From 1aefce25fbb6c6b095b6ffb0d06641a183b44818 Mon Sep 17 00:00:00 2001 From: "ansible-code-bot[bot]" <145416087+ansible-code-bot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 09:01:55 +0000 Subject: [PATCH] Fix ansible-lint rule violations --- .yamllint | 10 +- group_vars/aap/aap_config.yml | 16 +- .../aap/aap_config_controller_credential.yml | 30 +- group_vars/aap/aap_config_controller_ee.yml | 16 +- .../aap/aap_config_controller_inventory.yml | 12 +- .../aap_config_controller_job_template.yml | 261 +++++++------- .../aap/aap_config_controller_license.yml | 4 +- .../aap_config_controller_notification.yml | 4 +- .../aap_config_controller_organization.yml | 2 +- .../aap/aap_config_controller_project.yml | 26 +- group_vars/aap/aap_config_controller_role.yml | 18 +- .../aap/aap_config_controller_schedule.yml | 16 +- .../aap/aap_config_controller_setting.yml | 36 +- ...aap_config_controller_source_inventory.yml | 24 +- ...ap_config_controller_workflow_template.yml | 162 ++++----- group_vars/aap/aap_config_custom_ee.yml | 2 +- group_vars/aap/aap_config_pah_ee_registry.yml | 4 +- .../aap/aap_config_pah_ee_repository.yml | 6 +- group_vars/aap/aap_config_pah_repo_sync.yml | 12 +- group_vars/aap/aap_config_pah_repository.yml | 48 +-- group_vars/aap/aap_install_config.yml | 4 +- group_vars/all/azure_dns.yml | 2 +- group_vars/all/azure_infra.yml | 2 +- group_vars/all/azure_network.yml | 42 +-- group_vars/all/azure_vm_deploy.yml | 2 +- group_vars/all/azure_vm_lock.yml | 2 +- group_vars/all/enforce_cis.yml | 2 +- group_vars/all/idm_config.yml | 2 +- group_vars/all/imagebuilder.yml | 2 +- group_vars/all/ipa_client.yml | 4 +- group_vars/all/pki_idm_generate_certs.yml | 14 +- group_vars/all/vault_ansible.yml | 12 +- group_vars/all/vault_rhis_users.yml | 240 ++++++------- group_vars/all/vault_rootca_certificate.yml | 1 + group_vars/all/vault_squid.yml | 24 +- group_vars/bastion/azure_infra.yml | 2 +- group_vars/bastion/azure_nsg.yml | 40 +-- group_vars/github_runner/github_runner.yml | 10 +- .../ipahidden/idm_config_hbac_rules.yml | 14 +- .../ipahidden/idm_config_host_groups.yml | 20 +- group_vars/ipahidden/idm_config_pwpolicy.yml | 8 +- .../ipahidden/idm_config_sudo_rules.yml | 24 +- .../idm_config_sudo_rules_commands.yml | 8 +- group_vars/ipahidden/idm_config_user.yml | 162 ++++----- .../ipahidden/idm_config_user_groups.yml | 76 ++-- group_vars/ipareplicas/idm_replicas.yml | 2 +- group_vars/ipaserver/idm_server.yml | 4 +- group_vars/mgmt_tools/azure_nsg.yml | 60 ++-- group_vars/mgmt_tools/azure_vnet.yml | 5 +- group_vars/mgmt_tools_dmz/azure_nsg.yml | 38 +- group_vars/mgmt_tools_dmz/azure_vnet.yml | 2 +- group_vars/rootca/pki_create_rootca.yml | 2 +- .../satellite_config_activation_keys.yml | 120 +++---- .../satellite_config_compute_profiles.yml | 30 +- .../satellite_config_compute_resources.yml | 60 ++-- .../satellite_config_content_credentials.yml | 1 + .../satellite_config_content_views.yml | 272 +++++++-------- .../satellite_config_custom_products.yml | 24 +- .../satellite_config_dicovery_rules.yml | 8 +- .../satellite/satellite_config_domains.yml | 4 +- .../satellite/satellite_config_git_repos.yml | 50 +-- .../satellite_config_global_parameters.yml | 38 +- .../satellite/satellite_config_hostgroups.yml | 326 +++++++++--------- ...atellite_config_lifecycle_environments.yml | 12 +- .../satellite/satellite_config_locations.yml | 1 + .../satellite/satellite_config_manifest.yml | 4 +- .../satellite_config_operatingsystems.yml | 88 ++--- .../satellite_config_partition_table.yml | 2 +- ...atellite_config_provisioning_templates.yml | 35 +- .../satellite/satellite_config_realms.yml | 2 +- .../satellite_config_scap_contents.yml | 16 +- .../satellite_config_scap_policies.yml | 24 +- .../satellite_config_scap_tailoring_files.yml | 16 +- .../satellite/satellite_config_settings.yml | 28 +- .../satellite/satellite_config_subnets.yml | 60 ++-- .../satellite/satellite_config_usergroups.yml | 22 +- group_vars/satellite/satellite_operation.yml | 78 ++--- group_vars/satellite/satellite_prepare.yml | 34 +- group_vars/work/imagebuilder.yml | 16 +- group_vars/work_dmz/azure_vnet.yml | 10 +- group_vars/work_intra/azure_vnet.yml | 10 +- group_vars/workload_servers_dmz/azure_nsg.yml | 36 +- .../workload_servers_intra/azure_nsg.yml | 36 +- .../azure_vm_deploy.yml | 2 +- .../satellite_data.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../imagebuilder.yml | 4 +- .../rhel_storage.yml | 8 +- .../azure_vm_deploy.yml | 2 +- .../satellite_data.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../rhel_storage.yml | 4 +- .../satellite_data.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../rhel_storage.yml | 4 +- .../satellite_data.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../satellite_data.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../satellite_data.yml | 2 +- .../azure_vm_deploy.yml | 2 +- .../satellite_data.yml | 2 +- .../satellite_vm_deploy.yml | 14 +- .../satellite_vm_deploy.yml | 14 +- .../azure_vm_deploy.yml | 2 +- .../rhel_storage.yml | 4 +- .../satellite_data.yml | 2 +- .../satellite_vm_deploy.yml | 14 +- .../satellite_vm_deploy.yml | 14 +- .../satellite_vm_deploy.yml | 14 +- .../azure_vm_deploy.yml | 2 +- .../post_config.yml | 4 +- .../satellite_data.yml | 2 +- .../satellite_vm_deploy.yml | 14 +- .../satellite_vm_deploy.yml | 14 +- .../azure_vm_deploy.yml | 2 +- inventory.yml | 40 +-- 118 files changed, 1608 insertions(+), 1604 deletions(-) diff --git a/.yamllint b/.yamllint index 3199669..3990f33 100644 --- a/.yamllint +++ b/.yamllint @@ -1,11 +1,11 @@ --- yaml-files: - - '*.yaml' - - '*.yml' - - '.yamllint' + - "*.yaml" + - "*.yml" + - .yamllint rules: truthy: allowed-values: - - 'true' - - 'false' + - "true" + - "false" diff --git a/group_vars/aap/aap_config.yml b/group_vars/aap/aap_config.yml index f02576e..703b36c 100644 --- a/group_vars/aap/aap_config.yml +++ b/group_vars/aap/aap_config.yml @@ -3,16 +3,16 @@ aap_config: true aap_config_pah_repo_sync: true aap_config_organization: "{{ hostvars[groups.satellite | first]['satellite_initial_organization'] }}" -aap_config_inventory_repo_name: "rhis-inventory" -aap_config_default_project: "rhis-code" -aap_config_default_inventory: "Project SCM Inventory" +aap_config_inventory_repo_name: rhis-inventory +aap_config_default_project: rhis-code +aap_config_default_inventory: Project SCM Inventory aap_config_default_credentials: - - "Machine Credential" - - "Vault Credential" -aap_config_default_notification_template: "Slack Notifications" -aap_config_default_execution_environment: "Automation Hub Default Remote execution environment" -aap_config_default_job_run: "run" + - Machine Credential + - Vault Credential +aap_config_default_notification_template: Slack Notifications +aap_config_default_execution_environment: Automation Hub Default Remote execution environment +aap_config_default_job_run: run aap_config_default_scm_branch: main diff --git a/group_vars/aap/aap_config_controller_credential.yml b/group_vars/aap/aap_config_controller_credential.yml index cecd702..77eab54 100644 --- a/group_vars/aap/aap_config_controller_credential.yml +++ b/group_vars/aap/aap_config_controller_credential.yml @@ -1,53 +1,53 @@ --- controller_credentials: - credential_type: Machine - name: "Machine Credential" - description: "SSH Machine Connection with IdM credentials" + name: Machine Credential + description: SSH Machine Connection with IdM credentials organization: "{{ aap_config_organization }}" inputs: username: "{{ default_ssh_vm_user }}" password: "{{ techuser_ansible_global_password }}" - credential_type: Insights - name: "Insights Credential" - description: "Insights Credential" + name: Insights Credential + description: Insights Credential organization: "{{ aap_config_organization }}" inputs: username: "{{ hostvars[groups.satellite | first]['satellite_rhsm_username'] }}" password: "{{ hostvars[groups.satellite | first]['satellite_rhsm_password'] }}" - credential_type: Source Control - name: "GitHub Source Credential" - description: "GitHub Credential" + name: GitHub Source Credential + description: GitHub Credential organization: "{{ aap_config_organization }}" inputs: username: "{{ github_username }}" ssh_key_data: "{{ github_private_key }}" - credential_type: Vault - name: "Vault Credential" - description: "Vault Credential" + name: Vault Credential + description: Vault Credential organization: "{{ aap_config_organization }}" inputs: vault_password: "{{ vault_password }}" - credential_type: Vault - name: "New Vault Credential" - description: "New Vault Credential that use in vault password change process" + name: New Vault Credential + description: New Vault Credential that use in vault password change process organization: "{{ aap_config_organization }}" inputs: vault_password: "{{ vault_password }}" - vault_id: 'new_vault_password' + vault_id: new_vault_password - credential_type: Red Hat Satellite 6 - name: "Satellite Credential" - description: "Satellite Credential" + name: Satellite Credential + description: Satellite Credential organization: "{{ aap_config_organization }}" inputs: - host: "https://{{ groups.satellite | first }}" + host: https://{{ groups.satellite | first }} username: "{{ hostvars[groups.satellite | first]['satellite_username'] }}" password: "{{ hostvars[groups.satellite | first]['satellite_password'] }}" - credential_type: Machine - name: "Demo Credential" + name: Demo Credential state: absent diff --git a/group_vars/aap/aap_config_controller_ee.yml b/group_vars/aap/aap_config_controller_ee.yml index cb7e890..21f5021 100644 --- a/group_vars/aap/aap_config_controller_ee.yml +++ b/group_vars/aap/aap_config_controller_ee.yml @@ -1,17 +1,17 @@ --- controller_execution_environments: - - name: "Automation Hub Default execution environment" + - name: Automation Hub Default execution environment image: "{{ groups.aap_pah | first }}/ee-supported-rhel8:latest" - credential: "Default Execution Environment Registry Credential" + credential: Default Execution Environment Registry Credential - - name: "Automation Hub Minimal execution environment" + - name: Automation Hub Minimal execution environment image: "{{ groups.aap_pah | first }}/ee-minimal-rhel8:latest" - credential: "Default Execution Environment Registry Credential" + credential: Default Execution Environment Registry Credential - - name: "Automation Hub Default Remote execution environment" + - name: Automation Hub Default Remote execution environment image: "{{ groups.aap_pah | first }}/custom_ee_showroom:latest" - credential: "Default Execution Environment Registry Credential" + credential: Default Execution Environment Registry Credential - - name: "Default execution environment" - image: "registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest" + - name: Default execution environment + image: registry.redhat.io/ansible-automation-platform-24/ee-supported-rhel8:latest state: absent diff --git a/group_vars/aap/aap_config_controller_inventory.yml b/group_vars/aap/aap_config_controller_inventory.yml index 76ddee3..ae892be 100644 --- a/group_vars/aap/aap_config_controller_inventory.yml +++ b/group_vars/aap/aap_config_controller_inventory.yml @@ -1,11 +1,11 @@ --- controller_inventories: - - name: "Project SCM Inventory" - description: "Inventory sourced from GitHub inventory project" + - name: Project SCM Inventory + description: Inventory sourced from GitHub inventory project organization: "{{ aap_config_organization }}" - - name: "Satellite Inventory" - description: "Inventory sourced from Red Hat Satellite 6" + - name: Satellite Inventory + description: Inventory sourced from Red Hat Satellite 6 organization: "{{ aap_config_organization }}" - - name: "Insights Inventory" - description: "Inventory for Insights Remediations" + - name: Insights Inventory + description: Inventory for Insights Remediations organization: "{{ aap_config_organization }}" diff --git a/group_vars/aap/aap_config_controller_job_template.yml b/group_vars/aap/aap_config_controller_job_template.yml index d7559e9..42bcd55 100644 --- a/group_vars/aap/aap_config_controller_job_template.yml +++ b/group_vars/aap/aap_config_controller_job_template.yml @@ -1,10 +1,10 @@ --- controller_templates: - - name: "Demo Job Template" + - name: Demo Job Template state: absent - - name: "RH AAP - Configure AAP" - description: "Job Template for AAP Controller Configuration" + - name: RH AAP - Configure AAP + description: Job Template for AAP Controller Configuration playbook: playbooks/function_aap_configure.yml label: - aap configure @@ -14,17 +14,17 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" - - "New Vault Credential" + - Machine Credential + - Vault Credential + - New Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false extra_vars: host: aap_controller - - name: "RH IdM - Register Host" - description: "Job Template used for registering hosts to the RH IdM" + - name: RH IdM - Register Host + description: Job Template used for registering hosts to the RH IdM playbook: playbooks/function_idm_register.yml labels: - register host @@ -37,19 +37,19 @@ controller_templates: allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Deploy - via Azure APIs" - description: "Job Template for a new RHEL VM Deployment via Azure APIs" + - name: RHEL VM Deploy - via Azure APIs + description: Job Template for a new RHEL VM Deployment via Azure APIs playbook: playbooks/function_azure_vm_create.yml labels: - vm deploy - azure @@ -62,19 +62,19 @@ controller_templates: allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Deploy - via Satellite" - description: "Job Template for a new RHEL VM Deployment via Satellite" + - name: RHEL VM Deploy - via Satellite + description: Job Template for a new RHEL VM Deployment via Satellite playbook: playbooks/type_workload_vm_create.yml labels: - vm deploy - satellite @@ -87,19 +87,19 @@ controller_templates: allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Decommission - via Satellite" - description: "Job Template for a decommissioning RHEL VM via Satellite" + - name: RHEL VM Decommission - via Satellite + description: Job Template for a decommissioning RHEL VM via Satellite playbook: playbooks/function_satellite_vm_deploy.yml labels: - vm decommission - satellite @@ -112,21 +112,21 @@ controller_templates: allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 extra_vars: - satellite_host_deploy_state: "absent" + satellite_host_deploy_state: absent - - name: "RHEL VM Update - Deploy Live Kernel Patch" - description: "Job Template to enable, install and update live kernel for RHEL systems" + - name: RHEL VM Update - Deploy Live Kernel Patch + description: Job Template to enable, install and update live kernel for RHEL systems playbook: playbooks/function_enable_live_kernel.yml labels: - kernel patch @@ -136,26 +136,26 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Update - Leapp Analysis" - description: "Job Template to leapp upgrade analysis" + - name: RHEL VM Update - Leapp Analysis + description: Job Template to leapp upgrade analysis playbook: playbooks/function_leapp_analysis.yml labels: - leapp @@ -165,15 +165,15 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: leapp_analysis - - name: "RHEL VM Update - Leapp Upgrade" - description: "Job Template to leapp upgrade" + - name: RHEL VM Update - Leapp Upgrade + description: Job Template to leapp upgrade playbook: playbooks/function_leapp_upgrade.yml labels: - leapp @@ -183,15 +183,15 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: leapp_upgrade - - name: "RHEL VM Update - Leapp 8.10 to 9.4 Remediate" - description: "Job Template to leapp remediate" + - name: RHEL VM Update - Leapp 8.10 to 9.4 Remediate + description: Job Template to leapp remediate playbook: playbooks/function_leapp_remediate.yml labels: - leapp @@ -201,33 +201,36 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: leapp_remediate survey_enabled: true survey_spec: - name: "Survey for remediation" - description: "Define remediation points" + name: Survey for remediation + description: Define remediation points spec: - - question_name: "What do you want to remediate?" - question_description: "Inhibitors to remediate, refer to https://{{ groups.aap_pah | first }}/ui/repo/validated/infra/leapp/content/role/remediate/" + - question_name: What do you want to remediate? + question_description: Inhibitors to remediate, refer to https://{{ groups.aap_pah | first }}/ui/repo/validated/infra/leapp/content/role/remediate/ required: true type: multiselect - variable: "remediation_todo" - choices: "leapp_cifs_detected\nleapp_corrupted_grubenv_file\nleapp_custom_network_scripts_detected\nleapp_deprecated_sshd_directive\nleapp_firewalld_allowzonedrifting\nleapp_firewalld_unsupported_tftp_client\nleapp_loaded_removed_kernel_drivers\nleapp_missing_efibootmgr\nleapp_missing_pkg\nleapp_missing_yum_plugins\nleapp_multiple_kernels\nleapp_newest_kernel_not_in_use\nleapp_nfs_detected\nleapp_non_persistent_partitions\nleapp_non_standard_openssl_config\nleapp_old_postgresql_data\nleapp_partitions_with_noexec\nleapp_relative_symlinks\nleapp_rpms_with_rsa_sha1_detected\nleapp_unavailable_kde\nleapp_vdo_check_needed\n" - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + variable: remediation_todo + choices: "leapp_cifs_detected\nleapp_corrupted_grubenv_file\nleapp_custom_network_scripts_detected\nleapp_deprecated_sshd_directive\nleapp_firewalld_allowzonedrifting\n\ + leapp_firewalld_unsupported_tftp_client\nleapp_loaded_removed_kernel_drivers\nleapp_missing_efibootmgr\nleapp_missing_pkg\nleapp_missing_yum_plugins\n\ + leapp_multiple_kernels\nleapp_newest_kernel_not_in_use\nleapp_nfs_detected\nleapp_non_persistent_partitions\nleapp_non_standard_openssl_config\nleapp_old_postgresql_data\n\ + leapp_partitions_with_noexec\nleapp_relative_symlinks\nleapp_rpms_with_rsa_sha1_detected\nleapp_unavailable_kde\nleapp_vdo_check_needed\n" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Update - HTTP Test" - description: "Job Template to test httpd" + - name: RHEL VM Update - HTTP Test + description: Job Template to test httpd playbook: playbooks/function_leapp_test.yml labels: - leapp @@ -237,15 +240,15 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: leapp_test - - name: "RHEL VM Update - Packages" - description: "Update all packages on RHEL VM" + - name: RHEL VM Update - Packages + description: Update all packages on RHEL VM playbook: playbooks/toolbox_vm_update.yml labels: - vm update packages @@ -258,19 +261,19 @@ controller_templates: allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "Azure - Snapshot Create" - description: "Job Template to create snapshot for leapp upgrade" + - name: Azure - Snapshot Create + description: Job Template to create snapshot for leapp upgrade playbook: playbooks/function_azure_snapshot_manage.yml labels: - leapp @@ -280,18 +283,18 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: azure_snapshot_create extra_vars: azure_snapshot: "true" - azure_snapshot_state: "present" + azure_snapshot_state: present - - name: "Azure - Snapshot Delete" - description: "Job Template to delete snapshot for leapp upgrade" + - name: Azure - Snapshot Delete + description: Job Template to delete snapshot for leapp upgrade playbook: playbooks/function_azure_snapshot_manage.yml labels: - leapp @@ -301,18 +304,18 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: azure_snapshot_delete extra_vars: azure_snapshot: "true" - azure_snapshot_state: "absent" + azure_snapshot_state: absent - - name: "RH Satellite - Register Host" - description: "Job Template used for registering hosts to the RH Satellite" + - name: RH Satellite - Register Host + description: Job Template used for registering hosts to the RH Satellite playbook: playbooks/function_satellite_register.yml labels: - register host @@ -325,19 +328,19 @@ controller_templates: allow_simultaneous: true survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RH Satellite - Prune (C)CVs versions" - description: "Job Template to clean out (C)CV versions from Satellite" + - name: RH Satellite - Prune (C)CVs versions + description: Job Template to clean out (C)CV versions from Satellite playbook: playbooks/function_clean_cv_version.yml labels: - clean ccv @@ -353,8 +356,8 @@ controller_templates: extra_vars: host: satellite - - name: "RH Satellite - Configure Satellite" - description: "Job Template to configure RH Satellite" + - name: RH Satellite - Configure Satellite + description: Job Template to configure RH Satellite playbook: playbooks/function_satellite_configure.yml labels: - satellite configure @@ -364,8 +367,8 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false @@ -373,8 +376,8 @@ controller_templates: extra_vars: host: satellite - - name: "RH IDM - Configure IdM" - description: "Job Template to configure RH IdM" + - name: RH IDM - Configure IdM + description: Job Template to configure RH IdM playbook: playbooks/function_idm_configuration.yml labels: - idm configure @@ -384,16 +387,16 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false extra_vars: host: ipahidden - - name: "RH Satellite - Change Host Group" - description: "Job Template to move vm to different host group" + - name: RH Satellite - Change Host Group + description: Job Template to move vm to different host group playbook: playbooks/toolbox_satellite_hostgroup_change.yml labels: - leapp @@ -403,15 +406,15 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" + - Machine Credential + - Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false skip_tags: leapp_change_hostgroup - - name: "RH Satellite - Promote CCV" - description: "Promote CCV to the respective lifecycle environment" + - name: RH Satellite - Promote CCV + description: Promote CCV to the respective lifecycle environment playbook: playbooks/function_satellite_promote_ccv.yml labels: - promote ccv @@ -424,26 +427,26 @@ controller_templates: allow_simultaneous: false survey_enabled: true survey_spec: - name: "Survey for Promote CCV" - description: "Define CCV" + name: Survey for Promote CCV + description: Define CCV spec: - - question_name: "Which CCV you would you like to promote?" - question_description: "Refer to https://{{ groups.satellite | first }}/content_views" + - question_name: Which CCV you would you like to promote? + question_description: Refer to https://{{ groups.satellite | first }}/content_views required: true type: multiplechoice - variable: "satellite_config_ccv_name" + variable: satellite_config_ccv_name choices: "ccv_aap\nccv_epel\nccv_rhel8_capsule\nccv_rhel8_vm\nccv_rhel9_vm" - - question_name: "To which lifecycle environment would you like to promote the CCV" - question_description: "Refer to https://{{ groups.satellite | first }}/lifecycle_environments" + - question_name: To which lifecycle environment would you like to promote the CCV + question_description: Refer to https://{{ groups.satellite | first }}/lifecycle_environments required: true type: multiplechoice - variable: "lifecycle_environment" + variable: lifecycle_environment choices: "QA\nProd" extra_vars: host: satellite - - name: "RH Satellite - Publish CVs" - description: "Publish CVs of the given CCVs and Promote CCVs to lifecycle environment Dev" + - name: RH Satellite - Publish CVs + description: Publish CVs of the given CCVs and Promote CCVs to lifecycle environment Dev playbook: playbooks/function_satellite_publish_cvs.yml labels: - publish cv @@ -456,20 +459,20 @@ controller_templates: allow_simultaneous: false survey_enabled: true survey_spec: - name: "Survey for Publish CVs" - description: "Define CCVs for CVs" + name: Survey for Publish CVs + description: Define CCVs for CVs spec: - - question_name: "Which CVs within the specified CCV are intended to be published and promoted to the lifecycle environment Dev?" - question_description: "Refer to https://{{ groups.satellite | first }}/content_views" + - question_name: Which CVs within the specified CCV are intended to be published and promoted to the lifecycle environment Dev? + question_description: Refer to https://{{ groups.satellite | first }}/content_views required: true type: multiselect - variable: "satellite_config_ccvs" + variable: satellite_config_ccvs choices: "ccv_aap\nccv_epel\nccv_rhel8_capsule\nccv_rhel8_vm\nccv_rhel9_vm" extra_vars: host: satellite - - name: "Bastion - Renew SSL Certs" - description: "Job Template to renew SSL Certs for reverse proxy service." + - name: Bastion - Renew SSL Certs + description: Job Template to renew SSL Certs for reverse proxy service. playbook: playbooks/function_reverse_proxy_configure.yml label: - operations @@ -479,9 +482,9 @@ controller_templates: project: "{{ aap_config_default_project }}" execution_environment: "{{ aap_config_default_execution_environment }}" credentials: - - "Machine Credential" - - "Vault Credential" - - "New Vault Credential" + - Machine Credential + - Vault Credential + - New Vault Credential notification_templates_success: "{{ aap_config_default_notification_template }}" notification_templates_error: "{{ aap_config_default_notification_template }}" allow_simultaneous: false diff --git a/group_vars/aap/aap_config_controller_license.yml b/group_vars/aap/aap_config_controller_license.yml index f0986db..ae65f5c 100644 --- a/group_vars/aap/aap_config_controller_license.yml +++ b/group_vars/aap/aap_config_controller_license.yml @@ -4,5 +4,5 @@ redhat_subscription_password: "{{ hostvars[groups['satellite'][0]]['satellite_pa controller_license: use_lookup: true filters: - product_name: "Red Hat Ansible Automation Platform" - support_level: "Standard" + product_name: Red Hat Ansible Automation Platform + support_level: Standard diff --git a/group_vars/aap/aap_config_controller_notification.yml b/group_vars/aap/aap_config_controller_notification.yml index 73a826e..1cac83b 100644 --- a/group_vars/aap/aap_config_controller_notification.yml +++ b/group_vars/aap/aap_config_controller_notification.yml @@ -1,7 +1,7 @@ --- controller_notifications: - - name: "Slack Notifications" - description: "Send Job Notifications to the related Channel" + - name: Slack Notifications + description: Send Job Notifications to the related Channel notification_type: slack notification_configuration: channels: diff --git a/group_vars/aap/aap_config_controller_organization.yml b/group_vars/aap/aap_config_controller_organization.yml index 2c99010..2baafca 100644 --- a/group_vars/aap/aap_config_controller_organization.yml +++ b/group_vars/aap/aap_config_controller_organization.yml @@ -1,6 +1,6 @@ --- controller_organizations: - - name: "Default" + - name: Default state: absent - name: "{{ aap_config_organization }}" diff --git a/group_vars/aap/aap_config_controller_project.yml b/group_vars/aap/aap_config_controller_project.yml index 3740bad..48884f1 100644 --- a/group_vars/aap/aap_config_controller_project.yml +++ b/group_vars/aap/aap_config_controller_project.yml @@ -1,10 +1,10 @@ --- controller_projects: - - name: "rhis-inventory" - description: "GitHub project inventory" - credential: "GitHub Source Credential" + - name: rhis-inventory + description: GitHub project inventory + credential: GitHub Source Credential default_environment: "{{ aap_config_default_execution_environment }}" - scm_url: "git@github.com:redhat-cop/rhis-inventory.git" + scm_url: git@github.com:redhat-cop/rhis-inventory.git scm_type: git scm_branch: "{{ aap_config_default_scm_branch }}" scm_clean: true @@ -15,11 +15,11 @@ controller_projects: update_project: true notification_templates_error: "{{ aap_config_default_notification_template }}" - - name: "rhis-code" - description: "Github project code" - credential: "GitHub Source Credential" + - name: rhis-code + description: Github project code + credential: GitHub Source Credential default_environment: "{{ aap_config_default_execution_environment }}" - scm_url: "git@github.com:redhat-cop/rhis-code.git" + scm_url: git@github.com:redhat-cop/rhis-code.git scm_branch: "{{ aap_config_default_scm_branch }}" scm_type: git scm_clean: true @@ -30,15 +30,15 @@ controller_projects: update_project: true notification_templates_error: "{{ aap_config_default_notification_template }}" - - name: "insights-project" - description: "Github project code" - credential: "Insights Credential" + - name: insights-project + description: Github project code + credential: Insights Credential default_environment: "{{ aap_config_default_execution_environment }}" - scm_type: "insights" + scm_type: insights scm_clean: true scm_update_on_launch: true organization: "{{ aap_config_organization }}" notification_templates_error: "{{ aap_config_default_notification_template }}" - - name: "Demo Project" + - name: Demo Project state: absent diff --git a/group_vars/aap/aap_config_controller_role.yml b/group_vars/aap/aap_config_controller_role.yml index 621c150..7053177 100644 --- a/group_vars/aap/aap_config_controller_role.yml +++ b/group_vars/aap/aap_config_controller_role.yml @@ -1,28 +1,28 @@ --- controller_roles: - - team: "AAP Group Auditor" + - team: AAP Group Auditor organization: "{{ aap_config_organization }}" role: auditor - - team: "AAP Group Operator" + - team: AAP Group Operator organization: "{{ aap_config_organization }}" role: execute - - team: "AAP Group Operator" + - team: AAP Group Operator organization: "{{ aap_config_organization }}" role: auditor - - team: "AAP Group Developer" + - team: AAP Group Developer organization: "{{ aap_config_organization }}" role: execute - - team: "AAP Group Developer" + - team: AAP Group Developer organization: "{{ aap_config_organization }}" role: auditor - - team: "AAP Group Developer" + - team: AAP Group Developer organization: "{{ aap_config_organization }}" role: job_template_admin - - team: "AAP Group Admin" + - team: AAP Group Admin role: admin - - team: "AAP Group Template Manager" + - team: AAP Group Template Manager organization: "{{ aap_config_organization }}" role: job_template_admin - - team: "AAP Group Project Manager" + - team: AAP Group Project Manager organization: "{{ aap_config_organization }}" role: project_admin diff --git a/group_vars/aap/aap_config_controller_schedule.yml b/group_vars/aap/aap_config_controller_schedule.yml index 4a800d1..55e38a1 100644 --- a/group_vars/aap/aap_config_controller_schedule.yml +++ b/group_vars/aap/aap_config_controller_schedule.yml @@ -1,14 +1,14 @@ --- controller_schedules: - - name: "RH Satellite - Prune (C)CVs versions Schedule" - description: "Schedule for RH Satellite unused (C)CV versions clean" - rrule: "DTSTART;TZID=Europe/Berlin:20220908T090000 RRULE:INTERVAL=1;FREQ=WEEKLY;BYDAY=TH" - unified_job_template: "RH Satellite - Prune (C)CVs versions" + - name: RH Satellite - Prune (C)CVs versions Schedule + description: Schedule for RH Satellite unused (C)CV versions clean + rrule: DTSTART;TZID=Europe/Berlin:20220908T090000 RRULE:INTERVAL=1;FREQ=WEEKLY;BYDAY=TH + unified_job_template: RH Satellite - Prune (C)CVs versions enabled: true - - name: "RH Satellite - Publish CV for CCVs" - description: "Schedule for RH Satellite CVs publish for every CCV" - rrule: "DTSTART;TZID=Europe/Berlin:20220908T090000 RRULE:INTERVAL=1;FREQ=DAILY;BYDAY=TH" - unified_job_template: "RH Satellite - Publish CVs" + - name: RH Satellite - Publish CV for CCVs + description: Schedule for RH Satellite CVs publish for every CCV + rrule: DTSTART;TZID=Europe/Berlin:20220908T090000 RRULE:INTERVAL=1;FREQ=DAILY;BYDAY=TH + unified_job_template: RH Satellite - Publish CVs enabled: true extra_data: satellite_config_ccvs: diff --git a/group_vars/aap/aap_config_controller_setting.yml b/group_vars/aap/aap_config_controller_setting.yml index 89aba5e..db818a1 100644 --- a/group_vars/aap/aap_config_controller_setting.yml +++ b/group_vars/aap/aap_config_controller_setting.yml @@ -1,53 +1,53 @@ --- controller_settings: settings: - AUTH_LDAP_SERVER_URI: "ldap://{{ groups.ipaserver | first }}:389" - AUTH_LDAP_BIND_DN: "uid={{ ldap_bind_principal }},cn=users,cn=accounts,{{ ldap_domain_map }}" + AUTH_LDAP_SERVER_URI: ldap://{{ groups.ipaserver | first }}:389 + AUTH_LDAP_BIND_DN: uid={{ ldap_bind_principal }},cn=users,cn=accounts,{{ ldap_domain_map }} AUTH_LDAP_BIND_PASSWORD: "{{ ldap_bind_password }}" - AUTH_LDAP_USER_DN_TEMPLATE: "uid=%(user)s,cn=users,cn=accounts,{{ ldap_domain_map }}" - AUTH_LDAP_GROUP_TYPE: "MemberDNGroupType" - AUTH_LDAP_REQUIRE_GROUP: "cn=aapgroup-user,cn=groups,cn=accounts,{{ ldap_domain_map }}" + AUTH_LDAP_USER_DN_TEMPLATE: uid=%(user)s,cn=users,cn=accounts,{{ ldap_domain_map }} + AUTH_LDAP_GROUP_TYPE: MemberDNGroupType + AUTH_LDAP_REQUIRE_GROUP: cn=aapgroup-user,cn=groups,cn=accounts,{{ ldap_domain_map }} AUTH_LDAP_GROUP_SEARCH: '["cn=groups,cn=accounts,{{ ldap_domain_map }}","SCOPE_SUBTREE","(objectClass=groupOfNames)"]' AUTH_LDAP_GROUP_TYPE_PARAMS: - member_attr: "member" - name_attr: "cn" + member_attr: member + name_attr: cn AUTH_LDAP_USER_FLAGS_BY_GROUP: '{ "is_superuser": [ "cn=aapgroup-administrator,cn=groups,cn=accounts,{{ ldap_domain_map }}"] }' AUTH_LDAP_USER_ATTR_MAP: - email: "mail" - first_name: "givenName" - last_name: "surname" + email: mail + first_name: givenName + last_name: surname AUTH_LDAP_ORGANIZATION_MAP: Showroom: - admins: "cn=aapgroup-administrator,cn=groups,cn=accounts,{{ ldap_domain_map }}" + admins: cn=aapgroup-administrator,cn=groups,cn=accounts,{{ ldap_domain_map }} remove_users: true remove_admins: true users: true AUTH_LDAP_TEAM_MAP: AAP Group Auditor: - users: "cn=aapgroup-auditor,cn=groups,cn=accounts,{{ ldap_domain_map }}" + users: cn=aapgroup-auditor,cn=groups,cn=accounts,{{ ldap_domain_map }} organization: "{{ aap_config_organization }}" remove: true AAP Group Operator: - users: "cn=aapgroup-operator,cn=groups,cn=accounts,{{ ldap_domain_map }}" + users: cn=aapgroup-operator,cn=groups,cn=accounts,{{ ldap_domain_map }} organization: "{{ aap_config_organization }}" remove: true AAP Group Developer: - users: "cn=aapgroup-developer,cn=groups,cn=accounts,{{ ldap_domain_map }}" + users: cn=aapgroup-developer,cn=groups,cn=accounts,{{ ldap_domain_map }} organization: "{{ aap_config_organization }}" remove: true AAP Group Project Manager: - users: "cn=aapgroup-proj_manager,cn=groups,cn=accounts,{{ ldap_domain_map }}" + users: cn=aapgroup-proj_manager,cn=groups,cn=accounts,{{ ldap_domain_map }} organization: "{{ aap_config_organization }}" remove: true AAP Group Template Manager: - users: "cn=aapgroup-template_manager,cn=groups,cn=accounts,{{ ldap_domain_map }}" + users: cn=aapgroup-template_manager,cn=groups,cn=accounts,{{ ldap_domain_map }} organization: "{{ aap_config_organization }}" remove: true AAP Group Admin: - users: "cn=aapgroup-administrator,cn=groups,cn=accounts,{{ ldap_domain_map }}" + users: cn=aapgroup-administrator,cn=groups,cn=accounts,{{ ldap_domain_map }} organization: "{{ aap_config_organization }}" remove: true - TOWER_URL_BASE: "https://{{ groups.aap_controller | first }}" + TOWER_URL_BASE: https://{{ groups.aap_controller | first }} INSIGHTS_TRACKING_STATE: true AWX_ROLES_ENABLED: true AWX_COLLECTIONS_ENABLED: true diff --git a/group_vars/aap/aap_config_controller_source_inventory.yml b/group_vars/aap/aap_config_controller_source_inventory.yml index a4e0f73..43ef97f 100644 --- a/group_vars/aap/aap_config_controller_source_inventory.yml +++ b/group_vars/aap/aap_config_controller_source_inventory.yml @@ -1,7 +1,7 @@ --- controller_inventory_sources: - - name: "source-github-inventory" - description: "Sourced Inventory from SCM Project" + - name: source-github-inventory + description: Sourced Inventory from SCM Project source: scm source_project: "{{ aap_config_inventory_repo_name }}" source_path: inventory.yml @@ -15,11 +15,11 @@ controller_inventory_sources: execution_environment: "{{ aap_config_default_execution_environment }}" wait: true - - name: "source-satellite-inventory" - description: "Sourced Inventory from Satellite" - source: "satellite6" - inventory: "Satellite Inventory" - credential: "Satellite Credential" + - name: source-satellite-inventory + description: Sourced Inventory from Satellite + source: satellite6 + inventory: Satellite Inventory + credential: Satellite Credential organization: "{{ aap_config_organization }}" overwrite: true overwrite_vars: true @@ -28,11 +28,11 @@ controller_inventory_sources: execution_environment: "{{ aap_config_default_execution_environment }}" wait: true - - name: "source-insights-inventory" - description: "Insights Inventory for Insight Remediations" - source: "insights" - inventory: "Insights Inventory" - credential: "Insights Credential" + - name: source-insights-inventory + description: Insights Inventory for Insight Remediations + source: insights + inventory: Insights Inventory + credential: Insights Credential organization: "{{ aap_config_organization }}" overwrite: true overwrite_vars: true diff --git a/group_vars/aap/aap_config_controller_workflow_template.yml b/group_vars/aap/aap_config_controller_workflow_template.yml index faa9f7f..f2fda3c 100644 --- a/group_vars/aap/aap_config_controller_workflow_template.yml +++ b/group_vars/aap/aap_config_controller_workflow_template.yml @@ -1,7 +1,7 @@ --- controller_workflows: - - name: "Project SCM Inventory Sync" - description: "Workflow Template to sync inventory repository and project" + - name: Project SCM Inventory Sync + description: Workflow Template to sync inventory repository and project labels: - inventory organization: "{{ aap_config_organization }}" @@ -10,57 +10,57 @@ controller_workflows: scm_branch: "{{ aap_config_default_scm_branch }}" simplified_workflow_nodes: - all_parents_must_converge: false - identifier: "Inventory Project Sync" + identifier: Inventory Project Sync unified_job_template: "{{ aap_config_inventory_repo_name }}" type: project state: present - - name: "RHEL VM Update - Leapp 8.10 to 9.4 Upgrade" - description: "Leapp upgrade from 8.10 to 9.4" + - name: RHEL VM Update - Leapp 8.10 to 9.4 Upgrade + description: Leapp upgrade from 8.10 to 9.4 labels: - leapp organization: "{{ aap_config_organization }}" allow_simultaneous: false state: present extra_vars: - infra_leapp_upgrade_system_roles_collection: "redhat.rhel_system_roles" - leapp_preupg_opts: "--target 9.4" - leapp_upgrade_opts: "--target 9.4" - satellite_activation_key_post_leapp: "ak_dev_rhel9_default_vm" - satellite_activation_key_leapp: "ak_dev_leapp_rhel8_10_to_rhel9_4" + infra_leapp_upgrade_system_roles_collection: redhat.rhel_system_roles + leapp_preupg_opts: --target 9.4 + leapp_upgrade_opts: --target 9.4 + satellite_activation_key_post_leapp: ak_dev_rhel9_default_vm + satellite_activation_key_leapp: ak_dev_leapp_rhel8_10_to_rhel9_4 update_grub_to_grub_2: "true" simplified_workflow_nodes: - all_parents_must_converge: false identifier: Analysis - unified_job_template: "RHEL VM Update - Leapp Analysis" + unified_job_template: RHEL VM Update - Leapp Analysis credentials: [] success_nodes: - SnapshotCreate failure_nodes: [] always_nodes: [] - identifier: SnapshotCreate - unified_job_template: "Azure - Snapshot Create" + unified_job_template: Azure - Snapshot Create credentials: [] success_nodes: - Upgrade failure_nodes: [] always_nodes: [] - identifier: Upgrade - unified_job_template: "RHEL VM Update - Leapp Upgrade" + unified_job_template: RHEL VM Update - Leapp Upgrade credentials: [] success_nodes: - PostLeappTest failure_nodes: [] always_nodes: [] - identifier: PostLeappTest - unified_job_template: "RHEL VM Update - HTTP Test" + unified_job_template: RHEL VM Update - HTTP Test credentials: [] success_nodes: - ChangeHostGroup failure_nodes: [] always_nodes: [] - identifier: ChangeHostGroup - unified_job_template: "RH Satellite - Change Host Group" + unified_job_template: RH Satellite - Change Host Group credentials: [] success_nodes: - Approval @@ -74,22 +74,22 @@ controller_workflows: success_nodes: - SnapshotDelete - identifier: SnapshotDelete - unified_job_template: "Azure - Snapshot Delete" + unified_job_template: Azure - Snapshot Delete survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define hostname or group name Survey" + name: Survey for hostname + description: Define hostname or group name Survey spec: - - question_name: "Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Update - RHEL 8.x to the latest packages in lifecycle environment Dev" - description: "Update CVs & CCV and all packages on RHEL 8.x VM in Dev" + - name: RHEL VM Update - RHEL 8.x to the latest packages in lifecycle environment Dev + description: Update CVs & CCV and all packages on RHEL 8.x VM in Dev labels: - vm update packages organization: "{{ aap_config_organization }}" @@ -97,39 +97,39 @@ controller_workflows: state: present extra_vars: satellite_config_ccvs: - - "ccv_rhel8_vm" + - ccv_rhel8_vm simplified_workflow_nodes: - all_parents_must_converge: false identifier: PublishCV - unified_job_template: "RH Satellite - Publish CVs" + unified_job_template: RH Satellite - Publish CVs credentials: [] success_nodes: - SnapshotCreate failure_nodes: [] always_nodes: [] - identifier: SnapshotCreate - unified_job_template: "Azure - Snapshot Create" + unified_job_template: Azure - Snapshot Create credentials: [] success_nodes: - Update failure_nodes: [] always_nodes: [] - identifier: Update - unified_job_template: "RHEL VM Update - Packages" + unified_job_template: RHEL VM Update - Packages credentials: [] success_nodes: - UpdateTest failure_nodes: [] always_nodes: [] - identifier: UpdateTest - unified_job_template: "RHEL VM Update - HTTP Test" + unified_job_template: RHEL VM Update - HTTP Test credentials: [] success_nodes: - ChangeHostGroup failure_nodes: [] always_nodes: [] - identifier: ChangeHostGroup - unified_job_template: "RH Satellite - Change Host Group" + unified_job_template: RH Satellite - Change Host Group credentials: [] success_nodes: - Approval @@ -143,22 +143,22 @@ controller_workflows: success_nodes: - SnapshotDelete - identifier: SnapshotDelete - unified_job_template: "Azure - Snapshot Delete" + unified_job_template: Azure - Snapshot Delete survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define RHEL 8.x hostname or group name Survey" + name: Survey for hostname + description: Define RHEL 8.x hostname or group name Survey spec: - - question_name: "RHEL 8.x Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: RHEL 8.x Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Update - RHEL 8.x to the latest packages in lifecycle environment QA or Prod" - description: "Promote CCV and all packages on RHEL 8.x VM in QA or Prod" + - name: RHEL VM Update - RHEL 8.x to the latest packages in lifecycle environment QA or Prod + description: Promote CCV and all packages on RHEL 8.x VM in QA or Prod labels: - vm update packages organization: "{{ aap_config_organization }}" @@ -169,35 +169,35 @@ controller_workflows: simplified_workflow_nodes: - all_parents_must_converge: false identifier: PromoteCCV - unified_job_template: "RH Satellite - Promote CCV" + unified_job_template: RH Satellite - Promote CCV credentials: [] success_nodes: - SnapshotCreate failure_nodes: [] always_nodes: [] - identifier: SnapshotCreate - unified_job_template: "Azure - Snapshot Create" + unified_job_template: Azure - Snapshot Create credentials: [] success_nodes: - Update failure_nodes: [] always_nodes: [] - identifier: Update - unified_job_template: "RHEL VM Update - Packages" + unified_job_template: RHEL VM Update - Packages credentials: [] success_nodes: - UpdateTest failure_nodes: [] always_nodes: [] - identifier: UpdateTest - unified_job_template: "RHEL VM Update - HTTP Test" + unified_job_template: RHEL VM Update - HTTP Test credentials: [] success_nodes: - ChangeHostGroup failure_nodes: [] always_nodes: [] - identifier: ChangeHostGroup - unified_job_template: "RH Satellite - Change Host Group" + unified_job_template: RH Satellite - Change Host Group credentials: [] success_nodes: - Approval @@ -211,28 +211,28 @@ controller_workflows: success_nodes: - SnapshotDelete - identifier: SnapshotDelete - unified_job_template: "Azure - Snapshot Delete" + unified_job_template: Azure - Snapshot Delete survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define RHEL 8.x hostname or group name Survey" + name: Survey for hostname + description: Define RHEL 8.x hostname or group name Survey spec: - - question_name: "RHEL 8.x Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: RHEL 8.x Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - question_name: "To which lifecycle environment would you like to promote the CCV" - question_description: "Refer to https://{{ groups.satellite | first }}/lifecycle_environments" # noqa jinja[spacing] + - question_name: To which lifecycle environment would you like to promote the CCV + question_description: Refer to https://{{ groups.satellite | first }}/lifecycle_environments # noqa jinja[spacing] required: true type: multiplechoice - variable: "lifecycle_environment" + variable: lifecycle_environment choices: "QA\nProd" - - name: "RHEL VM Update - RHEL 9.x to the latest packages in lifecycle environment Dev" - description: "Update CVs & CCV and all packages on RHEL 9.x VM in Dev" + - name: RHEL VM Update - RHEL 9.x to the latest packages in lifecycle environment Dev + description: Update CVs & CCV and all packages on RHEL 9.x VM in Dev labels: - vm update packages organization: "{{ aap_config_organization }}" @@ -240,39 +240,39 @@ controller_workflows: state: present extra_vars: satellite_config_ccvs: - - "ccv_rhel9_vm" + - ccv_rhel9_vm simplified_workflow_nodes: - all_parents_must_converge: false identifier: PublishCV - unified_job_template: "RH Satellite - Publish CVs" + unified_job_template: RH Satellite - Publish CVs credentials: [] success_nodes: - SnapshotCreate failure_nodes: [] always_nodes: [] - identifier: SnapshotCreate - unified_job_template: "Azure - Snapshot Create" + unified_job_template: Azure - Snapshot Create credentials: [] success_nodes: - Update failure_nodes: [] always_nodes: [] - identifier: Update - unified_job_template: "RHEL VM Update - Packages" + unified_job_template: RHEL VM Update - Packages credentials: [] success_nodes: - UpdateTest failure_nodes: [] always_nodes: [] - identifier: UpdateTest - unified_job_template: "RHEL VM Update - HTTP Test" + unified_job_template: RHEL VM Update - HTTP Test credentials: [] success_nodes: - ChangeHostGroup failure_nodes: [] always_nodes: [] - identifier: ChangeHostGroup - unified_job_template: "RH Satellite - Change Host Group" + unified_job_template: RH Satellite - Change Host Group credentials: [] success_nodes: - Approval @@ -286,22 +286,22 @@ controller_workflows: success_nodes: - SnapshotDelete - identifier: SnapshotDelete - unified_job_template: "Azure - Snapshot Delete" + unified_job_template: Azure - Snapshot Delete survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define RHEL 9.x hostname or group name Survey" + name: Survey for hostname + description: Define RHEL 9.x hostname or group name Survey spec: - - question_name: "RHEL 9.x Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: RHEL 9.x Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - name: "RHEL VM Update - RHEL 9.x to the latest packages in lifecycle environment QA or Prod" - description: "Promote CCV and all packages on RHEL 9.x VM in QA or Prod" + - name: RHEL VM Update - RHEL 9.x to the latest packages in lifecycle environment QA or Prod + description: Promote CCV and all packages on RHEL 9.x VM in QA or Prod labels: - vm update packages organization: "{{ aap_config_organization }}" @@ -312,35 +312,35 @@ controller_workflows: simplified_workflow_nodes: - all_parents_must_converge: false identifier: PromoteCCV - unified_job_template: "RH Satellite - Promote CCV" + unified_job_template: RH Satellite - Promote CCV credentials: [] success_nodes: - SnapshotCreate failure_nodes: [] always_nodes: [] - identifier: SnapshotCreate - unified_job_template: "Azure - Snapshot Create" + unified_job_template: Azure - Snapshot Create credentials: [] success_nodes: - Update failure_nodes: [] always_nodes: [] - identifier: Update - unified_job_template: "RHEL VM Update - Packages" + unified_job_template: RHEL VM Update - Packages credentials: [] success_nodes: - UpdateTest failure_nodes: [] always_nodes: [] - identifier: UpdateTest - unified_job_template: "RHEL VM Update - HTTP Test" + unified_job_template: RHEL VM Update - HTTP Test credentials: [] success_nodes: - ChangeHostGroup failure_nodes: [] always_nodes: [] - identifier: ChangeHostGroup - unified_job_template: "RH Satellite - Change Host Group" + unified_job_template: RH Satellite - Change Host Group credentials: [] success_nodes: - Approval @@ -354,22 +354,22 @@ controller_workflows: success_nodes: - SnapshotDelete - identifier: SnapshotDelete - unified_job_template: "Azure - Snapshot Delete" + unified_job_template: Azure - Snapshot Delete survey_enabled: true survey_spec: - name: "Survey for hostname" - description: "Define RHEL 9.x hostname or group name Survey" + name: Survey for hostname + description: Define RHEL 9.x hostname or group name Survey spec: - - question_name: "RHEL 9.x Hostname or Group?" - question_description: "Please provide fully qualified hostname or group name" + - question_name: RHEL 9.x Hostname or Group? + question_description: Please provide fully qualified hostname or group name required: true type: text - variable: "host" + variable: host min: 0 max: 250 - - question_name: "To which lifecycle environment would you like to promote the CCV" - question_description: "Refer to https://{{ groups.satellite | first }}/lifecycle_environments" # noqa jinja[spacing] + - question_name: To which lifecycle environment would you like to promote the CCV + question_description: Refer to https://{{ groups.satellite | first }}/lifecycle_environments # noqa jinja[spacing] required: true type: multiplechoice - variable: "lifecycle_environment" + variable: lifecycle_environment choices: "QA\nProd" diff --git a/group_vars/aap/aap_config_custom_ee.yml b/group_vars/aap/aap_config_custom_ee.yml index c274d9d..d994518 100644 --- a/group_vars/aap/aap_config_custom_ee.yml +++ b/group_vars/aap/aap_config_custom_ee.yml @@ -1,6 +1,6 @@ --- ee_builder_dir_clean: false -ee_builder_dir: "." +ee_builder_dir: . ee_update_base_images: false ee_base_registry_username: "{{ automationhub_admin_username }}" ee_base_registry_password: "{{ automationhub_admin_password }}" diff --git a/group_vars/aap/aap_config_pah_ee_registry.yml b/group_vars/aap/aap_config_pah_ee_registry.yml index a9ab2c6..3e6c192 100644 --- a/group_vars/aap/aap_config_pah_ee_registry.yml +++ b/group_vars/aap/aap_config_pah_ee_registry.yml @@ -1,7 +1,7 @@ --- ah_ee_registries: - - name: "Red Hat Registry" + - name: Red Hat Registry sync: true - url: "https://registry.redhat.io" + url: https://registry.redhat.io username: "{{ registry_username }}" password: "{{ registry_token }}" diff --git a/group_vars/aap/aap_config_pah_ee_repository.yml b/group_vars/aap/aap_config_pah_ee_repository.yml index 88dd09d..042a3dc 100644 --- a/group_vars/aap/aap_config_pah_ee_repository.yml +++ b/group_vars/aap/aap_config_pah_ee_repository.yml @@ -2,9 +2,9 @@ ah_ee_repositories: - name: ee-supported-remote-rhel9 description: Execution Environment with the ansible version 2.15 - upstream_name: "ansible-automation-platform-{{ aap_install_major_version | replace('.', '') }}/ee-supported-rhel9" - registry: "Red Hat Registry" + upstream_name: ansible-automation-platform-{{ aap_install_major_version | replace('.', '') }}/ee-supported-rhel9 + registry: Red Hat Registry include_tags: - - "latest" + - latest wait: true sync: true diff --git a/group_vars/aap/aap_config_pah_repo_sync.yml b/group_vars/aap/aap_config_pah_repo_sync.yml index d452cb5..862a098 100644 --- a/group_vars/aap/aap_config_pah_repo_sync.yml +++ b/group_vars/aap/aap_config_pah_repo_sync.yml @@ -1,14 +1,14 @@ --- ah_collection_repositories: - - name: "community" - description: "Community content repository" + - name: community + description: Community content repository remote: community wait: true - - name: "rh-certified" - description: "Red Hat certified content repository" + - name: rh-certified + description: Red Hat certified content repository remote: rh-certified wait: true - - name: "validated" - description: "Validated collections" + - name: validated + description: Validated collections remote: validated wait: true diff --git a/group_vars/aap/aap_config_pah_repository.yml b/group_vars/aap/aap_config_pah_repository.yml index d4426c1..45a6438 100644 --- a/group_vars/aap/aap_config_pah_repository.yml +++ b/group_vars/aap/aap_config_pah_repository.yml @@ -4,55 +4,55 @@ ah_collection_remotes: url: https://galaxy.ansible.com/api/ requirements: - name: community.general - version: '8.3.0' + version: 8.3.0 - name: community.crypto - version: '2.20.0' + version: 2.20.0 - name: community.dns - version: '3.0.1' + version: 3.0.1 - name: containers.podman - version: '1.13.0' + version: 1.13.0 - name: rh-certified token: "{{ hostvars[groups['github_runner'][0]]['rh_automation_hub_offline_token'] }}" - url: 'https://console.redhat.com/api/automation-hub/content/published/' - auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token' + url: https://console.redhat.com/api/automation-hub/content/published/ + auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token requirements: - name: redhat.rhel_idm - version: '1.12.1' + version: 1.12.1 - name: redhat.satellite - version: '4.0.0' + version: 4.0.0 - name: redhat.satellite_operations - version: '3.0.0' + version: 3.0.0 - name: redhat.rhel_system_roles - version: '1.23.0' + version: 1.23.0 - name: azure.azcollection - version: '2.4.0' + version: 2.4.0 - name: ansible.eda - version: '1.4.7' + version: 1.4.7 - name: ansible.utils - version: '5.0.0' + version: 5.0.0 - name: ansible.netcommon - version: '7.0.0' + version: 7.0.0 - name: ansible.posix - version: '1.5.4' + version: 1.5.4 - name: ansible.controller - version: '4.5.7' + version: 4.5.7 - name: kubernetes.core - version: '5.0.0' + version: 5.0.0 - name: validated token: "{{ hostvars[groups['github_runner'][0]]['rh_automation_hub_offline_token'] }}" - url: 'https://console.redhat.com/api/automation-hub/content/validated/' - auth_url: 'https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token' + url: https://console.redhat.com/api/automation-hub/content/validated/ + auth_url: https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token sync_dependencies: false requirements: - name: infra.aap_utilities - version: '2.5.1' + version: 2.5.1 - name: infra.controller_configuration - version: '2.7.1' + version: 2.7.1 - name: infra.ee_utilities - version: '3.2.0' + version: 3.2.0 - name: infra.ah_configuration - version: '2.0.6' + version: 2.0.6 - name: infra.leapp - version: '1.3.1' + version: 1.3.1 diff --git a/group_vars/aap/aap_install_config.yml b/group_vars/aap/aap_install_config.yml index ada5fa0..19dfba4 100644 --- a/group_vars/aap/aap_install_config.yml +++ b/group_vars/aap/aap_install_config.yml @@ -2,5 +2,5 @@ aap_install_major_version: "2.4" aap_install_minor_version: "7" aap_install_version: "{{ aap_install_major_version }}-{{ aap_install_minor_version }}" -aap_install_repo_name: "Red Hat Ansible Automation Platform {{ aap_install_major_version }} for RHEL 9 x86_64 Files" -aap_install_aap_bundle_file: "ansible-automation-platform-setup-{{ aap_install_version }}.tar.gz" +aap_install_repo_name: Red Hat Ansible Automation Platform {{ aap_install_major_version }} for RHEL 9 x86_64 Files +aap_install_aap_bundle_file: ansible-automation-platform-setup-{{ aap_install_version }}.tar.gz diff --git a/group_vars/all/azure_dns.yml b/group_vars/all/azure_dns.yml index bea9b33..bd6a6f4 100644 --- a/group_vars/all/azure_dns.yml +++ b/group_vars/all/azure_dns.yml @@ -1,4 +1,4 @@ --- azure_dns: true -azure_dns_ip: "168.63.129.16" +azure_dns_ip: 168.63.129.16 diff --git a/group_vars/all/azure_infra.yml b/group_vars/all/azure_infra.yml index 2c5deb9..c4ede18 100644 --- a/group_vars/all/azure_infra.yml +++ b/group_vars/all/azure_infra.yml @@ -3,4 +3,4 @@ deployment_environment: dev azure_dns_zone: showroom.run azure_dns_private_dnz_zone_subdomain: internal azure_dns_private_dns_zone: "{{ azure_dns_private_dnz_zone_subdomain }}.{{ azure_dns_zone }}" -azure_rg: "rg-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}" +azure_rg: rg-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }} diff --git a/group_vars/all/azure_network.yml b/group_vars/all/azure_network.yml index 30adf55..37616a1 100644 --- a/group_vars/all/azure_network.yml +++ b/group_vars/all/azure_network.yml @@ -5,30 +5,30 @@ vnet_peering: true manage_nsg: true manage_subnet: true -azure_vnet: "vnet-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}" -azure_vnet_link: "vnet-link-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}" -azure_subnet: "subnet-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}" -azure_subnet_nsg: "nsg-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}" +azure_vnet: vnet-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }} +azure_vnet_link: vnet-link-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }} +azure_subnet: subnet-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }} +azure_subnet_nsg: nsg-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }} azure_public_ip: - name: "pip-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }}" - config_name: "pip-config-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }}" + name: pip-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }} + config_name: pip-config-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }} azure_networks: - - name: "public" - vnet: "10.1.0.0/29" - subnet: "10.1.0.0/29" - - name: "intra_mgmt" - vnet: "10.1.1.0/24" - subnet: "10.1.1.0/24" - - name: "intra_work" - vnet: "10.1.2.0/24" - subnet: "10.1.2.0/24" - - name: "dmz_work" - vnet: "10.1.3.0/24" - subnet: "10.1.3.128/25" - - name: "dmz_mgmt" - vnet: "10.1.3.0/24" - subnet: "10.1.3.0/29" + - name: public + vnet: 10.1.0.0/29 + subnet: 10.1.0.0/29 + - name: intra_mgmt + vnet: 10.1.1.0/24 + subnet: 10.1.1.0/24 + - name: intra_work + vnet: 10.1.2.0/24 + subnet: 10.1.2.0/24 + - name: dmz_work + vnet: 10.1.3.0/24 + subnet: 10.1.3.128/25 + - name: dmz_mgmt + vnet: 10.1.3.0/24 + subnet: 10.1.3.0/29 azure_vnet_address_prefix_public: "{{ (azure_networks | selectattr('name', 'match', 'public') | list)[0].vnet }}" azure_vnet_address_prefix_mgmt_intra: "{{ (azure_networks | selectattr('name', 'match', 'intra_mgmt') | list)[0].vnet }}" diff --git a/group_vars/all/azure_vm_deploy.yml b/group_vars/all/azure_vm_deploy.yml index 17547f4..3eadb63 100644 --- a/group_vars/all/azure_vm_deploy.yml +++ b/group_vars/all/azure_vm_deploy.yml @@ -1,4 +1,4 @@ --- azure_vm_deploy: true manage_public_ip: false -azure_nic_name: "nic-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }}" +azure_nic_name: nic-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }} diff --git a/group_vars/all/azure_vm_lock.yml b/group_vars/all/azure_vm_lock.yml index 75f443b..e4c2b9a 100644 --- a/group_vars/all/azure_vm_lock.yml +++ b/group_vars/all/azure_vm_lock.yml @@ -1,3 +1,3 @@ --- azure_vm_lock: false -azure_vm_lock_name: "lock-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }}" +azure_vm_lock_name: lock-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-{{ inventory_hostname }} diff --git a/group_vars/all/enforce_cis.yml b/group_vars/all/enforce_cis.yml index 2f48587..ac140a3 100644 --- a/group_vars/all/enforce_cis.yml +++ b/group_vars/all/enforce_cis.yml @@ -1,4 +1,4 @@ --- enforce_cis: true sudo_require_authentication: false -var_system_crypto_policy: "FIPS" +var_system_crypto_policy: FIPS diff --git a/group_vars/all/idm_config.yml b/group_vars/all/idm_config.yml index 92ed2d1..08f8f0c 100644 --- a/group_vars/all/idm_config.yml +++ b/group_vars/all/idm_config.yml @@ -2,4 +2,4 @@ idm_config: false idm_default_dns_zone: "{{ azure_dns_private_dns_zone }}" -ldap_domain_map: "dc={{ azure_dns_private_dnz_zone_subdomain }},dc={{ azure_dns_zone.split('.')[0] }},dc= {{ azure_dns_zone.split('.')[1] }}" +ldap_domain_map: dc={{ azure_dns_private_dnz_zone_subdomain }},dc={{ azure_dns_zone.split('.')[0] }},dc= {{ azure_dns_zone.split('.')[1] }} diff --git a/group_vars/all/imagebuilder.yml b/group_vars/all/imagebuilder.yml index e4c18a8..e308cbf 100644 --- a/group_vars/all/imagebuilder.yml +++ b/group_vars/all/imagebuilder.yml @@ -1,3 +1,3 @@ --- imagebuilder: true -rh_activation_key: "ak_showroom_golden_image" +rh_activation_key: ak_showroom_golden_image diff --git a/group_vars/all/ipa_client.yml b/group_vars/all/ipa_client.yml index 7feacb3..a9d7712 100644 --- a/group_vars/all/ipa_client.yml +++ b/group_vars/all/ipa_client.yml @@ -7,5 +7,5 @@ ipasssd_enable_dns_updates: true ipaclient_hostname: "{{ inventory_hostname }}" ipaclient_domain: "{{ azure_dns_private_dns_zone }}" ipaclient_realm: "{{ azure_dns_private_dns_zone | upper }}" -ipa_server_ca_path: "/etc/ipa/ca.crt" -ipa_client_trust_path: "/etc/pki/ca-trust/source/anchors/ipa.crt" +ipa_server_ca_path: /etc/ipa/ca.crt +ipa_client_trust_path: /etc/pki/ca-trust/source/anchors/ipa.crt diff --git a/group_vars/all/pki_idm_generate_certs.yml b/group_vars/all/pki_idm_generate_certs.yml index b135728..ef27592 100644 --- a/group_vars/all/pki_idm_generate_certs.yml +++ b/group_vars/all/pki_idm_generate_certs.yml @@ -3,12 +3,12 @@ pki_idm_generate_certs: false generate_certs: false update_ca_trust: false -pki_idm_generate_certs_csr_digest: "aes256" +pki_idm_generate_certs_csr_digest: aes256 pki_idm_generate_certs_csr_common_name: "{{ inventory_hostname }}" pki_idm_generate_certs_csr_organization_name: "{{ azure_dns_private_dns_zone | upper }}" -pki_idm_generate_certs_csr_organization_unit_name: "RHIS Project" -pki_idm_generate_certs_csr_locality_name: "Frankfurt am Main" -pki_idm_generate_certs_csr_state_or_province_name: "Hessen" -pki_idm_generate_certs_csr_country_name: "DE" -pki_idm_generate_certs_csr_email_address: "admin@{{ azure_dns_private_dns_zone }}" -pki_idm_generate_certs_csr_subject_alt_name: "DNS:{{ inventory_hostname }}" +pki_idm_generate_certs_csr_organization_unit_name: RHIS Project +pki_idm_generate_certs_csr_locality_name: Frankfurt am Main +pki_idm_generate_certs_csr_state_or_province_name: Hessen +pki_idm_generate_certs_csr_country_name: DE +pki_idm_generate_certs_csr_email_address: admin@{{ azure_dns_private_dns_zone }} +pki_idm_generate_certs_csr_subject_alt_name: DNS:{{ inventory_hostname }} diff --git a/group_vars/all/vault_ansible.yml b/group_vars/all/vault_ansible.yml index 5398cc0..ab3d5f1 100644 --- a/group_vars/all/vault_ansible.yml +++ b/group_vars/all/vault_ansible.yml @@ -1,9 +1,9 @@ --- # Default ansible vault credential vault_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 35646663633065333031396537663735326562393761313038383932616563616466393463363930 - 6436356666383537336635663539666161393638353234610a633064353439346533663833346466 - 65386432623731366334636164633363313530653237313261323337326137623332356665656131 - 3563336339393437640a313039373335643065623531393738346239363736323538646534386634 - 6465 + $ANSIBLE_VAULT;1.1;AES256 + 35646663633065333031396537663735326562393761313038383932616563616466393463363930 + 6436356666383537336635663539666161393638353234610a633064353439346533663833346466 + 65386432623731366334636164633363313530653237313261323337326137623332356665656131 + 3563336339393437640a313039373335643065623531393738346239363736323538646534386634 + 6465 diff --git a/group_vars/all/vault_rhis_users.yml b/group_vars/all/vault_rhis_users.yml index 878aa13..a34199f 100644 --- a/group_vars/all/vault_rhis_users.yml +++ b/group_vars/all/vault_rhis_users.yml @@ -10,7 +10,7 @@ showroom_users: 34663239386564306136643461626363663665633736643936313364633465666565643237356133 3739313131393831380a376662656532633930396335626137633436646463313566313361616231 3030 - email: "rhis-user-1@internal.showroom.run" + email: rhis-user-1@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -24,7 +24,7 @@ showroom_users: 64653137386130666337363835343132656634363437656663343437643765346233346630303531 3361616539376638310a653162626264333031663165623364396531393365363537343834333466 3837 - email: "rhis-user-2@internal.showroom.run" + email: rhis-user-2@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -38,7 +38,7 @@ showroom_users: 30656330613063643837666334383133633830393033663866666132623765363732316137623031 6464383232376437330a343137376536316565633838323664306336316536393465353538343566 6133 - email: "rhis-user-3@internal.showroom.run" + email: rhis-user-3@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -52,7 +52,7 @@ showroom_users: 31633465313233623631313163613766346163333965333230333334393232366630663935623535 6232613932323330320a656430396339623130383931656537303732316666343135326532626666 6631 - email: "rhis-user-4@internal.showroom.run" + email: rhis-user-4@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -66,7 +66,7 @@ showroom_users: 64336561396436373739626666626434383438333232353334653765303161333062383066396663 3162316630613062340a626433366330356166323265396132303961396232323439656238383263 3462 - email: "rhis-user-5@internal.showroom.run" + email: rhis-user-5@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -80,7 +80,7 @@ showroom_users: 35626362303866653737333834616438623262363466636436343561626566336566383466366138 3263643661353838320a643833303964373934353631656164383330653562656662386663313565 3736 - email: "rhis-user-6@internal.showroom.run" + email: rhis-user-6@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -94,7 +94,7 @@ showroom_users: 63366161363433636263353063623161346534613062663438366332656262356633376664333562 3834353835636537360a363365633362373430386336643330623734313762313139326664376131 6366 - email: "rhis-user-7@internal.showroom.run" + email: rhis-user-7@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -108,7 +108,7 @@ showroom_users: 38383032663030316236366238336164303363393939353733353765656332626537646234323134 3931663263646662320a663734383634373265326131626632326430613835376465376634616431 3465 - email: "rhis-user-8@internal.showroom.run" + email: rhis-user-8@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -122,7 +122,7 @@ showroom_users: 34316632393966623737343932306239653261383532366665363139383935663931396531663830 3037316237393234310a363138616339336439386164313538336564363339323964663333316263 3165 - email: "rhis-user-9@internal.showroom.run" + email: rhis-user-9@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -136,7 +136,7 @@ showroom_users: 62363238313030393338363265343831393864313937613161316237656365353839653264643533 3132663336663730630a326633323237386565396235333461326434323434336632373034326166 3231 - email: "rhis-user-10@internal.showroom.run" + email: rhis-user-10@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -150,7 +150,7 @@ showroom_users: 33643265333764353539356336303437353931663538636331323162366463633832663362336230 6663633036353130390a656332313036613236306235656634313862643430386263313031306333 3366 - email: "rhis-user-11@internal.showroom.run" + email: rhis-user-11@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -164,7 +164,7 @@ showroom_users: 36666332643739323736383836346639313433333030643265663263653736666262613431353033 3066323138623463320a623035613565666266313161303961313361626465643062396265386431 3134 - email: "rhis-user-12@internal.showroom.run" + email: rhis-user-12@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -178,7 +178,7 @@ showroom_users: 32306163386233373831306161353931616538363163376530366436366137663566353538353633 6232663165666232630a343461353834393565643333663633363630376266313033316563393834 3266 - email: "rhis-user-13@internal.showroom.run" + email: rhis-user-13@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -192,7 +192,7 @@ showroom_users: 32646561303436316631386464396637666539353831633532613265666433613763343531613334 6663323836616362660a313935376333303231396165353664623561373736343965646335306264 3938 - email: "rhis-user-14@internal.showroom.run" + email: rhis-user-14@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -206,7 +206,7 @@ showroom_users: 64653034613633353465383064653365343337636664393361343034333461623264313038363332 3035346136353963660a363063663838313161653936363934653737373461613933356631316431 6237 - email: "rhis-user-15@internal.showroom.run" + email: rhis-user-15@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -220,7 +220,7 @@ showroom_users: 32356137663566383138343630633564393635313734643131653132336634313233383966343265 6331316362386232610a616165303565636162383166613535356233333033353937623162326564 6435 - email: "rhis-user-16@internal.showroom.run" + email: rhis-user-16@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -234,7 +234,7 @@ showroom_users: 33386536376433326136353431663063666231393836316361346131316233666164313161313865 3963616565373062380a313437613132333132386330333436313834346130623362653339633562 6134 - email: "rhis-user-17@internal.showroom.run" + email: rhis-user-17@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -248,7 +248,7 @@ showroom_users: 63393836653933343962373036303131333333326337633065333532366137353131326130323166 6535383063366332350a393936326232393262653333333363623232613935323134326339386561 3739 - email: "rhis-user-18@internal.showroom.run" + email: rhis-user-18@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -262,7 +262,7 @@ showroom_users: 37383762623530626433313330353633336534373361613464353330643365643764303263656236 6666623831343735610a666531643266343565343062623739633534613437643335363335653665 6665 - email: "rhis-user-19@internal.showroom.run" + email: rhis-user-19@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -276,7 +276,7 @@ showroom_users: 39373336636237393939313839643237316531643162663764623163366661346366643236333366 3538616430326634650a623432343062623162313131646633643861326131623139656633313837 3334 - email: "rhis-user-20@internal.showroom.run" + email: rhis-user-20@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -290,7 +290,7 @@ showroom_users: 39303437663632636163363766316262323263303739373437623463333439353438336636383365 3230646330323666650a643161306162636131396634333032356161336364303631653337363931 6166 - email: "rhis-user-21@internal.showroom.run" + email: rhis-user-21@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -304,7 +304,7 @@ showroom_users: 65396465333736336436396563616335353839393162626136336131393739326231643466306233 6336656530353461310a353532643364303931396637356132623432363730326334303162373332 6361 - email: "rhis-user-22@internal.showroom.run" + email: rhis-user-22@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -318,7 +318,7 @@ showroom_users: 37313739663436373132663162643863306233306161393732653463623832343338333239653337 6538366238343738330a306232306434363537626639636139323435333666346262633464396433 3430 - email: "rhis-user-23@internal.showroom.run" + email: rhis-user-23@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -332,7 +332,7 @@ showroom_users: 37306235313162646531336262343031386665393531353833383536326337323030306530623438 6666656130353930330a343764656466396636303863613137383435363233303335393366663037 3237 - email: "rhis-user-24@internal.showroom.run" + email: rhis-user-24@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -346,7 +346,7 @@ showroom_users: 39623431356133343632303266363131623931343037363439663131313163356632306530343734 3738636164326133340a653338356666623530653235356465323831363236316638363065653062 6633 - email: "rhis-user-25@internal.showroom.run" + email: rhis-user-25@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -360,7 +360,7 @@ showroom_users: 34383261373335343239396664396639646264653637303061616363343032326166353164616562 3335616438643334650a353665626434313232616137633462396439653166616230353765396130 3661 - email: "rhis-user-26@internal.showroom.run" + email: rhis-user-26@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -374,7 +374,7 @@ showroom_users: 61633163646432343939313630613963383565633566376266656130376465656238373761366461 3864383337326334650a333934626566333636316130353834643536383333666435336139643330 6464 - email: "rhis-user-27@internal.showroom.run" + email: rhis-user-27@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -388,7 +388,7 @@ showroom_users: 63613538663866346662316338303735333434663433373963626366373462613431636338333866 6239623739323336650a383935626638616336333835303431626339393136663137396565343736 3231 - email: "rhis-user-28@internal.showroom.run" + email: rhis-user-28@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -402,7 +402,7 @@ showroom_users: 39626264633262613430626462646631613564393134366137663134653330666138376164613264 6535633130633465360a336632356530346138623164646135316336633962393835363635343031 3663 - email: "rhis-user-29@internal.showroom.run" + email: rhis-user-29@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -416,7 +416,7 @@ showroom_users: 39613435666430613736353438323832386533333566313964623132643665306637313330636430 3265666264663262640a616563643063376534316661323864376231396366623066323962643033 6665 - email: "rhis-user-30@internal.showroom.run" + email: rhis-user-30@internal.showroom.run passwordexpiration: "2055-04-01 23:59:59" update_password: on_create state: present @@ -424,97 +424,97 @@ showroom_users: showroom_group_users: - group: admins user: - - "rhis-user-1" - - "rhis-user-2" - - "rhis-user-3" - - "rhis-user-4" - - "rhis-user-5" - - "rhis-user-6" - - "rhis-user-7" - - "rhis-user-8" - - "rhis-user-9" - - "rhis-user-10" - - "rhis-user-11" - - "rhis-user-12" - - "rhis-user-13" - - "rhis-user-14" - - "rhis-user-15" - - "rhis-user-16" - - "rhis-user-17" - - "rhis-user-18" - - "rhis-user-19" - - "rhis-user-20" - - "rhis-user-21" - - "rhis-user-22" - - "rhis-user-23" - - "rhis-user-24" - - "rhis-user-25" - - "rhis-user-26" - - "rhis-user-27" - - "rhis-user-28" - - "rhis-user-29" - - "rhis-user-30" + - rhis-user-1 + - rhis-user-2 + - rhis-user-3 + - rhis-user-4 + - rhis-user-5 + - rhis-user-6 + - rhis-user-7 + - rhis-user-8 + - rhis-user-9 + - rhis-user-10 + - rhis-user-11 + - rhis-user-12 + - rhis-user-13 + - rhis-user-14 + - rhis-user-15 + - rhis-user-16 + - rhis-user-17 + - rhis-user-18 + - rhis-user-19 + - rhis-user-20 + - rhis-user-21 + - rhis-user-22 + - rhis-user-23 + - rhis-user-24 + - rhis-user-25 + - rhis-user-26 + - rhis-user-27 + - rhis-user-28 + - rhis-user-29 + - rhis-user-30 - group: aapgroup-user user: - - "rhis-user-1" - - "rhis-user-2" - - "rhis-user-3" - - "rhis-user-4" - - "rhis-user-5" - - "rhis-user-6" - - "rhis-user-7" - - "rhis-user-8" - - "rhis-user-9" - - "rhis-user-10" - - "rhis-user-11" - - "rhis-user-12" - - "rhis-user-13" - - "rhis-user-14" - - "rhis-user-15" - - "rhis-user-16" - - "rhis-user-17" - - "rhis-user-18" - - "rhis-user-19" - - "rhis-user-20" - - "rhis-user-21" - - "rhis-user-22" - - "rhis-user-23" - - "rhis-user-24" - - "rhis-user-25" - - "rhis-user-26" - - "rhis-user-27" - - "rhis-user-28" - - "rhis-user-29" - - "rhis-user-30" + - rhis-user-1 + - rhis-user-2 + - rhis-user-3 + - rhis-user-4 + - rhis-user-5 + - rhis-user-6 + - rhis-user-7 + - rhis-user-8 + - rhis-user-9 + - rhis-user-10 + - rhis-user-11 + - rhis-user-12 + - rhis-user-13 + - rhis-user-14 + - rhis-user-15 + - rhis-user-16 + - rhis-user-17 + - rhis-user-18 + - rhis-user-19 + - rhis-user-20 + - rhis-user-21 + - rhis-user-22 + - rhis-user-23 + - rhis-user-24 + - rhis-user-25 + - rhis-user-26 + - rhis-user-27 + - rhis-user-28 + - rhis-user-29 + - rhis-user-30 - group: default-ssh-group user: - - "rhis-user-1" - - "rhis-user-2" - - "rhis-user-3" - - "rhis-user-4" - - "rhis-user-5" - - "rhis-user-6" - - "rhis-user-7" - - "rhis-user-8" - - "rhis-user-9" - - "rhis-user-10" - - "rhis-user-11" - - "rhis-user-12" - - "rhis-user-13" - - "rhis-user-14" - - "rhis-user-15" - - "rhis-user-16" - - "rhis-user-17" - - "rhis-user-18" - - "rhis-user-19" - - "rhis-user-20" - - "rhis-user-21" - - "rhis-user-22" - - "rhis-user-23" - - "rhis-user-24" - - "rhis-user-25" - - "rhis-user-26" - - "rhis-user-27" - - "rhis-user-28" - - "rhis-user-29" - - "rhis-user-30" + - rhis-user-1 + - rhis-user-2 + - rhis-user-3 + - rhis-user-4 + - rhis-user-5 + - rhis-user-6 + - rhis-user-7 + - rhis-user-8 + - rhis-user-9 + - rhis-user-10 + - rhis-user-11 + - rhis-user-12 + - rhis-user-13 + - rhis-user-14 + - rhis-user-15 + - rhis-user-16 + - rhis-user-17 + - rhis-user-18 + - rhis-user-19 + - rhis-user-20 + - rhis-user-21 + - rhis-user-22 + - rhis-user-23 + - rhis-user-24 + - rhis-user-25 + - rhis-user-26 + - rhis-user-27 + - rhis-user-28 + - rhis-user-29 + - rhis-user-30 diff --git a/group_vars/all/vault_rootca_certificate.yml b/group_vars/all/vault_rootca_certificate.yml index d79c643..e9d6a5f 100644 --- a/group_vars/all/vault_rootca_certificate.yml +++ b/group_vars/all/vault_rootca_certificate.yml @@ -1,3 +1,4 @@ +--- rootca_certificate: !vault | $ANSIBLE_VAULT;1.2;AES256;filter_default 30333331386266653865653034376564366633313435646538333334386333643333303662626639 diff --git a/group_vars/all/vault_squid.yml b/group_vars/all/vault_squid.yml index aa424e8..f3f0fe4 100644 --- a/group_vars/all/vault_squid.yml +++ b/group_vars/all/vault_squid.yml @@ -1,15 +1,15 @@ --- squid_admin_username: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 38373962373334653536626561626566346564303164623364306338333339633163386634393361 - 3263663336626534616335363731346461666363376362610a333339336665616164373433356439 - 65373730623865643865303535333463623866313563616437363239383138646364633532313861 - 6136623964623861370a383633666462346235343131316537643836353233613532633862316433 - 31653637633862386236396232623537363966333662666263373539613264616665 + $ANSIBLE_VAULT;1.1;AES256 + 38373962373334653536626561626566346564303164623364306338333339633163386634393361 + 3263663336626534616335363731346461666363376362610a333339336665616164373433356439 + 65373730623865643865303535333463623866313563616437363239383138646364633532313861 + 6136623964623861370a383633666462346235343131316537643836353233613532633862316433 + 31653637633862386236396232623537363966333662666263373539613264616665 squid_admin_password: !vault | - $ANSIBLE_VAULT;1.1;AES256 - 65383266663536653331386666326261396337616234333838343034386461373563633239666637 - 6534636331616365656433346532656331666539323836640a633237623434323132613130626436 - 63396564313436356662633662393435653037643066653431303936323736313938383437363935 - 3535336235386238320a383635316331653239353664316338613030356337636133656138623366 - 3336 + $ANSIBLE_VAULT;1.1;AES256 + 65383266663536653331386666326261396337616234333838343034386461373563633239666637 + 6534636331616365656433346532656331666539323836640a633237623434323132613130626436 + 63396564313436356662633662393435653037643066653431303936323736313938383437363935 + 3535336235386238320a383635316331653239353664316338613030356337636133656138623366 + 3336 diff --git a/group_vars/bastion/azure_infra.yml b/group_vars/bastion/azure_infra.yml index 8bf54bd..64cb5cd 100644 --- a/group_vars/bastion/azure_infra.yml +++ b/group_vars/bastion/azure_infra.yml @@ -1,2 +1,2 @@ --- -azure_rg: "rg-{{ infrastructure_type }}-intra-{{ deployment_environment }}" +azure_rg: rg-{{ infrastructure_type }}-intra-{{ deployment_environment }} diff --git a/group_vars/bastion/azure_nsg.yml b/group_vars/bastion/azure_nsg.yml index ae859f3..fede2fa 100644 --- a/group_vars/bastion/azure_nsg.yml +++ b/group_vars/bastion/azure_nsg.yml @@ -3,29 +3,29 @@ azure_subnet_nsg_rules: # Inbound # SSH connection from Internet - - name: "AllowSSHInBound" + - name: AllowSSHInBound protocol: Tcp direction: Inbound priority: 200 access: Allow - source_address_prefix: "Internet" + source_address_prefix: Internet source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "22" # Squid connection from Internet - - name: "AllowSquidInbound" + - name: AllowSquidInbound protocol: Tcp direction: Inbound priority: 201 access: Allow - source_address_prefix: "Internet" + source_address_prefix: Internet source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "3128" # Deny all other inbound - - name: "DenyOtherInBound" + - name: DenyOtherInBound protocol: "*" direction: Inbound priority: 500 @@ -38,39 +38,39 @@ azure_subnet_nsg_rules: # Outbound # SSH connection to other vnets - - name: "AllowSSHOutBound" + - name: AllowSSHOutBound protocol: Tcp direction: Outbound priority: 200 access: Allow source_address_prefix: "{{ azure_vnet_address_prefix }}" source_port_range: "*" - destination_address_prefix: "VirtualNetwork" + destination_address_prefix: VirtualNetwork destination_port_range: "22" # HTTP connection to VirtualNetwork - - name: "AllowHTTPOutBound" + - name: AllowHTTPOutBound protocol: Tcp direction: Outbound priority: 201 access: Allow source_address_prefix: "{{ azure_vnet_address_prefix }}" source_port_range: "*" - destination_address_prefix: "VirtualNetwork" + destination_address_prefix: VirtualNetwork destination_port_range: "80" # HTTPS connection to VirtualNetwork - - name: "AllowHTTPSOutBound" + - name: AllowHTTPSOutBound protocol: Tcp direction: Outbound priority: 202 access: Allow source_address_prefix: "{{ azure_vnet_address_prefix }}" source_port_range: "*" - destination_address_prefix: "VirtualNetwork" + destination_address_prefix: VirtualNetwork destination_port_range: "443" # IDM connection from mgmt_intra - - name: "AllowLDAPOutBound" + - name: AllowLDAPOutBound protocol: Tcp direction: Outbound priority: 203 @@ -79,7 +79,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "389" - - name: "AllowLDAPSOutBound" + - name: AllowLDAPSOutBound protocol: Tcp direction: Outbound priority: 204 @@ -88,7 +88,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "636" - - name: "AllowKerberosOutBound-1" + - name: AllowKerberosOutBound-1 protocol: "*" direction: Outbound priority: 205 @@ -97,7 +97,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "88" - - name: "AllowKerberosOutBound-2" + - name: AllowKerberosOutBound-2 protocol: "*" direction: Outbound priority: 206 @@ -106,7 +106,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "464" - - name: "AllowDNSOutBoundTCP" + - name: AllowDNSOutBoundTCP protocol: "*" direction: Outbound priority: 207 @@ -115,7 +115,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "53" - - name: "AllowNTPOutBound" + - name: AllowNTPOutBound protocol: Udp direction: Outbound priority: 208 @@ -124,7 +124,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "123" - - name: "AllowKadmindOutBound" + - name: AllowKadmindOutBound protocol: Tcp direction: Outbound priority: 209 @@ -135,12 +135,12 @@ azure_subnet_nsg_rules: destination_port_range: "749" # Deny other vnet connection - - name: "DenyOtherVnetOutBound" + - name: DenyOtherVnetOutBound protocol: "*" direction: Outbound priority: 500 access: Deny source_address_prefix: "{{ azure_vnet_address_prefix }}" source_port_range: "*" - destination_address_prefix: "VirtualNetwork" + destination_address_prefix: VirtualNetwork destination_port_range: "*" diff --git a/group_vars/github_runner/github_runner.yml b/group_vars/github_runner/github_runner.yml index 9a51b70..7444eec 100644 --- a/group_vars/github_runner/github_runner.yml +++ b/group_vars/github_runner/github_runner.yml @@ -1,14 +1,14 @@ --- create_github_runner: true -github_account: "rhis-project" +github_account: rhis-project runner_org: true -runner_name: "showroom_runner" -runner_workdir: "/opt/github_actions_runner" +runner_name: showroom_runner +runner_workdir: /opt/github_actions_runner runner_labels: - ci - lint -runner_group: "Default" -runner_architecture: "x64" +runner_group: Default +runner_architecture: x64 access_token: "{{ github_pat }}" runner_user: "{{ vm_user }}" diff --git a/group_vars/ipahidden/idm_config_hbac_rules.yml b/group_vars/ipahidden/idm_config_hbac_rules.yml index 9ab4e16..10b02ab 100644 --- a/group_vars/ipahidden/idm_config_hbac_rules.yml +++ b/group_vars/ipahidden/idm_config_hbac_rules.yml @@ -1,7 +1,7 @@ --- idm_hbac_rules: - name: admin_allow_all - description: "Realm Admin accesses all hosts" + description: Realm Admin accesses all hosts state: present hostcategory: all servicecategory: all @@ -11,7 +11,7 @@ idm_hbac_rules: - "{{ default_ssh_vm_user }}" - name: sat-operators - description: "Satellite Operators can access the Satellite and Capsule Servers" + description: Satellite Operators can access the Satellite and Capsule Servers state: present hostgroup: - sat-servers @@ -20,7 +20,7 @@ idm_hbac_rules: - satgroup-operator - name: aap-operators - description: "Ansible Automation Platform Operators can access AAP Servers" + description: Ansible Automation Platform Operators can access AAP Servers state: present hostgroup: - aap-servers @@ -30,7 +30,7 @@ idm_hbac_rules: - aapgroup-operator - name: ssh-access - description: "Basic ssh access to all servers" + description: Basic ssh access to all servers state: present hostcategory: all hbacsvc: @@ -39,7 +39,7 @@ idm_hbac_rules: - default-ssh-group - name: ansible-admin-access - description: "Ansible admin access to all servers" + description: Ansible admin access to all servers state: present hostgroup: - all-servers @@ -52,7 +52,7 @@ idm_hbac_rules: - "{{ default_ssh_vm_user }}" - name: bastion-access - description: "Access configuration for bastion VM" + description: Access configuration for bastion VM state: present hostgroup: - bastion-servers @@ -63,7 +63,7 @@ idm_hbac_rules: - bastion-group - name: github-runner-access - description: "Access configuration for github runner VM" + description: Access configuration for github runner VM state: present hostgroup: - github-runner-servers diff --git a/group_vars/ipahidden/idm_config_host_groups.yml b/group_vars/ipahidden/idm_config_host_groups.yml index a411360..6a51cef 100644 --- a/group_vars/ipahidden/idm_config_host_groups.yml +++ b/group_vars/ipahidden/idm_config_host_groups.yml @@ -1,12 +1,12 @@ --- idm_host_groups: - - name: "sat-servers" - desc: "Satellite Servers and Capsules" - - name: "aap-servers" - desc: "Ansible Automation Platform Servers" - - name: "bastion-servers" - desc: "Utility Servers for General Purpose work" - - name: "github-runner-servers" - desc: "Utility Servers for General Purpose work" - - name: "all-servers" - desc: "All Servers" + - name: sat-servers + desc: Satellite Servers and Capsules + - name: aap-servers + desc: Ansible Automation Platform Servers + - name: bastion-servers + desc: Utility Servers for General Purpose work + - name: github-runner-servers + desc: Utility Servers for General Purpose work + - name: all-servers + desc: All Servers diff --git a/group_vars/ipahidden/idm_config_pwpolicy.yml b/group_vars/ipahidden/idm_config_pwpolicy.yml index 4b4dbf9..b8708b9 100644 --- a/group_vars/ipahidden/idm_config_pwpolicy.yml +++ b/group_vars/ipahidden/idm_config_pwpolicy.yml @@ -1,7 +1,7 @@ --- idm_password_policy: - - name: "global_policy" - state: "present" + - name: global_policy + state: present history: "3" maxlife: "90" minlife: "1" @@ -16,8 +16,8 @@ idm_password_policy: usercheck: "true" gracelimit: "2" - - name: "bastion-group" - state: "present" + - name: bastion-group + state: present history: "12" maxlife: "30" minlife: "3" diff --git a/group_vars/ipahidden/idm_config_sudo_rules.yml b/group_vars/ipahidden/idm_config_sudo_rules.yml index 1a2529f..f6801ba 100644 --- a/group_vars/ipahidden/idm_config_sudo_rules.yml +++ b/group_vars/ipahidden/idm_config_sudo_rules.yml @@ -1,15 +1,15 @@ --- idm_sudo_rules: - - name: "realm-admin" - description: "Control sudo access on all servers for admins" + - name: realm-admin + description: Control sudo access on all servers for admins state: present cmdcategory: all hostcategory: all group: - admins - - name: "sat-admin" - description: "Control sudo access on Satellite Servers and Capsules" + - name: sat-admin + description: Control sudo access on Satellite Servers and Capsules state: present cmdcategory: all hostgroup: @@ -20,8 +20,8 @@ idm_sudo_rules: - satgroup-site-administrator - satgroup-operator - - name: "aap-admin" - description: "Control sudo access on Ansible Automation Platform Servers" + - name: aap-admin + description: Control sudo access on Ansible Automation Platform Servers state: present cmdcategory: all hostgroup: @@ -30,8 +30,8 @@ idm_sudo_rules: - aapgroup-administrator - aapgroup-operator - - name: "github-runner-config" - description: "Control sudo access on Github Runner" + - name: github-runner-config + description: Control sudo access on Github Runner state: present hostgroup: - github-runner-servers @@ -40,8 +40,8 @@ idm_sudo_rules: group: - github-runner-group - - name: "bastion-squid-config" - description: "Control sudo access on Bastion for Squid" + - name: bastion-squid-config + description: Control sudo access on Bastion for Squid state: present hostgroup: - bastion-servers @@ -50,8 +50,8 @@ idm_sudo_rules: group: - bastion-group - - name: "global-sudo-admin" - description: "Control sudo access without password" + - name: global-sudo-admin + description: Control sudo access without password state: present cmdcategory: all hostcategory: all diff --git a/group_vars/ipahidden/idm_config_sudo_rules_commands.yml b/group_vars/ipahidden/idm_config_sudo_rules_commands.yml index 479b2c1..210ee20 100644 --- a/group_vars/ipahidden/idm_config_sudo_rules_commands.yml +++ b/group_vars/ipahidden/idm_config_sudo_rules_commands.yml @@ -1,9 +1,9 @@ --- idm_sudo_commands: - - name: "/opt/actions-runner/bin/Runner.Listener" - description: "Command to configure on Github Runner" + - name: /opt/actions-runner/bin/Runner.Listener + description: Command to configure on Github Runner state: present - - name: "/usr/sbin/squid" - description: "squid" + - name: /usr/sbin/squid + description: squid state: present diff --git a/group_vars/ipahidden/idm_config_user.yml b/group_vars/ipahidden/idm_config_user.yml index b1169af..c0490d2 100644 --- a/group_vars/ipahidden/idm_config_user.yml +++ b/group_vars/ipahidden/idm_config_user.yml @@ -1,61 +1,61 @@ --- idm_users: - - name: "mkutlu" - first: "Mehmet" - last: "Kutlu" - email: "mkutlu@internal.showroom.run" + - name: mkutlu + first: Mehmet + last: Kutlu + email: mkutlu@internal.showroom.run state: present - - name: "ypolat" - first: "Yigit" - last: "Polat" - email: "ypolat@internal.showroom.run" + - name: ypolat + first: Yigit + last: Polat + email: ypolat@internal.showroom.run state: present - - name: "bkaraoren" - first: "Bilhan" - last: "Karaoren" - email: "bkaraoren@internal.showroom.run" + - name: bkaraoren + first: Bilhan + last: Karaoren + email: bkaraoren@internal.showroom.run state: present - - name: "mmaiti" - first: "Manas" - last: "Maiti" - email: "mmaiti@internal.showroom.run" + - name: mmaiti + first: Manas + last: Maiti + email: mmaiti@internal.showroom.run state: present - - name: "jcosta" - first: "Jose" - last: "Costa" - email: "jcosta@internal.showroom.run" + - name: jcosta + first: Jose + last: Costa + email: jcosta@internal.showroom.run state: present - - name: "njagdale" - first: "Nupur" - last: "Jagdale" - email: "njagdale@internal.showroom.run" + - name: njagdale + first: Nupur + last: Jagdale + email: njagdale@internal.showroom.run state: present - - name: "svishnoi" - first: "Suresh" - last: "Vishnoi" - email: "svishnoi@internal.showroom.run" + - name: svishnoi + first: Suresh + last: Vishnoi + email: svishnoi@internal.showroom.run state: present - - name: "parmstrong" - first: "Paul" - last: "Armstrong" - email: "parmstrong@internal.showroom.run" + - name: parmstrong + first: Paul + last: Armstrong + email: parmstrong@internal.showroom.run state: present - - name: "mwelk" - first: "Martin" - last: "Welk" - email: "mwelk@internal.showroom.run" + - name: mwelk + first: Martin + last: Welk + email: mwelk@internal.showroom.run state: present - name: "{{ default_ssh_vm_user }}" - first: "Techuser" - last: "Ansible Global" + first: Techuser + last: Ansible Global email: "{{ default_ssh_vm_user }}@internal.showroom.run" password: "{{ techuser_ansible_global_password }}" passwordexpiration: "2025-04-01 23:59:59" update_password: on_create state: present - name: "{{ ldap_bind_principal }}" - first: "Techuser" - last: "Ldap Bind" + first: Techuser + last: Ldap Bind email: "{{ ldap_bind_principal }}@internal.showroom.run" password: "{{ ldap_bind_password }}" passwordexpiration: "2055-04-01 23:59:59" @@ -63,56 +63,56 @@ idm_users: state: present idm_group_users: - - group: "satgroup-administrator" + - group: satgroup-administrator user: - - "mkutlu" - - "ypolat" - - "bkaraoren" - - "mmaiti" - - "jcosta" - - group: "satgroup-org-administrator" + - mkutlu + - ypolat + - bkaraoren + - mmaiti + - jcosta + - group: satgroup-org-administrator user: - - "mkutlu" - - "ypolat" - - "bkaraoren" - - "mmaiti" - - "jcosta" - - group: "satgroup-site-administrator" + - mkutlu + - ypolat + - bkaraoren + - mmaiti + - jcosta + - group: satgroup-site-administrator user: - - "mkutlu" - - "ypolat" - - "bkaraoren" - - "mmaiti" - - "jcosta" - - group: "aapgroup-administrator" + - mkutlu + - ypolat + - bkaraoren + - mmaiti + - jcosta + - group: aapgroup-administrator user: - - "mkutlu" - - "ypolat" - - "bkaraoren" - - "mmaiti" - - "jcosta" - - group: "satgroup-compliance-manager" + - mkutlu + - ypolat + - bkaraoren + - mmaiti + - jcosta + - group: satgroup-compliance-manager user: - - "mwelk" - - group: "satgroup-operator" + - mwelk + - group: satgroup-operator user: - - "svishnoi" - - "njagdale" - - group: "aapgroup-user" + - svishnoi + - njagdale + - group: aapgroup-user user: - - "svishnoi" - - "njagdale" - - group: "aapgroup-auditor" + - svishnoi + - njagdale + - group: aapgroup-auditor user: - - "mwelk" - - group: "default-ssh-group" + - mwelk + - group: default-ssh-group user: - "{{ default_ssh_vm_user }}" idm_group_groups: - - name: "satgroup-administrator" - group: "admins" - state: "present" - - name: "aapgroup-administrator" - group: "admins" - state: "present" + - name: satgroup-administrator + group: admins + state: present + - name: aapgroup-administrator + group: admins + state: present diff --git a/group_vars/ipahidden/idm_config_user_groups.yml b/group_vars/ipahidden/idm_config_user_groups.yml index e839416..85a66a3 100644 --- a/group_vars/ipahidden/idm_config_user_groups.yml +++ b/group_vars/ipahidden/idm_config_user_groups.yml @@ -1,40 +1,40 @@ --- idm_user_groups: - - name: "satgroup-administrator" - desc: "Satellite Server Administrators" - - name: "satgroup-org-administrator" - desc: "Satellite Default Org Administrators - Manager Role" - - name: "satgroup-site-administrator" - desc: "Satellite Default Org Administrators - Manager Role for a Location" - - name: "satgroup-compliance-manager" - desc: "Satellite Systems Compliance Managers - Full control compliance content" - - name: "satgroup-compliance-auditor" - desc: "Satellite Systems Compliance Auditor - Read only control compliance content" - - name: "satgroup-operator" - desc: "Satellite Server Operators - Full control on hosts and content hosts" - - name: "satgroup-sub-manager" - desc: "Satellite Subscription Manager - Manage all subscriptions" - - name: "satgroup-content-manager" - desc: "Satellite Content Manager - Manage all content" - - name: "aapgroup-administrator" - desc: "Ansible Automation Platform Administrators" - - name: "aapgroup-auditor" - desc: "Ansible Automation Platform Auditors" - - name: "aapgroup-operator" - desc: "Ansible Automation Platform Server Operators" - - name: "aapgroup-proj_manager" - desc: "Ansible Automation Platform Project Manager" - - name: "aapgroup-template_manager" - desc: "Ansible Automation Platform Template Manager" - - name: "aapgroup-user" - desc: "Ansible Automation Platform User - Can run basic Templates and Workflows" - - name: "aapgroup-developer" - desc: "Ansible Automation Platform Programmer - an AAP power user" - - name: "default-ssh-group" - desc: "Default group for new created users to have ssh access to servers" - - name: "bastion-group" - desc: "Default user group for Bastion VM" - - name: "github-runner-group" - desc: "Default user group for Github Runner VM" - - name: "ansible-admin-group" - desc: "Admin Group for Ansible" + - name: satgroup-administrator + desc: Satellite Server Administrators + - name: satgroup-org-administrator + desc: Satellite Default Org Administrators - Manager Role + - name: satgroup-site-administrator + desc: Satellite Default Org Administrators - Manager Role for a Location + - name: satgroup-compliance-manager + desc: Satellite Systems Compliance Managers - Full control compliance content + - name: satgroup-compliance-auditor + desc: Satellite Systems Compliance Auditor - Read only control compliance content + - name: satgroup-operator + desc: Satellite Server Operators - Full control on hosts and content hosts + - name: satgroup-sub-manager + desc: Satellite Subscription Manager - Manage all subscriptions + - name: satgroup-content-manager + desc: Satellite Content Manager - Manage all content + - name: aapgroup-administrator + desc: Ansible Automation Platform Administrators + - name: aapgroup-auditor + desc: Ansible Automation Platform Auditors + - name: aapgroup-operator + desc: Ansible Automation Platform Server Operators + - name: aapgroup-proj_manager + desc: Ansible Automation Platform Project Manager + - name: aapgroup-template_manager + desc: Ansible Automation Platform Template Manager + - name: aapgroup-user + desc: Ansible Automation Platform User - Can run basic Templates and Workflows + - name: aapgroup-developer + desc: Ansible Automation Platform Programmer - an AAP power user + - name: default-ssh-group + desc: Default group for new created users to have ssh access to servers + - name: bastion-group + desc: Default user group for Bastion VM + - name: github-runner-group + desc: Default user group for Github Runner VM + - name: ansible-admin-group + desc: Admin Group for Ansible diff --git a/group_vars/ipareplicas/idm_replicas.yml b/group_vars/ipareplicas/idm_replicas.yml index 7279293..a126229 100644 --- a/group_vars/ipareplicas/idm_replicas.yml +++ b/group_vars/ipareplicas/idm_replicas.yml @@ -11,5 +11,5 @@ ipareplica_realm: "{{ idm_default_dns_zone | upper }}" ipareplica_hostname: "{{ inventory_hostname }}" ipareplica_forwarders: - "{{ azure_dns_ip }}" # Azure IP -ipareplica_forward_policy: "first" +ipareplica_forward_policy: first ipareplica_no_host_dns: true diff --git a/group_vars/ipaserver/idm_server.yml b/group_vars/ipaserver/idm_server.yml index 5cc8875..0592e82 100644 --- a/group_vars/ipaserver/idm_server.yml +++ b/group_vars/ipaserver/idm_server.yml @@ -12,8 +12,8 @@ ipaserver_realm: "{{ idm_default_dns_zone | upper }}" ipaserver_allow_zone_overlap: true ipaserver_forwarders: - "{{ azure_dns_ip }}" # Azure IP -ipaserver_forward_policy: "first" +ipaserver_forward_policy: first ipaserver_auto_reverse: true ipaserver_no_host_dns: true -ipaserver_chain_cert_path: "/root/chain.crt" +ipaserver_chain_cert_path: /root/chain.crt diff --git a/group_vars/mgmt_tools/azure_nsg.yml b/group_vars/mgmt_tools/azure_nsg.yml index 6efffbb..83343fb 100644 --- a/group_vars/mgmt_tools/azure_nsg.yml +++ b/group_vars/mgmt_tools/azure_nsg.yml @@ -3,7 +3,7 @@ azure_subnet_nsg_rules: # Inbound # All connection within Subnet - - name: "AllowAllSubnetInbound" + - name: AllowAllSubnetInbound protocol: "*" direction: Inbound priority: 100 @@ -14,7 +14,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # SSH connection from Bastion - - name: "AllowSSHInBound" + - name: AllowSSHInBound protocol: Tcp direction: Inbound priority: 200 @@ -25,27 +25,27 @@ azure_subnet_nsg_rules: destination_port_range: "22" # HTTP connection from VirtualNetwork - - name: "AllowHTTPInBound" + - name: AllowHTTPInBound protocol: Tcp direction: Inbound priority: 201 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "80" # HTTPS connection from VirtualNetwork - - name: "AllowHTTPSInBound" + - name: AllowHTTPSInBound protocol: Tcp direction: Inbound priority: 202 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "443" # Satellite Compute Resource’s virtual console connection from Bastion - - name: "AllowHTTPSInBound-2" + - name: AllowHTTPSInBound-2 protocol: Tcp direction: Inbound priority: 203 @@ -53,75 +53,75 @@ azure_subnet_nsg_rules: source_address_prefix: "{{ azure_subnet_address_prefix_public }}" source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" - destination_port_range: "5910-5930" + destination_port_range: 5910-5930 # IDM connection from VirtualNetwork - - name: "AllowLDAPInBound" + - name: AllowLDAPInBound protocol: Tcp direction: Inbound priority: 204 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "389" - - name: "AllowLDAPSInBound" + - name: AllowLDAPSInBound protocol: Tcp direction: Inbound priority: 205 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "636" - - name: "AllowKerberosInBound-1" + - name: AllowKerberosInBound-1 protocol: "*" direction: Inbound priority: 206 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "88" - - name: "AllowKerberosInBound-2" + - name: AllowKerberosInBound-2 protocol: "*" direction: Inbound priority: 207 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "464" - - name: "AllowDNSInBoundTCP" + - name: AllowDNSInBoundTCP protocol: "*" direction: Inbound priority: 208 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "53" - - name: "AllowNTPInBound" + - name: AllowNTPInBound protocol: Udp direction: Inbound priority: 209 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "123" - - name: "AllowKadmindInBound" + - name: AllowKadmindInBound protocol: Tcp direction: Inbound priority: 210 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "749" # Deny all other inbound - - name: "DenyOtherInBound" + - name: DenyOtherInBound protocol: "*" direction: Inbound priority: 500 @@ -134,7 +134,7 @@ azure_subnet_nsg_rules: # Outbound # All connection within Subnet - - name: "AllowAllSubnetOutbound" + - name: AllowAllSubnetOutbound protocol: "*" direction: Outbound priority: 100 @@ -145,18 +145,18 @@ azure_subnet_nsg_rules: destination_port_range: "*" # SSH connection to other vnets - - name: "AllowSSHOutBound" + - name: AllowSSHOutBound protocol: Tcp direction: Outbound priority: 200 access: Allow source_address_prefix: "{{ azure_vnet_address_prefix }}" source_port_range: "*" - destination_address_prefix: "VirtualNetwork" + destination_address_prefix: VirtualNetwork destination_port_range: "22" # HTTP connection to workload_servers_intra - - name: "AllowHTTPOutBound" + - name: AllowHTTPOutBound protocol: Tcp direction: Outbound priority: 201 @@ -166,7 +166,7 @@ azure_subnet_nsg_rules: destination_address_prefix: "{{ azure_subnet_address_prefix_workload_servers_intra }}" destination_port_range: "80" # HTTPS connection to workload_servers_intra - - name: "AllowHTTPSOutBound" + - name: AllowHTTPSOutBound protocol: Tcp direction: Outbound priority: 202 @@ -177,12 +177,12 @@ azure_subnet_nsg_rules: destination_port_range: "443" # Deny other vnet connection - - name: "DenyOtherVnetOutBound" + - name: DenyOtherVnetOutBound protocol: "*" direction: Outbound priority: 500 access: Deny source_address_prefix: "{{ azure_vnet_address_prefix }}" source_port_range: "*" - destination_address_prefix: "VirtualNetwork" + destination_address_prefix: VirtualNetwork destination_port_range: "*" diff --git a/group_vars/mgmt_tools/azure_vnet.yml b/group_vars/mgmt_tools/azure_vnet.yml index 47e7998..bdf3a39 100644 --- a/group_vars/mgmt_tools/azure_vnet.yml +++ b/group_vars/mgmt_tools/azure_vnet.yml @@ -5,8 +5,9 @@ azure_vnet_address_prefix: "{{ azure_vnet_address_prefix_mgmt_intra }}" azure_subnet_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" vnet_peers: - - azure_vnet_peer: "vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-1" + - azure_vnet_peer: vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-1 azure_rg: "{{ hostvars[groups.bastion | first]['azure_rg'] }}" azure_vnet: "{{ hostvars[groups.bastion | first]['azure_vnet'] }}" - azure_vnet_id: "/subscriptions/{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.bastion | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.bastion | first]['azure_vnet'] }}" + azure_vnet_id: /subscriptions/{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.bastion | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ + hostvars[groups.bastion | first]['azure_vnet'] }} azure_subs: "{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}" diff --git a/group_vars/mgmt_tools_dmz/azure_nsg.yml b/group_vars/mgmt_tools_dmz/azure_nsg.yml index c755b79..49dc759 100644 --- a/group_vars/mgmt_tools_dmz/azure_nsg.yml +++ b/group_vars/mgmt_tools_dmz/azure_nsg.yml @@ -1,10 +1,10 @@ --- -azure_subnet_nsg: "nsg-mgmt-{{ network_zone }}-{{ deployment_environment }}" +azure_subnet_nsg: nsg-mgmt-{{ network_zone }}-{{ deployment_environment }} azure_subnet_nsg_rules: # Inbound # All connection within Subnet - - name: "AllowAllSubnetInbound" + - name: AllowAllSubnetInbound protocol: "*" direction: Inbound priority: 100 @@ -15,7 +15,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # SSH connection from Bastion - - name: "AllowSSHInBound-1" + - name: AllowSSHInBound-1 protocol: Tcp direction: Inbound priority: 200 @@ -26,7 +26,7 @@ azure_subnet_nsg_rules: destination_port_range: "22" # SSH connection from mgmt_inra - - name: "AllowSSHInBound-2" + - name: AllowSSHInBound-2 protocol: Tcp direction: Inbound priority: 201 @@ -37,22 +37,22 @@ azure_subnet_nsg_rules: destination_port_range: "22" # HTTP connection from VirtualNetwork - - name: "AllowHTTPInBound" + - name: AllowHTTPInBound protocol: Tcp direction: Inbound priority: 202 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "80" # HTTPS connection from VirtualNetwork - - name: "AllowHTTPSInBound" + - name: AllowHTTPSInBound protocol: Tcp direction: Inbound priority: 203 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "443" @@ -62,7 +62,7 @@ azure_subnet_nsg_rules: # Outbound # All connection within Subnet - - name: "AllowAllSubnetOutbound" + - name: AllowAllSubnetOutbound protocol: "*" direction: Outbound priority: 100 @@ -73,7 +73,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # Satellite HTTP connection to mgmt_intra - - name: "AllowHTTPOutBound" + - name: AllowHTTPOutBound protocol: Tcp direction: Outbound priority: 201 @@ -83,7 +83,7 @@ azure_subnet_nsg_rules: destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "80" # Satellite HTTPS connection to mgmt_intra - - name: "AllowHTTPSOutBound" + - name: AllowHTTPSOutBound protocol: Tcp direction: Outbound priority: 202 @@ -94,7 +94,7 @@ azure_subnet_nsg_rules: destination_port_range: "443" # IDM connection to mgmt_inra - - name: "AllowLDAPOutBound" + - name: AllowLDAPOutBound protocol: Tcp direction: Outbound priority: 203 @@ -103,7 +103,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "389" - - name: "AllowLDAPSOutBound" + - name: AllowLDAPSOutBound protocol: Tcp direction: Outbound priority: 204 @@ -112,7 +112,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "636" - - name: "AllowKerberosOutBound-1" + - name: AllowKerberosOutBound-1 protocol: "*" direction: Outbound priority: 205 @@ -121,7 +121,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "88" - - name: "AllowKerberosOutBound-2" + - name: AllowKerberosOutBound-2 protocol: "*" direction: Outbound priority: 206 @@ -130,7 +130,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "464" - - name: "AllowDNSOutBoundTCP" + - name: AllowDNSOutBoundTCP protocol: "*" direction: Outbound priority: 207 @@ -139,7 +139,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "53" - - name: "AllowNTPOutBound" + - name: AllowNTPOutBound protocol: Udp direction: Outbound priority: 208 @@ -148,7 +148,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "123" - - name: "AllowKadmindOutBound" + - name: AllowKadmindOutBound protocol: Tcp direction: Outbound priority: 209 @@ -159,7 +159,7 @@ azure_subnet_nsg_rules: destination_port_range: "749" # Deny other connection to All VNets - - name: "DenyOtherVnetOutBound" + - name: DenyOtherVnetOutBound protocol: "*" direction: Outbound priority: 500 diff --git a/group_vars/mgmt_tools_dmz/azure_vnet.yml b/group_vars/mgmt_tools_dmz/azure_vnet.yml index acefc2f..37cbffa 100644 --- a/group_vars/mgmt_tools_dmz/azure_vnet.yml +++ b/group_vars/mgmt_tools_dmz/azure_vnet.yml @@ -1,3 +1,3 @@ --- azure_subnet_address_prefix: "{{ azure_subnet_address_prefix_mgmt_tools_dmz }}" -azure_subnet: "subnet-mgmt-{{ network_zone }}-{{ deployment_environment }}" +azure_subnet: subnet-mgmt-{{ network_zone }}-{{ deployment_environment }} diff --git a/group_vars/rootca/pki_create_rootca.yml b/group_vars/rootca/pki_create_rootca.yml index 3df23f5..6aa8a8a 100644 --- a/group_vars/rootca/pki_create_rootca.yml +++ b/group_vars/rootca/pki_create_rootca.yml @@ -1,3 +1,3 @@ --- pki_rootca: true -ca_common_name: "RHIS RootCA" +ca_common_name: RHIS RootCA diff --git a/group_vars/satellite/satellite_config_activation_keys.yml b/group_vars/satellite/satellite_config_activation_keys.yml index e9c81f8..7c866f8 100644 --- a/group_vars/satellite/satellite_config_activation_keys.yml +++ b/group_vars/satellite/satellite_config_activation_keys.yml @@ -1,95 +1,95 @@ --- satellite_activation_keys: - - name: "ak_dev_rhel8_default_vm" - description: "Activation Key for Dev RHEL 8 systems" - content_view: "ccv_rhel8_vm" - lifecycle_environment: "Dev" + - name: ak_dev_rhel8_default_vm + description: Activation Key for Dev RHEL 8 systems + content_view: ccv_rhel8_vm + lifecycle_environment: Dev organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "8" content_overrides: - label: satellite-client-6-for-rhel-8-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_dev_rhel9_default_vm" - description: "Activation Key for Dev RHEL 9 systems" - content_view: "ccv_rhel9_vm" - lifecycle_environment: "Dev" + - name: ak_dev_rhel9_default_vm + description: Activation Key for Dev RHEL 9 systems + content_view: ccv_rhel9_vm + lifecycle_environment: Dev organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "9" content_overrides: - label: satellite-client-6-for-rhel-9-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_qa_rhel8_default_vm" - description: "Activation Key for QA RHEL 8 systems" - content_view: "ccv_rhel8_vm" - lifecycle_environment: "QA" + - name: ak_qa_rhel8_default_vm + description: Activation Key for QA RHEL 8 systems + content_view: ccv_rhel8_vm + lifecycle_environment: QA organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "8" content_overrides: - label: satellite-client-6-for-rhel-8-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_qa_rhel9_default_vm" - description: "Activation Key for QA RHEL 9 systems" - content_view: "ccv_rhel9_vm" - lifecycle_environment: "QA" + - name: ak_qa_rhel9_default_vm + description: Activation Key for QA RHEL 9 systems + content_view: ccv_rhel9_vm + lifecycle_environment: QA organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "9" content_overrides: - label: satellite-client-6-for-rhel-9-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_prod_rhel8_default_vm" - description: "Activation Key for Prod RHEL 8 systems" - content_view: "ccv_rhel8_vm" - lifecycle_environment: "Prod" + - name: ak_prod_rhel8_default_vm + description: Activation Key for Prod RHEL 8 systems + content_view: ccv_rhel8_vm + lifecycle_environment: Prod organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "8" content_overrides: - label: satellite-client-6-for-rhel-8-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_prod_rhel9_default_vm" - description: "Activation Key for Prod RHEL 9 systems" - content_view: "ccv_rhel9_vm" - lifecycle_environment: "Prod" + - name: ak_prod_rhel9_default_vm + description: Activation Key for Prod RHEL 9 systems + content_view: ccv_rhel9_vm + lifecycle_environment: Prod organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "9" content_overrides: - label: satellite-client-6-for-rhel-9-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_dev_rhel9_aap" - description: "Activation Key for Ansible Automation Platform" - content_view: "ccv_aap" - lifecycle_environment: "Dev" + - name: ak_dev_rhel9_aap + description: Activation Key for Ansible Automation Platform + content_view: ccv_aap + lifecycle_environment: Dev organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "9" # When installing ipaclient packages, dependencies are installed from aap repo and there are version mismatches!! @@ -97,39 +97,39 @@ satellite_activation_keys: # - label: ansible-automation-platform-2.4-for-rhel-9-x86_64-rpms # override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_dev_epel" - description: "Activation Key for Dev EPEL systems" - content_view: "ccv_epel" - lifecycle_environment: "Dev" + - name: ak_dev_epel + description: Activation Key for Dev EPEL systems + content_view: ccv_epel + lifecycle_environment: Dev organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "8" unlimited_hosts: true - state: "present" + state: present - - name: "ak_dev_rhel8_capsule" - description: "Activation Key for Dev RHEL 8 Capsule" - content_view: "ccv_rhel8_capsule" - lifecycle_environment: "Dev" + - name: ak_dev_rhel8_capsule + description: Activation Key for Dev RHEL 8 Capsule + content_view: ccv_rhel8_capsule + lifecycle_environment: Dev organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false release_version: "8" content_overrides: - label: satellite-client-6-for-rhel-8-x86_64-rpms override: enabled unlimited_hosts: true - state: "present" + state: present - - name: "ak_dev_leapp_rhel8_10_to_rhel9_4" - description: "Activation Key for RHEL8 to RHEL9 Leapp Upgrades" - content_view: "cv_leapp_rhel8_10_to_rhel9_4" - lifecycle_environment: "Dev" + - name: ak_dev_leapp_rhel8_10_to_rhel9_4 + description: Activation Key for RHEL8 to RHEL9 Leapp Upgrades + content_view: cv_leapp_rhel8_10_to_rhel9_4 + lifecycle_environment: Dev organization: "{{ satellite_organization }}" - service_level: "Self-Support" + service_level: Self-Support auto_attach: false unlimited_hosts: true - state: "present" + state: present diff --git a/group_vars/satellite/satellite_config_compute_profiles.yml b/group_vars/satellite/satellite_config_compute_profiles.yml index 2b12179..3a01fe6 100644 --- a/group_vars/satellite/satellite_config_compute_profiles.yml +++ b/group_vars/satellite/satellite_config_compute_profiles.yml @@ -1,50 +1,48 @@ --- satellite_compute_profiles: - - name: "Azure-Intranet-Management-Default-VM" + - name: Azure-Intranet-Management-Default-VM compute_attributes: - - compute_resource: "Azure_Management" + - compute_resource: Azure_Management vm_attrs: - resource_group: "rg-mgmt-intra-dev" - platform: "Linux" + resource_group: rg-mgmt-intra-dev + platform: Linux username: "{{ vm_user }}" ssh_key_data: "{{ vm_user_public_key }}" premium_os_disk: "true" os_disk_size_gb: "41" - os_disk_caching: "ReadWrite" + os_disk_caching: ReadWrite script_command: "" script_uris: "" tags: "" nvidia_gpu_extension: "false" interfaces_attributes: 0: - network: "/subscriptions/{{ azure_subscription_id }}/resourceGroups/rg-mgmt-intra-dev/\ - providers/Microsoft.Network/virtualNetworks/vnet-mgmt-intra-dev/subnets/subnet-mgmt-intra-dev" - public_ip: "None" + network: /subscriptions/{{ azure_subscription_id }}/resourceGroups/rg-mgmt-intra-dev/providers/Microsoft.Network/virtualNetworks/vnet-mgmt-intra-dev/subnets/subnet-mgmt-intra-dev + public_ip: None private_ip: "false" volumes_attributes: 0: disk_size_gb: 1 - - name: "Azure-Intranet-Workload-Default-VM" + - name: Azure-Intranet-Workload-Default-VM compute_attributes: - - compute_resource: "Azure_Workload" + - compute_resource: Azure_Workload vm_attrs: - resource_group: "rg-work-intra-dev" - platform: "Linux" + resource_group: rg-work-intra-dev + platform: Linux username: "{{ vm_user }}" ssh_key_data: "{{ vm_user_public_key }}" premium_os_disk: "true" os_disk_size_gb: "41" - os_disk_caching: "ReadWrite" + os_disk_caching: ReadWrite script_command: "" script_uris: "" tags: "" nvidia_gpu_extension: "false" interfaces_attributes: 0: - network: "/subscriptions/{{ hostvars[groups.work | first]['azure_subscription_id'] }}/resourceGroups/rg-work-intra-dev/\ - providers/Microsoft.Network/virtualNetworks/vnet-work-intra-dev/subnets/subnet-work-intra-dev" - public_ip: "None" + network: /subscriptions/{{ hostvars[groups.work | first]['azure_subscription_id'] }}/resourceGroups/rg-work-intra-dev/providers/Microsoft.Network/virtualNetworks/vnet-work-intra-dev/subnets/subnet-work-intra-dev + public_ip: None private_ip: "false" volumes_attributes: 0: diff --git a/group_vars/satellite/satellite_config_compute_resources.yml b/group_vars/satellite/satellite_config_compute_resources.yml index a8334a5..ff75757 100644 --- a/group_vars/satellite/satellite_config_compute_resources.yml +++ b/group_vars/satellite/satellite_config_compute_resources.yml @@ -1,7 +1,7 @@ --- satellite_compute_resources: - - name: "Azure_Management" - provider: "AzureRm" + - name: Azure_Management + provider: AzureRm locations: - Intranet - DMZ @@ -9,27 +9,27 @@ satellite_compute_resources: provider_params: app_ident: "{{ techuser_ansible_client_id }}" password: "{{ techuser_ansible_secret_value }}" - cloud: "azure" + cloud: azure region: "{{ azure_region }}" sub_id: "{{ azure_subscription_id }}" tenant: "{{ azure_tenant_id }}" images: - - name: "image-rhel-94" - architecture: "x86_64" - operatingsystem: "RedHat 9.4" + - name: image-rhel-94 + architecture: x86_64 + operatingsystem: RedHat 9.4 image_username: "{{ vm_user }}" user_data: true - uuid: "custom://image-rhel-94" + uuid: custom://image-rhel-94 - - name: "image-rhel-8.10" - architecture: "x86_64" - operatingsystem: "RHEL 8.10" + - name: image-rhel-8.10 + architecture: x86_64 + operatingsystem: RHEL 8.10 image_username: "{{ vm_user }}" user_data: true - uuid: "custom://image-rhel-8.10" + uuid: custom://image-rhel-8.10 - - name: "Azure_Workload" - provider: "AzureRm" + - name: Azure_Workload + provider: AzureRm locations: - Intranet - DMZ @@ -37,35 +37,35 @@ satellite_compute_resources: provider_params: app_ident: "{{ techuser_ansible_client_id }}" password: "{{ techuser_ansible_secret_value }}" - cloud: "azure" + cloud: azure region: "{{ azure_region }}" sub_id: "{{ hostvars[groups.work | first]['azure_subscription_id'] }}" # FIX tenant: "{{ azure_tenant_id }}" images: - - name: "image-rhel-93" - architecture: "x86_64" - operatingsystem: "RedHat 9.3" + - name: image-rhel-93 + architecture: x86_64 + operatingsystem: RedHat 9.3 image_username: "{{ vm_user }}" user_data: true - uuid: "custom://image-rhel-93" + uuid: custom://image-rhel-93 - - name: "image-rhel-94" - architecture: "x86_64" - operatingsystem: "RedHat 9.4" + - name: image-rhel-94 + architecture: x86_64 + operatingsystem: RedHat 9.4 image_username: "{{ vm_user }}" user_data: true - uuid: "custom://image-rhel-94" + uuid: custom://image-rhel-94 - - name: "image-rhel-89" - architecture: "x86_64" - operatingsystem: "RedHat 8.9" + - name: image-rhel-89 + architecture: x86_64 + operatingsystem: RedHat 8.9 image_username: "{{ vm_user }}" user_data: true - uuid: "custom://image-rhel-89" + uuid: custom://image-rhel-89 - - name: "image-rhel-8.10" - architecture: "x86_64" - operatingsystem: "RHEL 8.10" + - name: image-rhel-8.10 + architecture: x86_64 + operatingsystem: RHEL 8.10 image_username: "{{ vm_user }}" user_data: true - uuid: "custom://image-rhel-8.10" + uuid: custom://image-rhel-8.10 diff --git a/group_vars/satellite/satellite_config_content_credentials.yml b/group_vars/satellite/satellite_config_content_credentials.yml index df42100..123f698 100644 --- a/group_vars/satellite/satellite_config_content_credentials.yml +++ b/group_vars/satellite/satellite_config_content_credentials.yml @@ -1,3 +1,4 @@ +--- satellite_content_credentials: - name: gpg_epel content_type: gpg_key diff --git a/group_vars/satellite/satellite_config_content_views.yml b/group_vars/satellite/satellite_config_content_views.yml index 3ae5de4..e612b2a 100644 --- a/group_vars/satellite/satellite_config_content_views.yml +++ b/group_vars/satellite/satellite_config_content_views.yml @@ -1,135 +1,135 @@ --- satellite_content_views: - name: cv_rhel8_base - description: "Content View containing all repositories for RHEL8" + description: Content View containing all repositories for RHEL8 repositories: - - name: "Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8" - product: "Red Hat Enterprise Linux for x86_64" - # date_filter_name: "Include_Errata_By_Date" + - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8 + product: Red Hat Enterprise Linux for x86_64 + # date_filter_name: "Include_Errata_By_Date" environments: - - "Library" - # filters: - # - name: "Include_All_Packages_No_Errata" - # filter_type: "rpm" - # inclusion: true - # description: "Include all rpms with no errata for all repositories" - # original_packages: true - # - name: "Include_All_Streams_No_Errata" - # filter_type: "modulemd" - # inclusion: true - # description: "Include all module streams with no errata for all repositories" - # original_module_streams: true - # - name: "Include_Errata_By_Date" - # filter_type: "erratum" - # inclusion: true - # description: "Include all errata updated as of {{ lookup('pipe', 'date +%Y-%m-%d') }}" - # rules: - # - name: "errata-by-date-{{ lookup('pipe', 'date +%Y-%m-%d') }}" - # end_date: "{{ lookup('pipe', 'date +%Y-%m-%d') }}" - # date_type: "updated" - # types: - # - "enhancement" - # - "bugfix" - # - "security" - # - name: "Exclude_FireFox" - # filter_type: "rpm" - # inclusion: false - # description: "Do not provide Firefox to servers" - # rules: - # - name: "firefox*" + - Library + # filters: + # - name: "Include_All_Packages_No_Errata" + # filter_type: "rpm" + # inclusion: true + # description: "Include all rpms with no errata for all repositories" + # original_packages: true + # - name: "Include_All_Streams_No_Errata" + # filter_type: "modulemd" + # inclusion: true + # description: "Include all module streams with no errata for all repositories" + # original_module_streams: true + # - name: "Include_Errata_By_Date" + # filter_type: "erratum" + # inclusion: true + # description: "Include all errata updated as of {{ lookup('pipe', 'date +%Y-%m-%d') }}" + # rules: + # - name: "errata-by-date-{{ lookup('pipe', 'date +%Y-%m-%d') }}" + # end_date: "{{ lookup('pipe', 'date +%Y-%m-%d') }}" + # date_type: "updated" + # types: + # - "enhancement" + # - "bugfix" + # - "security" + # - name: "Exclude_FireFox" + # filter_type: "rpm" + # inclusion: false + # description: "Do not provide Firefox to servers" + # rules: + # - name: "firefox*" - - name: "cv_rhel9_base" - description: "Content View containing all repositories for RHEL9" + - name: cv_rhel9_base + description: Content View containing all repositories for RHEL9 repositories: - - name: "Red Hat Enterprise Linux 9 for x86_64 - AppStream RPMs 9" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - BaseOS RPMs 9" - product: "Red Hat Enterprise Linux for x86_64" + - name: Red Hat Enterprise Linux 9 for x86_64 - AppStream RPMs 9 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - BaseOS RPMs 9 + product: Red Hat Enterprise Linux for x86_64 lifecycle_environments: - - "Library" + - Library - - name: "cv_aap" - description: "Content view containing all repositories for Ansible Automation Platform" + - name: cv_aap + description: Content view containing all repositories for Ansible Automation Platform repositories: - - name: "Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64 Files" - product: "Red Hat Ansible Automation Platform" - - name: "Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64 RPMs" - product: "Red Hat Ansible Automation Platform" + - name: Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64 Files + product: Red Hat Ansible Automation Platform + - name: Red Hat Ansible Automation Platform 2.4 for RHEL 9 x86_64 RPMs + product: Red Hat Ansible Automation Platform lifecycle_environments: - - "Library" + - Library - - name: "cv_epel" - description: "Content view containing all repositories for Epel" + - name: cv_epel + description: Content view containing all repositories for Epel repositories: - - name: "epel8" - product: "Epel" - - name: "epel8_stream" - product: "Epel" + - name: epel8 + product: Epel + - name: epel8_stream + product: Epel lifecycle_environments: - - "Library" + - Library - name: cv_rhel8_capsule - description: "Content View containing additional repos needed for a capsule" + description: Content View containing additional repos needed for a capsule repositories: - - name: "Red Hat Satellite Capsule 6.15 for RHEL 8 x86_64 RPMs" - product: "Red Hat Satellite Capsule" - - name: "Red Hat Satellite Maintenance 6.15 for RHEL 8 x86_64 RPMs" - product: "Red Hat Enterprise Linux for x86_64" - lifecycle_environments:: - - "Library" + - name: Red Hat Satellite Capsule 6.15 for RHEL 8 x86_64 RPMs + product: Red Hat Satellite Capsule + - name: Red Hat Satellite Maintenance 6.15 for RHEL 8 x86_64 RPMs + product: Red Hat Enterprise Linux for x86_64 + "lifecycle_environments:": + - Library - name: cv_rhel8_support_tools - description: "Content View containing support tools for RHEL8" + description: Content View containing support tools for RHEL8 repositories: - - name: "Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 8 for x86_64 - Supplementary RPMs 8" - product: "Red Hat Enterprise Linux for x86_64" - lifecycle_environments:: - - "Library" + - name: Red Hat Satellite Client 6 for RHEL 8 x86_64 RPMs + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 8 for x86_64 - Supplementary RPMs 8 + product: Red Hat Enterprise Linux for x86_64 + "lifecycle_environments:": + - Library - name: cv_rhel9_support_tools - description: "Content View containing support tools for RHEL9" + description: Content View containing support tools for RHEL9 repositories: - - name: "Red Hat Satellite Client 6 for RHEL 9 x86_64 RPMs" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - Supplementary RPMs 9" - product: "Red Hat Enterprise Linux for x86_64" + - name: Red Hat Satellite Client 6 for RHEL 9 x86_64 RPMs + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - Supplementary RPMs 9 + product: Red Hat Enterprise Linux for x86_64 lifecycle_environments: - - "Library" + - Library - name: cv_rhel8_kickstart - description: "Content View containing all repositories for Kickstart for RHEL8" + description: Content View containing all repositories for Kickstart for RHEL8 repositories: - - name: "Red Hat Enterprise Linux 8 for x86_64 - AppStream Kickstart 8.9" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 8 for x86_64 - BaseOS Kickstart 8.9" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 8 for x86_64 - AppStream Kickstart 8.10" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 8 for x86_64 - BaseOS Kickstart 8.10" - product: "Red Hat Enterprise Linux for x86_64" + - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream Kickstart 8.9 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS Kickstart 8.9 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream Kickstart 8.10 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS Kickstart 8.10 + product: Red Hat Enterprise Linux for x86_64 lifecycle_environments: - - "Library" + - Library - name: cv_rhel9_kickstart - description: "Content View containing all repositories for Kickstart for RHEL9" + description: Content View containing all repositories for Kickstart for RHEL9 repositories: - - name: "Red Hat Enterprise Linux 9 for x86_64 - AppStream Kickstart 9.3" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - BaseOS Kickstart 9.3" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - AppStream Kickstart 9.4" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - BaseOS Kickstart 9.4" - product: "Red Hat Enterprise Linux for x86_64" + - name: Red Hat Enterprise Linux 9 for x86_64 - AppStream Kickstart 9.3 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - BaseOS Kickstart 9.3 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - AppStream Kickstart 9.4 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - BaseOS Kickstart 9.4 + product: Red Hat Enterprise Linux for x86_64 lifecycle_environments: - - "Library" + - Library - name: ccv_aap - description: "Ansible Automation Platform composite content view" + description: Ansible Automation Platform composite content view auto_publish: false components: - content_view: cv_rhel9_base @@ -139,13 +139,13 @@ satellite_content_views: - content_view: cv_rhel9_support_tools latest: true lifecycle_environments: - - "Library" - - "Dev" - - "QA" - - "Prod" + - Library + - Dev + - QA + - Prod - name: ccv_epel - description: "Epel composite content view" + description: Epel composite content view auto_publish: false components: - content_view: cv_rhel8_base @@ -155,13 +155,13 @@ satellite_content_views: - content_view: cv_rhel8_support_tools latest: true lifecycle_environments: - - "Library" - - "Dev" - - "QA" - - "Prod" + - Library + - Dev + - QA + - Prod - name: ccv_rhel8_capsule - description: "Content View for Satellite Capsule" + description: Content View for Satellite Capsule auto_publish: false components: - content_view: cv_rhel8_base @@ -171,13 +171,13 @@ satellite_content_views: - content_view: cv_rhel8_support_tools latest: true lifecycle_environments: - - "Library" - - "Dev" - - "QA" - - "Prod" + - Library + - Dev + - QA + - Prod - name: ccv_rhel8_vm - description: "Content View for RHEL8 VMs" + description: Content View for RHEL8 VMs auto_publish: false components: - content_view: cv_rhel8_base @@ -185,13 +185,13 @@ satellite_content_views: - content_view: cv_rhel8_support_tools latest: true lifecycle_environments: - - "Library" - - "Dev" - - "QA" - - "Prod" + - Library + - Dev + - QA + - Prod - name: ccv_rhel9_vm - description: "Content View for RHEL9 VMs" + description: Content View for RHEL9 VMs auto_publish: false components: - content_view: cv_rhel9_base @@ -199,24 +199,24 @@ satellite_content_views: - content_view: cv_rhel9_support_tools latest: true lifecycle_environments: - - "Library" - - "Dev" - - "QA" - - "Prod" + - Library + - Dev + - QA + - Prod - - name: "cv_leapp_rhel8_10_to_rhel9_4" - description: "Content View for RHEL8.10 to RHEL9.4 Leapp Upgrades" + - name: cv_leapp_rhel8_10_to_rhel9_4 + description: Content View for RHEL8.10 to RHEL9.4 Leapp Upgrades repositories: - - name: "Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8.10" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8.10" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - AppStream RPMs 9.4" - product: "Red Hat Enterprise Linux for x86_64" - - name: "Red Hat Enterprise Linux 9 for x86_64 - BaseOS RPMs 9.4" - product: "Red Hat Enterprise Linux for x86_64" + - name: Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8.10 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8.10 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - AppStream RPMs 9.4 + product: Red Hat Enterprise Linux for x86_64 + - name: Red Hat Enterprise Linux 9 for x86_64 - BaseOS RPMs 9.4 + product: Red Hat Enterprise Linux for x86_64 lifecycle_environments: - - "Library" - - "Dev" - - "QA" - - "Prod" + - Library + - Dev + - QA + - Prod diff --git a/group_vars/satellite/satellite_config_custom_products.yml b/group_vars/satellite/satellite_config_custom_products.yml index 830ec9b..6300717 100644 --- a/group_vars/satellite/satellite_config_custom_products.yml +++ b/group_vars/satellite/satellite_config_custom_products.yml @@ -1,23 +1,23 @@ --- # Variable to add custom products and repos satellite_config_custom_products: - - name: "Epel" - description: "Extra Packages for Enterprise Linux 8" + - name: Epel + description: Extra Packages for Enterprise Linux 8 org: "{{ satellite_organization }}" - label: "epel8" + label: epel8 repositories: - - name: "epel8" + - name: epel8 upstream_name: "" - content_type: "yum" - url: "https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/" + content_type: yum + url: https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/ username: "" password: "" - download_policy: "on_demand" - gpg_key: "gpg_epel" - - name: "epel8_stream" + download_policy: on_demand + gpg_key: gpg_epel + - name: epel8_stream upstream_name: "" - content_type: "yum" - url: "https://dl.fedoraproject.org/pub/epel/8/Modular/x86_64/" + content_type: yum + url: https://dl.fedoraproject.org/pub/epel/8/Modular/x86_64/ username: "" password: "" - download_policy: "on_demand" + download_policy: on_demand diff --git a/group_vars/satellite/satellite_config_dicovery_rules.yml b/group_vars/satellite/satellite_config_dicovery_rules.yml index 5539bb0..0effe76 100644 --- a/group_vars/satellite/satellite_config_dicovery_rules.yml +++ b/group_vars/satellite/satellite_config_dicovery_rules.yml @@ -1,11 +1,11 @@ --- satellite_config_discovery_rules: - - name: "dr_intranet_vms" + - name: dr_intranet_vms enabled: false state: present organizations: "{{ satellite_organization }}" locations: - - "Intranet" - search: "subnet = 10.1.1.0" + - Intranet + search: subnet = 10.1.1.0 priority: 20 - hostgroup: "hg_mgmt_dev/hg_intranet" + hostgroup: hg_mgmt_dev/hg_intranet diff --git a/group_vars/satellite/satellite_config_domains.yml b/group_vars/satellite/satellite_config_domains.yml index 05d5818..cb11306 100644 --- a/group_vars/satellite/satellite_config_domains.yml +++ b/group_vars/satellite/satellite_config_domains.yml @@ -3,7 +3,7 @@ satellite_domains: - name: "{{ azure_dns_private_dns_zone }}" description: "{{ azure_dns_private_dns_zone }} - root domain for the installation" locations: - - "Intranet" - - "DMZ" + - Intranet + - DMZ organizations: - "{{ satellite_organization }}" diff --git a/group_vars/satellite/satellite_config_git_repos.yml b/group_vars/satellite/satellite_config_git_repos.yml index c83c5df..8d2a7a8 100644 --- a/group_vars/satellite/satellite_config_git_repos.yml +++ b/group_vars/satellite/satellite_config_git_repos.yml @@ -1,41 +1,41 @@ --- satellite_config_git_repos: - - repository: "https://github.com/RedHatOfficial/ansible-role-rhel9-pci-dss.git" - name: "ansible-role-rhel9-pci-dss" - dest: "/etc/ansible/roles/ansible-role-rhel9-pci-dss" + - repository: https://github.com/RedHatOfficial/ansible-role-rhel9-pci-dss.git + name: ansible-role-rhel9-pci-dss + dest: /etc/ansible/roles/ansible-role-rhel9-pci-dss clone: true force: true - - repository: "https://github.com/RedHatOfficial/ansible-role-rhel9-cis.git" - name: "ansible-role-rhel9-cis" - dest: "/etc/ansible/roles/ansible-role-rhel9-cis" + - repository: https://github.com/RedHatOfficial/ansible-role-rhel9-cis.git + name: ansible-role-rhel9-cis + dest: /etc/ansible/roles/ansible-role-rhel9-cis clone: true force: true - - repository: "https://github.com/RedHatOfficial/ansible-role-rhel9-stig.git" - name: "ansible-role-rhel9-stig" - dest: "/etc/ansible/roles/ansible-role-rhel9-stig" + - repository: https://github.com/RedHatOfficial/ansible-role-rhel9-stig.git + name: ansible-role-rhel9-stig + dest: /etc/ansible/roles/ansible-role-rhel9-stig clone: true force: true - - repository: "https://github.com/RedHatOfficial/ansible-role-rhel8-pci-dss.git" - name: "ansible-role-rhel8-pci-dss" - dest: "/etc/ansible/roles/ansible-role-rhel8-pci-dss" + - repository: https://github.com/RedHatOfficial/ansible-role-rhel8-pci-dss.git + name: ansible-role-rhel8-pci-dss + dest: /etc/ansible/roles/ansible-role-rhel8-pci-dss clone: true force: true - - repository: "https://github.com/RedHatOfficial/ansible-role-rhel8-cis.git" - name: "ansible-role-rhel8-cis" - dest: "/etc/ansible/roles/ansible-role-rhel8-cis" + - repository: https://github.com/RedHatOfficial/ansible-role-rhel8-cis.git + name: ansible-role-rhel8-cis + dest: /etc/ansible/roles/ansible-role-rhel8-cis clone: true force: true - - repository: "https://github.com/RedHatOfficial/ansible-role-rhel8-stig.git" - name: "ansible-role-rhel8-stig" - dest: "/etc/ansible/roles/ansible-role-rhel8-stig" + - repository: https://github.com/RedHatOfficial/ansible-role-rhel8-stig.git + name: ansible-role-rhel8-stig + dest: /etc/ansible/roles/ansible-role-rhel8-stig clone: true force: true satellite_config_ansible_roles: - - "theforeman.foreman_scap_client" - - "ansible-role-rhel9-pci-dss" - - "ansible-role-rhel9-cis" - - "ansible-role-rhel9-stig" - - "ansible-role-rhel8-pci-dss" - - "ansible-role-rhel8-cis" - - "ansible-role-rhel8-stig" + - theforeman.foreman_scap_client + - ansible-role-rhel9-pci-dss + - ansible-role-rhel9-cis + - ansible-role-rhel9-stig + - ansible-role-rhel8-pci-dss + - ansible-role-rhel8-cis + - ansible-role-rhel8-stig diff --git a/group_vars/satellite/satellite_config_global_parameters.yml b/group_vars/satellite/satellite_config_global_parameters.yml index dd6b5f2..c295118 100644 --- a/group_vars/satellite/satellite_config_global_parameters.yml +++ b/group_vars/satellite/satellite_config_global_parameters.yml @@ -1,33 +1,33 @@ --- satellite_config_global_parameters: - - name: "enable-epel" + - name: enable-epel value: false - parameter_type: "boolean" + parameter_type: boolean - - name: "enable-remote-execution-pull" + - name: enable-remote-execution-pull value: false - parameter_type: "boolean" + parameter_type: boolean - - name: "fips_enabled" + - name: fips_enabled value: true - parameter_type: "boolean" + parameter_type: boolean - - name: "encrypt_grub" + - name: encrypt_grub value: true - parameter_type: "boolean" + parameter_type: boolean - - name: "lang" - value: "en_US.utf-8" - parameter_type: "string" + - name: lang + value: en_US.utf-8 + parameter_type: string - - name: "keyboard" - value: "us" - parameter_type: "string" + - name: keyboard + value: us + parameter_type: string - - name: "time-zone" - value: "Europe/Berlin" - parameter_type: "string" + - name: time-zone + value: Europe/Berlin + parameter_type: string - - name: "host_registration_insights" + - name: host_registration_insights value: "true" - parameter_type: "boolean" + parameter_type: boolean diff --git a/group_vars/satellite/satellite_config_hostgroups.yml b/group_vars/satellite/satellite_config_hostgroups.yml index 34112ef..001c1bd 100644 --- a/group_vars/satellite/satellite_config_hostgroups.yml +++ b/group_vars/satellite/satellite_config_hostgroups.yml @@ -1,385 +1,385 @@ --- satellite_hostgroups: # Management - Dev - - name: "hg_mgmt_dev" + - name: hg_mgmt_dev state: present description: > The parent hostgroup for all hosts belonging to the Dev environment organization: "{{ satellite_organization }}" - lifecycle_environment: "Dev" + lifecycle_environment: Dev domain: "{{ azure_dns_private_dns_zone }}" realm: "{{ azure_dns_private_dns_zone | upper }}" - compute_resource: "Azure_Management" + compute_resource: Azure_Management - - name: "hg_intranet" - description: "Parent hostgroup for Management Intranet" - parent: "hg_mgmt_dev" + - name: hg_intranet + description: Parent hostgroup for Management Intranet + parent: hg_mgmt_dev organization: "{{ satellite_organization }}" content_source: "{{ groups.satellite | first }}" openscap_proxy: "{{ groups.satellite | first }}" locations: - - "Intranet" + - Intranet - - name: "hg_rhel8.9" - description: "Parent hostgroup for rhel8.9 systems" - parent: "hg_mgmt_dev/hg_intranet" + - name: hg_rhel8.9 + description: Parent hostgroup for rhel8.9 systems + parent: hg_mgmt_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RedHat 8.9" + architecture: x86_64 + operatingsystem: RedHat 8.9 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Management-Default-VM" + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_rhel8_default_vm - - name: "hg_rhel8.10" - description: "Parent hostgroup for rhel8.10 systems" - parent: "hg_mgmt_dev/hg_intranet" + - name: hg_rhel8.10 + description: Parent hostgroup for rhel8.10 systems + parent: hg_mgmt_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RHEL 8.10" + architecture: x86_64 + operatingsystem: RHEL 8.10 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Management-Default-VM" + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_rhel8_default_vm - - name: "hg_rhel9.3" - description: "Parent hostgroup for rhel9.3 systems" - parent: "hg_mgmt_dev/hg_intranet" + - name: hg_rhel9.3 + description: Parent hostgroup for rhel9.3 systems + parent: hg_mgmt_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.3" + architecture: x86_64 + operatingsystem: RedHat 9.3 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Management-Default-VM" + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_rhel9_default_vm - - name: "hg_rhel9.4" - description: "Parent hostgroup for rhel9.4 systems" - parent: "hg_mgmt_dev/hg_intranet" + - name: hg_rhel9.4 + description: Parent hostgroup for rhel9.4 systems + parent: hg_mgmt_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.4" + architecture: x86_64 + operatingsystem: RedHat 9.4 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Management-Default-VM" + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_rhel9_default_vm # Workload - Dev - - name: "hg_work_dev" + - name: hg_work_dev state: present description: > The parent hostgroup for all hosts belonging to the Dev environment organization: "{{ satellite_organization }}" - lifecycle_environment: "Dev" + lifecycle_environment: Dev domain: "{{ azure_dns_private_dns_zone }}" realm: "{{ azure_dns_private_dns_zone | upper }}" - compute_resource: "Azure_Workload" + compute_resource: Azure_Workload - - name: "hg_intranet" - description: "Parent hostgroup for Workload Intranet" - parent: "hg_work_dev" + - name: hg_intranet + description: Parent hostgroup for Workload Intranet + parent: hg_work_dev organization: "{{ satellite_organization }}" content_source: "{{ groups.satellite | first }}" openscap_proxy: "{{ groups.satellite | first }}" locations: - - "Intranet" + - Intranet - - name: "hg_rhel8.9" - description: "Parent hostgroup for rhel8.9 systems" - parent: "hg_work_dev/hg_intranet" + - name: hg_rhel8.9 + description: Parent hostgroup for rhel8.9 systems + parent: hg_work_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RedHat 8.9" + architecture: x86_64 + operatingsystem: RedHat 8.9 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_dev_rhel8_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel8.10" - description: "Parent hostgroup for rhel8.10 systems" - parent: "hg_work_dev/hg_intranet" + - name: hg_rhel8.10 + description: Parent hostgroup for rhel8.10 systems + parent: hg_work_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RHEL 8.10" + architecture: x86_64 + operatingsystem: RHEL 8.10 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_qa_rhel8_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel9.3" - description: "Parent hostgroup for rhel9.3 systems" - parent: "hg_work_dev/hg_intranet" + - name: hg_rhel9.3 + description: Parent hostgroup for rhel9.3 systems + parent: hg_work_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.3" + architecture: x86_64 + operatingsystem: RedHat 9.3 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_dev_rhel9_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel9.4" - description: "Parent hostgroup for rhel9.4 systems" - parent: "hg_work_dev/hg_intranet" + - name: hg_rhel9.4 + description: Parent hostgroup for rhel9.4 systems + parent: hg_work_dev/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.4" + architecture: x86_64 + operatingsystem: RedHat 9.4 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_dev_rhel9_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean # Workload - QA - - name: "hg_work_qa" + - name: hg_work_qa state: present description: > The parent hostgroup for all hosts belonging to the QA environment organization: "{{ satellite_organization }}" - lifecycle_environment: "QA" + lifecycle_environment: QA domain: "{{ azure_dns_private_dns_zone }}" realm: "{{ azure_dns_private_dns_zone | upper }}" - compute_resource: "Azure_Workload" + compute_resource: Azure_Workload - - name: "hg_intranet" - description: "Parent hostgroup for Workload Intranet" - parent: "hg_work_qa" + - name: hg_intranet + description: Parent hostgroup for Workload Intranet + parent: hg_work_qa organization: "{{ satellite_organization }}" content_source: "{{ groups.satellite | first }}" openscap_proxy: "{{ groups.satellite | first }}" locations: - - "Intranet" + - Intranet - - name: "hg_rhel8.9" - description: "Parent hostgroup for rhel8.9 systems" - parent: "hg_work_qa/hg_intranet" + - name: hg_rhel8.9 + description: Parent hostgroup for rhel8.9 systems + parent: hg_work_qa/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RedHat 8.9" + architecture: x86_64 + operatingsystem: RedHat 8.9 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_qa_rhel8_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel8.10" - description: "Parent hostgroup for rhel8.10 systems" - parent: "hg_work_qa/hg_intranet" + - name: hg_rhel8.10 + description: Parent hostgroup for rhel8.10 systems + parent: hg_work_qa/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RHEL 8.10" + architecture: x86_64 + operatingsystem: RHEL 8.10 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_qa_rhel8_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel9.3" - description: "Parent hostgroup for rhel9.3 systems" - parent: "hg_work_qa/hg_intranet" + - name: hg_rhel9.3 + description: Parent hostgroup for rhel9.3 systems + parent: hg_work_qa/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.3" + architecture: x86_64 + operatingsystem: RedHat 9.3 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_qa_rhel9_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel9.4" - description: "Parent hostgroup for rhel9.4 systems" - parent: "hg_work_qa/hg_intranet" + - name: hg_rhel9.4 + description: Parent hostgroup for rhel9.4 systems + parent: hg_work_qa/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.4" + architecture: x86_64 + operatingsystem: RedHat 9.4 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_qa_rhel9_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean # Workload - Prod - - name: "hg_work_prod" + - name: hg_work_prod state: present description: > The parent hostgroup for all hosts belonging to the Prod environment organization: "{{ satellite_organization }}" - lifecycle_environment: "Prod" + lifecycle_environment: Prod domain: "{{ azure_dns_private_dns_zone }}" realm: "{{ azure_dns_private_dns_zone | upper }}" - compute_resource: "Azure_Workload" + compute_resource: Azure_Workload - - name: "hg_intranet" - description: "Parent hostgroup for Workload Intranet" - parent: "hg_work_prod" + - name: hg_intranet + description: Parent hostgroup for Workload Intranet + parent: hg_work_prod organization: "{{ satellite_organization }}" content_source: "{{ groups.satellite | first }}" openscap_proxy: "{{ groups.satellite | first }}" locations: - - "Intranet" + - Intranet - - name: "hg_rhel8.9" - description: "Parent hostgroup for rhel8.9 systems" - parent: "hg_work_prod/hg_intranet" + - name: hg_rhel8.9 + description: Parent hostgroup for rhel8.9 systems + parent: hg_work_prod/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RedHat 8.9" + architecture: x86_64 + operatingsystem: RedHat 8.9 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_prod_rhel8_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel8.10" - description: "Parent hostgroup for rhel8.10 systems" - parent: "hg_work_prod/hg_intranet" + - name: hg_rhel8.10 + description: Parent hostgroup for rhel8.10 systems + parent: hg_work_prod/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel8_vm - architecture: "x86_64" - operatingsystem: "RHEL 8.10" + architecture: x86_64 + operatingsystem: RHEL 8.10 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel8-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_prod_rhel8_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel9.3" - description: "Parent hostgroup for rhel9.3 systems" - parent: "hg_work_prod/hg_intranet" + - name: hg_rhel9.3 + description: Parent hostgroup for rhel9.3 systems + parent: hg_work_prod/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.3" + architecture: x86_64 + operatingsystem: RedHat 9.3 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_prod_rhel9_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean - - name: "hg_rhel9.4" - description: "Parent hostgroup for rhel9.4 systems" - parent: "hg_work_prod/hg_intranet" + - name: hg_rhel9.4 + description: Parent hostgroup for rhel9.4 systems + parent: hg_work_prod/hg_intranet organization: "{{ satellite_organization }}" content_view: ccv_rhel9_vm - architecture: "x86_64" - operatingsystem: "RedHat 9.4" + architecture: x86_64 + operatingsystem: RedHat 9.4 ptable: pt_uefi_default ansible_roles: - theforeman.foreman_scap_client - ansible-role-rhel9-cis - compute_profile: "Azure-Intranet-Workload-Default-VM" + compute_profile: Azure-Intranet-Workload-Default-VM activation_keys: ak_prod_rhel9_default_vm parameters: - - name: "package_upgrade" + - name: package_upgrade value: "false" - parameter_type: "boolean" + parameter_type: boolean # Other - - name: "hg_aap" - description: "Parent hostgroup for AAP systems" - parent: "hg_mgmt_dev/hg_intranet/hg_rhel9.4" + - name: hg_aap + description: Parent hostgroup for AAP systems + parent: hg_mgmt_dev/hg_intranet/hg_rhel9.4 organization: "{{ satellite_organization }}" content_view: ccv_aap - architecture: "x86_64" - compute_profile: "Azure-Intranet-Management-Default-VM" + architecture: x86_64 + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_rhel9_aap - - name: "hg_capsule" - description: "Parent hostgroup for Satellite Capsule systems" - parent: "hg_mgmt_dev/hg_intranet/hg_rhel8.10" + - name: hg_capsule + description: Parent hostgroup for Satellite Capsule systems + parent: hg_mgmt_dev/hg_intranet/hg_rhel8.10 organization: "{{ satellite_organization }}" content_view: ccv_rhel8_capsule - architecture: "x86_64" - compute_profile: "Azure-Intranet-Management-Default-VM" + architecture: x86_64 + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_rhel8_capsule - - name: "hg_epel" - description: "Parent hostgroup for EPEL systems" - parent: "hg_mgmt_dev/hg_intranet/hg_rhel8.10" + - name: hg_epel + description: Parent hostgroup for EPEL systems + parent: hg_mgmt_dev/hg_intranet/hg_rhel8.10 organization: "{{ satellite_organization }}" content_view: ccv_epel - architecture: "x86_64" - compute_profile: "Azure-Intranet-Management-Default-VM" + architecture: x86_64 + compute_profile: Azure-Intranet-Management-Default-VM activation_keys: ak_dev_epel diff --git a/group_vars/satellite/satellite_config_lifecycle_environments.yml b/group_vars/satellite/satellite_config_lifecycle_environments.yml index d267891..d9cd720 100644 --- a/group_vars/satellite/satellite_config_lifecycle_environments.yml +++ b/group_vars/satellite/satellite_config_lifecycle_environments.yml @@ -1,8 +1,8 @@ --- satellite_lifecycle_environments: - - name: "Dev" - prior: "Library" - - name: "QA" - prior: "Dev" - - name: "Prod" - prior: "QA" + - name: Dev + prior: Library + - name: QA + prior: Dev + - name: Prod + prior: QA diff --git a/group_vars/satellite/satellite_config_locations.yml b/group_vars/satellite/satellite_config_locations.yml index 496f4b4..9eeeaa3 100644 --- a/group_vars/satellite/satellite_config_locations.yml +++ b/group_vars/satellite/satellite_config_locations.yml @@ -1,3 +1,4 @@ +--- satellite_locations: - name: Intranet - name: DMZ diff --git a/group_vars/satellite/satellite_config_manifest.yml b/group_vars/satellite/satellite_config_manifest.yml index f9abc69..0ca3a85 100644 --- a/group_vars/satellite/satellite_config_manifest.yml +++ b/group_vars/satellite/satellite_config_manifest.yml @@ -1,5 +1,5 @@ --- # Variables to upload manifest to Satellite (redhat.satellite.manifest) -satellite_manifest_path: "~/manifest.zip" +satellite_manifest_path: ~/manifest.zip satellite_manifest_download: true -satellite_manifest_uuid: "51ee7560-e8b3-441e-b266-f2817db5b39c" +satellite_manifest_uuid: 51ee7560-e8b3-441e-b266-f2817db5b39c diff --git a/group_vars/satellite/satellite_config_operatingsystems.yml b/group_vars/satellite/satellite_config_operatingsystems.yml index 466f9dc..ddd8a2c 100644 --- a/group_vars/satellite/satellite_config_operatingsystems.yml +++ b/group_vars/satellite/satellite_config_operatingsystems.yml @@ -1,6 +1,6 @@ --- satellite_config_operatingsystems: - - description: "RedHat 8.9" + - description: RedHat 8.9 name: RedHat major: 8 minor: 9 @@ -11,19 +11,19 @@ satellite_config_operatingsystems: ptables: - pt_uefi_default provisioning_templates: - - "Discovery Red Hat kexec" - - "Kickstart default finish" - - "Kickstart default iPXE" - - "Kickstart default PXEGrub" - - "Kickstart default PXEGrub2" - - "Kickstart default PXELinux" - - "Default VM User Data" - - "Default VM Provisioning Template" - - "Linux host_init_config default" + - Discovery Red Hat kexec + - Kickstart default finish + - Kickstart default iPXE + - Kickstart default PXEGrub + - Kickstart default PXEGrub2 + - Kickstart default PXELinux + - Default VM User Data + - Default VM Provisioning Template + - Linux host_init_config default os_default_templates: - provision: "Default VM Provisioning Template" + provision: Default VM Provisioning Template - - description: "RHEL 8.10" + - description: RHEL 8.10 name: RedHat major: 8 minor: 10 @@ -34,19 +34,19 @@ satellite_config_operatingsystems: ptables: - pt_uefi_default provisioning_templates: - - "Discovery Red Hat kexec" - - "Kickstart default finish" - - "Kickstart default iPXE" - - "Kickstart default PXEGrub" - - "Kickstart default PXEGrub2" - - "Kickstart default PXELinux" - - "Default VM User Data" - - "Default VM Provisioning Template" - - "Linux host_init_config default" + - Discovery Red Hat kexec + - Kickstart default finish + - Kickstart default iPXE + - Kickstart default PXEGrub + - Kickstart default PXEGrub2 + - Kickstart default PXELinux + - Default VM User Data + - Default VM Provisioning Template + - Linux host_init_config default os_default_templates: - provision: "Default VM Provisioning Template" + provision: Default VM Provisioning Template - - description: "RedHat 9.3" + - description: RedHat 9.3 name: RedHat major: 9 minor: 3 @@ -57,19 +57,19 @@ satellite_config_operatingsystems: ptables: - pt_uefi_default provisioning_templates: - - "Discovery Red Hat kexec" - - "Kickstart default finish" - - "Kickstart default iPXE" - - "Kickstart default PXEGrub" - - "Kickstart default PXEGrub2" - - "Kickstart default PXELinux" - - "Default VM User Data" - - "Default VM Provisioning Template" - - "Linux host_init_config default" + - Discovery Red Hat kexec + - Kickstart default finish + - Kickstart default iPXE + - Kickstart default PXEGrub + - Kickstart default PXEGrub2 + - Kickstart default PXELinux + - Default VM User Data + - Default VM Provisioning Template + - Linux host_init_config default os_default_templates: - provision: "Default VM Provisioning Template" + provision: Default VM Provisioning Template - - description: "RedHat 9.4" + - description: RedHat 9.4 name: RedHat major: 9 minor: 4 @@ -80,14 +80,14 @@ satellite_config_operatingsystems: ptables: - pt_uefi_default provisioning_templates: - - "Discovery Red Hat kexec" - - "Kickstart default finish" - - "Kickstart default iPXE" - - "Kickstart default PXEGrub" - - "Kickstart default PXEGrub2" - - "Kickstart default PXELinux" - - "Default VM User Data" - - "Default VM Provisioning Template" - - "Linux host_init_config default" + - Discovery Red Hat kexec + - Kickstart default finish + - Kickstart default iPXE + - Kickstart default PXEGrub + - Kickstart default PXEGrub2 + - Kickstart default PXELinux + - Default VM User Data + - Default VM Provisioning Template + - Linux host_init_config default os_default_templates: - provision: "Default VM Provisioning Template" + provision: Default VM Provisioning Template diff --git a/group_vars/satellite/satellite_config_partition_table.yml b/group_vars/satellite/satellite_config_partition_table.yml index c0248cb..c09afc6 100644 --- a/group_vars/satellite/satellite_config_partition_table.yml +++ b/group_vars/satellite/satellite_config_partition_table.yml @@ -3,7 +3,7 @@ satellite_config_partition_tables: - name: pt_uefi_default locations: - Intranet -# - DMZ + # - DMZ layout: | zerombr # Only touch sda, ignore all other disks diff --git a/group_vars/satellite/satellite_config_provisioning_templates.yml b/group_vars/satellite/satellite_config_provisioning_templates.yml index 02e0f81..d97ae44 100644 --- a/group_vars/satellite/satellite_config_provisioning_templates.yml +++ b/group_vars/satellite/satellite_config_provisioning_templates.yml @@ -1,18 +1,18 @@ --- satellite_provisioning_templates: - - name: "Default VM Provisioning Template" + - name: Default VM Provisioning Template locations: - Intranet - DMZ organizations: - "{{ satellite_organization }}" - kind: "provision" + kind: provision locked: false operatingsystems: - - "RedHat 8.9" - - "RHEL 8.10" - - "RedHat 9.3" - - "RedHat 9.4" + - RedHat 8.9 + - RHEL 8.10 + - RedHat 9.3 + - RedHat 9.4 state: present template: | <%# @@ -408,27 +408,26 @@ satellite_provisioning_templates: sync <%= section_end %> - - name: "Linux host_init_config default" + - name: Linux host_init_config default operatingsystems: - - "RedHat 8.9" - - "RHEL 8.10" - - "RedHat 9.3" - - "RedHat 9.4" + - RedHat 8.9 + - RHEL 8.10 + - RedHat 9.3 + - RedHat 9.4 - - - name: "Default VM User Data" + - name: Default VM User Data locations: - Intranet - DMZ organizations: - "{{ satellite_organization }}" - kind: "user_data" + kind: user_data locked: false operatingsystems: - - "RedHat 8.9" - - "RHEL 8.10" - - "RedHat 9.3" - - "RedHat 9.4" + - RedHat 8.9 + - RHEL 8.10 + - RedHat 9.3 + - RedHat 9.4 state: present template: | <%# diff --git a/group_vars/satellite/satellite_config_realms.yml b/group_vars/satellite/satellite_config_realms.yml index cbb5bfd..5d05d81 100644 --- a/group_vars/satellite/satellite_config_realms.yml +++ b/group_vars/satellite/satellite_config_realms.yml @@ -2,7 +2,7 @@ satellite_config_realms: - name: "{{ azure_dns_private_dns_zone | upper }}" realm_proxy: "{{ groups.satellite | first }}" - realm_type: "Red Hat Identity Management" + realm_type: Red Hat Identity Management state: present locations: - Intranet diff --git a/group_vars/satellite/satellite_config_scap_contents.yml b/group_vars/satellite/satellite_config_scap_contents.yml index 23a4f25..d200ab3 100644 --- a/group_vars/satellite/satellite_config_scap_contents.yml +++ b/group_vars/satellite/satellite_config_scap_contents.yml @@ -1,18 +1,18 @@ --- satellite_scap_contents: - - title: "RHEL 8 SCAP content" + - title: RHEL 8 SCAP content state: present - scap_file: "ssg-rhel8-ds.xml" + scap_file: ssg-rhel8-ds.xml locations: - - "Intranet" - - "DMZ" + - Intranet + - DMZ organizations: - "{{ satellite_organization }}" - - title: "RHEL 9 SCAP content" + - title: RHEL 9 SCAP content state: present - scap_file: "ssg-rhel9-ds.xml" + scap_file: ssg-rhel9-ds.xml locations: - - "Intranet" - - "DMZ" + - Intranet + - DMZ organizations: - "{{ satellite_organization }}" diff --git a/group_vars/satellite/satellite_config_scap_policies.yml b/group_vars/satellite/satellite_config_scap_policies.yml index 63d9885..cad5b3a 100644 --- a/group_vars/satellite/satellite_config_scap_policies.yml +++ b/group_vars/satellite/satellite_config_scap_policies.yml @@ -1,20 +1,20 @@ --- satellite_scap_policies: - - name: "RHEL9_CIS2" - description: "CIS Server Level 2 for RHEL9 scan" - deploy_by: "ansible" - scap_content: "name" - scap_profile: "name" - period: "weekly" - weekday: "Monday" + - name: RHEL9_CIS2 + description: CIS Server Level 2 for RHEL9 scan + deploy_by: ansible + scap_content: name + scap_profile: name + period: weekly + weekday: Monday day_of_month: cron_line: hostgroups: - - "RHEL9_CIS2" - tailoring_file: "name" - tailoring_file_profile: "name" + - RHEL9_CIS2 + tailoring_file: name + tailoring_file_profile: name organizations: - "{{ satellite_organization }}" locations: - - "Intranet" - - "DMZ" + - Intranet + - DMZ diff --git a/group_vars/satellite/satellite_config_scap_tailoring_files.yml b/group_vars/satellite/satellite_config_scap_tailoring_files.yml index 7a952eb..06e2739 100644 --- a/group_vars/satellite/satellite_config_scap_tailoring_files.yml +++ b/group_vars/satellite/satellite_config_scap_tailoring_files.yml @@ -1,16 +1,16 @@ --- satellite_scap_tailoring_files: - - name: "RHEL 8 DS 2022 Tailoring v3.0" - scap_file: "ssg-rhel8-ds-tailoring.xml" + - name: RHEL 8 DS 2022 Tailoring v3.0 + scap_file: ssg-rhel8-ds-tailoring.xml locations: - - "Intranet" - - "DMZ" + - Intranet + - DMZ organizations: - "{{ satellite_organization }}" - - name: "RHEL 9 DS 2022 Tailoring v3.0" - scap_file: "ssg-rhel9-ds-tailoring.xml" + - name: RHEL 9 DS 2022 Tailoring v3.0 + scap_file: ssg-rhel9-ds-tailoring.xml locations: - - "Intranet" - - "DMZ" + - Intranet + - DMZ organizations: - "{{ satellite_organization }}" diff --git a/group_vars/satellite/satellite_config_settings.yml b/group_vars/satellite/satellite_config_settings.yml index fbe95a2..69bf825 100644 --- a/group_vars/satellite/satellite_config_settings.yml +++ b/group_vars/satellite/satellite_config_settings.yml @@ -1,20 +1,20 @@ --- satellite_settings: - - description: "Duration in days to preserve audits for. Leave empty to disable the audits cleanup." - name: "audits_period" + - description: Duration in days to preserve audits for. Leave empty to disable the audits cleanup. + name: audits_period value: 30 - - description: "Timezone to use for new users" - name: "default_timezone" - value: "Berlin" - - description: "Language to use for new users" - name: "default_locale" - value: "en" - - description: "Enable automatic upload of your host inventory to the Red Hat cloud" - name: "allow_auto_inventory_upload" + - description: Timezone to use for new users + name: default_timezone + value: Berlin + - description: Language to use for new users + name: default_locale + value: en + - description: Enable automatic upload of your host inventory to the Red Hat cloud + name: allow_auto_inventory_upload value: true - - description: "Enable automatic synchronization of Insights recommendations from the Red Hat cloud" - name: "allow_auto_insights_sync" + - description: Enable automatic synchronization of Insights recommendations from the Red Hat cloud + name: allow_auto_insights_sync value: true - - description: "Destroy associated VM on host delete" - name: "destroy_vm_on_host_delete" + - description: Destroy associated VM on host delete + name: destroy_vm_on_host_delete value: true diff --git a/group_vars/satellite/satellite_config_subnets.yml b/group_vars/satellite/satellite_config_subnets.yml index a9addb5..3f788d8 100644 --- a/group_vars/satellite/satellite_config_subnets.yml +++ b/group_vars/satellite/satellite_config_subnets.yml @@ -1,61 +1,61 @@ --- satellite_subnets: - - name: "intra_mgmt" - description: "My description" - network: "10.1.1.0" - mask: "255.255.255.0" - gateway: "10.1.1.1" - from_ip: "10.1.1.4" - to_ip: "10.1.1.255" - boot_mode: "Static" + - name: intra_mgmt + description: My description + network: 10.1.1.0 + mask: 255.255.255.0 + gateway: 10.1.1.1 + from_ip: 10.1.1.4 + to_ip: 10.1.1.255 + boot_mode: Static tftp_proxy: "{{ inventory_hostname }}" dns_proxy: "{{ inventory_hostname }}" template_proxy: "{{ inventory_hostname }}" discovery_capsule: "{{ inventory_hostname }}" - ipam: "None" + ipam: None domains: - "{{ azure_dns_private_dns_zone }}" organizations: - "{{ satellite_organization }}" locations: - - "Intranet" + - Intranet - - name: "intra_work" - description: "My description" - network: "10.1.2.0" - mask: "255.255.255.0" - gateway: "10.1.2.1" - from_ip: "10.1.2.4" - to_ip: "10.1.2.255" - boot_mode: "Static" + - name: intra_work + description: My description + network: 10.1.2.0 + mask: 255.255.255.0 + gateway: 10.1.2.1 + from_ip: 10.1.2.4 + to_ip: 10.1.2.255 + boot_mode: Static tftp_proxy: "{{ inventory_hostname }}" dns_proxy: "{{ inventory_hostname }}" template_proxy: "{{ inventory_hostname }}" discovery_capsule: "{{ inventory_hostname }}" - ipam: "None" + ipam: None domains: - "{{ azure_dns_private_dns_zone }}" organizations: - "{{ satellite_organization }}" locations: - - "Intranet" + - Intranet - - name: "public" - description: "My description" - network: "10.1.0.0" - mask: "255.255.255.248" - gateway: "10.1.0.1" - from_ip: "10.1.0.4" - to_ip: "10.1.0.6" - boot_mode: "Static" + - name: public + description: My description + network: 10.1.0.0 + mask: 255.255.255.248 + gateway: 10.1.0.1 + from_ip: 10.1.0.4 + to_ip: 10.1.0.6 + boot_mode: Static tftp_proxy: "{{ inventory_hostname }}" dns_proxy: "{{ inventory_hostname }}" template_proxy: "{{ inventory_hostname }}" discovery_capsule: "{{ inventory_hostname }}" - ipam: "None" + ipam: None domains: - "{{ azure_dns_private_dns_zone }}" organizations: - "{{ satellite_organization }}" locations: - - "Intranet" + - Intranet diff --git a/group_vars/satellite/satellite_config_usergroups.yml b/group_vars/satellite/satellite_config_usergroups.yml index b059153..8c74848 100644 --- a/group_vars/satellite/satellite_config_usergroups.yml +++ b/group_vars/satellite/satellite_config_usergroups.yml @@ -1,18 +1,18 @@ --- satellite_config_external_usergroups: - - name: "satgroup-administrator" - auth_source: "External" - usergroup: "satgroup-administrator" - state: "present" + - name: satgroup-administrator + auth_source: External + usergroup: satgroup-administrator + state: present satellite_config_usergroups: - - name: "satgroup-administrator" + - name: satgroup-administrator admin: true - state: "present" + state: present - - name: "satgroup-operator" + - name: satgroup-operator roles: - - "Register hosts" - - "Viewer" - - "Manager" - state: "present" + - Register hosts + - Viewer + - Manager + state: present diff --git a/group_vars/satellite/satellite_operation.yml b/group_vars/satellite/satellite_operation.yml index c14ddc2..4eb03ee 100644 --- a/group_vars/satellite/satellite_operation.yml +++ b/group_vars/satellite/satellite_operation.yml @@ -1,52 +1,52 @@ --- satellite_operations: true -satellite_initial_location: "Intranet" -satellite_initial_organization: "RHIS" +satellite_initial_location: Intranet +satellite_initial_organization: RHIS satellite_location: "{{ satellite_initial_location }}" satellite_organization: "{{ satellite_initial_organization }}" -satellite_server_url: "https://{{ inventory_hostname }}" +satellite_server_url: https://{{ inventory_hostname }} satellite_validate_certs: true satellite_admin_email: "{{ satellite_username }}@{{ satellite_prepare_csr_organization_name }}" -satellite_installer_scenario: "satellite" +satellite_installer_scenario: satellite satellite_installer_verbose: true satellite_installer_options: - - '--skip-checks-i-know-better' - - '--foreman-initial-organization "{{ satellite_initial_organization }}"' - - '--foreman-initial-location "{{ satellite_initial_location }}"' - - '--foreman-initial-admin-username "{{ satellite_username }}"' - - '--foreman-initial-admin-password "{{ satellite_password }}"' - - '--foreman-initial-admin-email "{{ satellite_admin_email }}"' - - '--foreman-initial-admin-first-name "Satellite"' - - '--foreman-initial-admin-last-name "Administrator"' - - '--foreman-ipa-authentication true' - - '--certs-server-ca-cert "{{ ipa_server_ca_path }}"' - - '--certs-server-cert "{{ satellite_prepare_ssl_crt_path }}"' - - '--certs-server-key "{{ satellite_prepare_ssl_key_path }}"' - - '--enable-foreman-compute-ec2' - - '--enable-foreman-compute-libvirt' - - '--enable-foreman-compute-vmware' - - '--foreman-proxy-dns true' - - '--foreman-proxy-dns-managed false' - - '--foreman-proxy-dns-provider "nsupdate_gss"' - - '--foreman-proxy-dns-server "{{ groups.ipaserver | first }}"' - - '--foreman-proxy-dns-tsig-keytab "{{ satellite_prepare_keytab_path }}"' - - '--foreman-proxy-dns-tsig-principal "{{ satellite_prepare_foreman_proxy_realm_principal }}"' - - '--foreman-proxy-http true' - - '--foreman-proxy-realm true' - - '--foreman-proxy-realm-keytab "{{ satellite_prepare_keytab_path }}"' - - '--foreman-proxy-realm-principal "{{ satellite_prepare_foreman_proxy_realm_principal }}"' - - '--foreman-proxy-realm-provider "freeipa"' - - '--foreman-proxy-registration true' - - '--foreman-proxy-templates true' - - '--foreman-proxy-tftp true' - - '--foreman-proxy-content-enable-ansible true' - - '--foreman-proxy-content-enable-deb false' - - '--foreman-proxy-content-enable-docker true' - - '--foreman-proxy-content-enable-file true' - - '--foreman-proxy-content-enable-yum true' - - '--foreman-proxy-plugin-discovery-install-images true' + - --skip-checks-i-know-better + - --foreman-initial-organization "{{ satellite_initial_organization }}" + - --foreman-initial-location "{{ satellite_initial_location }}" + - --foreman-initial-admin-username "{{ satellite_username }}" + - --foreman-initial-admin-password "{{ satellite_password }}" + - --foreman-initial-admin-email "{{ satellite_admin_email }}" + - --foreman-initial-admin-first-name "Satellite" + - --foreman-initial-admin-last-name "Administrator" + - --foreman-ipa-authentication true + - --certs-server-ca-cert "{{ ipa_server_ca_path }}" + - --certs-server-cert "{{ satellite_prepare_ssl_crt_path }}" + - --certs-server-key "{{ satellite_prepare_ssl_key_path }}" + - --enable-foreman-compute-ec2 + - --enable-foreman-compute-libvirt + - --enable-foreman-compute-vmware + - --foreman-proxy-dns true + - --foreman-proxy-dns-managed false + - --foreman-proxy-dns-provider "nsupdate_gss" + - --foreman-proxy-dns-server "{{ groups.ipaserver | first }}" + - --foreman-proxy-dns-tsig-keytab "{{ satellite_prepare_keytab_path }}" + - --foreman-proxy-dns-tsig-principal "{{ satellite_prepare_foreman_proxy_realm_principal }}" + - --foreman-proxy-http true + - --foreman-proxy-realm true + - --foreman-proxy-realm-keytab "{{ satellite_prepare_keytab_path }}" + - --foreman-proxy-realm-principal "{{ satellite_prepare_foreman_proxy_realm_principal }}" + - --foreman-proxy-realm-provider "freeipa" + - --foreman-proxy-registration true + - --foreman-proxy-templates true + - --foreman-proxy-tftp true + - --foreman-proxy-content-enable-ansible true + - --foreman-proxy-content-enable-deb false + - --foreman-proxy-content-enable-docker true + - --foreman-proxy-content-enable-file true + - --foreman-proxy-content-enable-yum true + - --foreman-proxy-plugin-discovery-install-images true # Currently this must be false - no plugin shipped in repos # - '--foreman-proxy-content-enable-ostree false' diff --git a/group_vars/satellite/satellite_prepare.yml b/group_vars/satellite/satellite_prepare.yml index 4570b61..5b83d13 100644 --- a/group_vars/satellite/satellite_prepare.yml +++ b/group_vars/satellite/satellite_prepare.yml @@ -1,10 +1,10 @@ --- satellite_prepare: true -satellite_prepare_keytab_path: "/etc/foreman-proxy/freeipa.keytab" -satellite_prepare_foreman_proxy_realm_principal: "realm-capsule" +satellite_prepare_keytab_path: /etc/foreman-proxy/freeipa.keytab +satellite_prepare_foreman_proxy_realm_principal: realm-capsule -satellite_prepare_ssl_certs_dir: "/etc/ipa/private/" +satellite_prepare_ssl_certs_dir: /etc/ipa/private/ satellite_prepare_ssl_crt_path: "{{ satellite_prepare_ssl_certs_dir }}{{ inventory_hostname }}.crt" satellite_prepare_ssl_key_path: "{{ satellite_prepare_ssl_certs_dir }}{{ inventory_hostname }}.key" satellite_prepare_ssl_csr_path: "{{ satellite_prepare_ssl_certs_dir }}{{ inventory_hostname }}.csr" @@ -15,7 +15,7 @@ satellite_repository_ids: - satellite-6.15-for-rhel-8-x86_64-rpms - satellite-maintenance-6.15-for-rhel-8-x86_64-rpms -satellite_firewalld_zone: "public" +satellite_firewalld_zone: public satellite_firewalld_services: - RH-Satellite-6 - http @@ -30,25 +30,25 @@ satellite_firewall: - interface: eth0 zone: "{{ satellite_firewalld_zone }}" state: enabled - - service: "RH-Satellite-6" + - service: RH-Satellite-6 port: - - "5646/tcp" - - "8888/tcp" - - "8889/tcp" - - "5671/tcp" - - "5671/udp" + - 5646/tcp + - 8888/tcp + - 8889/tcp + - 5671/tcp + - 5671/udp permanent: true state: present - service: "{{ satellite_firewalld_services }}" permanent: true state: enabled -satellite_prepare_csr_digest: "aes256" +satellite_prepare_csr_digest: aes256 satellite_prepare_csr_common_name: "{{ inventory_hostname }}" satellite_prepare_csr_organization_name: "{{ azure_dns_private_dns_zone | upper }}" -satellite_prepare_csr_organization_unit_name: "Showroom Project" -satellite_prepare_csr_locality_name: "Frankfurt am Main" -satellite_prepare_csr_state_or_province_name: "Hessen" -satellite_prepare_csr_country_name: "DE" -satellite_prepare_csr_email_address: "admin@{{ azure_dns_private_dns_zone }}" -satellite_prepare_csr_subject_alt_name: "DNS:{{ inventory_hostname }}" +satellite_prepare_csr_organization_unit_name: Showroom Project +satellite_prepare_csr_locality_name: Frankfurt am Main +satellite_prepare_csr_state_or_province_name: Hessen +satellite_prepare_csr_country_name: DE +satellite_prepare_csr_email_address: admin@{{ azure_dns_private_dns_zone }} +satellite_prepare_csr_subject_alt_name: DNS:{{ inventory_hostname }} diff --git a/group_vars/work/imagebuilder.yml b/group_vars/work/imagebuilder.yml index 3ac167b..0ece214 100644 --- a/group_vars/work/imagebuilder.yml +++ b/group_vars/work/imagebuilder.yml @@ -1,10 +1,10 @@ --- imagebuilder_images: - - image_name: "image-rhel-89" - distribution: "rhel-89" - - image_name: "image-rhel-8.10" - distribution: "rhel-8.10" - - image_name: "image-rhel-93" - distribution: "rhel-93" - - image_name: "image-rhel-94" - distribution: "rhel-94" + - image_name: image-rhel-89 + distribution: rhel-89 + - image_name: image-rhel-8.10 + distribution: rhel-8.10 + - image_name: image-rhel-93 + distribution: rhel-93 + - image_name: image-rhel-94 + distribution: rhel-94 diff --git a/group_vars/work_dmz/azure_vnet.yml b/group_vars/work_dmz/azure_vnet.yml index 6b04650..ae30c10 100644 --- a/group_vars/work_dmz/azure_vnet.yml +++ b/group_vars/work_dmz/azure_vnet.yml @@ -3,14 +3,16 @@ network_zone: dmz azure_vnet_address_prefix: "{{ azure_vnet_address_prefix_work_dmz }}" vnet_peers: - - azure_vnet_peer: "vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-1" + - azure_vnet_peer: vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-1 azure_rg: "{{ hostvars[groups.bastion | first]['azure_rg'] }}" azure_vnet: "{{ hostvars[groups.bastion | first]['azure_vnet'] }}" - azure_vnet_id: "/subscriptions/{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.bastion | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.bastion | first]['azure_vnet'] }}" + azure_vnet_id: /subscriptions/{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.bastion | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ + hostvars[groups.bastion | first]['azure_vnet'] }} azure_subs: "{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}" - - azure_vnet_peer: "vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-2" + - azure_vnet_peer: vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-2 azure_rg: "{{ hostvars[groups.mgmt_tools | first]['azure_rg'] }}" azure_vnet: "{{ hostvars[groups.mgmt_tools | first]['azure_vnet'] }}" - azure_vnet_id: "/subscriptions/{{ hostvars[groups.mgmt_tools | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.mgmt_tools | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.mgmt_tools | first]['azure_vnet'] }}" + azure_vnet_id: /subscriptions/{{ hostvars[groups.mgmt_tools | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.mgmt_tools | first]['azure_rg'] + }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.mgmt_tools | first]['azure_vnet'] }} azure_subs: "{{ hostvars[groups.mgmt_tools | first]['azure_subscription_id'] }}" diff --git a/group_vars/work_intra/azure_vnet.yml b/group_vars/work_intra/azure_vnet.yml index 4e1dea1..7803b6d 100644 --- a/group_vars/work_intra/azure_vnet.yml +++ b/group_vars/work_intra/azure_vnet.yml @@ -3,14 +3,16 @@ network_zone: intra azure_vnet_address_prefix: "{{ azure_vnet_address_prefix_work_intra }}" vnet_peers: - - azure_vnet_peer: "vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-1" + - azure_vnet_peer: vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-1 azure_rg: "{{ hostvars[groups.bastion | first]['azure_rg'] }}" azure_vnet: "{{ hostvars[groups.bastion | first]['azure_vnet'] }}" - azure_vnet_id: "/subscriptions/{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.bastion | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.bastion | first]['azure_vnet'] }}" + azure_vnet_id: /subscriptions/{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.bastion | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ + hostvars[groups.bastion | first]['azure_vnet'] }} azure_subs: "{{ hostvars[groups.bastion | first]['azure_subscription_id'] }}" - - azure_vnet_peer: "vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-2" + - azure_vnet_peer: vnet-peer-{{ infrastructure_type }}-{{ network_zone }}-{{ deployment_environment }}-2 azure_rg: "{{ hostvars[groups.mgmt_tools | first]['azure_rg'] }}" azure_vnet: "{{ hostvars[groups.mgmt_tools | first]['azure_vnet'] }}" - azure_vnet_id: "/subscriptions/{{ hostvars[groups.mgmt_tools | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.mgmt_tools | first]['azure_rg'] }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.mgmt_tools | first]['azure_vnet'] }}" + azure_vnet_id: /subscriptions/{{ hostvars[groups.mgmt_tools | first]['azure_subscription_id'] }}/resourceGroups/{{ hostvars[groups.mgmt_tools | first]['azure_rg'] + }}/providers/Microsoft.Network/virtualNetworks/{{ hostvars[groups.mgmt_tools | first]['azure_vnet'] }} azure_subs: "{{ hostvars[groups.mgmt_tools | first]['azure_subscription_id'] }}" diff --git a/group_vars/workload_servers_dmz/azure_nsg.yml b/group_vars/workload_servers_dmz/azure_nsg.yml index 579f487..88e567e 100644 --- a/group_vars/workload_servers_dmz/azure_nsg.yml +++ b/group_vars/workload_servers_dmz/azure_nsg.yml @@ -3,7 +3,7 @@ azure_subnet_nsg_rules: # Inbound # All connection within Subnet - - name: "AllowAllSubnetInbound" + - name: AllowAllSubnetInbound protocol: "*" direction: Inbound priority: 100 @@ -14,7 +14,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # SSH connection from Bastion - - name: "AllowSSHInBound-1" + - name: AllowSSHInBound-1 protocol: Tcp direction: Inbound priority: 200 @@ -25,7 +25,7 @@ azure_subnet_nsg_rules: destination_port_range: "22" # SSH connection from mgmt_inra - - name: "AllowSSHInBound-2" + - name: AllowSSHInBound-2 protocol: Tcp direction: Inbound priority: 201 @@ -36,22 +36,22 @@ azure_subnet_nsg_rules: destination_port_range: "22" # HTTP connection from VirtualNetwork - - name: "AllowHTTPInBound" + - name: AllowHTTPInBound protocol: Tcp direction: Inbound priority: 202 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "80" # HTTPS connection from VirtualNetwork - - name: "AllowHTTPSInBound" + - name: AllowHTTPSInBound protocol: Tcp direction: Inbound priority: 203 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "443" @@ -61,7 +61,7 @@ azure_subnet_nsg_rules: # Outbound # All connection within Subnet - - name: "AllowAllSubnetOutbound" + - name: AllowAllSubnetOutbound protocol: "*" direction: Outbound priority: 100 @@ -72,7 +72,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # Satellite HTTP connection to mgmt_intra - - name: "AllowHTTPOutBound" + - name: AllowHTTPOutBound protocol: Tcp direction: Outbound priority: 201 @@ -82,7 +82,7 @@ azure_subnet_nsg_rules: destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "80" # Satellite HTTPS connection to mgmt_intra - - name: "AllowHTTPSOutBound" + - name: AllowHTTPSOutBound protocol: Tcp direction: Outbound priority: 202 @@ -93,7 +93,7 @@ azure_subnet_nsg_rules: destination_port_range: "443" # IDM connection to mgmt_inra - - name: "AllowLDAPOutBound" + - name: AllowLDAPOutBound protocol: Tcp direction: Outbound priority: 203 @@ -102,7 +102,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "389" - - name: "AllowLDAPSOutBound" + - name: AllowLDAPSOutBound protocol: Tcp direction: Outbound priority: 204 @@ -111,7 +111,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "636" - - name: "AllowKerberosOutBound-1" + - name: AllowKerberosOutBound-1 protocol: "*" direction: Outbound priority: 205 @@ -120,7 +120,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "88" - - name: "AllowKerberosOutBound-2" + - name: AllowKerberosOutBound-2 protocol: "*" direction: Outbound priority: 206 @@ -129,7 +129,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "464" - - name: "AllowDNSOutBoundTCP" + - name: AllowDNSOutBoundTCP protocol: "*" direction: Outbound priority: 207 @@ -138,7 +138,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "53" - - name: "AllowNTPOutBound" + - name: AllowNTPOutBound protocol: Udp direction: Outbound priority: 208 @@ -147,7 +147,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "123" - - name: "AllowKadmindOutBound" + - name: AllowKadmindOutBound protocol: Tcp direction: Outbound priority: 209 @@ -158,7 +158,7 @@ azure_subnet_nsg_rules: destination_port_range: "749" # Deny other connection to All VNets - - name: "DenyOtherVnetOutBound" + - name: DenyOtherVnetOutBound protocol: "*" direction: Outbound priority: 500 diff --git a/group_vars/workload_servers_intra/azure_nsg.yml b/group_vars/workload_servers_intra/azure_nsg.yml index 6d15310..99991cc 100644 --- a/group_vars/workload_servers_intra/azure_nsg.yml +++ b/group_vars/workload_servers_intra/azure_nsg.yml @@ -3,7 +3,7 @@ azure_subnet_nsg_rules: # Inbound # All connection within Subnet - - name: "AllowAllSubnetInbound" + - name: AllowAllSubnetInbound protocol: "*" direction: Inbound priority: 100 @@ -14,7 +14,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # SSH connection from Bastion - - name: "AllowSSHInBound-1" + - name: AllowSSHInBound-1 protocol: Tcp direction: Inbound priority: 200 @@ -25,7 +25,7 @@ azure_subnet_nsg_rules: destination_port_range: "22" # SSH connection from mgmt_inra - - name: "AllowSSHInBound-2" + - name: AllowSSHInBound-2 protocol: Tcp direction: Inbound priority: 201 @@ -36,22 +36,22 @@ azure_subnet_nsg_rules: destination_port_range: "22" # HTTP connection from VirtualNetwork - - name: "AllowHTTPInBound" + - name: AllowHTTPInBound protocol: Tcp direction: Inbound priority: 202 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "80" # HTTPS connection from VirtualNetwork - - name: "AllowHTTPSInBound" + - name: AllowHTTPSInBound protocol: Tcp direction: Inbound priority: 203 access: Allow - source_address_prefix: "VirtualNetwork" + source_address_prefix: VirtualNetwork source_port_range: "*" destination_address_prefix: "{{ azure_vnet_address_prefix }}" destination_port_range: "443" @@ -59,7 +59,7 @@ azure_subnet_nsg_rules: # Outbound # All connection within Subnet - - name: "AllowAllSubnetOutbound" + - name: AllowAllSubnetOutbound protocol: "*" direction: Outbound priority: 100 @@ -70,7 +70,7 @@ azure_subnet_nsg_rules: destination_port_range: "*" # Satellite HTTP connection to mgmt_intra - - name: "AllowHTTPOutBound" + - name: AllowHTTPOutBound protocol: Tcp direction: Outbound priority: 201 @@ -80,7 +80,7 @@ azure_subnet_nsg_rules: destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "80" # Satellite HTTPS connection to mgmt_intra - - name: "AllowHTTPSOutBound" + - name: AllowHTTPSOutBound protocol: Tcp direction: Outbound priority: 202 @@ -91,7 +91,7 @@ azure_subnet_nsg_rules: destination_port_range: "443" # IDM connection to mgmt_inra - - name: "AllowLDAPOutBound" + - name: AllowLDAPOutBound protocol: Tcp direction: Outbound priority: 203 @@ -100,7 +100,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "389" - - name: "AllowLDAPSOutBound" + - name: AllowLDAPSOutBound protocol: Tcp direction: Outbound priority: 204 @@ -109,7 +109,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "636" - - name: "AllowKerberosOutBound-1" + - name: AllowKerberosOutBound-1 protocol: "*" direction: Outbound priority: 205 @@ -118,7 +118,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "88" - - name: "AllowKerberosOutBound-2" + - name: AllowKerberosOutBound-2 protocol: "*" direction: Outbound priority: 206 @@ -127,7 +127,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "464" - - name: "AllowDNSOutBoundTCP" + - name: AllowDNSOutBoundTCP protocol: "*" direction: Outbound priority: 207 @@ -136,7 +136,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "53" - - name: "AllowNTPOutBound" + - name: AllowNTPOutBound protocol: Udp direction: Outbound priority: 208 @@ -145,7 +145,7 @@ azure_subnet_nsg_rules: source_port_range: "*" destination_address_prefix: "{{ azure_subnet_address_prefix_mgmt_intra }}" destination_port_range: "123" - - name: "AllowKadmindOutBound" + - name: AllowKadmindOutBound protocol: Tcp direction: Outbound priority: 209 @@ -156,7 +156,7 @@ azure_subnet_nsg_rules: destination_port_range: "749" # Deny other connection to All VNets - - name: "DenyOtherVnetOutBound" + - name: DenyOtherVnetOutBound protocol: "*" direction: Outbound priority: 500 diff --git a/host_vars/achilles.internal.showroom.run/azure_vm_deploy.yml b/host_vars/achilles.internal.showroom.run/azure_vm_deploy.yml index a01be67..a8d8093 100644 --- a/host_vars/achilles.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/achilles.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_E2bs_v5" +azure_vm_deploy_vm_size: Standard_E2bs_v5 vm_tags: sequencestart: "4" sequencestop: "2" diff --git a/host_vars/achilles.internal.showroom.run/satellite_data.yml b/host_vars/achilles.internal.showroom.run/satellite_data.yml index b545057..9d918fa 100644 --- a/host_vars/achilles.internal.showroom.run/satellite_data.yml +++ b/host_vars/achilles.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap diff --git a/host_vars/althaea.internal.showroom.run/azure_vm_deploy.yml b/host_vars/althaea.internal.showroom.run/azure_vm_deploy.yml index f11465e..439bc5c 100644 --- a/host_vars/althaea.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/althaea.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_D2s_v4" +azure_vm_deploy_vm_size: Standard_D2s_v4 vm_tags: sequencestart: "4" sequencestop: "2" diff --git a/host_vars/aphrodite.internal.showroom.run/azure_vm_deploy.yml b/host_vars/aphrodite.internal.showroom.run/azure_vm_deploy.yml index 0570282..709c58a 100644 --- a/host_vars/aphrodite.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/aphrodite.internal.showroom.run/azure_vm_deploy.yml @@ -1,6 +1,6 @@ --- azure_vm_deploy_image_name: "{{ imagebuilder_images[0].image_name }}" -azure_vm_deploy_vm_size: "Standard_E4bs_v5" +azure_vm_deploy_vm_size: Standard_E4bs_v5 vm_tags: sequencestart: "2" sequencestop: "4" diff --git a/host_vars/aphrodite.internal.showroom.run/imagebuilder.yml b/host_vars/aphrodite.internal.showroom.run/imagebuilder.yml index f48a7ac..b89f915 100644 --- a/host_vars/aphrodite.internal.showroom.run/imagebuilder.yml +++ b/host_vars/aphrodite.internal.showroom.run/imagebuilder.yml @@ -1,4 +1,4 @@ --- imagebuilder_images: - - distribution: "rhel-8.10" - image_name: "image-rhel-8.10" + - distribution: rhel-8.10 + image_name: image-rhel-8.10 diff --git a/host_vars/aphrodite.internal.showroom.run/rhel_storage.yml b/host_vars/aphrodite.internal.showroom.run/rhel_storage.yml index d196ed9..359798c 100644 --- a/host_vars/aphrodite.internal.showroom.run/rhel_storage.yml +++ b/host_vars/aphrodite.internal.showroom.run/rhel_storage.yml @@ -7,10 +7,10 @@ storage_pools: - sdb volumes: - name: pgsql_lv - size: "20 GB" - mount_point: "/var/lib/pgsql" + size: 20 GB + mount_point: /var/lib/pgsql state: present - name: pulp_lv - size: "400 GB" - mount_point: "/var/lib/pulp" + size: 400 GB + mount_point: /var/lib/pulp state: present diff --git a/host_vars/athena.internal.showroom.run/azure_vm_deploy.yml b/host_vars/athena.internal.showroom.run/azure_vm_deploy.yml index b3b87bb..c66d742 100644 --- a/host_vars/athena.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/athena.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_D2s_v4" +azure_vm_deploy_vm_size: Standard_D2s_v4 vm_tags: sequencestart: "1" sequencestop: "5" diff --git a/host_vars/athena.internal.showroom.run/satellite_data.yml b/host_vars/athena.internal.showroom.run/satellite_data.yml index 9bde5bc..1a0e6e1 100644 --- a/host_vars/athena.internal.showroom.run/satellite_data.yml +++ b/host_vars/athena.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4 diff --git a/host_vars/atropos.internal.showroom.run/azure_vm_deploy.yml b/host_vars/atropos.internal.showroom.run/azure_vm_deploy.yml index 8b81380..9a94db5 100644 --- a/host_vars/atropos.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/atropos.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_D4s_v4" +azure_vm_deploy_vm_size: Standard_D4s_v4 vm_tags: sequencestart: "4" sequencestop: "2" diff --git a/host_vars/atropos.internal.showroom.run/rhel_storage.yml b/host_vars/atropos.internal.showroom.run/rhel_storage.yml index d9de1e0..00396a4 100644 --- a/host_vars/atropos.internal.showroom.run/rhel_storage.yml +++ b/host_vars/atropos.internal.showroom.run/rhel_storage.yml @@ -7,6 +7,6 @@ storage_pools: - sdb volumes: - name: awx_lv - size: "100 GB" - mount_point: "/var/lib/pgsql" + size: 100 GB + mount_point: /var/lib/pgsql state: present diff --git a/host_vars/atropos.internal.showroom.run/satellite_data.yml b/host_vars/atropos.internal.showroom.run/satellite_data.yml index b545057..9d918fa 100644 --- a/host_vars/atropos.internal.showroom.run/satellite_data.yml +++ b/host_vars/atropos.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap diff --git a/host_vars/clotho.internal.showroom.run/azure_vm_deploy.yml b/host_vars/clotho.internal.showroom.run/azure_vm_deploy.yml index a01be67..a8d8093 100644 --- a/host_vars/clotho.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/clotho.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_E2bs_v5" +azure_vm_deploy_vm_size: Standard_E2bs_v5 vm_tags: sequencestart: "4" sequencestop: "2" diff --git a/host_vars/clotho.internal.showroom.run/rhel_storage.yml b/host_vars/clotho.internal.showroom.run/rhel_storage.yml index b3399cc..0164bff 100644 --- a/host_vars/clotho.internal.showroom.run/rhel_storage.yml +++ b/host_vars/clotho.internal.showroom.run/rhel_storage.yml @@ -7,6 +7,6 @@ storage_pools: - sdb volumes: - name: awx_lv - size: "20 GB" - mount_point: "/var/lib/awx" + size: 20 GB + mount_point: /var/lib/awx state: present diff --git a/host_vars/clotho.internal.showroom.run/satellite_data.yml b/host_vars/clotho.internal.showroom.run/satellite_data.yml index b545057..9d918fa 100644 --- a/host_vars/clotho.internal.showroom.run/satellite_data.yml +++ b/host_vars/clotho.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap diff --git a/host_vars/demeter.internal.showroom.run/azure_vm_deploy.yml b/host_vars/demeter.internal.showroom.run/azure_vm_deploy.yml index b3b87bb..c66d742 100644 --- a/host_vars/demeter.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/demeter.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_D2s_v4" +azure_vm_deploy_vm_size: Standard_D2s_v4 vm_tags: sequencestart: "1" sequencestop: "5" diff --git a/host_vars/demeter.internal.showroom.run/satellite_data.yml b/host_vars/demeter.internal.showroom.run/satellite_data.yml index 9bde5bc..1a0e6e1 100644 --- a/host_vars/demeter.internal.showroom.run/satellite_data.yml +++ b/host_vars/demeter.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4 diff --git a/host_vars/hermes.internal.showroom.run/azure_vm_deploy.yml b/host_vars/hermes.internal.showroom.run/azure_vm_deploy.yml index 3dccc60..6836f6c 100644 --- a/host_vars/hermes.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/hermes.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_E2bs_v5" +azure_vm_deploy_vm_size: Standard_E2bs_v5 vm_tags: sequencestart: "3" sequencestop: "3" diff --git a/host_vars/hermes.internal.showroom.run/satellite_data.yml b/host_vars/hermes.internal.showroom.run/satellite_data.yml index 9bde5bc..1a0e6e1 100644 --- a/host_vars/hermes.internal.showroom.run/satellite_data.yml +++ b/host_vars/hermes.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4 diff --git a/host_vars/hestia.internal.showroom.run/azure_vm_deploy.yml b/host_vars/hestia.internal.showroom.run/azure_vm_deploy.yml index b3b87bb..c66d742 100644 --- a/host_vars/hestia.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/hestia.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_D2s_v4" +azure_vm_deploy_vm_size: Standard_D2s_v4 vm_tags: sequencestart: "1" sequencestop: "5" diff --git a/host_vars/hestia.internal.showroom.run/satellite_data.yml b/host_vars/hestia.internal.showroom.run/satellite_data.yml index 9bde5bc..1a0e6e1 100644 --- a/host_vars/hestia.internal.showroom.run/satellite_data.yml +++ b/host_vars/hestia.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4 diff --git a/host_vars/juno.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/juno.internal.showroom.run/satellite_vm_deploy.yml index 68fcdca..016f3c9 100644 --- a/host_vars/juno.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/juno.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_dev/hg_intranet/hg_rhel9.3" +satellite_host_deploy_hostgroup: hg_work_dev/hg_intranet/hg_rhel9.3 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-93" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-93 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/jupiter.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/jupiter.internal.showroom.run/satellite_vm_deploy.yml index ac37046..16ce697 100644 --- a/host_vars/jupiter.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/jupiter.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_dev/hg_intranet/hg_rhel8.9" +satellite_host_deploy_hostgroup: hg_work_dev/hg_intranet/hg_rhel8.9 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-89" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-89 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/lachesis.internal.showroom.run/azure_vm_deploy.yml b/host_vars/lachesis.internal.showroom.run/azure_vm_deploy.yml index f11465e..439bc5c 100644 --- a/host_vars/lachesis.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/lachesis.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_D2s_v4" +azure_vm_deploy_vm_size: Standard_D2s_v4 vm_tags: sequencestart: "4" sequencestop: "2" diff --git a/host_vars/lachesis.internal.showroom.run/rhel_storage.yml b/host_vars/lachesis.internal.showroom.run/rhel_storage.yml index 2c9f3b6..94fec4d 100644 --- a/host_vars/lachesis.internal.showroom.run/rhel_storage.yml +++ b/host_vars/lachesis.internal.showroom.run/rhel_storage.yml @@ -7,6 +7,6 @@ storage_pools: - sdb volumes: - name: pah_lv - size: "50 GB" - mount_point: "/var/lib/pulp" + size: 50 GB + mount_point: /var/lib/pulp state: present diff --git a/host_vars/lachesis.internal.showroom.run/satellite_data.yml b/host_vars/lachesis.internal.showroom.run/satellite_data.yml index b545057..9d918fa 100644 --- a/host_vars/lachesis.internal.showroom.run/satellite_data.yml +++ b/host_vars/lachesis.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4/hg_aap diff --git a/host_vars/mercury.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/mercury.internal.showroom.run/satellite_vm_deploy.yml index 3d7f5ab..833a29e 100644 --- a/host_vars/mercury.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/mercury.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_qa/hg_intranet/hg_rhel9.3" +satellite_host_deploy_hostgroup: hg_work_qa/hg_intranet/hg_rhel9.3 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-93" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-93 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/minerva.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/minerva.internal.showroom.run/satellite_vm_deploy.yml index de04d46..556803e 100644 --- a/host_vars/minerva.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/minerva.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_qa/hg_intranet/hg_rhel8.9" +satellite_host_deploy_hostgroup: hg_work_qa/hg_intranet/hg_rhel8.9 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-89" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-89 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/neptune.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/neptune.internal.showroom.run/satellite_vm_deploy.yml index c13efa0..e769c0a 100644 --- a/host_vars/neptune.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/neptune.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_prod/hg_intranet/hg_rhel8.9" +satellite_host_deploy_hostgroup: hg_work_prod/hg_intranet/hg_rhel8.9 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-89" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-89 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/poseidon.internal.showroom.run/azure_vm_deploy.yml b/host_vars/poseidon.internal.showroom.run/azure_vm_deploy.yml index f8135c9..04644b3 100644 --- a/host_vars/poseidon.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/poseidon.internal.showroom.run/azure_vm_deploy.yml @@ -1,5 +1,5 @@ --- -azure_vm_deploy_vm_size: "Standard_B2s" +azure_vm_deploy_vm_size: Standard_B2s vm_tags: sequencestart: "3" sequencestop: "3" diff --git a/host_vars/poseidon.internal.showroom.run/post_config.yml b/host_vars/poseidon.internal.showroom.run/post_config.yml index afea7bc..56b334a 100644 --- a/host_vars/poseidon.internal.showroom.run/post_config.yml +++ b/host_vars/poseidon.internal.showroom.run/post_config.yml @@ -1,6 +1,6 @@ --- rh_offline_tokens: - - name: "rhsm_offline_token" + - name: rhsm_offline_token value: "{{ satellite_rhsm_offline_token }}" - - name: "automation_hub_offline_token" + - name: automation_hub_offline_token value: "{{ rh_automation_hub_offline_token }}" diff --git a/host_vars/poseidon.internal.showroom.run/satellite_data.yml b/host_vars/poseidon.internal.showroom.run/satellite_data.yml index 9bde5bc..1a0e6e1 100644 --- a/host_vars/poseidon.internal.showroom.run/satellite_data.yml +++ b/host_vars/poseidon.internal.showroom.run/satellite_data.yml @@ -1,2 +1,2 @@ --- -satellite_hostgroup: "hg_mgmt_dev/hg_intranet/hg_rhel9.4" +satellite_hostgroup: hg_mgmt_dev/hg_intranet/hg_rhel9.4 diff --git a/host_vars/uranus.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/uranus.internal.showroom.run/satellite_vm_deploy.yml index 740fc02..fe30aa0 100644 --- a/host_vars/uranus.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/uranus.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_dev/hg_intranet/hg_rhel8.10" +satellite_host_deploy_hostgroup: hg_work_dev/hg_intranet/hg_rhel8.10 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-8.10" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-8.10 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/venus.internal.showroom.run/satellite_vm_deploy.yml b/host_vars/venus.internal.showroom.run/satellite_vm_deploy.yml index 8696d8e..f8c421b 100644 --- a/host_vars/venus.internal.showroom.run/satellite_vm_deploy.yml +++ b/host_vars/venus.internal.showroom.run/satellite_vm_deploy.yml @@ -1,11 +1,11 @@ --- satellite_host_deploy: true -satellite_host_deploy_hostgroup: "hg_work_prod/hg_intranet/hg_rhel9.3" +satellite_host_deploy_hostgroup: hg_work_prod/hg_intranet/hg_rhel9.3 satellite_host_deploy_compute_attributes: - vm_size: "Standard_B1ms" - tags: "sequencestart=1,sequencestop=5" + vm_size: Standard_B1ms + tags: sequencestart=1,sequencestop=5 satellite_host_deploy_organization: "{{ hostvars[groups['satellite'][0]]['satellite_organization'] }}" -satellite_host_deploy_location: "Intranet" -satellite_host_deploy_compute_resource: "Azure_Workload" -satellite_host_deploy_image: "image-rhel-93" -satellite_host_compute_profile: "Azure-Intranet-Workload-Default-VM" +satellite_host_deploy_location: Intranet +satellite_host_deploy_compute_resource: Azure_Workload +satellite_host_deploy_image: image-rhel-93 +satellite_host_compute_profile: Azure-Intranet-Workload-Default-VM diff --git a/host_vars/zeus.internal.showroom.run/azure_vm_deploy.yml b/host_vars/zeus.internal.showroom.run/azure_vm_deploy.yml index 883da60..c109901 100644 --- a/host_vars/zeus.internal.showroom.run/azure_vm_deploy.yml +++ b/host_vars/zeus.internal.showroom.run/azure_vm_deploy.yml @@ -1,4 +1,4 @@ --- -azure_vm_deploy_vm_size: "Standard_D2s_v4" +azure_vm_deploy_vm_size: Standard_D2s_v4 vm_tags: ssv2excludevm: "true" diff --git a/inventory.yml b/inventory.yml index fdcef8f..17d55b2 100644 --- a/inventory.yml +++ b/inventory.yml @@ -20,7 +20,6 @@ mgmt_intra: children: rootca: github_runner: - work: children: work_intra: @@ -42,7 +41,6 @@ work_intra: children: workload_servers_intra_prod_rhel8: workload_servers_intra_prod_rhel9: - # work_dmz: # children: # mgmt_tools_dmz: @@ -70,36 +68,35 @@ work_intra: # Bastion bastion: hosts: - hermes.internal.showroom.run: # bastion host + hermes.internal.showroom.run: # bastion host ansible_host: hermes.showroom.run # Misc rootca: hosts: - zeus.internal.showroom.run: # rootCA + zeus.internal.showroom.run: # rootCA github_runner: hosts: - poseidon.internal.showroom.run: # self-hosted github runner + poseidon.internal.showroom.run: # self-hosted github runner # IDM ipaserver: hosts: - athena.internal.showroom.run: # idm primary server + athena.internal.showroom.run: # idm primary server ipareplicas: hosts: - hestia.internal.showroom.run: # idm replica server - demeter.internal.showroom.run: # idm hidden replica server + hestia.internal.showroom.run: # idm replica server + demeter.internal.showroom.run: # idm hidden replica server ipahidden: hosts: demeter.internal.showroom.run: - # Satellite satellite: hosts: - aphrodite.internal.showroom.run: # satellite + aphrodite.internal.showroom.run: # satellite # satellite_dmz: # hosts: @@ -112,46 +109,45 @@ aap: aap_controller: hosts: - clotho.internal.showroom.run: # aap controller + clotho.internal.showroom.run: # aap controller aap_pah: hosts: - lachesis.internal.showroom.run: # aap pah + lachesis.internal.showroom.run: # aap pah aap_db: hosts: - atropos.internal.showroom.run: # aap db + atropos.internal.showroom.run: # aap db aap_execution_node_intra: hosts: - achilles.internal.showroom.run: # aap intra execution node + achilles.internal.showroom.run: # aap intra execution node # Workloads_intra workload_servers_intra_dev_rhel8: hosts: - jupiter.internal.showroom.run: # rhel8.9 - uranus.internal.showroom.run: # rhel8.10 + jupiter.internal.showroom.run: # rhel8.9 + uranus.internal.showroom.run: # rhel8.10 workload_servers_intra_dev_rhel9: hosts: - juno.internal.showroom.run: # rhel9.3 + juno.internal.showroom.run: # rhel9.3 workload_servers_intra_qa_rhel8: hosts: - minerva.internal.showroom.run: # rhel8.9 + minerva.internal.showroom.run: # rhel8.9 workload_servers_intra_qa_rhel9: hosts: - mercury.internal.showroom.run: # rhel9.3 + mercury.internal.showroom.run: # rhel9.3 workload_servers_intra_prod_rhel8: hosts: - neptune.internal.showroom.run: # rhel8.9 + neptune.internal.showroom.run: # rhel8.9 workload_servers_intra_prod_rhel9: hosts: - venus.internal.showroom.run: # rhel9.3 - + venus.internal.showroom.run: # rhel9.3 # Workloads_dmz # workload_servers_intra_dev_rhel8: