feat(services): rename playbook to just services

2025-12-22 11:06:35 +00:00 · 2025-12-22 11:06:35 +00:00 · 0d9e5052ab
commit 0d9e5052ab
parent 84e83df428
1 changed files with 32 additions and 1 deletions
--- a/playbooks/services.yml
+++ b/playbooks/services.yml
@ -0,0 +1,79 @@
+---
+- name: Deploy and update the FreeIPA servers
+  hosts:
+    - ipaservers
+  vars:
+    # Required for FreeIPA setup
+    baseline_epel_packages_allowed:
+      - certbot
+      - python3-certbot
+      - python3-pyrfc3339
+      - python3-parsedatetime
+      - python3-josepy
+      - python3-importlib-metadata
+      - python3-configargparse
+      - python3-acme
+      - python3-zipp
+      - python3-pyOpenSSL
+      - node-exporter
+    rhel9cis_dns_server: true
+    rhel9cis_httpd_server: true
+    # TODO: Restricted umask breaks FreeIPA roles
+    rhel9cis_rule_5_4_2_6: false
+    rhel9cis_rule_5_4_3_3: false
+  roles:
+    - role: sr2c.core.baseline
+      baseline_epel_packages_allowed:
+        - node-exporter
+      tags: bootstrap
+    - role: sr2c.core.freeipa
+      become: true
+      tags: freeipa
+    - role: sr2c.core.node_exporter
+      tags: prometheus
+
+- name: Deploy and update the Keycloak server
+  hosts:
+    - keycloak
+  become: true
+  roles:
+    - role: sr2c.core.baseline
+      baseline_epel_packages_allowed:
+        - node-exporter
+      tags: bootstrap
+    - role: freeipa.ansible_freeipa.ipaclient
+      state: present
+      tags: bootstrap
+    - role: sr2c.core.podman_keycloak
+      tags: keycloak
+    - role: sr2c.core.node_exporter
+      tags: prometheus
+
+- name: Deploy and update the Prometheus server
+  hosts:
+    - prometheus
+  roles:
+    - role: sr2c.core.baseline
+      vars:
+        baseline_epel_packages_allowed:
+          - node-exporter
+      tags: bootstrap
+    - role: freeipa.ansible_freeipa.ipaclient
+      become: true
+      state: present
+      tags: bootstrap
+    - role: sr2c.core.node_exporter
+      tags: prometheus
+    - role: sr2c.core.podman_prometheus
+      tags: prometheus
+
+- name: Baseline for generic servers (manual or externally managed application deployment)
+  hosts:
+    - generic
+  roles:
+    - role: sr2c.core.baseline
+      baseline_epel_packages_allowed:
+        - node-exporter
+      tags: bootstrap
+    - role: sr2c.core.node_exporter
+      tags: prometheus