Merge pull request #44 from bgraef/main

add bits for olam ipa and oci collection labs
oracle-devrel · Dec 11, 2024 · 2c12407 · 2c12407
2 parents 5b802d6 + fea2cf7
commit 2c12407
Show file tree

Hide file tree

Showing 8 changed files with 187 additions and 31 deletions.
diff --git a/olam/create_instance.yml b/olam/create_instance.yml
@@ -304,7 +304,10 @@
 
     - name: Configure instance
       ansible.builtin.include_tasks: "host_setup.yml"
-      when: inventory_hostname in groups['control']
+      when: >-
+        inventory_hostname in
+          groups['control']|default([])
+          + groups['server']|default([])
 
     - name: Configure passwordless SSH
       ansible.builtin.include_tasks: "olam_passwordless_setup.yml"
@@ -316,21 +319,29 @@
           - ansible-core
         state: present
       when:
-        - inventory_hostname in groups['control']
+        - inventory_hostname in groups['control']|default([])
         - use_olae_only
 
     - name: Install Oracle Linux Automation Manager
-      ansible.builtin.include_tasks: deploy-olam-tasks.yml
+      ansible.builtin.include_tasks: deploy_olam_tasks.yml
       vars:
         control_node_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}"
       when:
-        - inventory_hostname in groups['control']
+        - inventory_hostname in groups['control']|default([])
         - olam_single_host
 
 - name: Update all rpm packages
   ansible.builtin.import_playbook: update_all_rpms.yml
   when: update_all
 
+- name: Install free ipa server
+  ansible.builtin.import_playbook: deploy_free_ipa.yml
+  when: use_freeipa
+
+- name: Install git server
+  ansible.builtin.import_playbook: deploy_git_server.yml
+  when: use_git
+
 - name: Print instances
   hosts: all
   become: true

diff --git a/olam/default_vars.yml b/olam/default_vars.yml
@@ -21,4 +21,6 @@ block_count: 1
 update_all: false
 passwordless_ssh: true
 olam_single_host: false
-use_olae_only: false
+use_olae_only: false
+use_freeipa: false
+use_git: false
diff --git a/olam/deploy_free_ipa.yml b/olam/deploy_free_ipa.yml
@@ -0,0 +1,69 @@
+---
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
+# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
+# See LICENSE.TXT for details.
+
+- name: Setup freeipa server using a role
+  hosts: ipa-server
+  become: true
+  vars:
+    ipaserver_domain: "{{ ansible_domain }}"
+    ipaserver_realm: "{{ ansible_domain|upper }}"
+    ipaserver_setup_dns: false
+    ipaadmin_password: ADMPassword1
+    ipadm_password: DMPassword1
+
+  roles:
+    - role: freeipa.ansible_freeipa.ipaserver
+      state: present
+
+# - name: Setup freeipa server manually on ol8
+#   hosts: ipa-server
+#   become: yes
+#   vars:
+#     ipaserver_domain: "{{ ansible_domain }}"
+#     ipaserver_realm: "{{ ansible_domain|upper }}"
+#     ipaserver_setup_dns: no
+#     ipaadmin_password: ADMPassword1
+#     ipadm_password: DMPassword1
+
+#   tasks:
+
+#   - name: Set firewall rules for freeipa
+#     ansible.posix.firewalld:
+#       zone: public
+#       service: "{{ item }}"
+#       permanent: yes
+#       state: enabled
+#       immediate: yes
+#     loop:
+#       - freeipa-4
+
+#   - name: Enable the idm DL1 module stream
+#     ansible.builtin.dnf:
+#       name: '@idm:DL1'
+#       state: present
+#     when:
+#       - ansible_distribution == 'OracleLinux' and ansible_distribution_major_version == '8'
+
+#   - name: Install freeipa packages and dependencies
+#     ansible.builtin.dnf:
+#       name:
+#         - ipa-server
+#       state: latest
+
+#   - name: Copy script
+#     ansible.builtin.template:
+#       src: templates/install.j2
+#       dest: /root/install.sh
+#       mode: '0755'
+
+#   - name: Install the freeipa server
+#     #ansible.builtin.shell: ipa-server-install -r {{ ipaserver_realm | quote }} -p {{ ipadm_password | quote }} -a {{ ipaadmin_password | quote }} -U
+#     shell: /root/install.sh
+#     register: freeipa_install
+
+#   - name: Output from freeipa install
+#     ansible.builtin.debug:
+#       msg: "{{ freeipa_install.stdout }}"
diff --git a/olam/deploy_git_server.yml b/olam/deploy_git_server.yml
@@ -0,0 +1,54 @@
+---
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
+# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
+# See LICENSE.TXT for details.
+
+- name: Configure a git server
+  hosts: git-server
+  become: true
+  vars:
+    ssh_key_params: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty "
+    private_key: "id_rsa"
+
+  tasks:
+
+    - name: Add git user
+      ansible.builtin.user:
+        name: git
+        comment: standard git user
+
+    - name: Set authorized key for git access using local pubilc key file
+      ansible.posix.authorized_key:
+        user: git
+        state: present
+        key: "{{ ssh_key_params ~ lookup('file', lookup('env', 'HOME') + '/.ssh/' + private_key + '.pub') }}"
+
+    - name: Install git
+      ansible.builtin.dnf:
+        name: git
+        state: present
+
+    - name: Create new repo on the git server
+      ansible.builtin.file:
+        path: /git-server/repos/hello-world.git
+        owner: git
+        group: git
+        state: directory
+        mode: "0755"
+
+    - name: Set git default branch
+      community.general.git_config:
+        name: init.defaultBranch
+        scope: global
+        value: main
+
+    - name: Initialize a bare repo
+      ansible.builtin.shell: |
+        git init --bare
+      args:
+        chdir: /git-server/repos/hello-world.git/
+      become: true
+      become_user: git
+      register: git_results
+      changed_when: git_results.rc != 0
diff --git a/olam/deploy-olam-tasks.yml → olam/deploy_olam_tasks.yml b/olam/deploy-olam-tasks.yml → olam/deploy_olam_tasks.yml
@@ -131,16 +131,24 @@
 - name: Disable Oracle Linux Automation Manager 1.0 repository
   community.general.ini_file:
     path: "/etc/yum.repos.d/oraclelinux-automation-manager-ol8.repo"
-    section: ol8_automation1
+    section: ol8_automation
     option: enabled
     value: "0"
     mode: '0644'
 
-- name: Enable Oracle Linux Automation Manager 2.0 repository
+- name: Disable Oracle Linux Automation Manager 2.0 repository
   community.general.ini_file:
     path: "/etc/yum.repos.d/oraclelinux-automation-manager-ol8.repo"
     section: ol8_automation2
     option: enabled
+    value: "0"
+    mode: '0644'
+
+- name: Enable Oracle Linux Automation Manager 2.2 repository
+  community.general.ini_file:
+    path: "/etc/yum.repos.d/oraclelinux-automation-manager-ol8.repo"
+    section: ol8_automation2.2
+    option: enabled
     value: "1"
     mode: '0644'
 

diff --git a/olam/requirements.yml b/olam/requirements.yml
@@ -7,26 +7,10 @@
 # roles:
 
 collections:
-  - name: https://github.com/ansible-collections/community.general.git
-    type: git
-    version: main
-
-  - name: https://github.com/ansible-collections/ansible.posix.git
-    type: git
-    version: main
-
-  - name: https://github.com/oracle/oci-ansible-collection.git
-    type: git
-    version: master
-
-  - name: https://github.com/ansible-collections/community.postgresql.git
-    type: git
-    version: main
-
-  - name: https://github.com/ansible-collections/community.crypto.git
-    type: git
-    version: main
-
-  - name: https://github.com/ansible-collections/community.libvirt.git
-    type: git
-    version: main
+  - ansible.posix
+  - community.general
+  - community.postgresql
+  - community.crypto
+  - freeipa.ansible_freeipa
+  - community.libvirt
+  - oracle.oci
diff --git a/olam/templates/ingress_security_rules.j2 b/olam/templates/ingress_security_rules.j2
@@ -11,4 +11,30 @@ instance_ingress_security_rules:
     tcp_options:
       destination_port_range:
         max: 22
-        min: 22
+        min: 22
+{% if use_freeipa %}
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 80
+        min: 80
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 443
+        min: 443
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 389
+        min: 389
+  - source: "10.0.0.0/24"
+    protocol: 6
+    tcp_options:
+      destination_port_range:
+        max: 636
+        min: 636
+{% endif %}
diff --git a/olam/templates/install_ipa.j2 b/olam/templates/install_ipa.j2
@@ -0,0 +1,2 @@
+#!/bin/bash
+/usr/sbin/ipa-server-install -r {{ ipaserver_realm | quote }} -p {{ ipadm_password | quote }} -a {{ ipaadmin_password | quote }} -U
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/bash
		/usr/sbin/ipa-server-install -r {{ ipaserver_realm \| quote }} -p {{ ipadm_password \| quote }} -a {{ ipaadmin_password \| quote }} -U