Skip to content

Commit

Permalink
feat(host_groups): vm-2001 and vm-2002 hostgroup added with parameter…
Browse files Browse the repository at this point in the history 
…s required by the vm (#179)

* vm-2001 and vm-2002 hostgroup added with parameters required by the vm
* configures podman and it's logging
* Installs a EL9.5 based httpd container image
* configures the webserver

Co-authored-by: Lucas <[email protected]>
  • Loading branch information
@smirta @hairmare
smirta and hairmare authored Dec 19, 2024
1 parent 0fc16aa commit b4f98ee
Showing 1 changed file with 217 additions and 2 deletions.
219 changes: 217 additions & 2 deletions roles/foreman/tasks/host_groups.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,8 +122,7 @@
location: Randweg
compute_resource: ovirt
- name: vm-0043.service.int.rabe.ch
description: >
AlmaLinux 9 VM for Letsencrypt certificate renewal on reverse proxies
description: AlmaLinux 9 VM for Letsencrypt certificate renewal on reverse proxies
parent: RaBe Core/RaBe Base/EL9/AlmaLinux 9/AlmaLinux 9 VMs
organization: RaBe
location: Randweg
Expand Down Expand Up @@ -216,6 +215,114 @@
subnet: dmz
compute_resource: server-008.dmz-admin.int.rabe.ch
compute_profile: "1-Small"
- name: vm-2001.dmz.int.rabe.ch
description: AlmaLinux 9 DMZ virtual machine vm-2001 for running reverse-proxy container
parent: RaBe Core/RaBe Base/EL9/AlmaLinux 9/AlmaLinux 9 DMZ server-009 Vms
organization: RaBe
location: Randweg
ansible_roles:
- radiorabe.common.local_user
- redhat.rhel_system_roles.podman
parameters:
- name: firewall
parameter_type: yaml
value:
- service: http-alt
port: 8080/tcp
state: present
permanent: true
- service: https-alt
port: 8443/tcp
state: present
permanent: true
- zone: dmz
interface: eth0
state: present
permanent: true
- zone: dmz
state: enabled
permanent: true
service:
- cockpit
- ssh
- http-alt
- https-alt
- pmcd
- name: local_user_username
parameter_type: string
value: revproxy
- name: podman_create_host_directories
parameter_type: boolean
value: true
- name: podman_firewall
parameter_type: yaml
value:
- port: 8080/tcp
state: enabled
- port: 8090/tcp
state: enabled
- port: 8443/tcp
state: enabled
- name: podman_kube_specs
parameter_type: yaml
value:
- state: started
kube_file_content:
apiVersion: v1
kind: Pod
metadata:
name: revproxy
spec:
containers:
- name: revproxy
image: ghcr.io/radiorabe/httpd:0.5.1
env:
- name: PODMAN_HOST
value: "{{ ansible_host }}"
ports:
- containerPort: 8080
hostPort: 8080
- containerPort: 8090
hostPort: 8090
- containerPort: 8443
hostPort: 8443
volumeMounts:
- mountPath: "/etc/httpd/conf.d/local_configs:Z"
name: local_httpd_configs
- mountPath: "/etc/httpd/modsecurity.d/local_rules:Z"
name: local_modsec_rules
- mountPath: "/etc/pki/tls/private/rabe_certs:Z"
name: local_letsencrypt_certs
volumes:
- name: local_httpd_configs
hostPath:
path: "/home/revproxy/httpd/conf.d/local_configs"
- name: local_modsec_rules
hostPath:
path: "/home/revproxy/httpd/modsecurity.d/local_rules"
- name: local_letsencrypt_certs
hostPath:
path: "/home/revproxy/httpd/rabe_certs"
- name: podman_run_as_group
parameter_type: string
value: revproxy
- name: podman_run_as_user
parameter_type: string
value: revproxy
- name: podman_selinux_ports
parameter_type: yaml
value:
- ports: 8080
setype: http_port_t
- ports: 8090
setype: http_port_t
- ports: 8443
setype: http_port_t
- name: podman_containers_conf
parameter_type: yaml
value:
containers:
log_size_max: 1073741824 # 1Gib in bytes
- name: AlmaLinux 9 DMZ server-009 VMs
description: AlmaLinux 9 virtual machines to be run on server-009
parent: RaBe Core/RaBe Base/EL9/AlmaLinux 9
Expand All @@ -225,3 +332,111 @@
subnet: dmz
compute_resource: server-009.dmz-admin.int.rabe.ch
compute_profile: "1-Small"
- name: vm-2002.dmz.int.rabe.ch
description: AlmaLinux 9 DMZ virtual machine vm-2002 for running reverse-proxy container
parent: RaBe Core/RaBe Base/EL9/AlmaLinux 9/AlmaLinux 9 DMZ server-009 Vms
organization: RaBe
location: Randweg
ansible_roles:
- radiorabe.common.local_user
- redhat.rhel_system_roles.podman
parameters:
- name: firewall
parameter_type: yaml
value:
- service: http-alt
port: 8080/tcp
state: present
permanent: true
- service: https-alt
port: 8443/tcp
state: present
permanent: true
- zone: dmz
interface: eth0
state: present
permanent: true
- zone: dmz
state: enabled
permanent: true
service:
- cockpit
- ssh
- http-alt
- https-alt
- pmcd
- name: local_user_username
parameter_type: string
value: revproxy
- name: podman_create_host_directories
parameter_type: boolean
value: true
- name: podman_firewall
parameter_type: yaml
value:
- port: 8080/tcp
state: enabled
- port: 8090/tcp
state: enabled
- port: 8443/tcp
state: enabled
- name: podman_kube_specs
parameter_type: yaml
value:
- state: started
kube_file_content:
apiVersion: v1
kind: Pod
metadata:
name: revproxy
spec:
containers:
- name: revproxy
image: ghcr.io/radiorabe/httpd:0.5.1
env:
- name: PODMAN_HOST
value: "{{ ansible_host }}"
ports:
- containerPort: 8080
hostPort: 8080
- containerPort: 8090
hostPort: 8090
- containerPort: 8443
hostPort: 8443
volumeMounts:
- mountPath: "/etc/httpd/conf.d/local_configs:Z"
name: local_httpd_configs
- mountPath: "/etc/httpd/modsecurity.d/local_rules:Z"
name: local_modsec_rules
- mountPath: "/etc/pki/tls/private/rabe_certs:Z"
name: local_letsencrypt_certs
volumes:
- name: local_httpd_configs
hostPath:
path: "/home/revproxy/httpd/conf.d/local_configs"
- name: local_modsec_rules
hostPath:
path: "/home/revproxy/httpd/modsecurity.d/local_rules"
- name: local_letsencrypt_certs
hostPath:
path: "/home/revproxy/httpd/rabe_certs"
- name: podman_run_as_group
parameter_type: string
value: revproxy
- name: podman_run_as_user
parameter_type: string
value: revproxy
- name: podman_selinux_ports
parameter_type: yaml
value:
- ports: 8080
setype: http_port_t
- ports: 8090
setype: http_port_t
- ports: 8443
setype: http_port_t
- name: podman_containers_conf
parameter_type: yaml
value:
containers:
log_size_max: 1073741824 # 1Gib in bytes

0 comments on commit b4f98ee

Please sign in to comment.