fixes

playingfield · Oct 18, 2022 · ea14ccd · ea14ccd
1 parent 11ed7d9
commit ea14ccd
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 21 deletions.
diff --git a/inventory/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml
@@ -9,4 +9,5 @@ net_allow: []
 primary_machine: "{{ groups.automationcontroller[0] }}"
 secondary_machine: "{{ groups.automationhub[0] }}"
 registry_url: 192.168.56.12.nip.io
-tower_validate_certs: false
+aap_validate_certs: false
+ansible_user: vagrant
diff --git a/roles/aap/tasks/main.yml b/roles/aap/tasks/main.yml
@@ -68,21 +68,14 @@
     dest: "{{ aap_tmp_dir }}"
     creates: "{{ aap_tmp_dir ~ aap_setup_dir }}"
 
-- name: Create ansible.cfg
+- name: Create ansible.cfg for setup.sh
   delegate_to: "{{ groups.automationcontroller[0] }}"
   run_once: true
   ansible.builtin.template:
     src: "ansible.cfg.j2"
     dest: "{{ aap_tmp_dir ~ aap_setup_dir }}/ansible.cfg"
     mode: 0644
 
-- name: Create /var/log/tower directory
-  become: true
-  ansible.builtin.file:
-    path: /var/log/tower/
-    mode: 0755
-    state: directory
-
 - name: Place inventory file for setup.sh
   delegate_to: "{{ groups.automationcontroller[0] }}"
   run_once: true
@@ -91,15 +84,22 @@
     dest: "{{ aap_tmp_dir ~ aap_setup_dir }}/inventory"
     mode: 0644
 
-- name: Declare variable for tower_state
+- name: Create log directory
+  become: true
+  ansible.builtin.file:
+    path: /var/log/tower/
+    mode: 0755
+    state: directory
+
+- name: Declare variable aap_controller_state
   ansible.builtin.set_fact:
     aap_controller_state: 'unknown'
 
 - name: Check which services are running
   no_log: true
   ansible.builtin.service_facts:
 
-- name: Set tower_state fact
+- name: Set aap_controller_state fact
   ansible.builtin.set_fact:
     aap_controller_state: "{{ ansible_facts.services['automation-controller.service']['state'] }}"
   when: ansible_facts.services['automation-controller.service'] is defined
@@ -147,7 +147,8 @@
     - name: Verify API URL
       ansible.builtin.uri:
         url: "https://{{ primary_machine }}/api"
-        validate_certs: "{{ tower_validate_certs }}"
+        validate_certs: "{{ aap_validate_certs }}"
         status_code: 200
   when: role is defined
+
 ...
diff --git a/roles/aap/templates/ansible.cfg.j2 b/roles/aap/templates/ansible.cfg.j2
@@ -1,4 +1,4 @@
 [defaults]
-remote_user = vagrant
+remote_user = {{ ansible_user }}
 host_key_checking = False
 remote_tmp = /usr/local/tmp/${USER}/ansible
diff --git a/roles/rhel8_fixes/tasks/main.yml b/roles/rhel8_fixes/tasks/main.yml
@@ -102,14 +102,6 @@
     path: /etc/sudoers.d/vagrant
   register: vagrant_sudoers
 
-- name: Enforce a sudo password
-  when: vagrant_sudoers.stat.exists
-  ansible.builtin.lineinfile:
-    path: /etc/sudoers.d/vagrant
-    regexp: '^vagrant'
-    line: 'vagrant ALL=(ALL) ALL'
-    validate: 'visudo -cf %s'
-
 - name: Check that the /etc/usbguard/rules.conf exists
   ansible.builtin.stat:
     path: /etc/usbguard/rules.conf
@@ -129,3 +121,11 @@
         mode: '0600'
         notify: Enable usbguard
   when: policy_file.stat.size | int == 0
+
+- name: Enforce a sudo password
+  when: vagrant_sudoers.stat.exists
+  ansible.builtin.lineinfile:
+    path: /etc/sudoers.d/vagrant
+    regexp: '^vagrant'
+    line: 'vagrant ALL=(ALL) ALL'
+    validate: 'visudo -cf %s'