Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Add the CentOS Ipsilon staging instance to the ipsilon IPA HBAC rule

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-11-19 12:01:45 +01:00
parent 60ed2dabd5
commit e92d0dda1a
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 44 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

76
playbooks/groups/ipsilon.yml
View file

@ -1,37 +1,5 @@
- import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipsilon:ipsilon_stg" - import_playbook: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipsilon:ipsilon_stg"
# This next block configures IPA, it only needs to be run on one member of the cluster
- name: setup IPA
hosts: ipa[0]:ipa_stg[0]
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Add the ipsilon HBAC service in IPA
ipahbacsvc:
name: ipsilon
description: Ipsilon authentication service
ipaadmin_password: "{{ ipa_admin_password }}"
tags:
- ipsilon
- name: Allow login through ipsilon
ipahbacrule:
name: ipsilon
description: Login through ipsilon
hbacsvc:
- ipsilon
usercategory: all
host: "{{ (env == 'production')|ternary(groups['ipsilon'], groups['ipsilon_stg']) }}"
ipaadmin_password: "{{ ipa_admin_password }}"
tags:
- ipsilon
- name: make the box be real - name: make the box be real
hosts: ipsilon:ipsilon_stg hosts: ipsilon:ipsilon_stg
@ -96,3 +64,47 @@
handlers: handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml" - import_tasks: "{{ handlers_path }}/restart_services.yml"
# This next block configures IPA, it only needs to be run on one member of the cluster.
# Run it after setting up Ipsilon because the host need to be declared in IPA already.
- name: setup IPA
hosts: ipa[0]:ipa_stg[0]
user: root
gather_facts: True
vars_files:
- /srv/web/infra/ansible/vars/global.yml
- "/srv/private/ansible/vars.yml"
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
tasks:
- name: Add the ipsilon HBAC service in IPA
ipahbacsvc:
name: ipsilon
description: Ipsilon authentication service
ipaadmin_password: "{{ ipa_admin_password }}"
tags:
- ipsilon
- name: Allow login through ipsilon
ipahbacrule:
name: ipsilon
description: Login through ipsilon
hbacsvc:
- ipsilon
usercategory: all
host: "{{ (env == 'production')|ternary(groups['ipsilon'], groups['ipsilon_stg']) }}"
ipaadmin_password: "{{ ipa_admin_password }}"
tags:
- ipsilon
- name: Allow login through ipsilon for the CentOS instance
ipahbacrule:
name: ipsilon
action: member
host: centos-ipa-client02.stg.iad2.fedoraproject.org
ipaadmin_password: "{{ ipa_admin_password }}"
tags:
- ipsilon
when: env == "staging"