-
Notifications
You must be signed in to change notification settings - Fork 0
/
generic.yml
103 lines (94 loc) · 2.31 KB
/
generic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
---
- name: Generic Infrastructure
remote_user: ansible
become: true
hosts: "{{ hostlist }},!docker,!containers"
tasks:
- name: Update apt cache
tags:
- generic
become: true
when: ansible_pkg_mgr == 'apt'
apt:
update_cache: true
cache_valid_time: 3600
- name: Generic configurations
tags:
- generic
import_role:
name: ansible-generic-os
- name: Install platform tools
tags:
- generic
- platform_tools
import_role:
name: ansible-role-hw_vm_tools
- name: Install CA certificates
import_role:
name: ansible-role-cacerts
tags:
- generic
- certs
####################################################################
- name: Authentication
remote_user: ansible
become: true
hosts: "{{ hostlist }},!docker,!containers,!ipa"
vars_files:
- vault.yml
tasks:
- name: Configure IPA client
tags:
- generic
- ipa
- auth
import_role:
# name: ansible-role-ipaclient
name: ansible-ipaclient
vars:
ipaclient_servers:
- ipa01.ipa.home.gatwards.org
- ipa02.ipa.home.gatwards.org
ipaclient_domain: ipa.home.gatwards.org
ipaclient_enroll_user: svc-ipajoin
ipaclient_enroll_pass: "{{ vault_idm_admin_pass }}"
ipaclient_sssd_shortnames: true
ipaclient_krb5_dns_lookup_realm: 'true'
ipaclient_krb5_dns_lookup_kdc: 'true'
ipaclient_krb5_dns_canonicalize_hostname: 'true'
ipaclient_krb5_extra_domains:
- core.home.gatwards.org
- .core.home.gatwards.org
- lab.home.gatwards.org
- .lab.home.gatwards.org
- name: Add NFS domain to idmap.conf
tags:
- generic
- ipa
- auth
lineinfile:
path: /etc/idmapd.conf
regexp: '^#?\s?Domain.*=.*'
line: "Domain = home.gatwards.org"
backrefs: true
state: present
####################################################################
- name: Monitoring
remote_user: ansible
hosts: "{{ hostlist }},!docker,!containers"
become: true
tasks:
- import_role:
name: ansible-node-exporter
tags:
- monitoring
- node_exporter
- name: Open Prometheus node_exporter firewall port
tags:
- monitoring
- node_exporter
firewalld:
port: '9100/tcp'
immediate: yes
permanent: yes
state: enabled