79 lines
2 KiB
YAML
79 lines
2 KiB
YAML
---
|
|
- name: Deploy and update the FreeIPA servers
|
|
hosts:
|
|
- ipaservers
|
|
vars:
|
|
# Required for FreeIPA setup
|
|
baseline_epel_packages_allowed:
|
|
- certbot
|
|
- python3-certbot
|
|
- python3-pyrfc3339
|
|
- python3-parsedatetime
|
|
- python3-josepy
|
|
- python3-importlib-metadata
|
|
- python3-configargparse
|
|
- python3-acme
|
|
- python3-zipp
|
|
- python3-pyOpenSSL
|
|
- node-exporter
|
|
rhel9cis_dns_server: true
|
|
rhel9cis_httpd_server: true
|
|
# TODO: Restricted umask breaks FreeIPA roles
|
|
rhel9cis_rule_5_4_2_6: false
|
|
rhel9cis_rule_5_4_3_3: false
|
|
roles:
|
|
- role: sr2c.core.baseline
|
|
baseline_epel_packages_allowed:
|
|
- node-exporter
|
|
tags: bootstrap
|
|
- role: sr2c.core.freeipa
|
|
become: true
|
|
tags: freeipa
|
|
- role: sr2c.core.node_exporter
|
|
tags: prometheus
|
|
|
|
- name: Deploy and update the Keycloak server
|
|
hosts:
|
|
- keycloak
|
|
become: true
|
|
roles:
|
|
- role: sr2c.core.baseline
|
|
baseline_epel_packages_allowed:
|
|
- node-exporter
|
|
tags: bootstrap
|
|
- role: freeipa.ansible_freeipa.ipaclient
|
|
state: present
|
|
tags: bootstrap
|
|
- role: sr2c.core.podman_keycloak
|
|
tags: keycloak
|
|
- role: sr2c.core.node_exporter
|
|
tags: prometheus
|
|
|
|
- name: Deploy and update the Prometheus server
|
|
hosts:
|
|
- prometheus
|
|
roles:
|
|
- role: sr2c.core.baseline
|
|
vars:
|
|
baseline_epel_packages_allowed:
|
|
- node-exporter
|
|
tags: bootstrap
|
|
- role: freeipa.ansible_freeipa.ipaclient
|
|
become: true
|
|
state: present
|
|
tags: bootstrap
|
|
- role: sr2c.core.node_exporter
|
|
tags: prometheus
|
|
- role: sr2c.core.podman_prometheus
|
|
tags: prometheus
|
|
|
|
- name: Baseline for generic servers (manual or externally managed application deployment)
|
|
hosts:
|
|
- generic
|
|
roles:
|
|
- role: sr2c.core.baseline
|
|
baseline_epel_packages_allowed:
|
|
- node-exporter
|
|
tags: bootstrap
|
|
- role: sr2c.core.node_exporter
|
|
tags: prometheus
|