diff --git a/cloud/create_vpc.yml b/cloud/create_vpc.yml new file mode 100644 index 0000000..bb6005c --- /dev/null +++ b/cloud/create_vpc.yml @@ -0,0 +1,125 @@ +--- +- name: Create Cloud Infra + hosts: localhost + gather_facts: false + vars: + aws_vpc_name: aws-test-vpc + aws_owner_tag: default + aws_purpose_tag: ansible_demo + aws_tenancy: default + aws_vpc_cidr_block: 10.0.0.0/16 + aws_subnet_cidr: 10.0.1.0/24 + aws_region: us-east-1 + aws_sg_name: aws-test-sg + aws_subnet_name: aws-test-subnet + aws_rt_name: aws-test-rt + + tasks: + - name: Create VPC + amazon.aws.ec2_vpc_net: + state: present + name: "{{ aws_vpc_name }}" + cidr_block: "{{ aws_vpc_cidr_block }}" + tenancy: "{{ aws_tenancy }}" + region: "{{ aws_region }}" + tags: + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + register: aws_vpc + + - name: Create internet gateway + amazon.aws.ec2_vpc_igw: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + region: "{{ aws_region }}" + tags: + Name: "{{ aws_vpc_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + register: aws_gateway + + - name: Create security group internal + amazon.aws.ec2_security_group: + state: present + name: "{{ aws_sg_name }}" + region: "{{ aws_region }}" + description: Inbound WinRM and RDP, http for demo servers and internal AD ports + rules: + - proto: tcp + ports: + - 80 # HTTP + - 443 # HTTPS + - 22 # SSH + - 5986 # WinRM + - 3389 # RDP + - 9090 # Cockpit + cidr_ip: 0.0.0.0/0 + - proto: icmp + to_port: -1 + from_port: -1 + cidr_ip: 0.0.0.0/0 + - proto: tcp + ports: + - 80 # HTTP + - 5986 # WinRM + - 3389 # RDP + - 53 # DNS + - 88 # Kerberos Authentication + - 135 # RPC + - 139 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 5432 # PostgreSQL + - 636 # LDAPS (LDAP over TLS) + - 873 # Rsync + - 3268-3269 # Global Catalog + - 1024-65535 # Ephemeral RPC ports + cidr_ip: "{{ aws_vpc_cidr_block }}" + - proto: udp + ports: + - 53 # DNS + - 88 # Kerberos Authentication + - 123 # NTP + - 137-138 # Netlogon + - 389 # LDAP + - 445 # SMB + - 464 # Kerberos Authentication + - 1024-65535 # Ephemeral RPC ports + cidr_ip: "{{ aws_vpc_cidr_block }}" + rules_egress: + - proto: -1 + cidr_ip: 0.0.0.0/0 + vpc_id: "{{ aws_vpc.vpc.id }}" + tags: + Name: "{{ aws_sg_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + + - name: Create a subnet on the VPC + amazon.aws.ec2_vpc_subnet: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + cidr: "{{ aws_subnet_cidr }}" + region: "{{ aws_region }}" + map_public: true + tags: + Name: "{{ aws_subnet_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" + register: aws_subnet + + - name: Create a subnet route table + amazon.aws.ec2_vpc_route_table: + state: present + vpc_id: "{{ aws_vpc.vpc.id }}" + region: "{{ aws_region }}" + subnets: + - "{{ aws_subnet.subnet.id }}" + routes: + - dest: 0.0.0.0/0 + gateway_id: "{{ aws_gateway.gateway_id }}" + tags: + Name: "{{ aws_rt_name }}" + owner: "{{ aws_owner_tag }}" + purpose: "{{ aws_purpose_tag }}" diff --git a/cloud/setup.yml b/cloud/setup.yml index b6dfcb7..d9da271 100644 --- a/cloud/setup.yml +++ b/cloud/setup.yml @@ -8,6 +8,20 @@ controller_components: - inventory_sources - groups - job_templates + - workflow_job_templates + +controller_execution_environments: + - name: Cloud Services Execution Environment + image: quay.io/scottharwell/cloud-ee:latest + +controller_projects: +- name: Ansible Cloud Content Lab - AWS + organization: Default + scm_type: git + wait: yes + #scm_url: https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git + scm_url: https://github.com/willtome/aws.infrastructure_config_demos.git + default_environment: Cloud Services Execution Environment controller_execution_environments: - name: Cloud Services Execution Environment @@ -85,12 +99,22 @@ controller_groups: variables: ansible_user: ec2-user +controller_groups: + - name: cloud_aws + inventory: Workshop Inventory + variables: + ansible_user: ec2-user + controller_templates: - name: Cloud / AWS / Create Peer Infrastructure job_type: run organization: Default credentials: +<<<<<<< HEAD - AWS +======= + - AWS +>>>>>>> main project: Ansible Cloud Content Lab - AWS playbook: playbook_create_peer_network.yml inventory: Workshop Inventory @@ -106,7 +130,11 @@ controller_templates: job_type: run organization: Default credentials: +<<<<<<< HEAD - AWS +======= + - AWS +>>>>>>> main project: Ansible Cloud Content Lab - AWS playbook: playbook_delete_peer_network.yml inventory: Workshop Inventory @@ -120,7 +148,11 @@ controller_templates: job_type: run organization: Default credentials: +<<<<<<< HEAD - AWS +======= + - AWS +>>>>>>> main project: Ansible Cloud Content Lab - AWS playbook: playbook_create_transit_network.yml inventory: Workshop Inventory @@ -136,7 +168,11 @@ controller_templates: job_type: run organization: Default credentials: +<<<<<<< HEAD - AWS +======= + - AWS +>>>>>>> main project: Ansible Cloud Content Lab - AWS playbook: playbook_delete_transit_network.yml inventory: Workshop Inventory @@ -146,29 +182,38 @@ controller_templates: extra_vars: aws_region: us-east-1 +<<<<<<< HEAD - name: Cloud / Create Infra job_type: run organization: Default credentials: - AWS # - Azure +======= + - name: Cloud / AWS / Create VPC + job_type: run + organization: Default + credentials: + - AWS +>>>>>>> main project: Ansible official demo project - playbook: cloud/create_infra.yml + playbook: cloud/create_vpc.yml inventory: Workshop Inventory notification_templates_started: Telemetry notification_templates_success: Telemetry notification_templates_error: Telemetry survey_enabled: true extra_vars: - aws_region: us-east-2 + aws_region: us-east-1 survey: name: '' description: '' spec: - - question_name: Infra Provider - type: multiplechoice - variable: infra_provider + - question_name: Owner + type: text + variable: aws_owner_tag required: true +<<<<<<< HEAD choices: - aws # - azure @@ -176,13 +221,21 @@ controller_templates: type: textarea required: false variable: aws_public_key +======= +>>>>>>> main - name: Cloud / AWS / Create VM job_type: run organization: Default +<<<<<<< HEAD credentials: - AWS - Workshop Credential +======= + credentials: + - AWS + - Workshop Credential +>>>>>>> main project: Ansible Cloud Content Lab - AWS playbook: playbook_create_vm.yml inventory: Workshop Inventory @@ -190,6 +243,7 @@ controller_templates: notification_templates_success: Telemetry notification_templates_error: Telemetry survey_enabled: true + allow_simultaneous: true extra_vars: aws_region: us-east-1 aws_keypair_name: aws-test-key @@ -231,19 +285,33 @@ controller_templates: type: text variable: aws_vpc_subnet_name required: true +<<<<<<< HEAD default: dmz-subnet +======= + default: aws-test-subnet +>>>>>>> main - question_name: Security Group type: text variable: aws_securitygroup_name required: true +<<<<<<< HEAD default: dmz-sg +======= + default: aws-test-sg +>>>>>>> main - name: Cloud / AWS / Delete VM job_type: run organization: Default +<<<<<<< HEAD credentials: - AWS - Workshop Credential +======= + credentials: + - AWS + - Workshop Credential +>>>>>>> main project: Ansible Cloud Content Lab - AWS playbook: playbook_delete_inventory_vm.yml inventory: Workshop Inventory @@ -260,6 +328,7 @@ controller_templates: - question_name: Name or Pattern type: text variable: _hosts +<<<<<<< HEAD required: true - name: Cloud / AWS / VPC Report @@ -270,6 +339,17 @@ controller_templates: project: Ansible Cloud Content Lab - AWS playbook: playbook_create_reports.yml inventory: Workshop Inventory +======= + required: true + + - name: Cloud / AWS / VPC Report + job_type: run + organization: Default + credentials: + - AWS + project: Ansible Cloud Content Lab - AWS + playbook: playbook_create_reports.yml + inventory: Workshop Inventory notification_templates_started: Telemetry notification_templates_success: Telemetry notification_templates_error: Telemetry @@ -277,6 +357,66 @@ controller_templates: aws_region: us-east-1 aws_report: vpc + - name: Cloud / AWS / Tags Report + job_type: run + organization: Default + credentials: + - AWS + project: Ansible Cloud Content Lab - AWS + playbook: playbook_create_reports.yml + inventory: Workshop Inventory + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + extra_vars: + aws_region: us-east-1 + aws_report: tags + + - name: Cloud / AWS / Create Keypair + job_type: run + organization: Default + credentials: + - AWS + project: Ansible official demo project + playbook: cloud/aws_key.yml + inventory: Workshop Inventory + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + survey_enabled: true + extra_vars: + aws_region: us-east-1 + survey: + name: '' + description: '' + spec: + - question_name: Keypair Name + type: text + variable: aws_key_name + required: true + default: aws-test-key + - question_name: Keypair Public Key + type: textarea + variable: aws_public_key + required: true + - question_name: Owner + type: text + variable: aws_keypair_owner + required: true + +controller_workflows: + - name: Deploy Cloud Stack in AWS + description: A workflow to deploy a cloud stack + organization: Default +>>>>>>> main + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + extra_vars: +<<<<<<< HEAD + aws_region: us-east-1 + aws_report: vpc + - name: Cloud / AWS / Tags Report job_type: run organization: Default @@ -306,20 +446,116 @@ controller_templates: survey_enabled: true extra_vars: aws_region: us-east-1 +======= + vm_deployment: cloud_stack + survey_enabled: true +>>>>>>> main survey: name: '' description: '' spec: +<<<<<<< HEAD - question_name: Keypair Name type: text variable: aws_key_name required: true default: aws-test-key +======= + - question_name: Owner + type: text + variable: aws_owner_tag + required: true + - question_name: Environment + type: multiplechoice + variable: vm_environment + required: true + choices: + - Dev + - QA + - Prod +>>>>>>> main - question_name: Keypair Public Key type: textarea variable: aws_public_key required: true +<<<<<<< HEAD - question_name: Owner type: text variable: aws_keypair_owner required: true +======= + - question_name: Email + type: text + variable: email + required: true + simplified_workflow_nodes: + - identifier: Create Keypair + unified_job_template: Cloud / AWS / Create Keypair + extra_data: + aws_keypair_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - VPC Report + failure_nodes: + - Ticket - Keypair Failed + - identifier: Create VPC + unified_job_template: Cloud / AWS / Create VPC + success_nodes: + - VPC Report + failure_nodes: + - Ticket - VPC Failed + - identifier: Ticket - Keypair Failed + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to create AWS keypair + - identifier: VPC Report + unified_job_template: Cloud / AWS / VPC Report + all_parents_must_converge: true + success_nodes: + - Deploy Windows Blueprint + - Deploy RHEL8 Blueprint + - Deploy RHEL9 Blueprint + - identifier: Deploy Windows Blueprint + unified_job_template: Cloud / AWS / Create VM + extra_data: + vm_name: aws_win + vm_blueprint: windows_full + vm_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - Update Inventory + failure_nodes: + - Ticket - Instance Failed + - identifier: Deploy RHEL8 Blueprint + unified_job_template: Cloud / AWS / Create VM + extra_data: + vm_name: aws_rhel8 + vm_blueprint: rhel8 + vm_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - Update Inventory + failure_nodes: + - Ticket - Instance Failed + - identifier: Deploy RHEL9 Blueprint + unified_job_template: Cloud / AWS / Create VM + extra_data: + vm_name: aws_rhel9 + vm_blueprint: rhel9 + vm_owner: !unsafe "{{ aws_owner_tag }}" + success_nodes: + - Update Inventory + failure_nodes: + - Ticket - Instance Failed + - identifier: Ticket - VPC Failed + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to create AWS VPC + - identifier: Update Inventory + unified_job_template: AWS Inventory + success_nodes: + - Tag Report + - identifier: Ticket - Instance Failed + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to create AWS instance + - identifier: Tag Report + unified_job_template: Cloud / AWS / Tags Report +>>>>>>> main diff --git a/collections/ansible_collections/demo/reporting/roles/report_server/tasks/linux_landing_page.yml b/collections/ansible_collections/demo/reporting/roles/report_server/tasks/linux_landing_page.yml new file mode 100644 index 0000000..30419e3 --- /dev/null +++ b/collections/ansible_collections/demo/reporting/roles/report_server/tasks/linux_landing_page.yml @@ -0,0 +1,34 @@ +--- +- include_vars: "{{ ansible_system }}.yml" + +- name: get reports + ansible.builtin.find: + paths: "{{ doc_root }}/{{ reports_dir }}" + patterns: '*.html' + register: reports + check_mode: no + +- name: publish landing page + ansible.builtin.template: + src: linux_report.j2 + dest: "{{ doc_root }}/index.html" + check_mode: no + +- name: copy CSS over + ansible.builtin.copy: + src: "css" + dest: "{{ doc_root }}" + directory_mode: true + check_mode: no + +- name: copy logos over + ansible.builtin.copy: + src: "{{ item }}" + dest: "{{ doc_root }}" + directory_mode: true + loop: + - "webpage_logo.png" + - "redhat-ansible-logo.svg" + - "report.png" + check_mode: no + diff --git a/collections/ansible_collections/demo/reporting/roles/report_server/tasks/windows_landing_page.yml b/collections/ansible_collections/demo/reporting/roles/report_server/tasks/windows_landing_page.yml new file mode 100644 index 0000000..76574c9 --- /dev/null +++ b/collections/ansible_collections/demo/reporting/roles/report_server/tasks/windows_landing_page.yml @@ -0,0 +1,34 @@ +--- +- include_vars: "{{ ansible_system }}.yml" + +- name: get reports + ansible.windows.win_find: + paths: "{{ doc_root }}/{{ reports_dir }}" + patterns: '*.html' + register: reports + check_mode: no + +- name: publish landing page + ansible.builtin.win_template: + src: windows_report.j2 + dest: "{{ doc_root }}/index.html" + check_mode: no + +- name: copy CSS over + ansible.builtin.win_copy: + src: "css" + dest: "{{ doc_root }}" + directory_mode: true + check_mode: no + +- name: copy logos over + ansible.builtin.win_copy: + src: "{{ item }}" + dest: "{{ doc_root }}" + directory_mode: true + loop: + - "webpage_logo.png" + - "redhat-ansible-logo.svg" + - "report.png" + check_mode: no + diff --git a/collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml b/collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml new file mode 100644 index 0000000..61d2458 --- /dev/null +++ b/collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml @@ -0,0 +1,3 @@ +galaxy_info: + author: morenod + description: Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host. \ No newline at end of file diff --git a/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml b/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml index b9ce9ef..d60352a 100644 --- a/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml +++ b/collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml @@ -1,5 +1,6 @@ --- - name: Install openscap client packages +<<<<<<< HEAD ansible.builtin.yum: name: - openscap-scanner @@ -37,11 +38,51 @@ force_basic_auth: false body_format: json validate_certs: false +======= + yum: + name: + - openscap-scanner + - rubygem-foreman_scap_client + state: present + +- name: Get Policy parameters + uri: + url: "{{ foreman_server_url }}/api/v2/compliance/policies" + method: GET + user: "{{ foreman_username }}" + password: "{{ foreman_password }}" + force_basic_auth: yes + body_format: json + validate_certs: False + register: policies + no_log: "{{ foreman_operations_scap_client_secure_logging }}" + +- name: Build policy {{ policy_name }} parameters + set_fact: + policy: "{{ policy | default([]) }} + {{ [item] }}" + loop: "{{policies.json.results}}" + when: item.name in policy_name or policy_name == 'all' + +- name: Fail if no policy found with required name + fail: + when: policy is not defined + +- name: Get scap content information + uri: + url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{item.scap_content_id}}" + method: GET + user: "{{ foreman_username }}" + password: "{{ foreman_password }}" + force_basic_auth: yes + body_format: json + validate_certs: False +>>>>>>> main register: scapcontents loop: "{{ policy }}" no_log: "{{ foreman_operations_scap_client_secure_logging }}" - name: Get tailoring content information +<<<<<<< HEAD ansible.builtin.uri: url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{ item.tailoring_file_id }}" method: GET @@ -50,12 +91,23 @@ force_basic_auth: false body_format: json validate_certs: false +======= + uri: + url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{item.tailoring_file_id}}" + method: GET + user: "{{ foreman_username }}" + password: "{{ foreman_password }}" + force_basic_auth: yes + body_format: json + validate_certs: False +>>>>>>> main register: tailoringfiles when: item.tailoring_file_id | int > 0 | d(False) loop: "{{ policy }}" no_log: "{{ foreman_operations_scap_client_secure_logging }}" - name: Build scap content parameters +<<<<<<< HEAD ansible.builtin.set_fact: scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json}) }}" loop: "{{ scapcontents.results }}" @@ -63,10 +115,20 @@ - name: Build tailoring content parameters ansible.builtin.set_fact: tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json}) }}" +======= + set_fact: + scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json }) }}" + loop: "{{ scapcontents.results }}" + +- name: Build tailoring content parameters + set_fact: + tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json }) }}" +>>>>>>> main when: item.json is defined loop: "{{ tailoringfiles.results }}" - name: Apply openscap client configuration template +<<<<<<< HEAD ansible.builtin.template: src: openscap_client_config.yaml.j2 dest: /etc/foreman_scap_client/config.yaml @@ -83,3 +145,21 @@ # hour: "{{crontab_hour}}" # minute: "{{crontab_minute}}" # user: root +======= + template: + src: openscap_client_config.yaml.j2 + dest: /etc/foreman_scap_client/config.yaml + mode: 0644 + owner: root + group: root + +#- name: Configure execution crontab +# cron: +# name: "Openscap Execution" +# cron_file: 'foreman_openscap_client' +# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null' +# weekday: "{{crontab_weekdays}}" +# hour: "{{crontab_hour}}" +# minute: "{{crontab_minute}}" +# user: root +>>>>>>> main diff --git a/linux/podman.yml b/linux/podman.yml index db3f319..8a6f1d6 100644 --- a/linux/podman.yml +++ b/linux/podman.yml @@ -24,7 +24,6 @@ content: "{{ message }}" mode: "0664" - - name: Run httpd container containers.podman.podman_container: name: apache diff --git a/satellite/setup.yml b/satellite/setup.yml index 41fceae..ff19438 100644 --- a/satellite/setup.yml +++ b/satellite/setup.yml @@ -6,7 +6,7 @@ controller_components: - inventory_sources - job_templates - job_launch -# - workflow_job_templates + - workflow_job_templates controller_credential_types: - name: Satellite Collection @@ -51,148 +51,149 @@ controller_credentials: password: ansible123! controller_inventory_sources: - - name: Satellite Inventory - inventory: Workshop Inventory - credential: Satellite Inventory - source: satellite6 - update_on_launch: false - execution_environment: Control Plane Execution Environment - overwrite: true - source_vars: - hostnames: - - name.split('.')[0] - groups: - patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix - patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement - patch_security: foreman_content_facet_attributes.errata_counts.security - keyed_groups: - - prefix: env - key: foreman_content_facet_attributes.lifecycle_environment_name - - prefix: cv - key: foreman_content_facet_attributes.content_view_name - - prefix: os - key: foreman_operatingsystem_name - - prefix: scap - key: foreman_compliance_status_label - validate_certs: false +- name: Satellite Inventory + inventory: Workshop Inventory + credential: Satellite Inventory + source: satellite6 + update_on_launch: false + execution_environment: Control Plane Execution Environment + overwrite: true + source_vars: + hostnames: + - name.split('.')[0] + groups: + patch_bugs: foreman_content_attributes.errata_counts.bugfix + patch_enhancements: foreman_content_attributes.errata_counts.enhancement + patch_security: foreman_content_attributes.errata_counts.security + keyed_groups: + - prefix: env + key: foreman_content_attributes.lifecycle_environment_name + - prefix: cv + key: foreman_content_attributes.content_view_name + - prefix: os + key: foreman_operatingsystem_name + - prefix: scap + key: foreman_compliance_status_label + validate_certs: false + group_prefix: satellite_ controller_templates: - - name: LINUX / Register with Satellite - project: Ansible official demo project - playbook: satellite/server_register.yml - inventory: Workshop Inventory - notification_templates_started: Telemetry - notification_templates_success: Telemetry - notification_templates_error: Telemetry - credentials: - - Workshop Credential - - Satellite Credential - extra_vars: - org_id: "Default_Organization" - survey_enabled: true - survey: - name: '' - description: '' - spec: - - question_name: Server Name or Pattern - type: text - variable: _hosts - required: false - - question_name: Choose Environment - type: multiplechoice - variable: env - choices: - - Dev - - QA - - Prod - required: true +- name: LINUX / Register with Satellite + project: Ansible official demo project + playbook: satellite/server_register.yml + inventory: Workshop Inventory + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + credentials: + - Workshop Credential + - Satellite Credential + extra_vars: + org_id: "Default_Organization" + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: false + - question_name: Choose Environment + type: multiplechoice + variable: env + choices: + - Dev + - QA + - Prod + required: true - - name: LINUX / Compliance Scan with Satellite - project: Ansible official demo project - playbook: satellite/server_openscap.yml - inventory: Workshop Inventory - execution_environment: Ansible Engine 2.9 execution environment - notification_templates_started: Telemetry - notification_templates_success: Telemetry - notification_templates_error: Telemetry - credentials: - - Satellite Credential - - Workshop Credential - extra_vars: - policy_scan: all - survey_enabled: true - survey: - name: '' - description: '' - spec: - - question_name: Server Name or Pattern - type: text - variable: _hosts - required: false +- name: LINUX / Compliance Scan with Satellite + project: Ansible official demo project + playbook: satellite/server_openscap.yml + inventory: Workshop Inventory + execution_environment: Ansible Engine 2.9 execution environment + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + credentials: + - Satellite Credential + - Workshop Credential + extra_vars: + policy_scan: all + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Server Name or Pattern + type: text + variable: HOSTS + required: false - - name: SATELLITE / Publish Content View Version - project: Ansible official demo project - playbook: satellite/satellite_publish.yml - inventory: Workshop Inventory - notification_templates_started: Telemetry - notification_templates_success: Telemetry - notification_templates_error: Telemetry - credentials: - - Satellite Credential - extra_vars: - env: Dev - survey_enabled: true - survey: - name: '' - description: '' - spec: - - question_name: Select Content View - variable: content_view - type: multiplechoice - choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" - required: true +- name: SATELLITE / Publish Content View Version + project: Ansible official demo project + playbook: satellite/satellite_publish.yml + inventory: Workshop Inventory + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + credentials: + - Satellite Credential + extra_vars: + env: Dev + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Select Content View + variable: content_view + type: multiplechoice + choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" + required: true - - name: SATELLITE / Promote Content View Version - project: Ansible official demo project - playbook: satellite/satellite_promote.yml - inventory: Workshop Inventory - notification_templates_started: Telemetry - notification_templates_success: Telemetry - notification_templates_error: Telemetry - credentials: - - Satellite Credential - survey_enabled: true - survey: - name: '' - description: '' - spec: - - question_name: Select Content View - variable: content_view - type: multiplechoice - choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" - required: true - - question_name: Current Lifecycle Environment - variable: current_lifecycle_environment - type: multiplechoice - choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" - required: true - - question_name: Next Lifecycle Environment - variable: lifecycle_environment - type: multiplechoice - choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" - required: true - - - name: SETUP / Satellite - project: Ansible official demo project - playbook: satellite/setup_satellite.yml - inventory: Workshop Inventory - notification_templates_started: Telemetry - notification_templates_success: Telemetry - notification_templates_error: Telemetry - credentials: - - Satellite Credential +- name: SATELLITE / Promote Content View Version + project: Ansible official demo project + playbook: satellite/satellite_promote.yml + inventory: Workshop Inventory + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + credentials: + - Satellite Credential + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Select Content View + variable: content_view + type: multiplechoice + choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" + required: true + - question_name: Current Lifecycle Environment + variable: current_lifecycle_environment + type: multiplechoice + choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" + required: true + - question_name: Next Lifecycle Environment + variable: lifecycle_environment + type: multiplechoice + choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" + required: true +- name: SETUP / Satellite + project: Ansible official demo project + playbook: satellite/setup_satellite.yml + inventory: Workshop Inventory + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + credentials: + - Satellite Credential + controller_launch_jobs: - name: SETUP wait: false @@ -200,7 +201,68 @@ controller_launch_jobs: demo: linux - name: SETUP / Satellite - wait: false + wait: true + +controller_workflows: + - name: Patch Dev + description: A workflow to patch the dev environment + organization: Default + notification_templates_started: Telemetry + notification_templates_success: Telemetry + notification_templates_error: Telemetry + survey_enabled: true + survey: + name: '' + description: '' + spec: + - question_name: Email + type: text + variable: email + required: false + simplified_workflow_nodes: + - identifier: Update Inventory + unified_job_template: Satellite Inventory + success_nodes: + - Check for Updates + - identifier: Publish New Patches + unified_job_template: 'SATELLITE / Publish Content View Version' + extra_data: + content_view: RHEL8 + success_nodes: + - Check for Updates + - identifier: Check for Updates + unified_job_template: 'LINUX / Patching' + job_type: check + extra_data: + HOSTS: env_RHEL8_Dev + all_parents_must_converge: true + success_nodes: + - Approve Patches + failure_nodes: + - Ticket - Update Check + - identifier: Ticket - Update Check + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to check for updates in RHEL8_Dev + - identifier: Approve Patches + approval_node: + name: Push patches to Dev? + description: Review the patch report before approving + success_nodes: + - Apply Patches + - identifier: Apply Patches + unified_job_template: 'LINUX / Patching' + job_type: run + extra_data: + HOSTS: env_RHEL8_Dev + failure_nodes: + - Ticket - Update Apply + - identifier: Ticket - Update Apply + unified_job_template: 'SUBMIT FEEDBACK' + extra_data: + feedback: Failed to apply updates to RHEL8_Dev + + ####################### ### Satellite Vars ### diff --git a/windows/create_ad_domain.yml b/windows/create_ad_domain.yml index d17459f..4469c5b 100644 --- a/windows/create_ad_domain.yml +++ b/windows/create_ad_domain.yml @@ -4,47 +4,47 @@ gather_facts: false tasks: - - name: Set Local Admin Password - ansible.windows.win_user: - name: Administrator - password: "{{ ansible_password }}" + - name: Set Local Admin Password + ansible.windows.win_user: + name: Administrator + password: "{{ ansible_password }}" - - name: Create new domain in a new forest on the target host - ansible.windows.win_domain: - dns_domain_name: ansible.local - safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" - register: new_forest + - name: Create new domain in a new forest on the target host + ansible.windows.win_domain: + dns_domain_name: ansible.local + safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" + register: new_forest - - name: Reboot the target host - ansible.windows.win_reboot: - reboot_timeout: 3600 - when: new_forest.reboot_required + - name: Reboot the target host + ansible.windows.win_reboot: + reboot_timeout: 3600 + when: new_forest.reboot_required - - name: Wait up to 10min for AD web services to start - community.windows.win_wait_for_process: - process_name_exact: Microsoft.ActiveDirectory.WebServices - pre_wait_delay: 60 - state: present - timeout: 600 - sleep: 10 - remote_user: Administrator + - name: Wait up to 10min for AD web services to start + community.windows.win_wait_for_process: + process_name_exact: Microsoft.ActiveDirectory.WebServices + pre_wait_delay: 60 + state: present + timeout: 600 + sleep: 10 + remote_user: Administrator - - name: Create some groups - community.windows.win_domain_group: - name: "{{ item.name }}" - scope: global - loop: - - { name: "GroupA" } - - { name: "GroupB" } - - { name: "GroupC" } + - name: Create some groups + community.windows.win_domain_group: + name: "{{ item.name }}" + scope: global + loop: + - { name: "GroupA" } + - { name: "GroupB" } + - { name: "GroupC" } - - name: Create some users - community.windows.win_domain_user: - name: "{{ item.name }}" - groups: "{{ item.groups }}" - password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" - update_password: on_create - loop: - - { name: "UserA", groups: "GroupA" } - - { name: "UserB", groups: "GroupB" } - - { name: "UserC", groups: "GroupC" } + - name: Create some users + community.windows.win_domain_user: + name: "{{ item.name }}" + groups: "{{ item.groups }}" + password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" + update_password: on_create + loop: + - { name: "UserA", groups: "GroupA" } + - { name: "UserB", groups: "GroupB" } + - { name: "UserC", groups: "GroupC" } diff --git a/windows/helpdesk_new_user_portal.yml b/windows/helpdesk_new_user_portal.yml index a5dc320..c5c10df 100644 --- a/windows/helpdesk_new_user_portal.yml +++ b/windows/helpdesk_new_user_portal.yml @@ -1,39 +1,39 @@ --- - name: Helpdesk new user portal - hosts: "{{ _hosts | default('windows') }}" + hosts: "{{ _hosts | default('os_windows') }}" gather_facts: false tasks: - - name: Setting host facts using complex arguments - ansible.builtin.set_fact: - temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" - # Example result: ['&Qw2|E[-'] + - name: Setting host facts using complex arguments + set_fact: + temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" + # Example result: ['&Qw2|E[-'] - - name: Create new user - community.windows.win_domain_user: - name: "{{ firstname }} {{ surname }}" - firstname: "{{ firstname }}" - surname: "{{ surname }}" - sam_account_name: "{{ firstname[0] }}{{ surname }}" - company: BobCo - password: "{{ temp_password }}" - state: present - groups: - - "GroupA" - - "GroupB" - street: "{{ street }}" - city: "{{ city }}" - state_province: IN - postal_code: "{{ postal_code }}" - country: US - attributes: - telephoneNumber: "{{ telephone_number }}" - register: new_user + - name: Create new user + community.windows.win_domain_user: + name: "{{ firstname }} {{ surname }}" + firstname: "{{ firstname }}" + surname: "{{ surname }}" + sam_account_name: "{{ firstname[0] }}{{ surname }}" + company: BobCo + password: "{{ temp_password }}" + state: present + groups: + - "GroupA" + - "GroupB" + street: "{{ street }}" + city: "{{ city }}" + state_province: IN + postal_code: "{{ postal_code }}" + country: US + attributes: + telephoneNumber: "{{ telephone_number }}" + register: new_user - - name: Display User - ansible.builtin.debug: - var: new_user + - name: Display User + ansible.builtin.debug: + var: new_user - - name: Show temp password - ansible.builtin.debug: - var: temp_password + - name: Show temp password + ansible.builtin.debug: + var: temp_password diff --git a/windows/powershell.yml b/windows/powershell.yml index ed9d348..4144e93 100644 --- a/windows/powershell.yml +++ b/windows/powershell.yml @@ -1,17 +1,17 @@ --- - name: Run PowerShell - hosts: "{{ _hosts | default('os_windows') }}" + hosts: "{{ HOSTS | default('windows') }}" gather_facts: false vars: ps_script: undef tasks: - - name: Run PowerShell - ansible.windows.win_powershell: - script: | - {{ ps_script }} - register: ps_output + - name: Run PowerShell + ansible.windows.win_powershell: + script: | + {{ ps_script }} + register: ps_output - - name: Print output - ansible.builtin.debug: - msg: "{{ ps_output.output }}" + - name: Print output + ansible.builtin.debug: + msg: "{{ ps_output.output }}"