -8,7 +12,3 @@ name_from_ip: "{{ subnets_var.subnet }}" state: present update_policy: "{{ idm_config_update_policy | default(omit) }}" - loop: "{{ idm_config_reverse_dns_networks }}" - loop_control: - loop_var: subnets_var - when: idm_config_reverse_dns_networks | length() diff --git a/roles/idm_config/tasks/idm_manage_hbac_rules.yml b/roles/idm_config/tasks/idm_manage_hbac_rules.yml index acac7f8..322e31b 100644 --- a/roles/idm_config/tasks/idm_manage_hbac_rules.yml +++ b/roles/idm_config/tasks/idm_manage_hbac_rules.yml @@ -1,6 +1,10 @@ --- -- name: "Create defined HBAC rules in IdM" - redhat.rhel_idm.ipahbacrule: +- name: Create defined HBAC rules in IdM + loop: "{{ idm_hbac_rules }}" + loop_control: + loop_var: idmhbac_var + when: idm_hbac_rules is defined + freeipa.ansible_freeipa.ipahbacrule: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ idmhbac_var.name }}" @@ -12,7 +16,3 @@ group: "{{ idmhbac_var.group | default(omit) }}" user: "{{ idmhbac_var.user | default(omit) }}" hbacsvc: "{{ idmhbac_var.hbacsvc | default(omit) }}" - loop: "{{ idm_hbac_rules }}" - loop_control: - loop_var: idmhbac_var - when: idm_hbac_rules is defined diff --git a/roles/idm_config/tasks/idm_manage_host_groups.yml b/roles/idm_config/tasks/idm_manage_host_groups.yml index 0531c63..3e66781 100644 --- a/roles/idm_config/tasks/idm_manage_host_groups.yml +++ b/roles/idm_config/tasks/idm_manage_host_groups.yml @@ -1,11 +1,11 @@ --- -- name: "Create defined host groups on IdM" - redhat.rhel_idm.ipahostgroup: - ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" - ipaadmin_password: "{{ ipaadmin_password }}" - name: "{{ idmhostgroups_var.name }}" - description: "{{ idmhostgroups_var.desc }}" +- name: Create defined host groups on IdM loop: "{{ idm_host_groups }}" loop_control: loop_var: idmhostgroups_var when: idm_host_groups is defined + freeipa.ansible_freeipa.ipahostgroup: + ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" + ipaadmin_password: "{{ ipaadmin_password }}" + name: "{{ idmhostgroups_var.name }}" + description: "{{ idmhostgroups_var.desc }}" diff --git a/roles/idm_config/tasks/idm_manage_pwpolicy.yml b/roles/idm_config/tasks/idm_manage_pwpolicy.yml index d2b2352..cdc8f43 100644 --- a/roles/idm_config/tasks/idm_manage_pwpolicy.yml +++ b/roles/idm_config/tasks/idm_manage_pwpolicy.yml @@ -1,6 +1,10 @@ --- -- name: "Create Password Policies" - redhat.rhel_idm.ipapwpolicy: +- name: Create Password Policies + loop: "{{ idm_password_policy }}" + loop_control: + loop_var: idmpwpolicy_var + when: idm_password_policy is defined + freeipa.ansible_freeipa.ipapwpolicy: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ idmpwpolicy_var.name | default(omit) }}" @@ -19,7 +23,3 @@ usercheck: "{{ idmpwpolicy_var.usercheck | default(omit) }}" gracelimit: "{{ idmpwpolicy_var.gracelimit | default(omit) }}" priority: "{{ idmpwpolicy_var.priority | default(omit) }}" - loop: "{{ idm_password_policy }}" - loop_control: - loop_var: idmpwpolicy_var - when: idm_password_policy is defined diff --git a/roles/idm_config/tasks/idm_manage_sudo_command.yml b/roles/idm_config/tasks/idm_manage_sudo_command.yml index 7de45c9..640ce07 100644 --- a/roles/idm_config/tasks/idm_manage_sudo_command.yml +++ b/roles/idm_config/tasks/idm_manage_sudo_command.yml @@ -1,12 +1,12 @@ --- -- name: "Create Sudo Commands" - redhat.rhel_idm.ipasudocmd: +- name: Create Sudo Commands + loop: "{{ idm_sudo_commands }}" + loop_control: + loop_var: idmsudocommand_var + when: idm_sudo_commands is defined + freeipa.ansible_freeipa.ipasudocmd: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ idmsudocommand_var.name }}" description: "{{ idmsudocommand_var.description | default(omit) }}" state: "{{ idmsudocommand_var.state }}" - loop: "{{ idm_sudo_commands }}" - loop_control: - loop_var: idmsudocommand_var - when: idm_sudo_commands is defined diff --git a/roles/idm_config/tasks/idm_manage_sudo_rules.yml b/roles/idm_config/tasks/idm_manage_sudo_rules.yml index 88a1784..b33884e 100644 --- a/roles/idm_config/tasks/idm_manage_sudo_rules.yml +++ b/roles/idm_config/tasks/idm_manage_sudo_rules.yml @@ -1,6 +1,10 @@ --- -- name: "Create defined sudo rules in IdM" - redhat.rhel_idm.ipasudorule: +- name: Create defined sudo rules in IdM + loop: "{{ idm_sudo_rules }}" + loop_control: + loop_var: idmsudo_var + when: idm_sudo_rules is defined + freeipa.ansible_freeipa.ipasudorule: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ idmsudo_var.name }}" @@ -12,7 +16,3 @@ user: "{{ idmsudo_var.user | default(omit) }}" allow_sudocmd: "{{ idmsudo_var.allow_sudocmd | default(omit) }}" sudooption: "{{ idmsudo_var.sudooption | default(omit) }}" - loop: "{{ idm_sudo_rules }}" - loop_control: - loop_var: idmsudo_var - when: idm_sudo_rules is defined diff --git a/roles/idm_config/tasks/idm_manage_user_groups.yml b/roles/idm_config/tasks/idm_manage_user_groups.yml index f90c405..3b28c6d 100644 --- a/roles/idm_config/tasks/idm_manage_user_groups.yml +++ b/roles/idm_config/tasks/idm_manage_user_groups.yml @@ -1,35 +1,35 @@ --- -- name: "Create defined user groups on IdM" - redhat.rhel_idm.ipagroup: - ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" - ipaadmin_password: "{{ ipaadmin_password }}" - description: "{{ idmusergroups_var.desc }}" - name: "{{ idmusergroups_var.name }}" +- name: Create defined user groups on IdM loop: "{{ idm_user_groups }}" loop_control: loop_var: idmusergroups_var when: idm_user_groups is defined - -- name: "Add defined user to group on IdM" - redhat.rhel_idm.ipagroup: + freeipa.ansible_freeipa.ipagroup: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" - name: "{{ idmgroupusers_var.group }}" - user: "{{ idmgroupusers_var.user }}" - action: member + description: "{{ idmusergroups_var.desc }}" + name: "{{ idmusergroups_var.name }}" + +- name: Add defined user to group on IdM loop: "{{ idm_group_users + showroom_group_users }}" loop_control: loop_var: idmgroupusers_var when: idm_group_users is defined or showroom_group_users is defined - -- name: "Add defined groups to group on IdM" - redhat.rhel_idm.ipagroup: + freeipa.ansible_freeipa.ipagroup: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" - name: "{{ idmgroupgroups_var.name }}" - group: "{{ idmgroupgroups_var.group }}" - state: "{{ idmgroupgroups_var.state }}" + name: "{{ idmgroupusers_var.group }}" + user: "{{ idmgroupusers_var.user }}" + action: member + +- name: Add defined groups to group on IdM loop: "{{ idm_group_groups }}" loop_control: loop_var: idmgroupgroups_var when: idm_group_groups is defined + freeipa.ansible_freeipa.ipagroup: + ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" + ipaadmin_password: "{{ ipaadmin_password }}" + name: "{{ idmgroupgroups_var.name }}" + group: "{{ idmgroupgroups_var.group }}" + state: "{{ idmgroupgroups_var.state }}" diff --git a/roles/idm_config/tasks/idm_manage_users.yml b/roles/idm_config/tasks/idm_manage_users.yml index 94ec76c..19c5ef4 100644 --- a/roles/idm_config/tasks/idm_manage_users.yml +++ b/roles/idm_config/tasks/idm_manage_users.yml @@ -1,6 +1,10 @@ --- -- name: "Add defined users on IdM" - redhat.rhel_idm.ipauser: +- name: Add defined users on IdM + loop: "{{ idm_users + showroom_users }}" + loop_control: + loop_var: idmuser_var + no_log: true + freeipa.ansible_freeipa.ipauser: ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ idmuser_var.name }}" @@ -21,7 +25,3 @@ sshpubkey: "{{ idmuser_var.sshpubkey | default(omit) }}" update_password: "{{ idmuser_var.update_password | default(omit) }}" passwordexpiration: "{{ idmuser_var.passwordexpiration | default(omit) }}" - loop: "{{ idm_users + showroom_users }}" - loop_control: - loop_var: idmuser_var - no_log: true diff --git a/roles/imagebuilder/defaults/main.yml b/roles/imagebuilder/defaults/main.yml index 5decca6..08e2b6a 100644 --- a/roles/imagebuilder/defaults/main.yml +++ b/roles/imagebuilder/defaults/main.yml @@ -3,12 +3,13 @@ # variable to run role # imagebuilder: true -imagebuilder_auth_url: "https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token" -imagebuilder_url: "https://console.redhat.com/api/image-builder/v1/compose" -imagebuilder_status_url: "https://console.redhat.com/api/image-builder/v1/composes/" +imagebuilder_auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token +imagebuilder_url: https://console.redhat.com/api/image-builder/v1/compose +imagebuilder_status_url: https://console.redhat.com/api/image-builder/v1/composes/ imagebuilder_bootstrap_target: "{{ bootstrap_target }}" -imagebuilder_image_extension: "{% if bootstrap_target == 'azure' %}vhd{% elif bootstrap_target == 'aws' %}ami{% elif bootstrap_target == 'vsphere' %}vmdk{% elif bootstrap_target == 'gcp' %}img{% elif bootstrap_target == 'edge-installer' %}iso{% endif %}" # noqa yaml[line-length] +imagebuilder_image_extension: "{% if bootstrap_target == 'azure' %}vhd{% elif bootstrap_target == 'aws' %}ami{% elif bootstrap_target == 'vsphere' %}vmdk{% elif bootstrap_target + == 'gcp' %}img{% elif bootstrap_target == 'edge-installer' %}iso{% endif %}" # noqa yaml[line-length] # type extension # vsphere vmdk @@ -22,13 +23,13 @@ imagebuilder_image_extension: "{% if bootstrap_target == 'azure' %}vhd{% elif bo # you can use the API url to pull a current list of available distributions imagebuilder_images: - - distribution: "rhel-94" - image_name: "image-rhel-94" + - distribution: rhel-94 + image_name: image-rhel-94 imagebuilder_activation_key: "{{ rh_activation_key }}" # what we will call the image and where we put it -imagebuilder_file_directory: "/tmp" -imagebuilder_image_definition_file: "request-base-image.json" +imagebuilder_file_directory: /tmp +imagebuilder_image_definition_file: request-base-image.json imagebuilder_image_file_name: "{{ builder_image_name }}.{{ image_extension }}" imagebuilder_image_file_path: "{{ imagebuilder_file_directory }}/{{ imagebuilder_image_file_name }}" @@ -48,4 +49,4 @@ imagebuilder_filesystem: var_log_size: 4294967296 var_log_audit_size: 2147483648 -imagebuilder_timezone: "Europe/Berlin" +imagebuilder_timezone: Europe/Berlin diff --git a/roles/imagebuilder/tasks/compose_wait.yml b/roles/imagebuilder/tasks/compose_wait.yml index 01eb2a0..7b4a8f4 100644 --- a/roles/imagebuilder/tasks/compose_wait.yml +++ b/roles/imagebuilder/tasks/compose_wait.yml @@ -1,20 +1,20 @@ --- -- name: "Retrieve a new access token" +- name: Retrieve a new access token ansible.builtin.include_tasks: retrieve_composer_access_token.yml -- name: "Wait for console build to complete" +- name: Wait for console build to complete block: - - name: "Set or increment retry count" + - name: Set or increment retry count ansible.builtin.set_fact: __compose_retry_count: "{{ 0 if __compose_retry_count is undefined else __compose_retry_count | int + 1 }}" - - name: "Watch for finished image compose" + - name: Watch for finished image compose ansible.builtin.uri: url: "{{ imagebuilder_status_url }}{{ __compose_result.json.id }}" - method: "GET" + method: GET headers: - Authorization: "Bearer {{ __access_token }}" - Content-Type: "application/json" + Authorization: Bearer {{ __access_token }} + Content-Type: application/json validate_certs: true return_content: true register: __compose_status @@ -25,19 +25,19 @@ retries: 60 delay: 10 - - name: "Finished build" + - name: Finished build ansible.builtin.set_fact: __composer_done: true rescue: - - name: "Retry count exceeded, time to fail" + - name: Retry count exceeded, time to fail ansible.builtin.fail: - msg: "Maximum retry count exceeded, have tried {{ __compose_retry_count }} times" + msg: Maximum retry count exceeded, have tried {{ __compose_retry_count }} times when: __compose_retry_count|int == 10 - - name: "Still waiting..." + - name: Still waiting... ansible.builtin.debug: - msg: "Still waiting, retry count {{ __compose_retry_count }} of 10, retrying..." + msg: Still waiting, retry count {{ __compose_retry_count }} of 10, retrying... - - name: "Retry" + - name: Retry ansible.builtin.include_tasks: compose_wait.yml diff --git a/roles/imagebuilder/tasks/create_image.yml b/roles/imagebuilder/tasks/create_image.yml index ed82e5a..f12825f 100644 --- a/roles/imagebuilder/tasks/create_image.yml +++ b/roles/imagebuilder/tasks/create_image.yml @@ -13,8 +13,8 @@ rescue: - name: Show fail message ansible.builtin.debug: - msg: "Image {{ image.image_name }} doesn't exist in {{ azure_rg }}, creating new image..." + msg: Image {{ image.image_name }} doesn't exist in {{ azure_rg }}, creating new image... - - name: "Create image" + - name: Create image ansible.builtin.include_tasks: file: deploy_image.yml diff --git a/roles/imagebuilder/tasks/deploy_image.yml b/roles/imagebuilder/tasks/deploy_image.yml index fedebb8..7c20c4c 100644 --- a/roles/imagebuilder/tasks/deploy_image.yml +++ b/roles/imagebuilder/tasks/deploy_image.yml @@ -1,26 +1,26 @@ --- # tasks file for imagebuilder -- name: "Retrieve an access token" +- name: Retrieve an access token ansible.builtin.include_tasks: retrieve_composer_access_token.yml -- name: "Setting __imagebuilder_image_type to azure bootstrap target" +- name: Setting __imagebuilder_image_type to azure bootstrap target ansible.builtin.set_fact: - __imagebuilder_image_type: "azure" + __imagebuilder_image_type: azure when: imagebuilder_bootstrap_target == "azure" -- name: "Create the build configuration from template" +- name: Create the build configuration from template ansible.builtin.template: - src: "template.request-base-image.json.j2" + src: template.request-base-image.json.j2 dest: "{{ imagebuilder_file_directory }}/{{ imagebuilder_image_definition_file }}" mode: "0644" -- name: "Create the image from the configuration" +- name: Create the image from the configuration ansible.builtin.uri: url: "{{ imagebuilder_url }}" - method: "POST" + method: POST headers: - Authorization: "Bearer {{ __access_token }}" - Content-Type: "application/json" + Authorization: Bearer {{ __access_token }} + Content-Type: application/json body: "{{ lookup('ansible.builtin.file', '{{ imagebuilder_file_directory }}/{{ imagebuilder_image_definition_file }}') }}" body_format: json status_code: 201 @@ -28,30 +28,30 @@ return_content: true register: __compose_result -- name: "Assert success" +- name: Assert success ansible.builtin.assert: that: - __compose_result.failed == false - __compose_result.json.id is defined -- name: "Watch for finished image compose" +- name: Watch for finished image compose ansible.builtin.include_tasks: file: compose_wait.yml -- name: "Assert that the build was successful" +- name: Assert that the build was successful ansible.builtin.assert: that: - __compose_status.json.image_status.status == "success" -- name: "Azure image-specific handling block" +- name: Azure image-specific handling block when: __imagebuilder_image_type == "azure" block: - - name: "Assert that the build uploaded to Azure" + - name: Assert that the build uploaded to Azure ansible.builtin.assert: that: - __compose_status.json.image_status.upload_status.options.image_name is defined - __compose_status.json.image_status.upload_status.status == "success" - - name: "Retrieve VHD name from Azure imagebuild" + - name: Retrieve VHD name from Azure imagebuild ansible.builtin.set_fact: imagebuilder_vhd: "{{ __compose_status.json.image_status.upload_status.options.image_name }}" diff --git a/roles/imagebuilder/tasks/main.yml b/roles/imagebuilder/tasks/main.yml index e03a60e..b4e89c2 100644 --- a/roles/imagebuilder/tasks/main.yml +++ b/roles/imagebuilder/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: "Create image" +- name: Create image ansible.builtin.include_tasks: file: create_image.yml loop: "{{ imagebuilder_images }}" diff --git a/roles/imagebuilder/tasks/retrieve_composer_access_token.yml b/roles/imagebuilder/tasks/retrieve_composer_access_token.yml index 7346546..bc0d792 100644 --- a/roles/imagebuilder/tasks/retrieve_composer_access_token.yml +++ b/roles/imagebuilder/tasks/retrieve_composer_access_token.yml @@ -1,34 +1,34 @@ --- -- name: "Retrieve an access token" +- name: Retrieve an access token ansible.builtin.uri: url: "{{ imagebuilder_auth_url }}" - method: "POST" + method: POST body: - grant_type: "refresh_token" - client_id: "rhsm-api" + grant_type: refresh_token + client_id: rhsm-api refresh_token: "{{ satellite_rhsm_offline_token }}" - body_format: "form-urlencoded" + body_format: form-urlencoded validate_certs: true return_content: true register: __result -- name: "Set access token" +- name: Set access token ansible.builtin.set_fact: __access_token: "{{ __result.json.access_token }}" -- name: "Test connection - get API version" +- name: Test connection - get API version ansible.builtin.uri: - url: "https://console.redhat.com/api/image-builder/v1/version" - method: "GET" + url: https://console.redhat.com/api/image-builder/v1/version + method: GET headers: - Authorization: "Bearer {{ __access_token }}" - Content-Type: "application/json" - body_format: "form-urlencoded" + Authorization: Bearer {{ __access_token }} + Content-Type: application/json + body_format: form-urlencoded validate_certs: true return_content: true register: __result -- name: "Assert success" +- name: Assert success ansible.builtin.assert: that: - __result.json.version == "1.0" diff --git a/roles/init_environment/tasks/ansible_config.yml b/roles/init_environment/tasks/ansible_config.yml index 5b805c3..7c3f58a 100644 --- a/roles/init_environment/tasks/ansible_config.yml +++ b/roles/init_environment/tasks/ansible_config.yml @@ -1,12 +1,12 @@ --- -- name: "Write ansible.cfg" +- name: Write ansible.cfg ansible.builtin.template: src: ansible.cfg.j2 - dest: "../ansible.cfg" + dest: ../ansible.cfg mode: "0600" - name: Create Ansible Vault Password file ansible.builtin.copy: - dest: "../{{ init_environment_ansible_cfg_vault_password_file }}" + dest: ../{{ init_environment_ansible_cfg_vault_password_file }} content: "{{ vault_password }}" mode: "0600" diff --git a/roles/init_environment/tasks/collection_install.yml b/roles/init_environment/tasks/collection_install.yml index 96de5c0..9403cc8 100644 --- a/roles/init_environment/tasks/collection_install.yml +++ b/roles/init_environment/tasks/collection_install.yml @@ -1,20 +1,21 @@ --- -- name: "Install requirements file based collections {{ 'forcefully' if init_environment_collection_install_force }}" +- name: Install requirements file based collections {{ 'forcefully' if init_environment_collection_install_force }} ansible.builtin.command: - cmd: "ansible-galaxy collection install {{ '--force' if init_environment_collection_install_force }} -r {{ init_environment_ansible_cfg_path_requirements_dir }}/requirements.yml" # noqa yaml[line-length] - chdir: "../" + cmd: ansible-galaxy collection install {{ '--force' if init_environment_collection_install_force }} -r {{ init_environment_ansible_cfg_path_requirements_dir }}/requirements.yml # noqa yaml[line-length] + chdir: ../ environment: - ANSIBLE_CONFIG: "./ansible.cfg" + ANSIBLE_CONFIG: ./ansible.cfg register: __collection_install changed_when: "'Nothing to do' not in __collection_install.stdout" failed_when: __collection_install.rc not in [0] -- name: "Install requirements file based roles {{ 'forcefully' if init_environment_collection_install_force }}" +- name: Install requirements file based roles {{ 'forcefully' if init_environment_collection_install_force }} ansible.builtin.command: - cmd: "ansible-galaxy role install {{ '--force' if init_environment_collection_install_force }} -p {{ init_environment_ansible_cfg_path_roles_dir }} -r {{ init_environment_ansible_cfg_path_requirements_dir }}/requirements.yml" # noqa yaml[line-length] - chdir: "../" + cmd: ansible-galaxy role install {{ '--force' if init_environment_collection_install_force }} -p {{ init_environment_ansible_cfg_path_roles_dir }} -r {{ init_environment_ansible_cfg_path_requirements_dir + }}/requirements.yml # noqa yaml[line-length] + chdir: ../ environment: - ANSIBLE_CONFIG: "./ansible.cfg" + ANSIBLE_CONFIG: ./ansible.cfg register: __role_install changed_when: "'already installed' not in __role_install.stderr" failed_when: __role_install.rc not in [0] diff --git a/roles/init_environment/tasks/manage_ssh.yml b/roles/init_environment/tasks/manage_ssh.yml index 54c8615..7a0d590 100644 --- a/roles/init_environment/tasks/manage_ssh.yml +++ b/roles/init_environment/tasks/manage_ssh.yml @@ -6,8 +6,8 @@ - name: Add include rhis-config ansible.builtin.lineinfile: path: ~/.ssh/config - line: "Include rhis-config" - regexp: "^Include rhis-config" + line: Include rhis-config + regexp: ^Include rhis-config mode: "0644" insertbefore: BOF state: present @@ -23,26 +23,26 @@ ansible.builtin.import_role: name: vault_string vars: - vault_string_filepath: "~/.ssh/id_rsa_{{ vm_user }}" - vault_string_variable_name: "vm_user_private_key" + vault_string_filepath: ~/.ssh/id_rsa_{{ vm_user }} + vault_string_variable_name: vm_user_private_key - name: Import git_repo_commit ansible.builtin.import_role: name: git_repo_commit vars: git_repo_commit_repository: "{{ github_inventory_repo_path }}" - git_repo_commit_file: { src: "{{ __path_file_encrypted }}", dest: "group_vars/all/" } + git_repo_commit_file: { src: "{{ __path_file_encrypted }}", dest: group_vars/all/ } - name: Import vault_string ansible.builtin.import_role: name: vault_string vars: - vault_string_filepath: "~/.ssh/id_rsa_{{ vm_user }}.pub" - vault_string_variable_name: "vm_user_public_key" + vault_string_filepath: ~/.ssh/id_rsa_{{ vm_user }}.pub + vault_string_variable_name: vm_user_public_key - name: Import git_repo_commit ansible.builtin.import_role: name: git_repo_commit vars: git_repo_commit_repository: "{{ github_inventory_repo_path }}" - git_repo_commit_file: { src: "{{ __path_file_encrypted }}", dest: "group_vars/all/" } + git_repo_commit_file: { src: "{{ __path_file_encrypted }}", dest: group_vars/all/ } diff --git a/roles/manage_reverse_proxy/defaults/main.yml b/roles/manage_reverse_proxy/defaults/main.yml index 427593d..6471f15 100644 --- a/roles/manage_reverse_proxy/defaults/main.yml +++ b/roles/manage_reverse_proxy/defaults/main.yml @@ -1,4 +1,4 @@ --- -manage_reverse_proxy_letsencrypt_dir: "/etc/letsencrypt" +manage_reverse_proxy_letsencrypt_dir: /etc/letsencrypt manage_reverse_proxy_ssl_key_path: "{{ manage_reverse_proxy_letsencrypt_dir }}/{{ inventory_hostname }}.key" manage_reverse_proxy_crt_path: "{{ manage_reverse_proxy_letsencrypt_dir }}/{{ inventory_hostname }}.crt" diff --git a/roles/manage_reverse_proxy/tasks/configure_azure.yml b/roles/manage_reverse_proxy/tasks/configure_azure.yml index d96bec5..81b4293 100644 --- a/roles/manage_reverse_proxy/tasks/configure_azure.yml +++ b/roles/manage_reverse_proxy/tasks/configure_azure.yml @@ -35,21 +35,21 @@ resource_group: "{{ azure_rg | default(omit) }}" name: "{{ azure_subnet_nsg | default(omit) }}" rules: - - name: "AllowHTTPInBound" + - name: AllowHTTPInBound protocol: Tcp direction: Inbound priority: 400 access: Allow - source_address_prefix: "Internet" + source_address_prefix: Internet source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "80" - - name: "AllowHTTPSInbound" + - name: AllowHTTPSInbound protocol: Tcp direction: Inbound priority: 401 access: Allow - source_address_prefix: "Internet" + source_address_prefix: Internet source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "443" diff --git a/roles/manage_reverse_proxy/tasks/configure_nginx.yml b/roles/manage_reverse_proxy/tasks/configure_nginx.yml index 959c16d..3555f56 100644 --- a/roles/manage_reverse_proxy/tasks/configure_nginx.yml +++ b/roles/manage_reverse_proxy/tasks/configure_nginx.yml @@ -3,7 +3,7 @@ ansible.builtin.dnf: name: - nginx - state: "present" + state: present - name: Get IP - "{{ groups.ipaserver | first }}" ansible.builtin.setup: diff --git a/roles/manage_squid/defaults/main.yml b/roles/manage_squid/defaults/main.yml index 85097a5..0dd7668 100644 --- a/roles/manage_squid/defaults/main.yml +++ b/roles/manage_squid/defaults/main.yml @@ -1,5 +1,5 @@ --- -manage_squid_allowed_network: "10.0.0.0/8" +manage_squid_allowed_network: 10.0.0.0/8 manage_squid_http_port: 3128 manage_squid_admin_username: "{{ squid_admin_username }}" manage_squid_admin_password: "{{ squid_admin_password }}" diff --git a/roles/manage_squid/tasks/main.yml b/roles/manage_squid/tasks/main.yml index eb978f5..cf3718a 100644 --- a/roles/manage_squid/tasks/main.yml +++ b/roles/manage_squid/tasks/main.yml @@ -4,17 +4,17 @@ name: - squid - httpd-tools - state: "present" + state: present - name: Add squid admin to a password file and ensure permissions are set - ansible.builtin.command: "htpasswd -c -B -b /etc/squid/passwd {{ manage_squid_admin_username }} {{ manage_squid_admin_password }}" + ansible.builtin.command: htpasswd -c -B -b /etc/squid/passwd {{ manage_squid_admin_username }} {{ manage_squid_admin_password }} register: __return failed_when: __return.failed changed_when: __return.changed no_log: true - name: Add squid user to a password file and ensure permissions are set - ansible.builtin.command: "htpasswd -B -b /etc/squid/passwd {{ user.name }} {{ user.password }}" + ansible.builtin.command: htpasswd -B -b /etc/squid/passwd {{ user.name }} {{ user.password }} loop: "{{ showroom_users }}" loop_control: loop_var: user @@ -34,7 +34,7 @@ - name: Start and enable squid service ansible.builtin.service: name: squid - state: "started" + state: started enabled: true - name: Ensure squid is allowed on firewall diff --git a/roles/pki_idm_generate_certs/defaults/main.yml b/roles/pki_idm_generate_certs/defaults/main.yml index c6badf4..4d7beb4 100644 --- a/roles/pki_idm_generate_certs/defaults/main.yml +++ b/roles/pki_idm_generate_certs/defaults/main.yml @@ -1,5 +1,5 @@ --- -pki_idm_generate_certs_ssl_certs_dir: "/etc/ipa/private/" +pki_idm_generate_certs_ssl_certs_dir: /etc/ipa/private/ pki_idm_generate_certs_ssl_crt_path: "{{ pki_idm_generate_certs_ssl_certs_dir }}{{ inventory_hostname }}.crt" pki_idm_generate_certs_ssl_key_path: "{{ pki_idm_generate_certs_ssl_certs_dir }}{{ inventory_hostname }}.key" pki_idm_generate_certs_ssl_csr_path: "{{ pki_idm_generate_certs_ssl_certs_dir }}{{ inventory_hostname }}.csr" @@ -8,12 +8,12 @@ pki_idm_generate_certs_ssl_rsa_key_pass: "" pki_idm_generate_certs_ipa_server_ca_path: "{{ ipa_server_ca_path }}" pki_idm_generate_certs_ipa_client_trust_path: "{{ ipa_client_trust_path }}" -pki_idm_generate_certs_crt_service_type: "HTTP" +pki_idm_generate_certs_crt_service_type: HTTP pki_idm_generate_certs_crt_force_regen: true -pki_idm_generate_certs_ssl_private_key_cipher: "auto" +pki_idm_generate_certs_ssl_private_key_cipher: auto pki_idm_generate_certs_ssl_private_key_size: 4096 -pki_idm_generate_certs_ssl_private_key_format: "pkcs8" +pki_idm_generate_certs_ssl_private_key_format: pkcs8 pki_idm_generate_certs_csr_digest: "" pki_idm_generate_certs_csr_common_name: "" diff --git a/roles/pki_idm_generate_certs/tasks/generate_certs.yml b/roles/pki_idm_generate_certs/tasks/generate_certs.yml index 9534c25..b0678b1 100644 --- a/roles/pki_idm_generate_certs/tasks/generate_certs.yml +++ b/roles/pki_idm_generate_certs/tasks/generate_certs.yml @@ -1,37 +1,37 @@ --- -- name: "Create a secure directory" +- name: Create a secure directory ansible.builtin.file: path: "{{ pki_idm_generate_certs_ssl_certs_dir }}" - state: "directory" - owner: "root" - group: "root" + state: directory + owner: root + group: root mode: "0600" -- name: "Set target service name" +- name: Set target service name ansible.builtin.set_fact: __target_service: "{{ pki_idm_generate_certs_crt_service_type }}/{{ inventory_hostname }}" -- name: "Ensure target service is present" - redhat.rhel_idm.ipaservice: +- name: Ensure target service is present + freeipa.ansible_freeipa.ipaservice: name: "{{ __target_service }}" state: present ipaadmin_password: "{{ ipaadmin_password }}" -- name: "Check for an existing certificate file" +- name: Check for an existing certificate file ansible.builtin.stat: path: "{{ pki_idm_generate_certs_ssl_crt_path }}" register: __cert_exists -- name: "Cert exists and regen requested - stop tracking and clean up" +- name: Cert exists and regen requested - stop tracking and clean up when: __cert_exists.stat.exists and pki_idm_generate_certs_crt_force_regen block: - - name: "Read existing cert" # noqa: command-instead-of-module - ansible.builtin.shell: "sed -n 2,$(expr $(wc -l < {{ pki_idm_generate_certs_ssl_crt_path }}) - 1)p {{ pki_idm_generate_certs_ssl_crt_path }}" + - name: Read existing cert # noqa: command-instead-of-module + ansible.builtin.shell: sed -n 2,$(expr $(wc -l < {{ pki_idm_generate_certs_ssl_crt_path }}) - 1)p {{ pki_idm_generate_certs_ssl_crt_path }} register: __cert_info changed_when: __cert_info.changed failed_when: __cert_info.failed - - name: "Get cert serial number" + - name: Get cert serial number ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa cert-find --certificate='{{ __cert_info.stdout }}' | grep 'Serial number:' | cut -c18- @@ -39,7 +39,7 @@ changed_when: __serial_num.changed failed_when: __serial_num.failed - - name: "Check if certmonger is already tracking the certificate" + - name: Check if certmonger is already tracking the certificate ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa-getcert list -f {{ pki_idm_generate_certs_ssl_crt_path }} | grep 'status:' @@ -47,7 +47,7 @@ failed_when: false changed_when: false - - name: "Stop tracking cert with certmonger" + - name: Stop tracking cert with certmonger ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa-getcert stop-tracking -k {{ pki_idm_generate_certs_ssl_key_path }} @@ -58,7 +58,7 @@ changed_when: __stop_tracking.changed failed_when: __stop_tracking.failed - - name: "Remove the old cert from the service" + - name: Remove the old cert from the service ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa service-remove-cert {{ __target_service }} --certificate='{{ __cert_info.stdout }}' @@ -68,7 +68,7 @@ changed_when: __remove_service.changed failed_when: __remove_service.failed - - name: "Revoke the old cert with reason 6 - certificateHold - an admin can completely revoke it later" + - name: Revoke the old cert with reason 6 - certificateHold - an admin can completely revoke it later ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa cert-revoke {{ __serial_num.stdout_lines.1 }} --revocation-reason=6 @@ -78,7 +78,7 @@ changed_when: __revoke_oldcert.changed failed_when: __revoke_oldcert.failed - - name: "Cert exists, rename old cert .revoked" + - name: Cert exists, rename old cert .revoked ansible.builtin.copy: src: "{{ pki_idm_generate_certs_ssl_crt_path }}" dest: "{{ pki_idm_generate_certs_ssl_crt_path }}.revoked" @@ -120,7 +120,7 @@ principal: "{{ __target_service }}" certificate_out: "{{ pki_idm_generate_certs_ssl_crt_path }}" - - name: "Remove passphrase from the private key" + - name: Remove passphrase from the private key ansible.builtin.command: >- openssl rsa -in {{ pki_idm_generate_certs_ssl_key_path }} -out {{ pki_idm_generate_certs_ssl_key_path }} -passin pass:{{ pki_idm_generate_certs_ssl_rsa_key_pass }} @@ -128,7 +128,7 @@ changed_when: __openssl_passout.changed failed_when: __openssl_passout.failed - - name: "Check if certmonger is already tracking the certificate" + - name: Check if certmonger is already tracking the certificate ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa-getcert list -f {{ pki_idm_generate_certs_ssl_crt_path }} | grep 'status:' @@ -136,7 +136,7 @@ changed_when: __certmonger_tracking_status.changed failed_when: __certmonger_tracking_status.rc not in [0, 1] - - name: "Start certmonger tracking the new certificate for autorenewals" + - name: Start certmonger tracking the new certificate for autorenewals ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; ipa-getcert start-tracking -k {{ pki_idm_generate_certs_ssl_key_path }} -f {{ pki_idm_generate_certs_ssl_crt_path }} -I {{ inventory_hostname }} diff --git a/roles/pki_idm_generate_certs/tasks/main.yml b/roles/pki_idm_generate_certs/tasks/main.yml index 84dc452..5967b25 100644 --- a/roles/pki_idm_generate_certs/tasks/main.yml +++ b/roles/pki_idm_generate_certs/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: "Ensure certificates are generated" +- name: Ensure certificates are generated ansible.builtin.import_tasks: generate_certs.yml when: generate_certs | bool() tags: generate_certs -- name: "Ensure CA trust updated" +- name: Ensure CA trust updated ansible.builtin.import_tasks: update_ca_trust.yml when: update_ca_trust | bool() tags: update_ca_trust diff --git a/roles/pki_idm_generate_certs/tasks/update_ca_trust.yml b/roles/pki_idm_generate_certs/tasks/update_ca_trust.yml index f7b3d20..3a458ea 100644 --- a/roles/pki_idm_generate_certs/tasks/update_ca_trust.yml +++ b/roles/pki_idm_generate_certs/tasks/update_ca_trust.yml @@ -1,5 +1,5 @@ --- -- name: "Copy the ipa ca-certificates to the trust directory" +- name: Copy the ipa ca-certificates to the trust directory ansible.builtin.copy: src: "{{ pki_idm_generate_certs_ipa_server_ca_path }}" dest: "{{ pki_idm_generate_certs_ipa_client_trust_path }}" @@ -8,14 +8,14 @@ group: root mode: "0644" -- name: "Enable the trust" - ansible.builtin.command: "update-ca-trust enable" +- name: Enable the trust + ansible.builtin.command: update-ca-trust enable register: __result changed_when: __result.changed failed_when: __result.failed -- name: "Update the trust" - ansible.builtin.command: "update-ca-trust" +- name: Update the trust + ansible.builtin.command: update-ca-trust register: __result changed_when: __result.changed failed_when: __result.failed diff --git a/roles/pki_rootca/tasks/main.yml b/roles/pki_rootca/tasks/main.yml index dc81e1e..6880aaa 100644 --- a/roles/pki_rootca/tasks/main.yml +++ b/roles/pki_rootca/tasks/main.yml @@ -3,7 +3,7 @@ become: true ansible.builtin.dnf: name: python3-cryptography - state: "present" + state: present - name: Create CA root path ansible.builtin.file: @@ -38,7 +38,7 @@ common_name: "{{ pki_rootca_ca_common_name | default(omit) }}" use_common_name_for_san: false basic_constraints: - - 'CA:TRUE' + - CA:TRUE basic_constraints_critical: true key_usage: - keyCertSign @@ -54,12 +54,12 @@ provider: selfsigned mode: "0644" -- name: "Set RootCA cert path" +- name: Set RootCA cert path ansible.builtin.set_fact: vault_string: false git_repo_commit: false when: __certificate_exists.stat.exists and __key_exists.stat.exists -- name: "Set RootCA cert path" +- name: Set RootCA cert path ansible.builtin.set_fact: __rootca_cert_path: "{{ pki_rootca_root_path }}/{{ pki_rootca_cert }}" diff --git a/roles/post_config/tasks/main.yml b/roles/post_config/tasks/main.yml index 93b3dda..a92eeae 100644 --- a/roles/post_config/tasks/main.yml +++ b/roles/post_config/tasks/main.yml @@ -29,19 +29,19 @@ state: present when: post_config_packages is defined -- name: "Configure kernel parameters" # noqa var-naming[no-role-prefix] +- name: Configure kernel parameters # noqa var-naming[no-role-prefix] become: true ansible.builtin.import_role: name: redhat.rhel_system_roles.kernel_settings when: kernel_settings_sysctl is defined -- name: "Configure Cron for RH Offline Token Refresh" +- name: Configure Cron for RH Offline Token Refresh ansible.builtin.include_tasks: refresh_token.yml loop: "{{ rh_offline_tokens }}" loop_control: loop_var: token when: rh_offline_tokens is defined -- name: "Configure httpd" +- name: Configure httpd ansible.builtin.include_tasks: httpd_deploy.yml when: httpd_deploy | bool() diff --git a/roles/post_config/tasks/refresh_token.yml b/roles/post_config/tasks/refresh_token.yml index 6739e40..0035062 100644 --- a/roles/post_config/tasks/refresh_token.yml +++ b/roles/post_config/tasks/refresh_token.yml @@ -1,3 +1,4 @@ +--- - name: Block for create a cronjob for token refresh become: true block: @@ -15,5 +16,5 @@ - name: Update cron file permission ansible.builtin.file: - path: "/etc/cron.d/rh-token-refresh-{{ token.name }}" + path: /etc/cron.d/rh-token-refresh-{{ token.name }} mode: "0644" diff --git a/roles/public_certificate/defaults/main.yml b/roles/public_certificate/defaults/main.yml index e155a22..979ee57 100644 --- a/roles/public_certificate/defaults/main.yml +++ b/roles/public_certificate/defaults/main.yml @@ -2,8 +2,8 @@ public_certificate_acme_version: 2 public_certificate_acme_directory: https://acme-v02.api.letsencrypt.org/directory public_certificate_acme_challenge_type: dns-01 -public_certificate_acme_challenge_subdomain: "_acme-challenge.{{ azure_dns_private_dnz_zone_subdomain }}" -public_certificate_letsencrypt_dir: "/etc/letsencrypt" +public_certificate_acme_challenge_subdomain: _acme-challenge.{{ azure_dns_private_dnz_zone_subdomain }} +public_certificate_letsencrypt_dir: /etc/letsencrypt public_certificate_letsencrypt_account_key_path: "{{ public_certificate_letsencrypt_dir }}/account.key" public_certificate_letsencrypt_ssl_key_path: "{{ public_certificate_letsencrypt_dir }}/{{ inventory_hostname }}.key" diff --git a/roles/public_certificate/tasks/main.yml b/roles/public_certificate/tasks/main.yml index 9024cb9..b513eb6 100644 --- a/roles/public_certificate/tasks/main.yml +++ b/roles/public_certificate/tasks/main.yml @@ -1,5 +1,5 @@ --- -- name: "Create let's encrypt directory" +- name: Create let's encrypt directory ansible.builtin.file: path: "{{ public_certificate_letsencrypt_dir }}" state: directory @@ -27,7 +27,7 @@ privatekey_path: "{{ public_certificate_letsencrypt_ssl_key_path }}" common_name: "{{ public_certificate_common_name }}" -- name: "Begin Let's Encrypt challenges" +- name: Begin Let's Encrypt challenges community.crypto.acme_certificate: acme_directory: "{{ public_certificate_acme_directory }}" acme_version: "{{ public_certificate_acme_version }}" @@ -71,7 +71,7 @@ - bootstrap_target is defined - bootstrap_target == "azure" - - name: "Complete Let's Encrypt challenges" + - name: Complete Let's Encrypt challenges community.crypto.acme_certificate: acme_directory: "{{ public_certificate_acme_directory }}" acme_version: "{{ public_certificate_acme_version }}" diff --git a/roles/satellite_config/tasks/main.yml b/roles/satellite_config/tasks/main.yml index a12b531..f5894c8 100644 --- a/roles/satellite_config/tasks/main.yml +++ b/roles/satellite_config/tasks/main.yml @@ -1,145 +1,145 @@ --- -- name: "Ensure hammer configuration" - ansible.builtin.include_tasks: "satellite_configure_hammer.yml" +- name: Ensure hammer configuration + ansible.builtin.include_tasks: satellite_configure_hammer.yml -- name: "Ensure manifest uploaded to Satellite" +- name: Ensure manifest uploaded to Satellite ansible.builtin.import_role: name: redhat.satellite.manifest when: satellite_manifest_uuid is defined -- name: "Ensure defined repositories enabled" +- name: Ensure defined repositories enabled ansible.builtin.import_role: name: redhat.satellite.repositories when: satellite_products is defined -- name: "Ensure content credentials are configured" +- name: Ensure content credentials are configured ansible.builtin.import_role: name: redhat.satellite.content_credentials - when: "satellite_content_credentials is defined" + when: satellite_content_credentials is defined -- name: "Ensure the state of the specified custom products" - ansible.builtin.include_tasks: "satellite_ensure_custom_product.yml" +- name: Ensure the state of the specified custom products + ansible.builtin.include_tasks: satellite_ensure_custom_product.yml loop: "{{ satellite_config_custom_products }}" loop_control: loop_var: custom_product - when: "satellite_config_custom_products is defined" + when: satellite_config_custom_products is defined -- name: "Sync repositories" - ansible.builtin.include_tasks: "satellite_sync_repositories.yml" +- name: Sync repositories + ansible.builtin.include_tasks: satellite_sync_repositories.yml when: satellite_config_sync | bool() -- name: "Ensure sync plans are configured" +- name: Ensure sync plans are configured ansible.builtin.import_role: name: redhat.satellite.sync_plans when: satellite_sync_plans is defined -- name: "Ensure lifecycle environments are configured" +- name: Ensure lifecycle environments are configured ansible.builtin.import_role: name: redhat.satellite.lifecycle_environments when: satellite_lifecycle_environments is defined -- name: "Ensure content views and composite content views are configured" +- name: Ensure content views and composite content views are configured ansible.builtin.import_role: name: redhat.satellite.content_views when: satellite_content_views is defined -- name: "Ensure content views and composite content views are published" +- name: Ensure content views and composite content views are published ansible.builtin.import_role: name: redhat.satellite.content_view_publish when: satellite_content_views is defined -- name: "Ensure all locations are presented" +- name: Ensure all locations are presented ansible.builtin.import_role: name: redhat.satellite.locations when: satellite_locations is defined -- name: "Ensure the state of the specified partition tables" - ansible.builtin.include_tasks: "satellite_partition_tables.yml" - when: "satellite_config_partition_tables is defined" +- name: Ensure the state of the specified partition tables + ansible.builtin.include_tasks: satellite_partition_tables.yml + when: satellite_config_partition_tables is defined -- name: "Ensure the state of the provisioning templates" +- name: Ensure the state of the provisioning templates ansible.builtin.import_role: name: redhat.satellite.provisioning_templates - when: "satellite_provisioning_templates is defined" + when: satellite_provisioning_templates is defined -- name: "Ensure operatingsystems are configured" - ansible.builtin.include_tasks: "satellite_operatingsystems.yml" - when: "satellite_config_operatingsystems is defined" +- name: Ensure operatingsystems are configured + ansible.builtin.include_tasks: satellite_operatingsystems.yml + when: satellite_config_operatingsystems is defined -- name: "Ensure activation keys are configured" +- name: Ensure activation keys are configured ansible.builtin.import_role: name: redhat.satellite.activation_keys - when: "satellite_activation_keys is defined" + when: satellite_activation_keys is defined -- name: "Ensure domains are configured" +- name: Ensure domains are configured ansible.builtin.import_role: name: redhat.satellite.domains - when: "satellite_domains is defined" + when: satellite_domains is defined -- name: "Ensure realms are configured" - ansible.builtin.include_tasks: "satellite_realms.yml" - when: "satellite_config_realms is defined" +- name: Ensure realms are configured + ansible.builtin.include_tasks: satellite_realms.yml + when: satellite_config_realms is defined -- name: "Ensure subnets are configured" +- name: Ensure subnets are configured ansible.builtin.import_role: name: redhat.satellite.subnets - when: "satellite_subnets is defined" + when: satellite_subnets is defined -- name: "Ensure compute resources are configured" +- name: Ensure compute resources are configured ansible.builtin.import_role: name: redhat.satellite.compute_resources - when: "satellite_compute_resources is defined" + when: satellite_compute_resources is defined -- name: "Ensure compute profiles are configured" +- name: Ensure compute profiles are configured ansible.builtin.import_role: name: redhat.satellite.compute_profiles - when: "satellite_compute_profiles is defined" + when: satellite_compute_profiles is defined -- name: "Ensure satellite ansible roles are configured" - ansible.builtin.include_tasks: "satellite_ansible_roles.yml" - when: "satellite_config_ansible_roles is defined" +- name: Ensure satellite ansible roles are configured + ansible.builtin.include_tasks: satellite_ansible_roles.yml + when: satellite_config_ansible_roles is defined -- name: "Ensure host groups are configured" +- name: Ensure host groups are configured ansible.builtin.import_role: name: redhat.satellite.hostgroups - when: "satellite_hostgroups is defined" + when: satellite_hostgroups is defined -- name: "Ensure satellite scap content are configured" - ansible.builtin.include_tasks: "satellite_scap_contents.yml" - when: "satellite_scap_contents is defined" +- name: Ensure satellite scap content are configured + ansible.builtin.include_tasks: satellite_scap_contents.yml + when: satellite_scap_contents is defined loop: "{{ satellite_scap_contents }}" loop_control: loop_var: scap_content -- name: "Ensure satellite scap tailoring files are configured" - ansible.builtin.include_tasks: "satellite_scap_tailoring_files.yml" - when: "satellite_scap_tailoring_files is defined" +- name: Ensure satellite scap tailoring files are configured + ansible.builtin.include_tasks: satellite_scap_tailoring_files.yml + when: satellite_scap_tailoring_files is defined loop: "{{ satellite_scap_tailoring_files }}" loop_control: loop_var: scap_tailoring_file -- name: "Ensure satellite scap policies are configured" - ansible.builtin.include_tasks: "satellite_scap_policies.yml" - when: "satellite_scap_policies is defined" +- name: Ensure satellite scap policies are configured + ansible.builtin.include_tasks: satellite_scap_policies.yml + when: satellite_scap_policies is defined -- name: "Ensure discovery rules are configured" - ansible.builtin.include_tasks: "satellite_discovery_rules.yml" - when: "satellite_config_discovery_rules is defined" +- name: Ensure discovery rules are configured + ansible.builtin.include_tasks: satellite_discovery_rules.yml + when: satellite_config_discovery_rules is defined loop: "{{ satellite_config_discovery_rules }}" loop_control: loop_var: discovery_rule -- name: "Ensure global parameters are configured" - ansible.builtin.include_tasks: "satellite_global_parameters.yml" - when: "satellite_config_global_parameters is defined" +- name: Ensure global parameters are configured + ansible.builtin.include_tasks: satellite_global_parameters.yml + when: satellite_config_global_parameters is defined loop: "{{ satellite_config_global_parameters }}" loop_control: loop_var: global_parameter -- name: "Ensure user and groups are configured" - ansible.builtin.include_tasks: "satellite_manage_users.yml" +- name: Ensure user and groups are configured + ansible.builtin.include_tasks: satellite_manage_users.yml -- name: "Ensure settings are configured" +- name: Ensure settings are configured ansible.builtin.import_role: name: redhat.satellite.settings - when: "satellite_settings is defined" + when: satellite_settings is defined diff --git a/roles/satellite_config/tasks/satellite_ansible_roles.yml b/roles/satellite_config/tasks/satellite_ansible_roles.yml index 4f28a06..b04fcbf 100644 --- a/roles/satellite_config/tasks/satellite_ansible_roles.yml +++ b/roles/satellite_config/tasks/satellite_ansible_roles.yml @@ -1,5 +1,5 @@ --- -- name: "Clone the repositories locally" # noqa: latest[git] +- name: Clone the repositories locally # noqa: latest[git] become: true ansible.builtin.git: repo: "{{ git_repo.repository }}" @@ -11,17 +11,17 @@ loop_control: loop_var: git_repo -- name: "Call the Satellite ansible import API" +- name: Call the Satellite ansible import API ansible.builtin.uri: url: "{{ satellite_server_url }}/ansible/api/ansible_roles/sync" - method: "PUT" + method: PUT user: "{{ satellite_username }}" password: "{{ satellite_password }}" force_basic_auth: true body: - proxy_id: "1-{{ inventory_hostname }}" + proxy_id: 1-{{ inventory_hostname }} role_names: "{{ satellite_config_ansible_roles | to_json() }}" - body_format: "json" + body_format: json status_code: [200, 201] timeout: 300 register: __result diff --git a/roles/satellite_config/tasks/satellite_configure_hammer.yml b/roles/satellite_config/tasks/satellite_configure_hammer.yml index 2db40fd..45ddf4c 100644 --- a/roles/satellite_config/tasks/satellite_configure_hammer.yml +++ b/roles/satellite_config/tasks/satellite_configure_hammer.yml @@ -2,38 +2,38 @@ - name: Block for hammer configuration become: true block: - - name: "Create a directory for the hammer config for the root user" + - name: Create a directory for the hammer config for the root user ansible.builtin.file: - dest: "/root/.hammer/cli.modules.d/" + dest: /root/.hammer/cli.modules.d/ owner: root group: root mode: "0600" - state: "directory" + state: directory - - name: "Create the configuration file" + - name: Create the configuration file ansible.builtin.template: - src: "foreman.yml.j2" + src: foreman.yml.j2 owner: root group: root mode: "0600" - dest: "/root/.hammer/cli.modules.d/foreman.yml" + dest: /root/.hammer/cli.modules.d/foreman.yml - - name: "Check hammer" - ansible.builtin.command: "hammer ping" + - name: Check hammer + ansible.builtin.command: hammer ping register: __output changed_when: __output.changed failed_when: __output.failed - - name: "Success check of hammer" + - name: Success check of hammer ansible.builtin.fail: when: "'Status: ok' not in __output.stdout" - - name: "Check health" - ansible.builtin.command: "satellite-maintain health check --label server-ping" + - name: Check health + ansible.builtin.command: satellite-maintain health check --label server-ping register: __output_health changed_when: __output_health.changed failed_when: __output_health.failed - - name: "Success check of satellite health check" + - name: Success check of satellite health check ansible.builtin.fail: when: "'[OK]' not in __output_health.stdout" diff --git a/roles/satellite_config/tasks/satellite_discovery_rules.yml b/roles/satellite_config/tasks/satellite_discovery_rules.yml index 14b3182..9f48d51 100644 --- a/roles/satellite_config/tasks/satellite_discovery_rules.yml +++ b/roles/satellite_config/tasks/satellite_discovery_rules.yml @@ -1,6 +1,6 @@ --- -- name: "Ensure discovery rules" - redhat.satellite.discovery_rule: +- name: Ensure discovery rules + theforeman.foreman.discovery_rule: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" diff --git a/roles/satellite_config/tasks/satellite_ensure_custom_product.yml b/roles/satellite_config/tasks/satellite_ensure_custom_product.yml index efc5676..222b0f7 100644 --- a/roles/satellite_config/tasks/satellite_ensure_custom_product.yml +++ b/roles/satellite_config/tasks/satellite_ensure_custom_product.yml @@ -1,6 +1,6 @@ --- -- name: "Ensure custom product - {{ custom_product.name }}" - redhat.satellite.product: +- name: Ensure custom product - {{ custom_product.name }} + theforeman.foreman.product: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -8,10 +8,9 @@ name: "{{ custom_product.name }}" state: "{{ custom_product.state | default(omit) }}" - -- name: "Ensure the state the repositories required for the custom product." - ansible.builtin.include_tasks: "satellite_ensure_custom_product_repo.yml" +- name: Ensure the state the repositories required for the custom product. + ansible.builtin.include_tasks: satellite_ensure_custom_product_repo.yml loop: "{{ custom_product.repositories }}" loop_control: loop_var: custom_product_repository - when: "custom_product.repositories is defined" + when: custom_product.repositories is defined diff --git a/roles/satellite_config/tasks/satellite_ensure_custom_product_repo.yml b/roles/satellite_config/tasks/satellite_ensure_custom_product_repo.yml index 2085107..a218360 100644 --- a/roles/satellite_config/tasks/satellite_ensure_custom_product_repo.yml +++ b/roles/satellite_config/tasks/satellite_ensure_custom_product_repo.yml @@ -1,6 +1,6 @@ --- -- name: "Ensure the state of repository - {{ custom_product_repository.name }}" - redhat.satellite.repository: +- name: Ensure the state of repository - {{ custom_product_repository.name }} + theforeman.foreman.repository: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" diff --git a/roles/satellite_config/tasks/satellite_get_ccv_cvs.yml b/roles/satellite_config/tasks/satellite_get_ccv_cvs.yml index 7a59830..59fd334 100644 --- a/roles/satellite_config/tasks/satellite_get_ccv_cvs.yml +++ b/roles/satellite_config/tasks/satellite_get_ccv_cvs.yml @@ -1,27 +1,27 @@ --- -- name: "Fetch CCV info" - redhat.satellite.content_view_info: +- name: Fetch CCV info + register: __result + theforeman.foreman.content_view_info: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" name: "{{ satellite_config_ccv_name }}" - register: __result -- name: "Ensure CV is published" - redhat.satellite.content_view_version: +- name: Ensure CV is published + loop: "{{ __result.content_view.components }}" + loop_control: + loop_var: component + theforeman.foreman.content_view_version: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" content_view: "{{ component.content_view.name }}" description: "{{ now(utc=true, fmt='%Y-%m-%d %H:%M:%S') }}" - loop: "{{ __result.content_view.components }}" - loop_control: - loop_var: component -- name: "Ensure CCV is promoted to lifecycle" - redhat.satellite.content_view_version: +- name: Ensure CCV is promoted to lifecycle + theforeman.foreman.content_view_version: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -29,4 +29,4 @@ content_view: "{{ satellite_config_ccv_name }}" description: "{{ now(utc=true, fmt='%Y-%m-%d %H:%M:%S') }}" lifecycle_environments: - - "Dev" + - Dev diff --git a/roles/satellite_config/tasks/satellite_global_parameters.yml b/roles/satellite_config/tasks/satellite_global_parameters.yml index a6e59ab..fa73fb4 100644 --- a/roles/satellite_config/tasks/satellite_global_parameters.yml +++ b/roles/satellite_config/tasks/satellite_global_parameters.yml @@ -1,6 +1,6 @@ --- -- name: "Ensure the state of global parameter - {{ global_parameter.name }}" - redhat.satellite.global_parameter: +- name: Ensure the state of global parameter - {{ global_parameter.name }} + theforeman.foreman.global_parameter: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" diff --git a/roles/satellite_config/tasks/satellite_manage_users.yml b/roles/satellite_config/tasks/satellite_manage_users.yml index 7188e4b..9637981 100644 --- a/roles/satellite_config/tasks/satellite_manage_users.yml +++ b/roles/satellite_config/tasks/satellite_manage_users.yml @@ -1,6 +1,10 @@ --- - name: Create a user group - redhat.satellite.usergroup: + loop: "{{ satellite_config_usergroups }}" + loop_control: + loop_var: usergroups + when: satellite_config_usergroups is defined + theforeman.foreman.usergroup: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -10,13 +14,13 @@ admin: "{{ usergroups.admin | default(omit) }}" users: "{{ usergroups.users | default(omit) }}" usergroups: "{{ usergroups.usergroups | default(omit) }}" - loop: "{{ satellite_config_usergroups }}" - loop_control: - loop_var: usergroups - when: satellite_config_usergroups is defined - name: Map external user groups - redhat.satellite.external_usergroup: + loop: "{{ satellite_config_external_usergroups }}" + loop_control: + loop_var: external_usergroup + when: satellite_config_external_usergroups is defined + theforeman.foreman.external_usergroup: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -24,7 +28,3 @@ auth_source: "{{ external_usergroup.auth_source | default(omit) }}" state: "{{ external_usergroup.state | default(omit) }}" usergroup: "{{ external_usergroup.usergroup | default(omit) }}" - loop: "{{ satellite_config_external_usergroups }}" - loop_control: - loop_var: external_usergroup - when: satellite_config_external_usergroups is defined diff --git a/roles/satellite_config/tasks/satellite_operatingsystems.yml b/roles/satellite_config/tasks/satellite_operatingsystems.yml index bad72ca..35eb7a3 100644 --- a/roles/satellite_config/tasks/satellite_operatingsystems.yml +++ b/roles/satellite_config/tasks/satellite_operatingsystems.yml @@ -2,7 +2,10 @@ - name: Block for operating system creation block: - name: Create OS - redhat.satellite.operatingsystem: + loop: "{{ satellite_config_operatingsystems }}" + loop_control: + loop_var: operating_system + theforeman.foreman.operatingsystem: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -15,18 +18,15 @@ architectures: "{{ operating_system.architectures | default(omit) }}" ptables: "{{ operating_system.ptables | default(omit) }}" provisioning_templates: "{{ operating_system.provisioning_templates | default(omit) }}" - loop: "{{ satellite_config_operatingsystems }}" - loop_control: - loop_var: operating_system - name: Add default provisioning_template type provision to the OS Object - redhat.satellite.os_default_template: + loop: "{{ satellite_config_operatingsystems }}" + loop_control: + loop_var: operating_system_templates + theforeman.foreman.os_default_template: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" operatingsystem: "{{ operating_system_templates.description }}" - template_kind: "provision" + template_kind: provision provisioning_template: "{{ operating_system_templates.os_default_templates.provision }}" - loop: "{{ satellite_config_operatingsystems }}" - loop_control: - loop_var: operating_system_templates diff --git a/roles/satellite_config/tasks/satellite_partition_tables.yml b/roles/satellite_config/tasks/satellite_partition_tables.yml index 9fee54a..0f74926 100644 --- a/roles/satellite_config/tasks/satellite_partition_tables.yml +++ b/roles/satellite_config/tasks/satellite_partition_tables.yml @@ -1,6 +1,9 @@ --- -- name: "Create a Partition Template from a file and modify with parameter(s)" - redhat.satellite.partition_table: +- name: Create a Partition Template from a file and modify with parameter(s) + loop: "{{ satellite_config_partition_tables }}" + loop_control: + loop_var: partition_table + theforeman.foreman.partition_table: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -11,6 +14,3 @@ os_family: "{{ partition_table.os_family | default('Redhat') }}" locked: "{{ partition_table.is_template_locked | default(omit) }}" layout: "{{ partition_table.layout }}" - loop: "{{ satellite_config_partition_tables }}" - loop_control: - loop_var: partition_table diff --git a/roles/satellite_config/tasks/satellite_promote_ccv.yml b/roles/satellite_config/tasks/satellite_promote_ccv.yml index a08a57a..da2ccc1 100644 --- a/roles/satellite_config/tasks/satellite_promote_ccv.yml +++ b/roles/satellite_config/tasks/satellite_promote_ccv.yml @@ -1,12 +1,12 @@ --- -- name: "Ensure CCV is promoted to lifecycle" - redhat.satellite.content_view_version: +- name: Ensure CCV is promoted to lifecycle + theforeman.foreman.content_view_version: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" organization: "{{ satellite_organization }}" content_view: "{{ satellite_config_ccv_name }}" description: "{{ now(utc=true, fmt='%Y-%m-%d %H:%M:%S') }}" - current_lifecycle_environment: "Dev" + current_lifecycle_environment: Dev lifecycle_environments: - "{{ lifecycle_environment }}" diff --git a/roles/satellite_config/tasks/satellite_realms.yml b/roles/satellite_config/tasks/satellite_realms.yml index 8fd9468..784dd18 100644 --- a/roles/satellite_config/tasks/satellite_realms.yml +++ b/roles/satellite_config/tasks/satellite_realms.yml @@ -1,6 +1,9 @@ --- -- name: "Create realm" - redhat.satellite.realm: +- name: Create realm + loop: "{{ satellite_config_realms }}" + loop_control: + loop_var: realm + theforeman.foreman.realm: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" @@ -10,6 +13,3 @@ realm_proxy: "{{ realm.realm_proxy }}" realm_type: "{{ realm.realm_type }}" state: "{{ realm.state }}" - loop: "{{ satellite_config_realms }}" - loop_control: - loop_var: realm diff --git a/roles/satellite_config/tasks/satellite_scap_contents.yml b/roles/satellite_config/tasks/satellite_scap_contents.yml index 1dae740..6c4b33b 100644 --- a/roles/satellite_config/tasks/satellite_scap_contents.yml +++ b/roles/satellite_config/tasks/satellite_scap_contents.yml @@ -1,5 +1,5 @@ --- -- name: "Copy the scap file to target" +- name: Copy the scap file to target become: true ansible.builtin.copy: src: "{{ scap_content.scap_file }}" @@ -7,10 +7,10 @@ owner: root group: root mode: "0644" - when: "scap_content.scap_file is defined" + when: scap_content.scap_file is defined -- name: "Ensure the scap content is loaded" - redhat.satellite.scap_content: +- name: Ensure the scap content is loaded + theforeman.foreman.scap_content: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" diff --git a/roles/satellite_config/tasks/satellite_scap_tailoring_files.yml b/roles/satellite_config/tasks/satellite_scap_tailoring_files.yml index a8636e7..4d95713 100644 --- a/roles/satellite_config/tasks/satellite_scap_tailoring_files.yml +++ b/roles/satellite_config/tasks/satellite_scap_tailoring_files.yml @@ -1,5 +1,5 @@ --- -- name: "Copy the scap tailoring file to target" +- name: Copy the scap tailoring file to target become: true ansible.builtin.copy: src: "{{ scap_tailoring_file.scap_file }}" @@ -8,8 +8,8 @@ group: root mode: "0644" -- name: "Ensure the scap tailoring file is loaded" - redhat.satellite.scap_tailoring_file: +- name: Ensure the scap tailoring file is loaded + theforeman.foreman.scap_tailoring_file: username: "{{ satellite_username }}" password: "{{ satellite_password }}" server_url: "{{ satellite_server_url }}" diff --git a/roles/satellite_config/tasks/satellite_sync_repositories.yml b/roles/satellite_config/tasks/satellite_sync_repositories.yml index 8eadb8c..4d8cf48 100644 --- a/roles/satellite_config/tasks/satellite_sync_repositories.yml +++ b/roles/satellite_config/tasks/satellite_sync_repositories.yml @@ -1,38 +1,38 @@ --- # synchronization of repositories -- name: "Sync repositories" +- name: Sync repositories block: - - name: "Set or increment retry count" + - name: Set or increment retry count ansible.builtin.set_fact: sync_retry_count: "{{ 0 if sync_retry_count is undefined else sync_retry_count | int + 1 }}" - - name: "Get the unique list of Red Hat products" + - name: Get the unique list of Red Hat products ansible.builtin.set_fact: __rh_products_to_sync: "{{ satellite_products | map(attribute='name') | list | unique }}" - - name: "List the products to be synchronized" + - name: List the products to be synchronized ansible.builtin.debug: var: __rh_products_to_sync - - name: "Sync the Red Hat products with the CDN" - redhat.satellite.repository_sync: - username: "{{ satellite_username }}" - password: "{{ satellite_password }}" - server_url: "{{ satellite_server_url }}" - organization: "{{ satellite_organization }}" - product: "{{ rh_product }}" + - name: Sync the Red Hat products with the CDN loop: "{{ __rh_products_to_sync }}" loop_control: loop_var: rh_product async: "{{ async_timeout }}" poll: "{{ async_delay }}" register: async_update + theforeman.foreman.repository_sync: + username: "{{ satellite_username }}" + password: "{{ satellite_password }}" + server_url: "{{ satellite_server_url }}" + organization: "{{ satellite_organization }}" + product: "{{ rh_product }}" - - name: "Get the unique list of custom products" + - name: Get the unique list of custom products ansible.builtin.set_fact: __custom_products_to_sync: "{{ satellite_config_custom_products | map(attribute='name') | list | unique }}" - - name: "Sync the custom products" + - name: Sync the custom products redhat.satellite.repository_sync: username: "{{ satellite_username }}" password: "{{ satellite_password }}" @@ -47,14 +47,14 @@ register: async_update rescue: - - name: "Retry count exceeded, failing" + - name: Retry count exceeded, failing ansible.builtin.fail: - msg: "Maximum retry count exceeded, have tried {{ sync_retry_count }} times" + msg: Maximum retry count exceeded, have tried {{ sync_retry_count }} times when: sync_retry_count|int == 4 - - name: "Retrying" + - name: Retrying ansible.builtin.debug: - msg: "Retrying, retry count {{ sync_retry_count }} of 4..." + msg: Retrying, retry count {{ sync_retry_count }} of 4... - - name: "Retry" + - name: Retry ansible.builtin.include_tasks: satellite_sync_repositories.yml diff --git a/roles/satellite_host_deploy/tasks/main.yml b/roles/satellite_host_deploy/tasks/main.yml index 78d19aa..2863f91 100644 --- a/roles/satellite_host_deploy/tasks/main.yml +++ b/roles/satellite_host_deploy/tasks/main.yml @@ -1,7 +1,8 @@ --- # tasks file for satellite_host_deploy -- name: "Create a Satellite Host" - redhat.satellite.host: +- name: Create a Satellite Host + when: ( satellite_host_deploy_state is defined and satellite_host_deploy_state == "present" ) or (satellite_host_deploy_state is not defined) + awx.awx.host: username: "{{ hostvars[groups['satellite'][0]]['satellite_username'] }}" password: "{{ hostvars[groups['satellite'][0]]['satellite_password'] }}" server_url: "{{ hostvars[groups['satellite'][0]]['satellite_server_url'] }}" @@ -14,13 +15,12 @@ image: "{{ satellite_host_deploy_image }}" state: "{{ satellite_host_deploy_state | default(omit) }}" compute_profile: "{{ satellite_host_compute_profile }}" - when: ( satellite_host_deploy_state is defined and satellite_host_deploy_state == "present" ) or (satellite_host_deploy_state is not defined) -- name: "Delete a Satellite Host" - redhat.satellite.host: +- name: Delete a Satellite Host + when: satellite_host_deploy_state is defined and satellite_host_deploy_state == "absent" + awx.awx.host: username: "{{ hostvars[groups['satellite'][0]]['satellite_username'] }}" password: "{{ hostvars[groups['satellite'][0]]['satellite_password'] }}" server_url: "{{ hostvars[groups['satellite'][0]]['satellite_server_url'] }}" name: "{{ inventory_hostname }}" state: "{{ satellite_host_deploy_state }}" - when: satellite_host_deploy_state is defined and satellite_host_deploy_state == "absent" diff --git a/roles/satellite_prepare/tasks/check_certs.yml b/roles/satellite_prepare/tasks/check_certs.yml index 7814a7d..cd09646 100644 --- a/roles/satellite_prepare/tasks/check_certs.yml +++ b/roles/satellite_prepare/tasks/check_certs.yml @@ -1,5 +1,5 @@ --- -- name: "Checking the certificates for Satellite" +- name: Checking the certificates for Satellite ansible.builtin.command: >- katello-certs-check -c {{ satellite_prepare_ssl_crt_path }} -k {{ satellite_prepare_ssl_key_path }} -b {{ satellite_prepare_ipa_server_ca_path }} diff --git a/roles/satellite_prepare/tasks/ensure_cdn_registration.yml b/roles/satellite_prepare/tasks/ensure_cdn_registration.yml index 5f641b6..a958fef 100644 --- a/roles/satellite_prepare/tasks/ensure_cdn_registration.yml +++ b/roles/satellite_prepare/tasks/ensure_cdn_registration.yml @@ -1,5 +1,5 @@ --- -- name: "Ensure Satellite system registered to CDN" +- name: Ensure Satellite system registered to CDN community.general.redhat_subscription: activationkey: "{{ rh_activation_key }}" org_id: "{{ rh_organization_number }}" diff --git a/roles/satellite_prepare/tasks/ensure_firewalld_config.yml b/roles/satellite_prepare/tasks/ensure_firewalld_config.yml index 3bc801e..bc2f790 100644 --- a/roles/satellite_prepare/tasks/ensure_firewalld_config.yml +++ b/roles/satellite_prepare/tasks/ensure_firewalld_config.yml @@ -1,18 +1,18 @@ --- -- name: "Ensure that firewalld is installed" +- name: Ensure that firewalld is installed ansible.builtin.dnf: name: firewalld state: present -- name: "Ensure that the Firewalld service is enabled and running" +- name: Ensure that the Firewalld service is enabled and running ansible.builtin.systemd: name: firewalld state: started enabled: true masked: false -- name: "Configure Firewalld services and ports for Satellite" # noqa var-naming[no-role-prefix] +- name: Configure Firewalld services and ports for Satellite # noqa var-naming[no-role-prefix] ansible.builtin.include_role: - name: "redhat.rhel_system_roles.firewall" + name: redhat.rhel_system_roles.firewall vars: firewall: "{{ satellite_firewall }}" diff --git a/roles/satellite_prepare/tasks/ensure_repositories.yml b/roles/satellite_prepare/tasks/ensure_repositories.yml index d42a714..2d79154 100644 --- a/roles/satellite_prepare/tasks/ensure_repositories.yml +++ b/roles/satellite_prepare/tasks/ensure_repositories.yml @@ -1,5 +1,5 @@ --- -- name: "Ensure the proper repositories are enabled" +- name: Ensure the proper repositories are enabled community.general.rhsm_repository: name: "{{ satellite_repository_ids }}" state: enabled diff --git a/roles/satellite_prepare/tasks/ensure_sat_binaries.yml b/roles/satellite_prepare/tasks/ensure_sat_binaries.yml index a94484f..72e73f7 100644 --- a/roles/satellite_prepare/tasks/ensure_sat_binaries.yml +++ b/roles/satellite_prepare/tasks/ensure_sat_binaries.yml @@ -1,7 +1,7 @@ --- -- name: "Update the system" # noqa: package-latest +- name: Update the system # noqa: package-latest ansible.builtin.dnf: - name: '*' + name: "*" state: latest - name: Check if we need to reboot @@ -16,53 +16,53 @@ reboot_timeout: 1200 when: __reboot_hint.rc | int == 1 -- name: "Check if Ruby module is enabled or installed" - ansible.builtin.command: "dnf module list ruby" +- name: Check if Ruby module is enabled or installed + ansible.builtin.command: dnf module list ruby register: __ruby_module_status failed_when: __ruby_module_status.failed changed_when: __ruby_module_status.changed -- name: "Reset the Ruby module" - ansible.builtin.command: "dnf -y module reset ruby" +- name: Reset the Ruby module + ansible.builtin.command: dnf -y module reset ruby when: "'[e]' or '[i]' not in __ruby_module_status.stdout" register: __ruby_return failed_when: __ruby_return.failed changed_when: __ruby_return.changed -- name: "Check if PostgreSQL module is enabled or installed" - ansible.builtin.command: "dnf module list postgresql" +- name: Check if PostgreSQL module is enabled or installed + ansible.builtin.command: dnf module list postgresql register: __postgresql_module_status failed_when: __postgresql_module_status.failed changed_when: __postgresql_module_status.changed -- name: "Reset the PostgreSQL module" - ansible.builtin.command: "dnf -y module reset postgresql" +- name: Reset the PostgreSQL module + ansible.builtin.command: dnf -y module reset postgresql when: "'[e]' or '[i]' not in __postgresql_module_status.stdout" register: __postgresql_return failed_when: __postgresql_return.failed changed_when: __postgresql_return.changed -- name: "Check if Satellite module is enabled or installed" - ansible.builtin.command: "dnf module list satellite:el8" +- name: Check if Satellite module is enabled or installed + ansible.builtin.command: dnf module list satellite:el8 register: __satellite_module_status failed_when: __satellite_module_status.failed changed_when: __satellite_module_status.changed -- name: "Reset the Satellite module" - ansible.builtin.command: "dnf -y module reset satellite:el8" +- name: Reset the Satellite module + ansible.builtin.command: dnf -y module reset satellite:el8 when: "'[e]' or '[i]' not in __satellite_module_status.stdout" register: __satellite_return failed_when: __satellite_return.failed changed_when: __satellite_return.changed -- name: "Enable the Satellite module" - ansible.builtin.command: "dnf -y module enable satellite:el8" +- name: Enable the Satellite module + ansible.builtin.command: dnf -y module enable satellite:el8 when: "'[e]' or '[i]' not in __satellite_module_status.stdout" register: __satellite_module_return failed_when: __satellite_module_return.failed changed_when: __satellite_module_return.changed -- name: "Install the Satellite RPM packages" +- name: Install the Satellite RPM packages ansible.builtin.dnf: name: satellite state: present diff --git a/roles/satellite_prepare/tasks/foreman_prepare_realm.yml b/roles/satellite_prepare/tasks/foreman_prepare_realm.yml index 896b19b..5ffc608 100644 --- a/roles/satellite_prepare/tasks/foreman_prepare_realm.yml +++ b/roles/satellite_prepare/tasks/foreman_prepare_realm.yml @@ -1,25 +1,25 @@ --- -- name: "Clean up old keytabs" +- name: Clean up old keytabs ansible.builtin.file: path: "{{ satellite_prepare_keytab_path }}" state: absent -- name: "Setup satellite realm user" +- name: Setup satellite realm user ansible.builtin.shell: >- set -o pipefail && echo '{{ ipaadmin_password }}' | kinit {{ ipaadmin_principal }}; echo '{{ ipaadmin_password }}' | /usr/sbin/foreman-prepare-realm admin {{ satellite_prepare_foreman_proxy_realm_principal }} args: - chdir: "/etc/foreman-proxy/" + chdir: /etc/foreman-proxy/ register: __result changed_when: __result.changed failed_when: __result.failed -- name: "Wait for keytab generation and retrieval" +- name: Wait for keytab generation and retrieval ansible.builtin.wait_for: path: "{{ satellite_prepare_keytab_path }}" -- name: "Ensure foreman-proxy owns the /etc/foreman-proxy/freeipa.keytab" +- name: Ensure foreman-proxy owns the /etc/foreman-proxy/freeipa.keytab ansible.builtin.file: path: "{{ satellite_prepare_keytab_path }}" owner: foreman-proxy @@ -27,13 +27,13 @@ mode: "0644" state: file -- name: "Test the new keytab" - ansible.builtin.command: "kinit -kt {{ satellite_prepare_keytab_path }} {{ satellite_prepare_foreman_proxy_realm_principal }}" +- name: Test the new keytab + ansible.builtin.command: kinit -kt {{ satellite_prepare_keytab_path }} {{ satellite_prepare_foreman_proxy_realm_principal }} register: __result changed_when: __result.changed failed_when: __result.failed -- name: "Copy the ipa ca-certificates to the trust directory" +- name: Copy the ipa ca-certificates to the trust directory ansible.builtin.copy: src: "{{ satellite_prepare_ipa_server_ca_path }}" dest: "{{ satellite_prepare_ipa_client_trust_path }}" @@ -42,34 +42,33 @@ group: root mode: "0644" -- name: "Enable the trust" - ansible.builtin.command: "update-ca-trust enable" +- name: Enable the trust + ansible.builtin.command: update-ca-trust enable register: __result changed_when: __result.changed failed_when: __result.failed -- name: "Update the trust" - ansible.builtin.command: "update-ca-trust" +- name: Update the trust + ansible.builtin.command: update-ca-trust register: __result changed_when: __result.changed failed_when: __result.failed -- name: "Grant Satellite to update reverse dns zones" - redhat.rhel_idm.ipadnszone: - ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" - ipaadmin_password: "{{ ipaadmin_password }}" - name_from_ip: "{{ subnets_var.subnet }}" - update_policy: >- - grant {{ ipaclient_realm }} krb5-subdomain - {{ subnets_var.subnet.split('.')[2] }}.{{ subnets_var.subnet.split('.')[1] }}.{{ subnets_var.subnet.split('.')[0] }}.in-addr.arpa. - PTR; grant {{ satellite_prepare_foreman_proxy_realm_principal }}\\@{{ ipaclient_realm }} wildcard * ANY; +- name: Grant Satellite to update reverse dns zones loop: "{{ satellite_config_reverse_dns_networks }}" loop_control: loop_var: subnets_var when: satellite_config_reverse_dns_networks | length() + freeipa.ansible_freeipa.ipadnszone: + ipaadmin_principal: "{{ ipaadmin_principal | default(omit) }}" + ipaadmin_password: "{{ ipaadmin_password }}" + name_from_ip: "{{ subnets_var.subnet }}" + update_policy: >- + grant {{ ipaclient_realm }} krb5-subdomain {{ subnets_var.subnet.split('.')[2] }}.{{ subnets_var.subnet.split('.')[1] }}.{{ subnets_var.subnet.split('.')[0] + }}.in-addr.arpa. PTR; grant {{ satellite_prepare_foreman_proxy_realm_principal }}\\@{{ ipaclient_realm }} wildcard * ANY; -- name: "Set up IdM forward lookup zone to allow foreman proxy to update DNS" - redhat.rhel_idm.ipadnszone: +- name: Set up IdM forward lookup zone to allow foreman proxy to update DNS + freeipa.ansible_freeipa.ipadnszone: ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ satellite_prepare_ipaclient_domain }}" diff --git a/roles/satellite_prepare/tasks/get_existing_keytab.yml b/roles/satellite_prepare/tasks/get_existing_keytab.yml index eb85315..1687c27 100644 --- a/roles/satellite_prepare/tasks/get_existing_keytab.yml +++ b/roles/satellite_prepare/tasks/get_existing_keytab.yml @@ -1,6 +1,6 @@ --- -- name: "Grant access to the service keytab" - redhat.rhel_idm.ipaservice: +- name: Grant access to the service keytab + freeipa.ansible_freeipa.ipaservice: ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ __target_service }}" allow_retrieve_keytab_user: @@ -9,8 +9,8 @@ - "{{ inventory_hostname }}" action: member -- name: "Grant access to the host keytab" - redhat.rhel_idm.ipahost: +- name: Grant access to the host keytab + freeipa.ansible_freeipa.ipahost: ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ inventory_hostname }}" state: present @@ -19,7 +19,7 @@ managedby_host: "{{ inventory_hostname }}" action: member -- name: "Ensure foreman-proxy owns the /etc/foreman-proxy/freeipa.keytab" +- name: Ensure foreman-proxy owns the /etc/foreman-proxy/freeipa.keytab ansible.builtin.file: path: "{{ satellite_prepare_keytab_path }}" owner: foreman-proxy diff --git a/roles/satellite_prepare/tasks/main.yml b/roles/satellite_prepare/tasks/main.yml index c2cd7a0..c10af33 100644 --- a/roles/satellite_prepare/tasks/main.yml +++ b/roles/satellite_prepare/tasks/main.yml @@ -1,26 +1,26 @@ --- -- name: "Ensure facts are gathered" +- name: Ensure facts are gathered ansible.builtin.setup: -- name: "Ensure CDN registration" +- name: Ensure CDN registration ansible.builtin.import_tasks: ensure_cdn_registration.yml -- name: "Ensure satellite repositories are enabled" +- name: Ensure satellite repositories are enabled ansible.builtin.import_tasks: ensure_repositories.yml -- name: "Ensure satellite firewall ports are configured" +- name: Ensure satellite firewall ports are configured ansible.builtin.import_tasks: ensure_firewalld_config.yml -- name: "Ensure satellite binaries are installed" +- name: Ensure satellite binaries are installed ansible.builtin.import_tasks: ensure_sat_binaries.yml -- name: "Ensure satellite certificates are validated" +- name: Ensure satellite certificates are validated ansible.builtin.import_tasks: check_certs.yml -- name: "Ensure identity management realm is prepared for use with Satellite" +- name: Ensure identity management realm is prepared for use with Satellite ansible.builtin.import_tasks: foreman_prepare_realm.yml when: not satellite_prepare_skip_prepare_realm -- name: "Get existing keytab for foreman-proxy use with Realm" +- name: Get existing keytab for foreman-proxy use with Realm ansible.builtin.import_tasks: get_existing_keytab.yml when: satellite_prepare_skip_prepare_realm diff --git a/roles/satellite_register/tasks/main.yml b/roles/satellite_register/tasks/main.yml index d52b666..4a5c2c3 100644 --- a/roles/satellite_register/tasks/main.yml +++ b/roles/satellite_register/tasks/main.yml @@ -1,23 +1,23 @@ --- -- name: "Unregister from Red Hat CDN" - redhat.rhel_system_roles.redhat_subscription: +- name: Unregister from Red Hat CDN + community.general.redhat_subscription: state: absent -- name: "Run subscription-manager clean for cleanup stuff incl. SSL certs" +- name: Run subscription-manager clean for cleanup stuff incl. SSL certs ansible.builtin.command: subscription-manager clean register: __result changed_when: __result.changed failed_when: __result.failed -- name: "Generate registration command" +- name: Generate registration command redhat.satellite.registration_command: username: "{{ hostvars[groups.satellite | first]['satellite_username'] }}" password: "{{ hostvars[groups.satellite | first]['satellite_password'] }}" - server_url: "https://{{ groups.satellite | first }}" + server_url: https://{{ groups.satellite | first }} hostgroup: "{{ satellite_hostgroup }}" register: registration_command -- name: "Perform registration" # noqa command-instead-of-shell +- name: Perform registration # noqa command-instead-of-shell ansible.builtin.shell: "{{ registration_command.registration_command }}" register: __result changed_when: __result.changed diff --git a/roles/vault_string/tasks/main.yml b/roles/vault_string/tasks/main.yml index a6b27d5..ef97465 100644 --- a/roles/vault_string/tasks/main.yml +++ b/roles/vault_string/tasks/main.yml @@ -23,6 +23,6 @@ become: true register: __return -- name: "Set encrypted file path" +- name: Set encrypted file path ansible.builtin.set_fact: __path_file_encrypted: "{{ __return.dest }}"