Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(host_groups): vm-2001 and vm-2002 hostgroup added with parameters required by the vm #179

Merged
merged 10 commits into from
Dec 19, 2024
Merged

feat(host_groups): vm-2001 and vm-2002 hostgroup added with parameters required by the vm #179

Changes from 1 commit
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
9a5f5e8
feat(host_groups): vm-2001 and vm-2002 hostgroup added with parameter…
smirta Nov 24, 2024
f5687ee
chore(security): Update to 0.5.1 version of the httpd image
hairmare Nov 26, 2024
2aa21e7
feat(container-log-size): add log_size_max to vm-2001 and vm-2002 con…
smirta Dec 4, 2024
712d38c
feat(podman host env): Add podman hostname as environment variable to…
smirta Dec 4, 2024
9ecd2d4
Merge branch 'main' into feat/add-vm-2001-and-vm-2002-host-groups
hairmare Dec 19, 2024
1fb972e
chore: put parent on single line
hairmare Dec 19, 2024
45c1908
chore: lint indenting and quotes
hairmare Dec 19, 2024
e8bf87b
Merge branch 'main' into feat/add-vm-2001-and-vm-2002-host-groups
hairmare Dec 19, 2024
86a75e8
fix: add tld in compute-resources again
hairmare Dec 19, 2024
81fbe28
chore: single line descriptions
hairmare Dec 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
208 changes: 208 additions & 0 deletions roles/foreman/tasks/host_groups.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,110 @@
subnet: dmz
compute_resource: server-008.dmz-admin.int.rabe
compute_profile: 1-Small
- name: vm-2001.dmz.int.rabe.ch
description: >
AlmaLinux 9 DMZ virtual machine vm-2001
for running reverse-proxy container
parent: >
RaBe Core/RaBe Base/EL9/AlmaLinux 9/
AlmaLinux 9 DMZ server-009 Vms
hairmare marked this conversation as resolved.
Show resolved Hide resolved
organization: RaBe
location: Randweg
ansible_roles:
- radiorabe.common.local_user
- redhat.rhel_system_roles.podman
parameters:
- name: firewall
parameter_type: yaml
value:
- service: http-alt
port: 8080/tcp
state: present
permanent: true
- service: https-alt
port: 8443/tcp
state: present
hairmare marked this conversation as resolved.
Show resolved Hide resolved
permanent: true
- zone: dmz
interface: eth0
state: present
permanent: true
- zone: dmz
state: enabled
permanent: true
service:
- cockpit
- ssh
- http-alt
- https-alt
- pmcd
- name: local_user_username
parameter_type: string
value: revproxy
- name: podman_create_host_directories
parameter_type: boolean
value: true
- name: podman_firewall
parameter_type: yaml
value:
- port: 8080/tcp
state: enabled
- port: 8090/tcp
state: enabled
- port: 8443/tcp
state: enabled
hairmare marked this conversation as resolved.
Show resolved Hide resolved
- name: podman_kube_specs
parameter_type: yaml
value:
- state: started
kube_file_content:
apiVersion: v1
kind: Pod
metadata:
name: revproxy
spec:
containers:
- name: revproxy
image: ghcr.io/radiorabe/httpd:0.3.0
hairmare marked this conversation as resolved.
Show resolved Hide resolved
ports:
- containerPort: 8080
hostPort: 8080
- containerPort: 8090
hostPort: 8090
- containerPort: 8443
hostPort: 8443
volumeMounts:
- mountPath: "/etc/httpd/conf.d/local_configs:Z"
name: local_httpd_configs
- mountPath: "/etc/httpd/modsecurity.d/local_rules:Z"
name: local_modsec_rules
- mountPath: "/etc/pki/tls/private/rabe_certs:Z"
name: local_letsencrypt_certs
volumes:
- name: local_httpd_configs
hostPath:
path: "/home/revproxy/httpd/conf.d/local_configs"
- name: local_modsec_rules
hostPath:
path: "/home/revproxy/httpd/modsecurity.d/local_rules"
- name: local_letsencrypt_certs
hostPath:
path: "/home/revproxy/httpd/rabe_certs"
- name: podman_run_as_group
parameter_type: string
value: revproxy
- name: podman_run_as_user
parameter_type: string
value: revproxy
- name: podman_selinux_ports
parameter_type: yaml
value:
- ports: 8080
setype: http_port_t
- ports: 8090
setype: http_port_t
- ports: 8443
setype: http_port_t
- name: AlmaLinux 9 DMZ server-009 VMs
description: AlmaLinux 9 virtual machines to be run on server-009
parent: RaBe Core/RaBe Base/EL9/AlmaLinux 9
Expand All @@ -176,3 +280,107 @@
subnet: dmz
compute_resource: server-009.dmz-admin.int.rabe
compute_profile: 1-Small
- name: vm-2002.dmz.int.rabe.ch
description: >
AlmaLinux 9 DMZ virtual machine vm-2002
for running reverse-proxy container
parent: >
RaBe Core/RaBe Base/EL9/AlmaLinux 9/
AlmaLinux 9 DMZ server-009 Vms
hairmare marked this conversation as resolved.
Show resolved Hide resolved
organization: RaBe
location: Randweg
ansible_roles:
- radiorabe.common.local_user
- redhat.rhel_system_roles.podman
parameters:
- name: firewall
parameter_type: yaml
value:
- service: http-alt
port: 8080/tcp
state: present
permanent: true
- service: https-alt
port: 8443/tcp
state: present
permanent: true
- zone: dmz
interface: eth0
state: present
permanent: true
- zone: dmz
state: enabled
permanent: true
service:
- cockpit
- ssh
- http-alt
- https-alt
- pmcd
- name: local_user_username
parameter_type: string
value: revproxy
- name: podman_create_host_directories
parameter_type: boolean
value: true
- name: podman_firewall
parameter_type: yaml
value:
- port: 8080/tcp
state: enabled
- port: 8090/tcp
state: enabled
- port: 8443/tcp
state: enabled
- name: podman_kube_specs
parameter_type: yaml
value:
- state: started
kube_file_content:
apiVersion: v1
kind: Pod
metadata:
name: revproxy
spec:
containers:
- name: revproxy
image: ghcr.io/radiorabe/httpd:0.3.0
hairmare marked this conversation as resolved.
Show resolved Hide resolved
ports:
- containerPort: 8080
hostPort: 8080
- containerPort: 8090
hostPort: 8090
- containerPort: 8443
hostPort: 8443
volumeMounts:
- mountPath: "/etc/httpd/conf.d/local_configs:Z"
name: local_httpd_configs
- mountPath: "/etc/httpd/modsecurity.d/local_rules:Z"
name: local_modsec_rules
- mountPath: "/etc/pki/tls/private/rabe_certs:Z"
name: local_letsencrypt_certs
volumes:
- name: local_httpd_configs
hostPath:
path: "/home/revproxy/httpd/conf.d/local_configs"
- name: local_modsec_rules
hostPath:
path: "/home/revproxy/httpd/modsecurity.d/local_rules"
- name: local_letsencrypt_certs
hostPath:
path: "/home/revproxy/httpd/rabe_certs"
- name: podman_run_as_group
parameter_type: string
value: revproxy
- name: podman_run_as_user
parameter_type: string
value: revproxy
- name: podman_selinux_ports
parameter_type: yaml
value:
- ports: 8080
setype: http_port_t
- ports: 8090
setype: http_port_t
- ports: 8443
setype: http_port_t