diff --git a/inventory/group_vars/all/vars.yml b/inventory/group_vars/all/vars.yml index f9a6bbb..f794439 100644 --- a/inventory/group_vars/all/vars.yml +++ b/inventory/group_vars/all/vars.yml @@ -9,4 +9,5 @@ net_allow: [] primary_machine: "{{ groups.automationcontroller[0] }}" secondary_machine: "{{ groups.automationhub[0] }}" registry_url: 192.168.56.12.nip.io -tower_validate_certs: false +aap_validate_certs: false +ansible_user: vagrant diff --git a/roles/aap/tasks/main.yml b/roles/aap/tasks/main.yml index 1c5427d..4053054 100644 --- a/roles/aap/tasks/main.yml +++ b/roles/aap/tasks/main.yml @@ -68,7 +68,7 @@ dest: "{{ aap_tmp_dir }}" creates: "{{ aap_tmp_dir ~ aap_setup_dir }}" -- name: Create ansible.cfg +- name: Create ansible.cfg for setup.sh delegate_to: "{{ groups.automationcontroller[0] }}" run_once: true ansible.builtin.template: @@ -76,13 +76,6 @@ dest: "{{ aap_tmp_dir ~ aap_setup_dir }}/ansible.cfg" mode: 0644 -- name: Create /var/log/tower directory - become: true - ansible.builtin.file: - path: /var/log/tower/ - mode: 0755 - state: directory - - name: Place inventory file for setup.sh delegate_to: "{{ groups.automationcontroller[0] }}" run_once: true @@ -91,7 +84,14 @@ dest: "{{ aap_tmp_dir ~ aap_setup_dir }}/inventory" mode: 0644 -- name: Declare variable for tower_state +- name: Create log directory + become: true + ansible.builtin.file: + path: /var/log/tower/ + mode: 0755 + state: directory + +- name: Declare variable aap_controller_state ansible.builtin.set_fact: aap_controller_state: 'unknown' @@ -99,7 +99,7 @@ no_log: true ansible.builtin.service_facts: -- name: Set tower_state fact +- name: Set aap_controller_state fact ansible.builtin.set_fact: aap_controller_state: "{{ ansible_facts.services['automation-controller.service']['state'] }}" when: ansible_facts.services['automation-controller.service'] is defined @@ -147,7 +147,8 @@ - name: Verify API URL ansible.builtin.uri: url: "https://{{ primary_machine }}/api" - validate_certs: "{{ tower_validate_certs }}" + validate_certs: "{{ aap_validate_certs }}" status_code: 200 when: role is defined + ... diff --git a/roles/aap/templates/ansible.cfg.j2 b/roles/aap/templates/ansible.cfg.j2 index e5966f1..901e17f 100644 --- a/roles/aap/templates/ansible.cfg.j2 +++ b/roles/aap/templates/ansible.cfg.j2 @@ -1,4 +1,4 @@ [defaults] -remote_user = vagrant +remote_user = {{ ansible_user }} host_key_checking = False remote_tmp = /usr/local/tmp/${USER}/ansible diff --git a/roles/rhel8_fixes/tasks/main.yml b/roles/rhel8_fixes/tasks/main.yml index bc4271b..c815e3c 100644 --- a/roles/rhel8_fixes/tasks/main.yml +++ b/roles/rhel8_fixes/tasks/main.yml @@ -102,14 +102,6 @@ path: /etc/sudoers.d/vagrant register: vagrant_sudoers -- name: Enforce a sudo password - when: vagrant_sudoers.stat.exists - ansible.builtin.lineinfile: - path: /etc/sudoers.d/vagrant - regexp: '^vagrant' - line: 'vagrant ALL=(ALL) ALL' - validate: 'visudo -cf %s' - - name: Check that the /etc/usbguard/rules.conf exists ansible.builtin.stat: path: /etc/usbguard/rules.conf @@ -129,3 +121,11 @@ mode: '0600' notify: Enable usbguard when: policy_file.stat.size | int == 0 + +- name: Enforce a sudo password + when: vagrant_sudoers.stat.exists + ansible.builtin.lineinfile: + path: /etc/sudoers.d/vagrant + regexp: '^vagrant' + line: 'vagrant ALL=(ALL) ALL' + validate: 'visudo -cf %s'