diff --git a/choose_demo.yml b/choose_demo.yml index 9038f67..0769ac3 100644 --- a/choose_demo.yml +++ b/choose_demo.yml @@ -2,14 +2,14 @@ ## example file for how to choose a demo ## chose specific demo or choose all -#SPECIFIC - example that installs just the deploy_application job template +# SPECIFIC - example that installs just the deploy_application job template demo: developer_report -#ALL - example that installs all demos +# ALL - example that installs all demos # demo: all ## Ansible Tower login infomation my_tower_username: colin my_tower_password: mahalo my_tower_host: test.rhdemo.io -workshop_type: f5 +workshop_type: rhel diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..f3906d5 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,23 @@ +--- +namespace: ipvsean +name: product_demos +version: 1.0.2 +readme: README.md + +authors: + - Sean Cavanaugh @IPvSean + +description: repository of demos to showcase Ansible features. + +license: + - GPL-2.0-or-later + +license_file: '' + +tags: [] +dependencies: {} + +repository: http://github.com/ansible/product-demos +documentation: http://github.com/ansible/product-demos +homepage: http://github.com/ansible/product-demos +issues: https://github.com/ansible/product-demos/issues diff --git a/ipvsean-product_demos-1.0.1.tar.gz b/ipvsean-product_demos-1.0.1.tar.gz new file mode 100644 index 0000000..f942977 Binary files /dev/null and b/ipvsean-product_demos-1.0.1.tar.gz differ diff --git a/ipvsean-product_demos-1.0.2.tar.gz b/ipvsean-product_demos-1.0.2.tar.gz new file mode 100644 index 0000000..2c07033 Binary files /dev/null and b/ipvsean-product_demos-1.0.2.tar.gz differ diff --git a/playbooks/01_deploy_application.yml b/playbooks/01_deploy_application.yml index 0d07bf2..5a9c42a 100644 --- a/playbooks/01_deploy_application.yml +++ b/playbooks/01_deploy_application.yml @@ -1,8 +1,8 @@ --- - name: application deployment - hosts: webservers + hosts: web gather_facts: false - become: yes + become: true tasks: - name: make sure application is not empty assert: diff --git a/playbooks/02_patching.yml b/playbooks/02_patching.yml index 67d6e15..556cfec 100644 --- a/playbooks/02_patching.yml +++ b/playbooks/02_patching.yml @@ -1,8 +1,8 @@ --- - name: apply non-kernel updates - hosts: "{{ HOSTS | default('all') }}" - become: yes - gather_facts: no + hosts: "{{ HOSTS | default('web') }}" + become: true + gather_facts: false tasks: - name: upgrade all packages except kernel @@ -16,6 +16,6 @@ yum: name: '*' state: latest - security: yes + security: true exclude: kernel* tags: security diff --git a/playbooks/03_hardening.yml b/playbooks/03_hardening.yml index 381aea3..538ca6f 100644 --- a/playbooks/03_hardening.yml +++ b/playbooks/03_hardening.yml @@ -1,31 +1,31 @@ --- - name: harden linux systems - hosts: "{{ HOSTS | default('all') }}" - become: yes + hosts: "{{ HOSTS | default('web') }}" + become: true vars: - - harden_firewall: False - - harden_time: False - - harden_ssh: False - - harden_pci: False + - harden_firewall: false + - harden_time: false + - harden_ssh: false + - harden_pci: false tasks: - - name: Configure Firewall - when: harden_firewall | bool - include_role: - name: linux-system-roles.firewall + - name: Configure Firewall + when: harden_firewall | bool + include_role: + name: linux-system-roles.firewall - - name: Configure Timesync - when: harden_time | bool - include_role: - name: linux-system-roles.timesync + - name: Configure Timesync + when: harden_time | bool + include_role: + name: linux-system-roles.timesync - - name: SSH Hardening - when: harden_ssh | bool - include_role: - name: dev-sec.ssh-hardening + - name: SSH Hardening + when: harden_ssh | bool + include_role: + name: dev-sec.ssh-hardening - # run with --skip-tags accounts_passwords_pam_faillock_deny - - name: Apply PCI Baseline - when: harden_pci | bool - include_role: - name: redhatofficial.rhel7_pci_dss + # run with --skip-tags accounts_passwords_pam_faillock_deny + - name: Apply PCI Baseline + when: harden_pci | bool + include_role: + name: redhatofficial.rhel7_pci_dss diff --git a/playbooks/05_grant_sudo.yml b/playbooks/05_grant_sudo.yml index 41b6eaa..24ebb02 100644 --- a/playbooks/05_grant_sudo.yml +++ b/playbooks/05_grant_sudo.yml @@ -1,8 +1,8 @@ --- - name: grant sudo - hosts: "{{ HOSTS | default('all') }}" - become: yes - gather_facts: no + hosts: "{{ HOSTS | default('web') }}" + become: true + gather_facts: false vars: sudo_cleanup: true diff --git a/playbooks/06_debug_info.yml b/playbooks/06_debug_info.yml index d00dd01..c76ee31 100644 --- a/playbooks/06_debug_info.yml +++ b/playbooks/06_debug_info.yml @@ -1,8 +1,8 @@ --- - name: gather debug info - hosts: "{{ HOSTS | default('all') }}" - become: yes - gather_facts: no + hosts: "{{ HOSTS | default('web') }}" + become: true + gather_facts: false tasks: - name: Gather recent vmstat info diff --git a/playbooks/10_openscap.yml b/playbooks/10_openscap.yml index 2bda80b..f061f39 100644 --- a/playbooks/10_openscap.yml +++ b/playbooks/10_openscap.yml @@ -1,6 +1,6 @@ --- - name: build openscap report for rhel7 - hosts: all + hosts: web gather_facts: false vars: @@ -19,28 +19,23 @@ stat: path: "{{ssg_schema}}" - # - name: create HTML report - # command: "oscap xccdf eval --fetch-remote-resources --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}" - # register: command_result - # failed_when: "'Error' in command_result.stderr" - - name: create HTML report command: "oscap xccdf eval --profile xccdf_org.ssgproject.content_profile_standard --results report.xml --report index.html {{ssg_schema}}" register: command_result failed_when: "'Error' in command_result.stderr" - - name: Create directory if it does not exist - become: yes + - name: Create directory if it does falset exist + become: true file: path: "{{file_path}}" state: directory - name: move files into httpd - become: yes + become: true copy: src: ./{{item}} dest: "{{file_path}}/{{item}}" - remote_src: yes + remote_src: true loop: - report.xml - index.html diff --git a/playbooks/11_developer_report.yml b/playbooks/11_developer_report.yml index 25bb354..2997b41 100644 --- a/playbooks/11_developer_report.yml +++ b/playbooks/11_developer_report.yml @@ -1,6 +1,6 @@ --- - name: grab linux facts - hosts: all + hosts: web gather_facts: true - name: build developer report diff --git a/playbooks/generate_readme.yml b/playbooks/generate_readme.yml index 0a6983c..5df6f79 100644 --- a/playbooks/generate_readme.yml +++ b/playbooks/generate_readme.yml @@ -4,11 +4,6 @@ connection: local tasks: - # - name: install demo - # debug: - # msg: "{{item}}" - # loop: "{{dict(hostvars[inventory_hostname]|dictsort|rejectattr('0', 'match', 'ansible_')|selectattr('1.name', 'defined'))|dict2items}}" - - name: install demo include_role: name: "../roles/generate_readme" diff --git a/playbooks/group_vars/all/03_hardening.yml b/playbooks/group_vars/all/03_hardening.yml deleted file mode 100644 index ee9fad5..0000000 --- a/playbooks/group_vars/all/03_hardening.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -hardening: - author: "Will Tome" - category: security - name: "SERVER / Hardening" - description: "hardening for Linux servers" - job_type: "run" - inventory: "Workshop Inventory" - playbook: "playbooks/03_hardening.yml" - credential: "Workshop Credential" - survey_enabled: yes - survey_spec: - name: '' - description: '' - spec: - - question_name: 'Enter host to configure' - type: text - variable: HOSTS - required: false - - question_name: Configure Firewall? - type: multiplechoice - variable: harden_firewall - required: false - choices: - - 'Yes' - - 'No' - - question_name: Configure Time? - type: multiplechoice - variable: harden_time - required: false - choices: - - 'Yes' - - 'No' - - question_name: Harden SSH? - type: multiplechoice - variable: harden_ssh - required: false - choices: - - 'Yes' - - 'No' - - question_name: PCI Baseline? - type: multiplechoice - variable: harden_pci - required: false - choices: - - 'Yes' - - 'No' - project: - name: "Ansible official demo project" - description: "prescriptive demos from Red Hat Management Buisness Unit" - organization: "Default" - scm_type: git - scm_url: "https://github.com/ansible/product-demos" - workshop_type: - - f5 - - rhel diff --git a/roles/developer_report/meta/main.yml b/roles/developer_report/meta/main.yml new file mode 100644 index 0000000..71dd66b --- /dev/null +++ b/roles/developer_report/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + role_name: developer_report + author: Sean Cavanaugh + description: This role create an HTML report using Ansible Facts + company: Red Hat + + + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.9 + + galaxy_tags: [] + +dependencies: [] diff --git a/roles/developer_report/tasks/main.yml b/roles/developer_report/tasks/main.yml index 22ed75b..10903f4 100644 --- a/roles/developer_report/tasks/main.yml +++ b/roles/developer_report/tasks/main.yml @@ -1,9 +1,10 @@ +--- - name: create HTML report - become: yes + become: true template: src: report.j2 dest: "{{ file_path }}" - name: DISPLAY LINK TO INVENTORY REPORT debug: - msg: "Please go to http://{{ansible_host}}/report" + msg: "Please go to http://{{ ansible_host }}/report" diff --git a/roles/generate_readme/meta/main.yml b/roles/generate_readme/meta/main.yml new file mode 100644 index 0000000..b803c2f --- /dev/null +++ b/roles/generate_readme/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + role_name: generate_readme + author: Sean Cavanaugh + description: This role generates a readme for the github/ansible/product-demos + company: Red Hat + + + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.9 + + galaxy_tags: [] + +dependencies: [] diff --git a/roles/install_demo/README.md b/roles/install_demo/README.md new file mode 100644 index 0000000..3645b8b --- /dev/null +++ b/roles/install_demo/README.md @@ -0,0 +1,23 @@ +# install_demo role + +This role will install demos into your specified Ansible Tower environment. Here is an example of using this role: + +``` +--- +- name: setup deploy application demo + hosts: localhost + gather_facts: false + connection: local + + tasks: + + - name: install demo + include_role: + name: "install_demo" +``` + +Please refer to the master list in the main [README.md]()../../README.md). + +# required variables + +You must specify all the variables in the [choose_demo.yml](../../choose_demo.yml) example. diff --git a/roles/install_demo/meta/main.yml b/roles/install_demo/meta/main.yml new file mode 100644 index 0000000..fb286dd --- /dev/null +++ b/roles/install_demo/meta/main.yml @@ -0,0 +1,15 @@ +--- +galaxy_info: + role_name: install_demo + author: Sean Cavanaugh + description: | + This role will install demos into your specified Ansible Tower environment. + company: Red Hat + + + license: license (GPLv2, CC-BY, etc) + + min_ansible_version: 2.9 + + galaxy_tags: [] +dependencies: [] diff --git a/roles/install_demo/tasks/job_template.yml b/roles/install_demo/tasks/job_template.yml index 81f55d0..809a784 100644 --- a/roles/install_demo/tasks/job_template.yml +++ b/roles/install_demo/tasks/job_template.yml @@ -1,51 +1,54 @@ --- - name: add tower project tower_project: - name: "{{hostvars.localhost[demo].project.name}}" - description: "{{hostvars.localhost[demo].project.description}}" - organization: "{{hostvars.localhost[demo].project.organization}}" - scm_type: "{{hostvars.localhost[demo].project.scm_type}}" - scm_url: "{{hostvars.localhost[demo].project.scm_url}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ vars[demo].project.name }}" + description: "{{ vars[demo].project.description }}" + organization: "{{ vars[demo].project.organization }}" + scm_type: "{{ vars[demo].project.scm_type }}" + scm_url: "{{ vars[demo].project.scm_url }}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false - name: add single job template without survey tower_job_template: - name: "{{hostvars.localhost[demo].name}}" - description: "{{hostvars.localhost[demo].description}}" - job_type: "{{hostvars.localhost[demo].job_type}}" - inventory: "{{hostvars.localhost[demo].inventory}}" - project: "{{hostvars.localhost[demo].project.name}}" - playbook: "{{hostvars.localhost[demo].playbook}}" - fact_caching_enabled: "{{hostvars.localhost[demo].fact_caching_enabled | default('no')}}" - credential: "{{hostvars.localhost[demo].credential}}" - survey_enabled: "{{hostvars.localhost[demo].survey_enabled}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ vars[demo].name }}" + description: "{{ vars[demo].description }}" + job_type: "{{ vars[demo].job_type }}" + inventory: "{{ vars[demo].inventory}}" + project: "{{ vars[demo].project.name }}" + playbook: "{{ vars[demo].playbook }}" + fact_caching_enabled: "{{ vars[demo].fact_caching_enabled | default('false') }}" + credential: "{{ vars[demo].credential }}" + survey_enabled: "{{ vars[demo].survey_enabled }}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false when: - - workshop_type in hostvars.localhost[demo].workshop_type - - not hostvars.localhost[demo].survey_enabled + - workshop_type in vars[demo].workshop_type + - not vars[demo].survey_enabled + register: add_project + until: add_project is not failed + retries: 5 - name: add single job template with survey tower_job_template: - name: "{{hostvars.localhost[demo].name}}" - description: "{{hostvars.localhost[demo].description}}" - job_type: "{{hostvars.localhost[demo].job_type}}" - inventory: "{{hostvars.localhost[demo].inventory}}" - project: "{{hostvars.localhost[demo].project.name}}" - playbook: "{{hostvars.localhost[demo].playbook}}" - fact_caching_enabled: "{{hostvars.localhost[demo].fact_caching_enabled | default('no')}}" - credential: "{{hostvars.localhost[demo].credential}}" - survey_enabled: "{{hostvars.localhost[demo].survey_enabled}}" - survey_spec: "{{hostvars.localhost[demo].survey_spec}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ vars[demo].name }}" + description: "{{ vars[demo].description }}" + job_type: "{{ vars[demo].job_type }}" + inventory: "{{ vars[demo].inventory}}" + project: "{{ vars[demo].project.name }}" + playbook: "{{ vars[demo].playbook }}" + fact_caching_enabled: "{{ vars[demo].fact_caching_enabled | default('false') }}" + credential: "{{ vars[demo].credential }}" + survey_enabled: "{{ vars[demo].survey_enabled }}" + survey_spec: "{{ vars[demo].survey_spec}}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false when: - - workshop_type in hostvars.localhost[demo].workshop_type - - hostvars.localhost[demo].survey_enabled + - workshop_type in vars[demo].workshop_type + - vars[demo].survey_enabled diff --git a/roles/install_demo/tasks/job_template_loop.yml b/roles/install_demo/tasks/job_template_loop.yml index 6b046dc..11837e6 100644 --- a/roles/install_demo/tasks/job_template_loop.yml +++ b/roles/install_demo/tasks/job_template_loop.yml @@ -1,56 +1,64 @@ --- -- name: block for job template (non-workflow) +- name: block for job template loop block: - - name: add tower project + - name: "add tower project job_template_loop.yml" tower_project: - name: "{{item.value.project.name}}" - description: "{{item.value.project.description}}" - organization: "{{item.value.project.organization}}" - scm_type: "{{item.value.project.scm_type}}" - scm_url: "{{item.value.project.scm_url}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ item.value.project.name }}" + description: "{{ item.value.project.description }}" + organization: "{{ item.value.project.organization }}" + scm_type: "{{ item.value.project.scm_type }}" + scm_url: "{{ item.value.project.scm_url }}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false + when: + - workshop_type in item.value.workshop_type - - name: "add job template {{item.value.name}} without survey" + - name: "add job template {{ item.value.name }} without survey job_template_loop.yml" tower_job_template: - name: "{{item.value.name}}" - description: "{{item.value.description}}" - job_type: "{{item.value.job_type}}" - inventory: "{{item.value.inventory}}" - project: "{{item.value.project.name}}" - playbook: "{{item.value.playbook}}" - fact_caching_enabled: "{{item.value.fact_caching_enabled | default('no')}}" - credential: "{{item.value.credential}}" - survey_enabled: "{{item.value.survey_enabled}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ item.value.name }}" + description: "{{ item.value.description }}" + job_type: "{{ item.value.job_type }}" + inventory: "{{ item.value.inventory}}" + project: "{{ item.value.project.name }}" + playbook: "{{ item.value.playbook}}" + fact_caching_enabled: "{{ item.value.fact_caching_enabled | default('false')}}" + credential: "{{ item.value.credential }}" + survey_enabled: "{{ item.value.survey_enabled }}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false when: - workshop_type in item.value.workshop_type - not item.value.survey_enabled + register: add_project + until: add_project is not failed + retries: 5 - - name: "add job template {{item.value.name}} with survey" + - name: "add job template {{ item.value.name }} with survey" tower_job_template: - name: "{{item.value.name}}" - description: "{{item.value.description}}" - job_type: "{{item.value.job_type}}" - inventory: "{{item.value.inventory}}" - project: "{{item.value.project.name}}" - playbook: "{{item.value.playbook}}" - fact_caching_enabled: "{{item.value.fact_caching_enabled | default('no')}}" - credential: "{{item.value.credential}}" - survey_enabled: "{{item.value.survey_enabled}}" - survey_spec: "{{item.value.survey_spec}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ item.value.name }}" + description: "{{ item.value.description }}" + job_type: "{{ item.value.job_type }}" + inventory: "{{ item.value.inventory}}" + project: "{{ item.value.project.name }}" + playbook: "{{ item.value.playbook}}" + fact_caching_enabled: "{{ item.value.fact_caching_enabled | default('false') }}" + credential: "{{ item.value.credential }}" + survey_enabled: "{{ item.value.survey_enabled }}" + survey_spec: "{{ item.value.survey_spec}}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false when: - workshop_type in item.value.workshop_type - item.value.survey_enabled + register: add_project + until: add_project is not failed + retries: 5 when: - item.value.workflow is not defined or not item.value.workflow @@ -59,3 +67,4 @@ when: - item.value.workflow is defined - item.value.workflow + - workshop_type in item.value.workshop_type diff --git a/roles/install_demo/tasks/main.yml b/roles/install_demo/tasks/main.yml index 0b3ac41..5e27537 100644 --- a/roles/install_demo/tasks/main.yml +++ b/roles/install_demo/tasks/main.yml @@ -1,22 +1,37 @@ --- +- name: set facts from role vars + set_fact: + demo_list: "{{(dict(vars|dictsort|rejectattr('0', 'match', 'ansible_')|selectattr('1.name', 'defined'))|dict2items)|map(attribute='key')|list}}" + - name: provide info to terminal window debug: - msg: "install {{demo}} on {{my_tower_host}}" + msg: + - "install {{ vars.demo }} on {{ my_tower_host }}" + - "available demos are: {{demo_list}}" + +- name: make sure demo is a valid demo + assert: + that: + - vars.demo is defined + - vars.demo in demo_list or vars.demo == "all" + msg: + - "demo must be defined and be one of: {{demo_list}}" + - "full list can be found on https://github.com/ansible/product-demos" - name: install all job templates include_tasks: job_template_loop.yml - loop: "{{dict(hostvars[inventory_hostname]|dictsort|rejectattr('0', 'match', 'ansible_')|selectattr('1.name', 'defined'))|dict2items}}" + loop: "{{ dict(vars|dictsort|rejectattr('0', 'match', 'ansible_')|selectattr('1.name', 'defined'))|dict2items }}" when: demo == "all" - name: install single job template include_tasks: job_template.yml when: - demo != "all" - - hostvars[inventory_hostname][demo].workflow is not defined or not hostvars[inventory_hostname][demo].workflow + - vars[demo].workflow is not defined or not vars[demo].workflow - name: install single workflow include_tasks: workflow.yml when: - demo != "all" - - hostvars[inventory_hostname][demo].workflow is defined - - hostvars[inventory_hostname][demo].workflow + - vars[demo].workflow is defined + - vars[demo].workflow diff --git a/roles/install_demo/tasks/workflow.yml b/roles/install_demo/tasks/workflow.yml index 44f09ec..ebdda33 100644 --- a/roles/install_demo/tasks/workflow.yml +++ b/roles/install_demo/tasks/workflow.yml @@ -1,17 +1,17 @@ --- -#these tasks will install a workflow +# these tasks will install a workflow -- name: "install all job templates in relation to workflow {{hostvars[inventory_hostname][demo].name}}" +- name: "install all job templates in relation to workflow {{ hostvars[inventory_hostname][demo].name }}" include_tasks: add_job_template.yml - loop: "{{hostvars[inventory_hostname][demo].job_templates|dict2items}}" + loop: "{{ hostvars[inventory_hostname][demo].job_templates|dict2items }}" -- name: "install workflow template {{hostvars[inventory_hostname][demo].name}}" +- name: "install workflow template {{ hostvars[inventory_hostname][demo].name }}" tower_workflow_template: - name: "{{hostvars[inventory_hostname][demo].name}}" - description: "{{hostvars[inventory_hostname][demo].description}}" - organization: "{{hostvars[inventory_hostname][demo].organization}}" - schema: "{{ hostvars[inventory_hostname][demo].schema}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ hostvars[inventory_hostname][demo].name }}" + description: "{{ hostvars[inventory_hostname][demo].description }}" + organization: "{{ hostvars[inventory_hostname][demo].organization }}" + schema: "{{ hostvars[inventory_hostname][demo].schema }}" + tower_username: "{{ my_tower_username }}" + tower_password: "{{ my_tower_password }}" + tower_host: "{{ my_tower_host }}" + validate_certs: false diff --git a/roles/install_demo/tasks/workflow_loop.yml b/roles/install_demo/tasks/workflow_loop.yml index 628cff8..9df42f5 100644 --- a/roles/install_demo/tasks/workflow_loop.yml +++ b/roles/install_demo/tasks/workflow_loop.yml @@ -1,15 +1,15 @@ --- -- name: "INSIDE LOOP - install all job templates in relation to workflow {{item.value.name}}" +- name: "INSIDE LOOP - install all job templates in relation to workflow {{ item.value.name }}" include_tasks: job_template_loop.yml - loop: "{{item.value.job_templates|dict2items}}" + loop: "{{ item.value.job_templates|dict2items}}" -- name: "INSIDE LOOP - install workflow template {{item.value.name}}" +- name: "INSIDE LOOP - install workflow template {{ item.value.name }}" tower_workflow_template: - name: "{{item.value.name}}" - description: "{{item.value.description}}" - organization: "{{item.value.organization}}" - schema: "{{item.value.schema}}" - tower_username: "{{my_tower_username}}" - tower_password: "{{my_tower_password}}" - tower_host: "{{my_tower_host}}" - validate_certs: no + name: "{{ item.value.name }}" + description: "{{ item.value.description }}" + organization: "{{ item.value.organization }}" + schema: "{{ item.value.schema}}" + tower_username: "{{my_tower_username }}" + tower_password: "{{my_tower_password }}" + tower_host: "{{my_tower_host }}" + validate_certs: false diff --git a/playbooks/group_vars/all/01_deploy_application.yml b/roles/install_demo/vars/main/01_deploy_application.yml similarity index 96% rename from playbooks/group_vars/all/01_deploy_application.yml rename to roles/install_demo/vars/main/01_deploy_application.yml index 2ae84ab..a1d8ff7 100644 --- a/playbooks/group_vars/all/01_deploy_application.yml +++ b/roles/install_demo/vars/main/01_deploy_application.yml @@ -8,7 +8,7 @@ deploy_application: inventory: "Workshop Inventory" playbook: "playbooks/01_deploy_application.yml" credential: "Workshop Credential" - survey_enabled: yes + survey_enabled: false survey_spec: name: Deploy application survey description: Which application do you want to install? @@ -34,3 +34,4 @@ deploy_application: workshop_type: - f5 - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/02_patching.yml b/roles/install_demo/vars/main/02_patching.yml similarity index 79% rename from playbooks/group_vars/all/02_patching.yml rename to roles/install_demo/vars/main/02_patching.yml index c1c1cd5..12948d3 100644 --- a/playbooks/group_vars/all/02_patching.yml +++ b/roles/install_demo/vars/main/02_patching.yml @@ -8,15 +8,15 @@ patching: inventory: "Workshop Inventory" playbook: "playbooks/02_patching.yml" credential: "Workshop Credential" - survey_enabled: yes + survey_enabled: true survey_spec: name: '' description: '' spec: - - question_name: 'Enter host to configure' - type: text - variable: HOSTS - required: false + - question_name: 'Enter host to configure' + type: text + variable: HOSTS + required: false project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit" @@ -26,3 +26,4 @@ patching: workshop_type: - f5 - rhel + - rhel_90 diff --git a/roles/install_demo/vars/main/03_hardening.yml b/roles/install_demo/vars/main/03_hardening.yml new file mode 100644 index 0000000..06db684 --- /dev/null +++ b/roles/install_demo/vars/main/03_hardening.yml @@ -0,0 +1,57 @@ +--- +hardening: + author: "Will Tome" + category: security + name: "SERVER / Hardening" + description: "hardening for Linux servers" + job_type: "run" + inventory: "Workshop Inventory" + playbook: "playbooks/03_hardening.yml" + credential: "Workshop Credential" + survey_enabled: true + survey_spec: + name: '' + description: '' + spec: + - question_name: 'Enter host to configure' + type: text + variable: HOSTS + required: false + - question_name: Configure Firewall? + type: multiplechoice + variable: harden_firewall + required: false + choices: + - 'Yes' + - 'No' + - question_name: Configure Time? + type: multiplechoice + variable: harden_time + required: false + choices: + - 'Yes' + - 'No' + - question_name: Harden SSH? + type: multiplechoice + variable: harden_ssh + required: false + choices: + - 'Yes' + - 'No' + - question_name: PCI Baseline? + type: multiplechoice + variable: harden_pci + required: false + choices: + - 'Yes' + - 'No' + project: + name: "Ansible official demo project" + description: "prescriptive demos from Red Hat Management Buisness Unit" + organization: "Default" + scm_type: git + scm_url: "https://github.com/ansible/product-demos" + workshop_type: + - f5 + - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/04_scan_facts.yml b/roles/install_demo/vars/main/04_scan_facts.yml similarity index 76% rename from playbooks/group_vars/all/04_scan_facts.yml rename to roles/install_demo/vars/main/04_scan_facts.yml index 1fbdd8a..64e0dad 100644 --- a/playbooks/group_vars/all/04_scan_facts.yml +++ b/roles/install_demo/vars/main/04_scan_facts.yml @@ -8,11 +8,11 @@ fact_scan: inventory: "Workshop Inventory" playbook: scan_facts.yml credential: "Workshop Credential" - survey_enabled: no - fact_caching_enabled: yes + survey_enabled: false + fact_caching_enabled: true project: name: "Ansible official awx-facts-playbooks project" - description: "Repository containing playbooks to support fact scanning in Ansible Tower and AWX" + description: "playbooks to support fact scanning in Ansible Tower" organization: "Default" scm_type: git scm_url: "https://github.com/ansible/awx-facts-playbooks.git" @@ -20,3 +20,4 @@ fact_scan: - f5 - rhel - windows + - rhel_90 diff --git a/playbooks/group_vars/all/05_grant_sudo.yml b/roles/install_demo/vars/main/05_grant_sudo.yml similarity index 51% rename from playbooks/group_vars/all/05_grant_sudo.yml rename to roles/install_demo/vars/main/05_grant_sudo.yml index 993d193..851cece 100644 --- a/playbooks/group_vars/all/05_grant_sudo.yml +++ b/roles/install_demo/vars/main/05_grant_sudo.yml @@ -8,33 +8,33 @@ grant_sudo: inventory: "Workshop Inventory" playbook: playbooks/05_grant_sudo.yml credential: "Workshop Credential" - survey_enabled: yes + survey_enabled: true survey_spec: name: '' description: '' spec: - - question_name: 'Enter host to configure' - type: text - variable: HOSTS - required: false - - question_name: Username - type: text - variable: sudo_user - required: true - - question_name: Time - type: integer - variable: sudo_count - required: true - default: 10 - - question_name: Units - type: multiplechoice - variable: harden_ssh - required: true - choices: - - 'minutes' - - 'hours' - - 'days' - default: minutes + - question_name: 'Enter host to configure' + type: text + variable: HOSTS + required: false + - question_name: Username + type: text + variable: sudo_user + required: true + - question_name: Time + type: integer + variable: sudo_count + required: true + default: 10 + - question_name: Units + type: multiplechoice + variable: harden_ssh + required: true + choices: + - 'minutes' + - 'hours' + - 'days' + default: minutes project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit" @@ -44,3 +44,4 @@ grant_sudo: workshop_type: - f5 - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/06_debug_info.yml b/roles/install_demo/vars/main/06_debug_info.yml similarity index 80% rename from playbooks/group_vars/all/06_debug_info.yml rename to roles/install_demo/vars/main/06_debug_info.yml index a791451..1231bf0 100644 --- a/playbooks/group_vars/all/06_debug_info.yml +++ b/roles/install_demo/vars/main/06_debug_info.yml @@ -8,15 +8,15 @@ debug_info: inventory: "Workshop Inventory" playbook: playbooks/06_debug_info.yml credential: "Workshop Credential" - survey_enabled: yes + survey_enabled: false survey_spec: name: '' description: '' spec: - - question_name: 'Enter host to configure' - type: text - variable: HOSTS - required: false + - question_name: 'Enter host to configure' + type: text + variable: HOSTS + required: false project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit" @@ -26,3 +26,4 @@ debug_info: workshop_type: - f5 - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/07_security_patching.yml b/roles/install_demo/vars/main/07_security_patching.yml similarity index 80% rename from playbooks/group_vars/all/07_security_patching.yml rename to roles/install_demo/vars/main/07_security_patching.yml index 3eae71f..806ee42 100644 --- a/playbooks/group_vars/all/07_security_patching.yml +++ b/roles/install_demo/vars/main/07_security_patching.yml @@ -8,15 +8,15 @@ security_patching: inventory: "Workshop Inventory" playbook: playbooks/02_patching.yml credential: "Workshop Credential" - survey_enabled: yes + survey_enabled: true survey_spec: name: '' description: '' spec: - - question_name: 'Enter host to configure' - type: text - variable: HOSTS - required: false + - question_name: 'Enter host to configure' + type: text + variable: HOSTS + required: false project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit" @@ -26,3 +26,4 @@ security_patching: workshop_type: - f5 - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/10_openscap.yml b/roles/install_demo/vars/main/10_openscap.yml similarity index 93% rename from playbooks/group_vars/all/10_openscap.yml rename to roles/install_demo/vars/main/10_openscap.yml index ed154de..ad56f51 100644 --- a/playbooks/group_vars/all/10_openscap.yml +++ b/roles/install_demo/vars/main/10_openscap.yml @@ -8,7 +8,7 @@ openscap: inventory: "Workshop Inventory" playbook: "playbooks/10_openscap.yml" credential: "Workshop Credential" - survey_enabled: no + survey_enabled: false project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit" @@ -18,3 +18,4 @@ openscap: workshop_type: - f5 - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/11_developer_report.yml b/roles/install_demo/vars/main/11_developer_report.yml similarity index 68% rename from playbooks/group_vars/all/11_developer_report.yml rename to roles/install_demo/vars/main/11_developer_report.yml index 7e55192..2506214 100644 --- a/playbooks/group_vars/all/11_developer_report.yml +++ b/roles/install_demo/vars/main/11_developer_report.yml @@ -3,12 +3,14 @@ developer_report: author: "Sean Cavanaugh" category: developer name: "Create Developer Report" - description: 'Create HTML report using Ansible facts' + description: > + 'Create HTML report using + Ansible facts' job_type: "run" inventory: "Workshop Inventory" playbook: "playbooks/11_developer_report.yml" credential: "Workshop Credential" - survey_enabled: no + survey_enabled: false project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit" @@ -18,3 +20,4 @@ developer_report: workshop_type: - f5 - rhel + - rhel_90 diff --git a/playbooks/group_vars/all/20_f5_bigip_workflow.yml b/roles/install_demo/vars/main/20_f5_bigip_workflow.yml similarity index 89% rename from playbooks/group_vars/all/20_f5_bigip_workflow.yml rename to roles/install_demo/vars/main/20_f5_bigip_workflow.yml index 1892c17..d72381f 100644 --- a/playbooks/group_vars/all/20_f5_bigip_workflow.yml +++ b/roles/install_demo/vars/main/20_f5_bigip_workflow.yml @@ -11,11 +11,11 @@ f5_bigip_workflow: schema: - job_template: 'F5 - add nodes' success: - - job_template: 'F5 - add pool' - success: - - job_template: 'F5 - add pool members' + - job_template: 'F5 - add pool' success: - - job_template: 'F5 - add virtual server' + - job_template: 'F5 - add pool members' + success: + - job_template: 'F5 - add virtual server' job_templates: f5_add_nodes: name: 'F5 - add nodes' @@ -24,7 +24,7 @@ f5_bigip_workflow: inventory: 'Workshop Inventory' playbook: 'exercises/ansible_f5/1.2-add-node/bigip-node.yml' credential: 'Workshop Credential' - survey_enabled: no + survey_enabled: false project: name: 'Ansible Workshops Project' description: 'official workshops from Ansible' @@ -40,7 +40,7 @@ f5_bigip_workflow: inventory: 'Workshop Inventory' playbook: 'exercises/ansible_f5/1.3-add-pool/bigip-pool.yml' credential: 'Workshop Credential' - survey_enabled: no + survey_enabled: false project: name: 'Ansible Workshops Project' description: 'official workshops from Ansible' @@ -56,7 +56,7 @@ f5_bigip_workflow: inventory: 'Workshop Inventory' playbook: 'exercises/ansible_f5/1.4-add-pool-members/bigip-pool-members.yml' credential: 'Workshop Credential' - survey_enabled: no + survey_enabled: false project: name: 'Ansible Workshops Project' description: 'official workshops from Ansible' @@ -72,7 +72,7 @@ f5_bigip_workflow: inventory: 'Workshop Inventory' playbook: 'exercises/ansible_f5/1.5-add-virtual-server/bigip-virtual-server.yml' credential: 'Workshop Credential' - survey_enabled: no + survey_enabled: false project: name: 'Ansible Workshops Project' description: 'official workshops from Ansible' diff --git a/playbooks/group_vars/all/30_windows_iss.yml b/roles/install_demo/vars/main/30_windows_iss.yml similarity index 95% rename from playbooks/group_vars/all/30_windows_iss.yml rename to roles/install_demo/vars/main/30_windows_iss.yml index e1a8a27..56ab51d 100644 --- a/playbooks/group_vars/all/30_windows_iss.yml +++ b/roles/install_demo/vars/main/30_windows_iss.yml @@ -8,7 +8,7 @@ windows_iis: inventory: "Workshop Inventory" playbook: "playbooks/30_windows_iis.yml" credential: "Demo Credential" - survey_enabled: no + survey_enabled: false project: name: "Ansible official demo project" description: "prescriptive demos from Red Hat Management Buisness Unit"