chore: last ansible

Tcharl · Tcharl · commit 0063d343af54 · 2025-11-10T19:35:19.000+01:00
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,5 +1,5 @@
 ---
 
-kube_firewall_zone: 'public'
+kube_firewall_zone: 'internal'
 cert_manager_chart_version: 'v1.19.1'
 cmtcl_version: 'v2.3.0'
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -6,7 +6,7 @@
   vars:
     secure_logs: False
     # preferred_nic: "eth1"
-    kube_firewall_zone: 'public'
+    kube_firewall_zone: 'internal'
     master_preferred_nic: "eth1"
     preferred_nic: "eth1"
     reset_kube: True
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -1,6 +1,7 @@
 ---
 # TODO This phase fails once
-- name: Prepare IDM server
+
+- name: Prepare IDM
   hosts:
     - idm.osgiliath.test
   tasks:
@@ -14,13 +15,77 @@
         secure_logs: False
         preferred_nic: "eth1"
         idm_preferred_nic: "eth1"
-        master_preferred_nic: "eth1"
         company_domain: osgiliath.test
         company_realm_password: '123ADMin'
         company_ad_password: '123ADmPass'
-    - import_role:
+    - include_role:
+        name: tcharl.ansible_nameserver
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare IPA clients
+  hosts:
+    - master.osgiliath.test
+    - node1.osgiliath.test
+  tasks:
+    - name: "install fedora ansible prerequisites"
+      ansible.builtin.raw: dnf install -y python3 python3-libdnf5
+      changed_when: false
+      become: true
+    - include_role:
+        name: tcharl.ansible_securehost
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+    - include_role:
+        name: tcharl.ansible_nameserver
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare NFS server on Master
+  hosts:
+    - master.osgiliath.test
+  tasks:
+    - include_role:
         name: tcharl.nfs_server
-- name: Prepare
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare NFS client on Node
+  hosts:
+    - node1.osgiliath.test
+  tasks:
+    - include_role:
+        name: tcharl.nfs_client
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare Kubernetes
   hosts:
     - master.osgiliath.test
     - node1.osgiliath.test
@@ -30,13 +95,24 @@
       changed_when: false
       become: true
     - include_role:
-        name: tcharl.kube_certmanager
-        tasks_from: requirements.yml
+        name: tcharl.ansible_orchestration
       vars:
+        standalone_role: False
         secure_logs: False
         preferred_nic: "eth1"
+        company_domain: osgiliath.test
         idm_preferred_nic: "eth1"
         master_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+    - include_role:
+        name: tcharl.ansible_orchestration_cli
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
         company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        master_preferred_nic: "eth1"
         company_realm_password: '123ADMin'
         company_ad_password: '123ADmPass'
diff --git a/molecule/kvm/converge.yml b/molecule/kvm/converge.yml
@@ -8,7 +8,7 @@
     preferred_nic: "eth1"
     master_preferred_nic: "eth1"
     idm_preferred_nic: "eth1"
-    kube_firewall_zone: 'public'
+    kube_firewall_zone: 'internal'
     standalone_role: False
     reset_kube: True
     company_domain: osgiliath.test
diff --git a/molecule/kvm/prepare.yml b/molecule/kvm/prepare.yml
@@ -1,6 +1,7 @@
 ---
 # TODO This phase fails once
-- name: Prepare IDM server
+
+- name: Prepare IDM
   hosts:
     - idm.osgiliath.test
   tasks:
@@ -14,13 +15,77 @@
         secure_logs: False
         preferred_nic: "eth1"
         idm_preferred_nic: "eth1"
-        master_preferred_nic: "eth1"
         company_domain: osgiliath.test
         company_realm_password: '123ADMin'
         company_ad_password: '123ADmPass'
-    - import_role:
+    - include_role:
+        name: tcharl.ansible_nameserver
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare IPA clients
+  hosts:
+    - master.osgiliath.test
+    - node1.osgiliath.test
+  tasks:
+    - name: "install fedora ansible prerequisites"
+      ansible.builtin.raw: dnf install -y python3 python3-libdnf5
+      changed_when: false
+      become: true
+    - include_role:
+        name: tcharl.ansible_securehost
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+    - include_role:
+        name: tcharl.ansible_nameserver
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare NFS server on Master
+  hosts:
+    - master.osgiliath.test
+  tasks:
+    - include_role:
         name: tcharl.nfs_server
-- name: Prepare
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare NFS client on Node
+  hosts:
+    - node1.osgiliath.test
+  tasks:
+    - include_role:
+        name: tcharl.nfs_client
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare Kubernetes
   hosts:
     - master.osgiliath.test
     - node1.osgiliath.test
@@ -30,13 +95,24 @@
       changed_when: false
       become: true
     - include_role:
-        name: tcharl.kube_certmanager
-        tasks_from: requirements.yml
+        name: tcharl.ansible_orchestration
       vars:
+        standalone_role: False
         secure_logs: False
         preferred_nic: "eth1"
+        company_domain: osgiliath.test
         idm_preferred_nic: "eth1"
         master_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+    - include_role:
+        name: tcharl.ansible_orchestration_cli
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
         company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        master_preferred_nic: "eth1"
         company_realm_password: '123ADMin'
         company_ad_password: '123ADmPass'
diff --git a/molecule/parallels/converge.yml b/molecule/parallels/converge.yml
@@ -9,7 +9,7 @@
     idm_preferred_nic: "eth1"
     master_preferred_nic: "eth1"
     kubernetes_allow_pods_on_master: False
-    kube_firewall_zone: 'public'
+    kube_firewall_zone: 'internal'
     standalone_role: False
     company_domain: osgiliath.test
     company_realm_password: '123ADMin'
diff --git a/molecule/parallels/prepare.yml b/molecule/parallels/prepare.yml
@@ -1,6 +1,7 @@
 ---
 # TODO This phase fails once
-- name: Prepare IDM server
+
+- name: Prepare IDM
   hosts:
     - idm.osgiliath.test
   tasks:
@@ -14,13 +15,77 @@
         secure_logs: False
         preferred_nic: "eth1"
         idm_preferred_nic: "eth1"
-        master_preferred_nic: "eth1"
         company_domain: osgiliath.test
         company_realm_password: '123ADMin'
         company_ad_password: '123ADmPass'
-    - import_role:
+    - include_role:
+        name: tcharl.ansible_nameserver
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare IPA clients
+  hosts:
+    - master.osgiliath.test
+    - node1.osgiliath.test
+  tasks:
+    - name: "install fedora ansible prerequisites"
+      ansible.builtin.raw: dnf install -y python3 python3-libdnf5
+      changed_when: false
+      become: true
+    - include_role:
+        name: tcharl.ansible_securehost
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+    - include_role:
+        name: tcharl.ansible_nameserver
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare NFS server on Master
+  hosts:
+    - master.osgiliath.test
+  tasks:
+    - include_role:
         name: tcharl.nfs_server
-- name: Prepare
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare NFS client on Node
+  hosts:
+    - node1.osgiliath.test
+  tasks:
+    - include_role:
+        name: tcharl.nfs_client
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
+        company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+- name: Prepare Kubernetes
   hosts:
     - master.osgiliath.test
     - node1.osgiliath.test
@@ -30,13 +95,24 @@
       changed_when: false
       become: true
     - include_role:
-        name: tcharl.kube_certmanager
-        tasks_from: requirements.yml
+        name: tcharl.ansible_orchestration
       vars:
+        standalone_role: False
         secure_logs: False
         preferred_nic: "eth1"
+        company_domain: osgiliath.test
         idm_preferred_nic: "eth1"
         master_preferred_nic: "eth1"
+        company_realm_password: '123ADMin'
+        company_ad_password: '123ADmPass'
+    - include_role:
+        name: tcharl.ansible_orchestration_cli
+      vars:
+        standalone_role: False
+        secure_logs: False
+        preferred_nic: "eth1"
         company_domain: osgiliath.test
+        idm_preferred_nic: "eth1"
+        master_preferred_nic: "eth1"
         company_realm_password: '123ADMin'
         company_ad_password: '123ADmPass'
diff --git a/tasks/ipa-facts.yml b/tasks/ipa-facts.yml
@@ -12,7 +12,11 @@
     msg: "{{ idm_preferred_nic | default(omit) }}"
     verbosity: 3
 
+- name: Facts | compute ip if preferred_nic is not set
+  ansible.builtin.set_fact:
+    kube_certmanager_ipa_current_host_ip: "{{ kube_certmanager_idm_host_facts.ansible_facts['ansible_' + idm_preferred_nic | replace('-', '_')].ipv4.address if (idm_preferred_nic is defined and not idm_preferred_nic.skipped is defined) else kube_certmanager_idm_host_facts.ansible_facts.ansible_default_ipv4.address | default(kube_certmanager_idm_host_facts.ansible_facts.ansible_all_ipv4_addresses | first) }}"
+
 - name: Facts | compute ip if preferred_nic is not set
   ansible.builtin.debug:
-    msg: "{{ kube_certmanager_idm_host_facts.ansible_facts['ansible_' + idm_preferred_nic | replace('-', '_')].ipv4.address if (idm_preferred_nic is defined and not idm_preferred_nic.skipped is defined) else kube_certmanager_idm_host_facts.ansible_facts.ansible_default_ipv4.address | default(kube_certmanager_idm_host_facts.ansible_facts.ansible_all_ipv4_addresses | first) }}"
-  register: kube_certmanager_ipa_current_host_ip
+    msg: "{{ kube_certmanager_ipa_current_host_ip }}"
+    verbosity: 1
diff --git a/tasks/main.yml b/tasks/main.yml
diff --git a/tasks/requirements.yml b/tasks/requirements.yml
diff --git a/tasks/tsig-facts.yml b/tasks/tsig-facts.yml
diff --git a/templates/acme_issuer/cluster-issuer.yml.j2 b/templates/acme_issuer/cluster-issuer.yml.j2
