Closes #51, Closes #48, Closes #39, Closes #24

56642637 · Weise, Martin · 2535fd0a · 56642637 · 56642637 · 56642637
Verified Commit 56642637 authored 3 years ago by Weise, Martin
--- a/delete-user.yml
+++ b/delete-user.yml
 ---
 ########################################################################################################################
-### NAME: delete-user.yml
+### NAME: disable-user.yml
 ###
 ### DESCRIPTION:
-###     Deletes a user account from the infrastructure.
+###     Disables a user account in the infrastructure.
 ###
 ### PURPOSE:
-###     Deletion of a user account script.
+###     Disables a user account script.
 ###
 ### ARGS:
 ###     username    The user common name, cannot contain spaces,
 ###                     is only lowercase alphanumeric (e.g. client1, foobar).
 ###
 ### SIDE EFFECTS:
-###     - Deletes credentials on the identity node.
-###     - Deleted credentials on the vpn node.
+###     - Disables credentials on the identity node.
+###     - Disables credentials on the vpn node.
 ###
 ########################################################################################################################
 ### DO NOT CHANGE BELOW THIS LINE ######################################################################################
@@ -45,8 +45,8 @@
    - name: Check
      command: ipa user-find --login="{{ username }}"

-    - name: Delete account
-      command: "ipa user-del {{ username }}"
+    - name: Disable account
+      command: "ipa user-disable {{ username }}"
      ignore_errors: yes

 # VPN PROFILE
@@ -56,11 +56,11 @@
  vars_files:
    - vars/auth.yml
  tasks:
-    - name: Delete profile
+    - name: Disable profile
      command: "/usr/local/sbin/vpnrevoke {{ username }}"
      ignore_errors: yes

-    - name: Delete profile
+    - name: Disable profile
      file:
        path: "/tmp/{{ username }}.ovpn"
        state: absent
@@ -84,7 +84,7 @@
        - name: Print
          debug:
            msg:
-              - "Successfully deleted account with username {{ username }}"
+              - "Successfully disabled account with username {{ username }}"

        - name: Clean up
          meta: clear_facts
--- a/roles/setup_cloud/tasks/main.yml
+++ b/roles/setup_cloud/tasks/main.yml
@@ -129,21 +129,6 @@
      min: 22
      max: 22
      cidr: 128.130.0.0/15
-    - group: analyst
-      protocol: udp
-      min: 514
-      max: 514
-      cidr: 172.27.49.0/25
-    - group: owner
-      protocol: udp
-      min: 514
-      max: 514
-      cidr: 172.27.49.128/25
-    - group: vnc
-      protocol: udp
-      min: 514
-      max: 514
-      cidr: 172.27.48.64/26
    - group: vnc
      protocol: tcp
      min: 5900
@@ -194,6 +179,36 @@
      min: 464
      max: 464
      cidr: 0.0.0.0/0
+    - group: provider
+      protocol: udp
+      min: 514
+      max: 514
+      cidr: 172.27.48.0/27
+    - group: vpn
+      protocol: udp
+      min: 514
+      max: 514
+      cidr: 172.27.48.128/25
+    - group: vnc
+      protocol: udp
+      min: 514
+      max: 514
+      cidr: 172.27.48.64/26
+    - group: analyst
+      protocol: udp
+      min: 514
+      max: 514
+      cidr: 172.27.49.0/25
+    - group: owner
+      protocol: udp
+      min: 514
+      max: 514
+      cidr: 172.27.49.128/25
+    - group: data
+      protocol: udp
+      min: 514
+      max: 514
+      cidr: 172.27.50.0/25

 - name: Create security group rule
  openstack.cloud.security_group_rule:

--- a/roles/setup_node/templates/analyst.cfg.j2
+++ b/roles/setup_node/templates/analyst.cfg.j2
@@ -60,7 +60,7 @@ write_files:
    content: |
      #!/bin/bash
      logger "Configuring rsyslog ..."
-      echo 'action(type="omfwd" Target="172.27.48.7" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.49.11" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog


--- a/roles/setup_node/templates/data.cfg.j2
+++ b/roles/setup_node/templates/data.cfg.j2
@@ -52,7 +52,7 @@ write_files:
    content: |
      #!/bin/bash
      logger "Configuring rsyslog ..."
-      echo 'action(type="omfwd" Target="172.27.48.146" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.48.146" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog


--- a/roles/setup_node/templates/desktop.cfg.j2
+++ b/roles/setup_node/templates/desktop.cfg.j2
@@ -55,7 +55,7 @@ write_files:
    content: |
      #!/bin/bash
      logger "Configuring rsyslog ..."
-      echo 'action(type="omfwd" Target="172.27.48.7" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.48.71" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog


--- a/roles/setup_node/templates/gate.cfg.j2
+++ b/roles/setup_node/templates/gate.cfg.j2
@@ -55,7 +55,7 @@ write_files:
      logger "Configuring rsyslog ..."
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog
-      echo 'action(type="omfwd" Target="172.27.48.7" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.48.7" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl restart rsyslog

  - path: /root/idm-init

--- a/roles/setup_node/templates/identity.cfg.j2
+++ b/roles/setup_node/templates/identity.cfg.j2
@@ -51,7 +51,7 @@ write_files:
    content: |
      #!/bin/bash
      logger "Configuring rsyslog ..."
-      echo 'action(type="omfwd" Target="172.27.48.7" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.48.7" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog


--- a/roles/setup_node/templates/owner.cfg.j2
+++ b/roles/setup_node/templates/owner.cfg.j2
@@ -53,7 +53,7 @@ write_files:
    content: |
      #!/bin/bash
      logger "Configuring rsyslog ..."
-      echo 'action(type="omfwd" Target="172.27.48.7" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.49.141" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog


--- a/roles/setup_node/templates/vpn.cfg.j2
+++ b/roles/setup_node/templates/vpn.cfg.j2
@@ -150,7 +150,7 @@ write_files:
    permissions: '0744'
    content: |
      #!/bin/bash
-      echo 'action(type="omfwd" Target="172.27.48.7" Port="514" Protocol="udp")' >> /etc/rsyslog.conf
+      echo '*.info action(type="omfwd" target="172.27.48.7" port="514" protocol="udp")' >> /etc/rsyslog.conf
      /bin/systemctl enable rsyslog
      /bin/systemctl start rsyslog