Ansible Automation Platform

playingfield · Aug 29, 2022 · 78edc06 · 78edc06
1 parent d1d34da
commit 78edc06
Show file tree

Hide file tree

Showing 7 changed files with 91 additions and 35 deletions.
diff --git a/roles/aap/defaults/main.yml b/roles/aap/defaults/main.yml
@@ -1,5 +1,9 @@
 ---
 tmp_dir: /usr/local/tmp
+tmp_mounts:
+  - { src: /dev/mapper/vgsys-lv_tmp, path: /tmp }
+  - { src: /dev/mapper/vgsys-lv_vartmp, path: /var/tmp }
+
 tower_name: ansible-tower-setup-3.8.6-2
 setup_bundle: "ansible-tower-setup-3.8.6-2.tar.gz"
 registry_username: "{{ lookup('env','RH_USER') }}"

diff --git a/roles/aap/handlers/main.yml b/roles/aap/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+
+- name: Restart fapolicyd
+  ansible.builtin.systemd:
+    name: fapolicyd
+    state: restarted
+    enabled: true
+
+- name: Restart sshd
+  ansible.builtin.systemd:
+    name: sshd
+    state: restarted
+    enabled: true
diff --git a/roles/aap/tasks/main.yml b/roles/aap/tasks/main.yml
@@ -1,6 +1,41 @@
 ---
+- name: Relax sshd for installation
+  ansible.builtin.lineinfile:
+    dest: /etc/ssh/sshd_config
+    line: "PermitRootLogin without-password"
+    state: present
+    regexp: '^PermitRootLogin'
+  notify:
+    - Restart sshd
 
-- name: install dependencies
+- name: Relax fapolicy for installation
+  ansible.builtin.lineinfile:
+    dest: /etc/fapolicyd/fapolicyd.conf
+    line: "permissive = 1"
+    state: present
+    regexp: '^permissive'
+  notify:
+    - Restart fapolicyd
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
+
+- name: Relax mount options
+  ansible.builtin.mount:
+    src: "{{ item.src }}"
+    path: "{{ item.path }}"
+    fstype: xfs
+    state: mounted
+    opts: 'rw,nodev,nosuid'
+  loop: "{{ tmp_mounts }}"
+
+- name: Manage ansible tmp directory
+  ansible.builtin.file:
+    path: /usr/local/tmp/ansible
+    state: directory
+    mode: 01777
+
+- name: Install dependencies
   ansible.builtin.package:
     name:
       - python3-cryptography
@@ -82,36 +117,39 @@
     - tower
     - setup
 
-- name: Verify ports
-  ansible.builtin.wait_for:
-    port: "{{ item }}"
-  with_items:
-    - 80
-    - 443
-  tags:
-    - tower
-    - test
+- name: Wait for Tower to be ready
+  block:
+    - name: Verify ports
+      ansible.builtin.wait_for:
+        port: "{{ item }}"
+      with_items:
+        - 80
+        - 443
+      tags:
+        - tower
+        - test
 
-- name: Check again which services are running
-  ansible.builtin.service_facts:
-  no_log: true
-  tags:
-    - tower
-    - test
+    - name: Check again which services are running
+      ansible.builtin.service_facts:
+      no_log: true
+      tags:
+        - tower
+        - test
 
-- name: Display supervisord state
-  ansible.builtin.debug:
-    var: ansible_facts.services['supervisord.service']
-  tags:
-    - tower
-    - test
+    - name: Display supervisord state
+      ansible.builtin.debug:
+        var: ansible_facts.services['supervisord.service']
+      tags:
+        - tower
+        - test
 
-- name: Verify url
-  ansible.builtin.uri:
-    url: "https://{{ primary_machine }}/#/login"
-    validate_certs: "{{ tower_validate_certs }}"
-    status_code: 200
-  tags:
-    - tower
-    - test
+    - name: Verify url
+      ansible.builtin.uri:
+        url: "https://{{ primary_machine }}/#/login"
+        validate_certs: "{{ tower_validate_certs }}"
+        status_code: 200
+      tags:
+        - tower
+        - test
+  when: role is defined
 ...
diff --git a/roles/aap/templates/ansible.cfg.j2 b/roles/aap/templates/ansible.cfg.j2
@@ -1,2 +1,3 @@
 [defaults]
 remote_tmp = /usr/local/tmp/ansible
+host_key_checking = False
diff --git a/roles/requirements.yml b/roles/requirements.yml
@@ -4,7 +4,7 @@
   name: chrony
   version: 2.1.1
 
-- src: https://github.com/bbaassssiiee/RHEL8-STIG.git
-  scm: git
-  name: RHEL8-STIG
-  version: devel
+#- src: https://github.com/bbaassssiiee/RHEL8-STIG.git
+#  scm: git
+#  name: RHEL8-STIG
+#  version: devel
diff --git a/roles/ssh_keys/tasks/main.yml b/roles/ssh_keys/tasks/main.yml
@@ -63,4 +63,5 @@
   changed_when: true
   tags:
     - sshkeys
+
 ...
diff --git a/vagrant-playbook.yml b/vagrant-playbook.yml
@@ -8,7 +8,6 @@
 
   roles:
     - dvd_repository
-    - chrony
     - ssh_keys
     - aap
 ...
-Original file line number
+Diff line change
@@ Expand Up / @@ -63,4 +63,5 @@ @@
       changed_when: true
       tags:
         - sshkeys
     ...