| | |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_secret_vars.yml" |
| | | roles: |
| | | - { role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion", when: 'install_bastion' } |
| | | - role: "{{ ANSIBLE_REPO_PATH }}/roles/bastion" |
| | | when: install_bastion|bool |
| | | tags: |
| | | - step004 |
| | | - bastion_tasks |
| | | |
| | | - name: Pre-software verification and ipa client |
| | | hosts: bastions |
| | | gather_facts: False |
| | | become: yes |
| | | tags: |
| | | - opentlc_bastion_tasks |
| | | vars_files: |
| | | - "{{ ANSIBLE_REPO_PATH }}/configs/{{ env_type }}/env_vars.yml" |
| | | tasks: |
| | | - name: install ipa client packages |
| | | yum: |
| | | name: "ipa-client" |
| | | state: present |
| | | when: "install_ipa_client" |
| | | - name: Register bastion with IPA |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
| | | when: "install_ipa_client" |
| | | - name: Add opentlc-access ipa group to sudoers.d |
| | | lineinfile: |
| | | path: /etc/sudoers.d/opentlc-sudoers |
| | | state: present |
| | | create: yes |
| | | line: '%opentlc-access ALL=(ALL) NOPASSWD: ALL' |
| | | validate: '/usr/sbin/visudo -cf %s' |
| | | |
| | | - name: PreSoftware flight-check |
| | | hosts: localhost |