ptoal/product-demos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge from main

Browse Source
This commit is contained in:
willtome
2023-03-13 10:34:14 -04:00
parent 4897123870 ac5cf8401a
commit c9ee59d2f1
11 changed files with 795 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
cloud/create_vpc.yml Normal file
View File

@@ -0,0 +1,125 @@
---
- name: Create Cloud Infra
hosts: localhost
gather_facts: false
vars:
aws_vpc_name: aws-test-vpc
aws_owner_tag: default
aws_purpose_tag: ansible_demo
aws_tenancy: default
aws_vpc_cidr_block: 10.0.0.0/16
aws_subnet_cidr: 10.0.1.0/24
aws_region: us-east-1
aws_sg_name: aws-test-sg
aws_subnet_name: aws-test-subnet
aws_rt_name: aws-test-rt
tasks:
- name: Create VPC
amazon.aws.ec2_vpc_net:
state: present
name: "{{ aws_vpc_name }}"
cidr_block: "{{ aws_vpc_cidr_block }}"
tenancy: "{{ aws_tenancy }}"
region: "{{ aws_region }}"
tags:
owner: "{{ aws_owner_tag }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_vpc
- name: Create internet gateway
amazon.aws.ec2_vpc_igw:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
tags:
Name: "{{ aws_vpc_name }}"
owner: "{{ aws_owner_tag }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_gateway
- name: Create security group internal
amazon.aws.ec2_security_group:
state: present
name: "{{ aws_sg_name }}"
region: "{{ aws_region }}"
description: Inbound WinRM and RDP, http for demo servers and internal AD ports
rules:
- proto: tcp
ports:
- 80 # HTTP
- 443 # HTTPS
- 22 # SSH
- 5986 # WinRM
- 3389 # RDP
- 9090 # Cockpit
cidr_ip: 0.0.0.0/0
- proto: icmp
to_port: -1
from_port: -1
cidr_ip: 0.0.0.0/0
- proto: tcp
ports:
- 80 # HTTP
- 5986 # WinRM
- 3389 # RDP
- 53 # DNS
- 88 # Kerberos Authentication
- 135 # RPC
- 139 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 5432 # PostgreSQL
- 636 # LDAPS (LDAP over TLS)
- 873 # Rsync
- 3268-3269 # Global Catalog
- 1024-65535 # Ephemeral RPC ports
cidr_ip: "{{ aws_vpc_cidr_block }}"
- proto: udp
ports:
- 53 # DNS
- 88 # Kerberos Authentication
- 123 # NTP
- 137-138 # Netlogon
- 389 # LDAP
- 445 # SMB
- 464 # Kerberos Authentication
- 1024-65535 # Ephemeral RPC ports
cidr_ip: "{{ aws_vpc_cidr_block }}"
rules_egress:
- proto: -1
cidr_ip: 0.0.0.0/0
vpc_id: "{{ aws_vpc.vpc.id }}"
tags:
Name: "{{ aws_sg_name }}"
owner: "{{ aws_owner_tag }}"
purpose: "{{ aws_purpose_tag }}"
- name: Create a subnet on the VPC
amazon.aws.ec2_vpc_subnet:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
cidr: "{{ aws_subnet_cidr }}"
region: "{{ aws_region }}"
map_public: true
tags:
Name: "{{ aws_subnet_name }}"
owner: "{{ aws_owner_tag }}"
purpose: "{{ aws_purpose_tag }}"
register: aws_subnet
- name: Create a subnet route table
amazon.aws.ec2_vpc_route_table:
state: present
vpc_id: "{{ aws_vpc.vpc.id }}"
region: "{{ aws_region }}"
subnets:
- "{{ aws_subnet.subnet.id }}"
routes:
- dest: 0.0.0.0/0
gateway_id: "{{ aws_gateway.gateway_id }}"
tags:
Name: "{{ aws_rt_name }}"
owner: "{{ aws_owner_tag }}"
purpose: "{{ aws_purpose_tag }}"

246
cloud/setup.yml
View File

@@ -8,6 +8,20 @@ controller_components:
- inventory_sources - inventory_sources
- groups - groups
- job_templates - job_templates
- workflow_job_templates
controller_execution_environments:
- name: Cloud Services Execution Environment
image: quay.io/scottharwell/cloud-ee:latest
controller_projects:
- name: Ansible Cloud Content Lab - AWS
organization: Default
scm_type: git
wait: yes
#scm_url: https://github.com/ansible-content-lab/aws.infrastructure_config_demos.git
scm_url: https://github.com/willtome/aws.infrastructure_config_demos.git
default_environment: Cloud Services Execution Environment
controller_execution_environments: controller_execution_environments:
- name: Cloud Services Execution Environment - name: Cloud Services Execution Environment
@@ -85,12 +99,22 @@ controller_groups:
variables: variables:
ansible_user: ec2-user ansible_user: ec2-user
controller_groups:
- name: cloud_aws
inventory: Workshop Inventory
variables:
ansible_user: ec2-user
controller_templates: controller_templates:
- name: Cloud / AWS / Create Peer Infrastructure - name: Cloud / AWS / Create Peer Infrastructure
job_type: run job_type: run
organization: Default organization: Default
credentials: credentials:
<<<<<<< HEAD
- AWS - AWS
=======
- AWS
>>>>>>> main
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_peer_network.yml playbook: playbook_create_peer_network.yml
inventory: Workshop Inventory inventory: Workshop Inventory
@@ -106,7 +130,11 @@ controller_templates:
job_type: run job_type: run
organization: Default organization: Default
credentials: credentials:
<<<<<<< HEAD
- AWS - AWS
=======
- AWS
>>>>>>> main
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_delete_peer_network.yml playbook: playbook_delete_peer_network.yml
inventory: Workshop Inventory inventory: Workshop Inventory
@@ -120,7 +148,11 @@ controller_templates:
job_type: run job_type: run
organization: Default organization: Default
credentials: credentials:
<<<<<<< HEAD
- AWS - AWS
=======
- AWS
>>>>>>> main
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_transit_network.yml playbook: playbook_create_transit_network.yml
inventory: Workshop Inventory inventory: Workshop Inventory
@@ -136,7 +168,11 @@ controller_templates:
job_type: run job_type: run
organization: Default organization: Default
credentials: credentials:
<<<<<<< HEAD
- AWS - AWS
=======
- AWS
>>>>>>> main
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_delete_transit_network.yml playbook: playbook_delete_transit_network.yml
inventory: Workshop Inventory inventory: Workshop Inventory
@@ -146,29 +182,38 @@ controller_templates:
extra_vars: extra_vars:
aws_region: us-east-1 aws_region: us-east-1
<<<<<<< HEAD
- name: Cloud / Create Infra - name: Cloud / Create Infra
job_type: run job_type: run
organization: Default organization: Default
credentials: credentials:
- AWS - AWS
# - Azure # - Azure
=======
- name: Cloud / AWS / Create VPC
job_type: run
organization: Default
credentials:
- AWS
>>>>>>> main
project: Ansible official demo project project: Ansible official demo project
playbook: cloud/create_infra.yml playbook: cloud/create_vpc.yml
inventory: Workshop Inventory inventory: Workshop Inventory
notification_templates_started: Telemetry notification_templates_started: Telemetry
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
survey_enabled: true survey_enabled: true
extra_vars: extra_vars:
aws_region: us-east-2 aws_region: us-east-1
survey: survey:
name: '' name: ''
description: '' description: ''
spec: spec:
- question_name: Infra Provider - question_name: Owner
type: multiplechoice type: text
variable: infra_provider variable: aws_owner_tag
required: true required: true
<<<<<<< HEAD
choices: choices:
- aws - aws
# - azure # - azure
@@ -176,13 +221,21 @@ controller_templates:
type: textarea type: textarea
required: false required: false
variable: aws_public_key variable: aws_public_key
=======
>>>>>>> main
- name: Cloud / AWS / Create VM - name: Cloud / AWS / Create VM
job_type: run job_type: run
organization: Default organization: Default
<<<<<<< HEAD
credentials: credentials:
- AWS - AWS
- Workshop Credential - Workshop Credential
=======
credentials:
- AWS
- Workshop Credential
>>>>>>> main
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_vm.yml playbook: playbook_create_vm.yml
inventory: Workshop Inventory inventory: Workshop Inventory
@@ -190,6 +243,7 @@ controller_templates:
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
survey_enabled: true survey_enabled: true
allow_simultaneous: true
extra_vars: extra_vars:
aws_region: us-east-1 aws_region: us-east-1
aws_keypair_name: aws-test-key aws_keypair_name: aws-test-key
@@ -231,19 +285,33 @@ controller_templates:
type: text type: text
variable: aws_vpc_subnet_name variable: aws_vpc_subnet_name
required: true required: true
<<<<<<< HEAD
default: dmz-subnet default: dmz-subnet
=======
default: aws-test-subnet
>>>>>>> main
- question_name: Security Group - question_name: Security Group
type: text type: text
variable: aws_securitygroup_name variable: aws_securitygroup_name
required: true required: true
<<<<<<< HEAD
default: dmz-sg default: dmz-sg
=======
default: aws-test-sg
>>>>>>> main
- name: Cloud / AWS / Delete VM - name: Cloud / AWS / Delete VM
job_type: run job_type: run
organization: Default organization: Default
<<<<<<< HEAD
credentials: credentials:
- AWS - AWS
- Workshop Credential - Workshop Credential
=======
credentials:
- AWS
- Workshop Credential
>>>>>>> main
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_delete_inventory_vm.yml playbook: playbook_delete_inventory_vm.yml
inventory: Workshop Inventory inventory: Workshop Inventory
@@ -260,6 +328,7 @@ controller_templates:
- question_name: Name or Pattern - question_name: Name or Pattern
type: text type: text
variable: _hosts variable: _hosts
<<<<<<< HEAD
required: true required: true
- name: Cloud / AWS / VPC Report - name: Cloud / AWS / VPC Report
@@ -270,6 +339,17 @@ controller_templates:
project: Ansible Cloud Content Lab - AWS project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_reports.yml playbook: playbook_create_reports.yml
inventory: Workshop Inventory inventory: Workshop Inventory
=======
required: true
- name: Cloud / AWS / VPC Report
job_type: run
organization: Default
credentials:
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_reports.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry notification_templates_started: Telemetry
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
@@ -277,6 +357,66 @@ controller_templates:
aws_region: us-east-1 aws_region: us-east-1
aws_report: vpc aws_report: vpc
- name: Cloud / AWS / Tags Report
job_type: run
organization: Default
credentials:
- AWS
project: Ansible Cloud Content Lab - AWS
playbook: playbook_create_reports.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
extra_vars:
aws_region: us-east-1
aws_report: tags
- name: Cloud / AWS / Create Keypair
job_type: run
organization: Default
credentials:
- AWS
project: Ansible official demo project
playbook: cloud/aws_key.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
survey_enabled: true
extra_vars:
aws_region: us-east-1
survey:
name: ''
description: ''
spec:
- question_name: Keypair Name
type: text
variable: aws_key_name
required: true
default: aws-test-key
- question_name: Keypair Public Key
type: textarea
variable: aws_public_key
required: true
- question_name: Owner
type: text
variable: aws_keypair_owner
required: true
controller_workflows:
- name: Deploy Cloud Stack in AWS
description: A workflow to deploy a cloud stack
organization: Default
>>>>>>> main
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
extra_vars:
<<<<<<< HEAD
aws_region: us-east-1
aws_report: vpc
- name: Cloud / AWS / Tags Report - name: Cloud / AWS / Tags Report
job_type: run job_type: run
organization: Default organization: Default
@@ -306,20 +446,116 @@ controller_templates:
survey_enabled: true survey_enabled: true
extra_vars: extra_vars:
aws_region: us-east-1 aws_region: us-east-1
=======
vm_deployment: cloud_stack
survey_enabled: true
>>>>>>> main
survey: survey:
name: '' name: ''
description: '' description: ''
spec: spec:
<<<<<<< HEAD
- question_name: Keypair Name - question_name: Keypair Name
type: text type: text
variable: aws_key_name variable: aws_key_name
required: true required: true
default: aws-test-key default: aws-test-key
=======
- question_name: Owner
type: text
variable: aws_owner_tag
required: true
- question_name: Environment
type: multiplechoice
variable: vm_environment
required: true
choices:
- Dev
- QA
- Prod
>>>>>>> main
- question_name: Keypair Public Key - question_name: Keypair Public Key
type: textarea type: textarea
variable: aws_public_key variable: aws_public_key
required: true required: true
<<<<<<< HEAD
- question_name: Owner - question_name: Owner
type: text type: text
variable: aws_keypair_owner variable: aws_keypair_owner
required: true required: true
=======
- question_name: Email
type: text
variable: email
required: true
simplified_workflow_nodes:
- identifier: Create Keypair
unified_job_template: Cloud / AWS / Create Keypair
extra_data:
aws_keypair_owner: !unsafe "{{ aws_owner_tag }}"
success_nodes:
- VPC Report
failure_nodes:
- Ticket - Keypair Failed
- identifier: Create VPC
unified_job_template: Cloud / AWS / Create VPC
success_nodes:
- VPC Report
failure_nodes:
- Ticket - VPC Failed
- identifier: Ticket - Keypair Failed
unified_job_template: 'SUBMIT FEEDBACK'
extra_data:
feedback: Failed to create AWS keypair
- identifier: VPC Report
unified_job_template: Cloud / AWS / VPC Report
all_parents_must_converge: true
success_nodes:
- Deploy Windows Blueprint
- Deploy RHEL8 Blueprint
- Deploy RHEL9 Blueprint
- identifier: Deploy Windows Blueprint
unified_job_template: Cloud / AWS / Create VM
extra_data:
vm_name: aws_win
vm_blueprint: windows_full
vm_owner: !unsafe "{{ aws_owner_tag }}"
success_nodes:
- Update Inventory
failure_nodes:
- Ticket - Instance Failed
- identifier: Deploy RHEL8 Blueprint
unified_job_template: Cloud / AWS / Create VM
extra_data:
vm_name: aws_rhel8
vm_blueprint: rhel8
vm_owner: !unsafe "{{ aws_owner_tag }}"
success_nodes:
- Update Inventory
failure_nodes:
- Ticket - Instance Failed
- identifier: Deploy RHEL9 Blueprint
unified_job_template: Cloud / AWS / Create VM
extra_data:
vm_name: aws_rhel9
vm_blueprint: rhel9
vm_owner: !unsafe "{{ aws_owner_tag }}"
success_nodes:
- Update Inventory
failure_nodes:
- Ticket - Instance Failed
- identifier: Ticket - VPC Failed
unified_job_template: 'SUBMIT FEEDBACK'
extra_data:
feedback: Failed to create AWS VPC
- identifier: Update Inventory
unified_job_template: AWS Inventory
success_nodes:
- Tag Report
- identifier: Ticket - Instance Failed
unified_job_template: 'SUBMIT FEEDBACK'
extra_data:
feedback: Failed to create AWS instance
- identifier: Tag Report
unified_job_template: Cloud / AWS / Tags Report
>>>>>>> main

34
collections/ansible_collections/demo/reporting/roles/report_server/tasks/linux_landing_page.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: get reports
ansible.builtin.find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
- name: publish landing page
ansible.builtin.template:
src: linux_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
- name: copy CSS over
ansible.builtin.copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
- name: copy logos over
ansible.builtin.copy:
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no

34
collections/ansible_collections/demo/reporting/roles/report_server/tasks/windows_landing_page.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- include_vars: "{{ ansible_system }}.yml"
- name: get reports
ansible.windows.win_find:
paths: "{{ doc_root }}/{{ reports_dir }}"
patterns: '*.html'
register: reports
check_mode: no
- name: publish landing page
ansible.builtin.win_template:
src: windows_report.j2
dest: "{{ doc_root }}/index.html"
check_mode: no
- name: copy CSS over
ansible.builtin.win_copy:
src: "css"
dest: "{{ doc_root }}"
directory_mode: true
check_mode: no
- name: copy logos over
ansible.builtin.win_copy:
src: "{{ item }}"
dest: "{{ doc_root }}"
directory_mode: true
loop:
- "webpage_logo.png"
- "redhat-ansible-logo.svg"
- "report.png"
check_mode: no

3
collections/ansible_collections/demo/satellite/roles/scap_client/meta/main.yml Normal file
View File

@@ -0,0 +1,3 @@
galaxy_info:
author: morenod
description: Role created to configure a client to execute openscap policies based on the information obtained from a Red Hat Satellite/Foreman Host.

80
collections/ansible_collections/demo/satellite/roles/scap_client/tasks/main.yaml
View File

@@ -1,5 +1,6 @@
--- ---
- name: Install openscap client packages - name: Install openscap client packages
<<<<<<< HEAD
ansible.builtin.yum: ansible.builtin.yum:
name: name:
- openscap-scanner - openscap-scanner
@@ -37,11 +38,51 @@
force_basic_auth: false force_basic_auth: false
body_format: json body_format: json
validate_certs: false validate_certs: false
=======
yum:
name:
- openscap-scanner
- rubygem-foreman_scap_client
state: present
- name: Get Policy parameters
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/policies"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
body_format: json
validate_certs: False
register: policies
no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build policy {{ policy_name }} parameters
set_fact:
policy: "{{ policy | default([]) }} + {{ [item] }}"
loop: "{{policies.json.results}}"
when: item.name in policy_name or policy_name == 'all'
- name: Fail if no policy found with required name
fail:
when: policy is not defined
- name: Get scap content information
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/scap_contents/{{item.scap_content_id}}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
body_format: json
validate_certs: False
>>>>>>> main
register: scapcontents register: scapcontents
loop: "{{ policy }}" loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}" no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Get tailoring content information - name: Get tailoring content information
<<<<<<< HEAD
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{ item.tailoring_file_id }}" url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{ item.tailoring_file_id }}"
method: GET method: GET
@@ -50,12 +91,23 @@
force_basic_auth: false force_basic_auth: false
body_format: json body_format: json
validate_certs: false validate_certs: false
=======
uri:
url: "{{ foreman_server_url }}/api/v2/compliance/tailoring_files/{{item.tailoring_file_id}}"
method: GET
user: "{{ foreman_username }}"
password: "{{ foreman_password }}"
force_basic_auth: yes
body_format: json
validate_certs: False
>>>>>>> main
register: tailoringfiles register: tailoringfiles
when: item.tailoring_file_id | int > 0 | d(False) when: item.tailoring_file_id | int > 0 | d(False)
loop: "{{ policy }}" loop: "{{ policy }}"
no_log: "{{ foreman_operations_scap_client_secure_logging }}" no_log: "{{ foreman_operations_scap_client_secure_logging }}"
- name: Build scap content parameters - name: Build scap content parameters
<<<<<<< HEAD
ansible.builtin.set_fact: ansible.builtin.set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json}) }}" scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json}) }}"
loop: "{{ scapcontents.results }}" loop: "{{ scapcontents.results }}"
@@ -63,10 +115,20 @@
- name: Build tailoring content parameters - name: Build tailoring content parameters
ansible.builtin.set_fact: ansible.builtin.set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json}) }}" tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json}) }}"
=======
set_fact:
scap_content: "{{ scap_content | default({}) | combine({item.json.id: item.json }) }}"
loop: "{{ scapcontents.results }}"
- name: Build tailoring content parameters
set_fact:
tailoring_files: "{{ tailoring_files | default({}) | combine({item.json.id: item.json }) }}"
>>>>>>> main
when: item.json is defined when: item.json is defined
loop: "{{ tailoringfiles.results }}" loop: "{{ tailoringfiles.results }}"
- name: Apply openscap client configuration template - name: Apply openscap client configuration template
<<<<<<< HEAD
ansible.builtin.template: ansible.builtin.template:
src: openscap_client_config.yaml.j2 src: openscap_client_config.yaml.j2
dest: /etc/foreman_scap_client/config.yaml dest: /etc/foreman_scap_client/config.yaml
@@ -83,3 +145,21 @@
# hour: "{{crontab_hour}}" # hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}" # minute: "{{crontab_minute}}"
# user: root # user: root
=======
template:
src: openscap_client_config.yaml.j2
dest: /etc/foreman_scap_client/config.yaml
mode: 0644
owner: root
group: root
#- name: Configure execution crontab
# cron:
# name: "Openscap Execution"
# cron_file: 'foreman_openscap_client'
# job: '/usr/bin/foreman_scap_client {{policy.id}} > /dev/null'
# weekday: "{{crontab_weekdays}}"
# hour: "{{crontab_hour}}"
# minute: "{{crontab_minute}}"
# user: root
>>>>>>> main

1
linux/podman.yml
View File

@@ -24,7 +24,6 @@
content: "{{ message }}" content: "{{ message }}"
mode: "0664" mode: "0664"
- name: Run httpd container - name: Run httpd container
containers.podman.podman_container: containers.podman.podman_container:
name: apache name: apache

336
satellite/setup.yml
View File

@@ -6,7 +6,7 @@ controller_components:
- inventory_sources - inventory_sources
- job_templates - job_templates
- job_launch - job_launch
# - workflow_job_templates - workflow_job_templates
controller_credential_types: controller_credential_types:
- name: Satellite Collection - name: Satellite Collection
@@ -51,148 +51,149 @@ controller_credentials:
password: ansible123! password: ansible123!
controller_inventory_sources: controller_inventory_sources:
- name: Satellite Inventory - name: Satellite Inventory
inventory: Workshop Inventory inventory: Workshop Inventory
credential: Satellite Inventory credential: Satellite Inventory
source: satellite6 source: satellite6
update_on_launch: false update_on_launch: false
execution_environment: Control Plane Execution Environment execution_environment: Control Plane Execution Environment
overwrite: true overwrite: true
source_vars: source_vars:
hostnames: hostnames:
- name.split('.')[0] - name.split('.')[0]
groups: groups:
patch_bugs: foreman_content_facet_attributes.errata_counts.bugfix patch_bugs: foreman_content_attributes.errata_counts.bugfix
patch_enhancements: foreman_content_facet_attributes.errata_counts.enhancement patch_enhancements: foreman_content_attributes.errata_counts.enhancement
patch_security: foreman_content_facet_attributes.errata_counts.security patch_security: foreman_content_attributes.errata_counts.security
keyed_groups: keyed_groups:
- prefix: env - prefix: env
key: foreman_content_facet_attributes.lifecycle_environment_name key: foreman_content_attributes.lifecycle_environment_name
- prefix: cv - prefix: cv
key: foreman_content_facet_attributes.content_view_name key: foreman_content_attributes.content_view_name
- prefix: os - prefix: os
key: foreman_operatingsystem_name key: foreman_operatingsystem_name
- prefix: scap - prefix: scap
key: foreman_compliance_status_label key: foreman_compliance_status_label
validate_certs: false validate_certs: false
group_prefix: satellite_
controller_templates: controller_templates:
- name: LINUX / Register with Satellite - name: LINUX / Register with Satellite
project: Ansible official demo project project: Ansible official demo project
playbook: satellite/server_register.yml playbook: satellite/server_register.yml
inventory: Workshop Inventory inventory: Workshop Inventory
notification_templates_started: Telemetry notification_templates_started: Telemetry
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
credentials: credentials:
- Workshop Credential - Workshop Credential
- Satellite Credential - Satellite Credential
extra_vars: extra_vars:
org_id: "Default_Organization" org_id: "Default_Organization"
survey_enabled: true survey_enabled: true
survey: survey:
name: '' name: ''
description: '' description: ''
spec: spec:
- question_name: Server Name or Pattern - question_name: Server Name or Pattern
type: text type: text
variable: _hosts variable: HOSTS
required: false required: false
- question_name: Choose Environment - question_name: Choose Environment
type: multiplechoice type: multiplechoice
variable: env variable: env
choices: choices:
- Dev - Dev
- QA - QA
- Prod - Prod
required: true required: true
- name: LINUX / Compliance Scan with Satellite - name: LINUX / Compliance Scan with Satellite
project: Ansible official demo project project: Ansible official demo project
playbook: satellite/server_openscap.yml playbook: satellite/server_openscap.yml
inventory: Workshop Inventory inventory: Workshop Inventory
execution_environment: Ansible Engine 2.9 execution environment execution_environment: Ansible Engine 2.9 execution environment
notification_templates_started: Telemetry notification_templates_started: Telemetry
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
credentials: credentials:
- Satellite Credential - Satellite Credential
- Workshop Credential - Workshop Credential
extra_vars: extra_vars:
policy_scan: all policy_scan: all
survey_enabled: true survey_enabled: true
survey: survey:
name: '' name: ''
description: '' description: ''
spec: spec:
- question_name: Server Name or Pattern - question_name: Server Name or Pattern
type: text type: text
variable: _hosts variable: HOSTS
required: false required: false
- name: SATELLITE / Publish Content View Version - name: SATELLITE / Publish Content View Version
project: Ansible official demo project project: Ansible official demo project
playbook: satellite/satellite_publish.yml playbook: satellite/satellite_publish.yml
inventory: Workshop Inventory inventory: Workshop Inventory
notification_templates_started: Telemetry notification_templates_started: Telemetry
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
credentials: credentials:
- Satellite Credential - Satellite Credential
extra_vars: extra_vars:
env: Dev env: Dev
survey_enabled: true survey_enabled: true
survey: survey:
name: '' name: ''
description: '' description: ''
spec: spec:
- question_name: Select Content View - question_name: Select Content View
variable: content_view variable: content_view
type: multiplechoice type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true required: true
- name: SATELLITE / Promote Content View Version - name: SATELLITE / Promote Content View Version
project: Ansible official demo project project: Ansible official demo project
playbook: satellite/satellite_promote.yml playbook: satellite/satellite_promote.yml
inventory: Workshop Inventory inventory: Workshop Inventory
notification_templates_started: Telemetry notification_templates_started: Telemetry
notification_templates_success: Telemetry notification_templates_success: Telemetry
notification_templates_error: Telemetry notification_templates_error: Telemetry
credentials: credentials:
- Satellite Credential - Satellite Credential
survey_enabled: true survey_enabled: true
survey: survey:
name: '' name: ''
description: '' description: ''
spec: spec:
- question_name: Select Content View - question_name: Select Content View
variable: content_view variable: content_view
type: multiplechoice type: multiplechoice
choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" choices: "{{ satellite_content_views | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true required: true
- question_name: Current Lifecycle Environment - question_name: Current Lifecycle Environment
variable: current_lifecycle_environment variable: current_lifecycle_environment
type: multiplechoice type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true required: true
- question_name: Next Lifecycle Environment - question_name: Next Lifecycle Environment
variable: lifecycle_environment variable: lifecycle_environment
type: multiplechoice type: multiplechoice
choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}" choices: "{{ satellite_lifecycle_environments | selectattr('name', 'match', '^RHEL.*$') | map(attribute='name') | list}}"
required: true required: true
- name: SETUP / Satellite
project: Ansible official demo project
playbook: satellite/setup_satellite.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
- name: SETUP / Satellite
project: Ansible official demo project
playbook: satellite/setup_satellite.yml
inventory: Workshop Inventory
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
credentials:
- Satellite Credential
controller_launch_jobs: controller_launch_jobs:
- name: SETUP - name: SETUP
wait: false wait: false
@@ -200,7 +201,68 @@ controller_launch_jobs:
demo: linux demo: linux
- name: SETUP / Satellite - name: SETUP / Satellite
wait: false wait: true
controller_workflows:
- name: Patch Dev
description: A workflow to patch the dev environment
organization: Default
notification_templates_started: Telemetry
notification_templates_success: Telemetry
notification_templates_error: Telemetry
survey_enabled: true
survey:
name: ''
description: ''
spec:
- question_name: Email
type: text
variable: email
required: false
simplified_workflow_nodes:
- identifier: Update Inventory
unified_job_template: Satellite Inventory
success_nodes:
- Check for Updates
- identifier: Publish New Patches
unified_job_template: 'SATELLITE / Publish Content View Version'
extra_data:
content_view: RHEL8
success_nodes:
- Check for Updates
- identifier: Check for Updates
unified_job_template: 'LINUX / Patching'
job_type: check
extra_data:
HOSTS: env_RHEL8_Dev
all_parents_must_converge: true
success_nodes:
- Approve Patches
failure_nodes:
- Ticket - Update Check
- identifier: Ticket - Update Check
unified_job_template: 'SUBMIT FEEDBACK'
extra_data:
feedback: Failed to check for updates in RHEL8_Dev
- identifier: Approve Patches
approval_node:
name: Push patches to Dev?
description: Review the patch report before approving
success_nodes:
- Apply Patches
- identifier: Apply Patches
unified_job_template: 'LINUX / Patching'
job_type: run
extra_data:
HOSTS: env_RHEL8_Dev
failure_nodes:
- Ticket - Update Apply
- identifier: Ticket - Update Apply
unified_job_template: 'SUBMIT FEEDBACK'
extra_data:
feedback: Failed to apply updates to RHEL8_Dev
####################### #######################
### Satellite Vars ### ### Satellite Vars ###

78
windows/create_ad_domain.yml
View File

@@ -4,47 +4,47 @@
gather_facts: false gather_facts: false
tasks: tasks:
- name: Set Local Admin Password - name: Set Local Admin Password
ansible.windows.win_user: ansible.windows.win_user:
name: Administrator name: Administrator
password: "{{ ansible_password }}" password: "{{ ansible_password }}"
- name: Create new domain in a new forest on the target host - name: Create new domain in a new forest on the target host
ansible.windows.win_domain: ansible.windows.win_domain:
dns_domain_name: ansible.local dns_domain_name: ansible.local
safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" safe_mode_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
register: new_forest register: new_forest
- name: Reboot the target host - name: Reboot the target host
ansible.windows.win_reboot: ansible.windows.win_reboot:
reboot_timeout: 3600 reboot_timeout: 3600
when: new_forest.reboot_required when: new_forest.reboot_required
- name: Wait up to 10min for AD web services to start - name: Wait up to 10min for AD web services to start
community.windows.win_wait_for_process: community.windows.win_wait_for_process:
process_name_exact: Microsoft.ActiveDirectory.WebServices process_name_exact: Microsoft.ActiveDirectory.WebServices
pre_wait_delay: 60 pre_wait_delay: 60
state: present state: present
timeout: 600 timeout: 600
sleep: 10 sleep: 10
remote_user: Administrator remote_user: Administrator
- name: Create some groups - name: Create some groups
community.windows.win_domain_group: community.windows.win_domain_group:
name: "{{ item.name }}" name: "{{ item.name }}"
scope: global scope: global
loop: loop:
- { name: "GroupA" } - { name: "GroupA" }
- { name: "GroupB" } - { name: "GroupB" }
- { name: "GroupC" } - { name: "GroupC" }
- name: Create some users - name: Create some users
community.windows.win_domain_user: community.windows.win_domain_user:
name: "{{ item.name }}" name: "{{ item.name }}"
groups: "{{ item.groups }}" groups: "{{ item.groups }}"
password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
update_password: on_create update_password: on_create
loop: loop:
- { name: "UserA", groups: "GroupA" } - { name: "UserA", groups: "GroupA" }
- { name: "UserB", groups: "GroupB" } - { name: "UserB", groups: "GroupB" }
- { name: "UserC", groups: "GroupC" } - { name: "UserC", groups: "GroupC" }

62
windows/helpdesk_new_user_portal.yml
View File

@@ -1,39 +1,39 @@
--- ---
- name: Helpdesk new user portal - name: Helpdesk new user portal
hosts: "{{ _hosts | default('windows') }}" hosts: "{{ _hosts | default('os_windows') }}"
gather_facts: false gather_facts: false
tasks: tasks:
- name: Setting host facts using complex arguments - name: Setting host facts using complex arguments
ansible.builtin.set_fact: set_fact:
temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}" temp_password: "{{ lookup('community.general.random_string', min_lower=1, min_upper=1, min_special=1, min_numeric=1) }}"
# Example result: ['&Qw2|E[-'] # Example result: ['&Qw2|E[-']
- name: Create new user - name: Create new user
community.windows.win_domain_user: community.windows.win_domain_user:
name: "{{ firstname }} {{ surname }}" name: "{{ firstname }} {{ surname }}"
firstname: "{{ firstname }}" firstname: "{{ firstname }}"
surname: "{{ surname }}" surname: "{{ surname }}"
sam_account_name: "{{ firstname[0] }}{{ surname }}" sam_account_name: "{{ firstname[0] }}{{ surname }}"
company: BobCo company: BobCo
password: "{{ temp_password }}" password: "{{ temp_password }}"
state: present state: present
groups: groups:
- "GroupA" - "GroupA"
- "GroupB" - "GroupB"
street: "{{ street }}" street: "{{ street }}"
city: "{{ city }}" city: "{{ city }}"
state_province: IN state_province: IN
postal_code: "{{ postal_code }}" postal_code: "{{ postal_code }}"
country: US country: US
attributes: attributes:
telephoneNumber: "{{ telephone_number }}" telephoneNumber: "{{ telephone_number }}"
register: new_user register: new_user
- name: Display User - name: Display User
ansible.builtin.debug: ansible.builtin.debug:
var: new_user var: new_user
- name: Show temp password - name: Show temp password
ansible.builtin.debug: ansible.builtin.debug:
var: temp_password var: temp_password

18
windows/powershell.yml
View File

@@ -1,17 +1,17 @@
--- ---
- name: Run PowerShell - name: Run PowerShell
hosts: "{{ _hosts | default('os_windows') }}" hosts: "{{ HOSTS | default('windows') }}"
gather_facts: false gather_facts: false
vars: vars:
ps_script: undef ps_script: undef
tasks: tasks:
- name: Run PowerShell - name: Run PowerShell
ansible.windows.win_powershell: ansible.windows.win_powershell:
script: | script: |
{{ ps_script }} {{ ps_script }}
register: ps_output register: ps_output
- name: Print output - name: Print output
ansible.builtin.debug: ansible.builtin.debug:
msg: "{{ ps_output.output }}" msg: "{{ ps_output.output }}"