fixes

playingfield · Oct 24, 2022 · a450e9c · a450e9c
1 parent 11c43cf
commit a450e9c
Show file tree

Hide file tree

Showing 8 changed files with 84 additions and 35 deletions.
diff --git a/Vagrantfile b/Vagrantfile
@@ -18,12 +18,12 @@ Vagrant.configure(2) do |config|
   config.hostmanager.include_offline = true
   N = 3
   (1..N).each do |server_id|
-    config.vm.define "server0#{server_id}" do |server|
-      server.vm.hostname = "server0#{server_id}"
+    config.vm.define "192.168.56.1#{server_id}" do |server|
+      server.vm.hostname = "192.168.56.1#{server_id}.nip.io"
       server.vm.network "private_network", ip: "192.168.56.1#{server_id}"
       server.vm.synced_folder "/Users/Shared", "/vagrant", id: "vagrant-root", disabled: false
       server.vm.provider "virtualbox" do |virtualbox|
-        virtualbox.name = "server0#{server_id}"
+        virtualbox.name = "192.168.56.1#{server_id}.nip.io"
         virtualbox.gui = false
         # Boot order setting is ignored if EFI is enabled
         # https://www.virtualbox.org/ticket/19364

diff --git a/auth-setup.yml b/auth-setup.yml
@@ -12,12 +12,8 @@
     cfg: "-k --conf.host https://{{ awx_host }} --conf.user {{ awx_user | default('admin', true) }}"
 
   pre_tasks:
-    - name: Install collections
-      changed_when: true
-      # yamllint disable-line rule:line-length
-      ansible.builtin.command: "ansible-galaxy collection install -f -p collections -r collections/requirements.yml"
 
-    - name: Login to Tower
+    - name: Login to controller
       no_log: false
       changed_when: false
       ansible.builtin.command: "awx {{ cfg }} --conf.password {{ admin_password }} -k login"

diff --git a/inventory/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml
@@ -8,6 +8,6 @@ net_allow: []
 
 primary_machine: "{{ groups.automationcontroller[0] }}"
 secondary_machine: "{{ groups.automationhub[0] }}"
-registry_url: 192.168.56.12.nip.io
+registry_url: registry.redhat.com
 aap_validate_certs: false
 ansible_user: vagrant
diff --git a/inventory/group_vars/all/vault b/inventory/group_vars/all/vault
@@ -4,5 +4,5 @@ vault_postgres_pass: 'Do_not_use_special_characters_in_pg_password_as_it_may_cau
 vault_hub_admin_pass: 'IT-audited?'
 vault_hub_pg_pass: 'database_password'
 redis_password: 'IT-audited?'
-registry_username: registry_user
-registry_password: registry_password
+registry_username: "{{ lookup('env','RHN_USER') }}"
+registry_password: "{{ lookup('env','RHN_PASS') }}"
diff --git a/inventory/hosts b/inventory/hosts
@@ -11,13 +11,13 @@ automationhub
 automationcontroller
 
 [database]
-server01 ansible_ssh_host=192.168.56.10.nip.io
+192.168.56.11.nip.io
 
 [automationhub]
-server02 ansible_ssh_host=192.168.56.12.nip.io
+192.168.56.12.nip.io
 
 [automationcontroller]
-server01 ansible_ssh_host=192.168.56.11.nip.io role=primary
+192.168.56.11.nip.io role=primary
 
 [other]
-server03 ansible_ssh_host=192.168.56.13.nip.io
+192.168.56.13.nip.io
diff --git a/kickstart/ks.cfg b/kickstart/ks.cfg
@@ -42,11 +42,11 @@ logvol / --fstype=xfs --name=lv_root --vgname=vgsys --size=16384 --grow
 # CCE-26557-9: Ensure /home Located On Separate Partition
 logvol /home --fstype=xfs --name=lv_home --vgname=vgsys --size=16384 --fsoptions="nodev" --grow
 # CCE-26435-8: Ensure /tmp Located On Separate Partition
-logvol /tmp --fstype=xfs --name=lv_tmp --vgname=vgsys --size=1024 --fsoptions="nodev,noexec,nosuid"
+logvol /tmp --fstype=xfs --name=lv_tmp --vgname=vgsys --size=2048 --fsoptions="nodev,noexec,nosuid"
 # CCE-26639-5: Ensure /var Located On Separate Partition
-logvol /var --fstype=xfs --name=lv_var --vgname=vgsys --size=4096 --fsoptions="nodev" --grow
+logvol /var --fstype=xfs --name=lv_var --vgname=vgsys --size=10240 --fsoptions="nodev" --grow
 # Ensure /var/tmp Located On Separate Partition
-logvol /var/tmp --fstype=xfs --name=lv_vartmp --vgname=vgsys --size=1024 --fsoptions="nodev,noexec,nosuid"
+logvol /var/tmp --fstype=xfs --name=lv_vartmp --vgname=vgsys --size=10240 --fsoptions="nodev,noexec,nosuid"
 # CCE-26215-4: Ensure /var/log Located On Separate Partition
 logvol /var/log --fstype=xfs --name=lv_log --vgname=vgsys --size=2048 --fsoptions="nodev,nosuid,noexec"
 # CCE-26436-6: Ensure /var/log/audit Located On Separate Partition

diff --git a/rhel8.pkr.hcl b/rhel8.pkr.hcl
@@ -47,7 +47,7 @@ source "virtualbox-iso" "rhel8" {
   usb                    = true
   vboxmanage = [
     [ "modifyvm", "{{.Name}}", "--firmware", "EFI" ],
-    [ "modifyvm", "{{.Name}}", "--usbehci", "true" ],
+    [ "modifyvm", "{{.Name}}", "--usbehci", "on" ],
   ]
   virtualbox_version_file= ".vbox_version"
   vrdp_bind_address      = "0.0.0.0"

diff --git a/vagrant-playbook.yml b/vagrant-playbook.yml
@@ -36,19 +36,72 @@
       ansible.builtin.include_role:
         name: aap
 
-- name: Compliance
-  hosts: aap
-  become: true
-  gather_facts: true
-  tags: [comply]
-  post_tasks:
-    - name: Enforce compliance settings
-      ansible.builtin.include_role:
-        name: grace_period
-        tasks_from: absent
-    - name: Configure time
-      ansible.builtin.include_role:
-        name: chrony
-    - name: Improve compliance settings
-      ansible.builtin.include_role:
-        name: rhel8_fixes
+- name: Configure Local Authentication
+  hosts: localhost
+  become: false
+  gather_facts: false
+
+  vars:
+    awx_host: "{{ groups.automationcontroller[0] }}"
+    # yamllint disable-line rule:line-length
+    cfg: "-k --conf.host https://{{ awx_host }} --conf.user {{ awx_user | default('admin', true) }}"
+
+  pre_tasks:
+    - name: Install collections
+      changed_when: true
+      # yamllint disable-line rule:line-length
+      ansible.builtin.command: "ansible-galaxy collection install -r collections/requirements.yml"
+
+    - name: Login to Tower
+      no_log: false
+      changed_when: false
+      ansible.builtin.command: "awx {{ cfg }} --conf.password {{ admin_password }} -k login"
+      register: awx_login
+
+    - name: Set awx_token
+      ansible.builtin.set_fact:
+        awx_token: "{{ awx_login.stdout | from_json | json_query('token') }}"
+
+    - name: Create ~/.tower_cli.cfg
+      ansible.builtin.template:
+        src: tower_cli.cfg
+        dest: "~/.tower_cli.cfg"
+        mode: 0600
+
+- name: Configure Ansible Controller post installation
+  hosts: localhost
+  connection: local
+  vars_files:
+    - configs/controller_auth.yml
+  collections:
+    - awx.awx
+    - redhat_cop.controller_configuration
+
+  pre_tasks:
+
+    - name: Wait for Controller to come up
+      ansible.builtin.uri:
+        url: "https://{{ controller_hostname }}/api/v2/ping"
+        status_code: 200
+        validate_certs: "{{ controller_validate_certs }}"
+      register: result
+      until: result.status == 200
+      retries: 20
+      delay: 30
+      ignore_errors: true
+
+    - name: Sleep for 10 seconds and allow awx to come up.
+      ansible.builtin.wait_for:
+        timeout: 10
+      delegate_to: localhost
+
+    - name: Include vars from configs directory
+      ansible.builtin.include_vars:
+        dir: ./configs
+        ignore_files: [controller_auth.yml]
+        extensions: ["yml"]
+      tags:
+        - always
+
+  roles:
+    - dispatch  # The dispatch role calls all of the other roles.