Home Esplora Aiuto
Accedi
rht
/
ocp-disco-install-materials
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Albero (Tree): 31bffe90b0
Rami (Branch) Tag
ocp-disco-in...
/
playbooks
/
10-lab-tmp-fixes.yml

10-lab-tmp-fixes.yml 2.5 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. ---
    2. 

  2. # These are the temporary tasks needed on various machines before classroom build is finished.
    3. 

  3. - name: Fixes required on utility VM.
    4. 

  4.   hosts: utility.lab.example.com
    5. 

  5.   become: yes
    6. 

  6.   gather_subset: min
    7. 

  7.   tasks:
    8. 

  8. # XXX DONE XXX    - name: Ensure idm is in ocp4.example.com zone.
    9. 

  9. # XXX DONE XXX      ansible.builtin.lineinfile:
    10. 

  10. # XXX DONE XXX        path: /var/named/ocp4.example.com.db
    11. 

  11. # XXX DONE XXX        regex: '^idm[[:space:]]'
    12. 

  12. # XXX DONE XXX        insertafter: '.*IN NS dns\.ocp4\.example\.com\.$'
    13. 

  13. # XXX DONE XXX        line: 'idm      IN A 192.168.50.40'
    14. 

  14. # XXX DONE XXX      notify:
    15. 

  15. # XXX DONE XXX        - fix forward zone serial
    16. 

  16. # XXX DONE XXX        - restart named
    17. 

  17. 

  18. # XXX DONE XXX    - name: Ensure idm is in ocp4.example.com reverse zone.
    19. 

  19. # XXX DONE XXX      ansible.builtin.lineinfile:
    20. 

  20. # XXX DONE XXX        path: /var/named/ocp4.example.com.reverse.db
    21. 

  21. # XXX DONE XXX        regex: '^40[[:space:]]'
    22. 

  22. # XXX DONE XXX        insertafter: '.*IN NS dns\.ocp4\.example\.com\.$'
    23. 

  23. # XXX DONE XXX        line: '40  IN PTR idm.ocp4.example.com.'
    24. 

  24. # XXX DONE XXX      notify:
    25. 

  25. # XXX DONE XXX        - fix reverse zone serial
    26. 

  26. # XXX DONE XXX        - restart named
    27. 

  27. 

  28.     # XXX DONE???
    29. 

  29.     - name: Ensure utility allows forwarding traffic from external to public/trusted zones.
    30. 

  30.       ansible.builtin.copy:
    31. 

  31.         dest: /etc/firewalld/policies/fwd-stud-to-ocp.xml
    32. 

  32.         mode: 0644
    33. 

  33.         owner: root
    34. 

  34.         group: root
    35. 

  35.         content: |
    36. 

  36.           <?xml version="1.0" encoding="utf-8"?>
    37. 

  37.           <policy target="ACCEPT">
    38. 

  38.             <ingress-zone name="external"/>
    39. 

  39.             <egress-zone name="public"/>
    40. 

  40.             <egress-zone name="trusted"/>
    41. 

  41.           </policy>
    42. 

  42.       notify:
    43. 

  43.         - reload utility firewalld
    44. 

  44.   handlers:
    45. 

  45.     - name: reload utility firewalld
    46. 

  46.       ansible.builtin.service:
    47. 

  47.         name: firewalld
    48. 

  48.         state: reloaded
    49. 

  49. 

  50.     - name: fix forward zone serial
    51. 

  51.       ansible.builtin.lineinfile:
    52. 

  52.         path: /var/named/ocp4.example.com.db
    53. 

  53.         regex: '.*; serial$'
    54. 

  54.         line: "                {{ ansible_facts['date_time']['year'] }}{{ ansible_facts['date_time']['month'] }}{{ ansible_facts['date_time']['day'] }}00"
    55. 

  55. 

  56.     - name: fix reverse zone serial
    57. 

  57.       ansible.builtin.lineinfile:
    58. 

  58.         path: /var/named/ocp4.example.com.reverse.db
    59. 

  59.         regex: '.*; serial$'
    60. 

  60.         line: "                {{ ansible_facts['date_time']['year'] }}{{ ansible_facts['date_time']['month'] }}{{ ansible_facts['date_time']['day'] }}00"
    61. 

  61. 

  62.     - name: restart named
    63. 

  63.       ansible.builtin.service:
    64. 

  64.         name: named
    65. 

  65.         state: restarted
    66. 

  66. ...
    67.