Reorg en1 inventory vars

Fix init playbook
Add nginx config
Fix networkd install on fedora

en1.yml

@@ -11,10 +11,8 @@ all:
     omni_host_webproxy: jupiter
 
   children:
+
     servers:
-      children:
-        virtualization: {}
-    virtualization:
       vars:
         omni_local_hosts:
           - hostname: jupiter.svr.local
@@ -27,7 +25,6 @@ all:
         jupiter:
           ansible_host: jupiter.net.enp.one
           omni_description: EN1 System Control Server
-          omni_docker_swarm_iface: eno2
           omni_networking:
             eno1:
               dhcp: true
@@ -35,26 +32,57 @@ all:
             eno2:
               dhcp: false
               addresses: ["192.168.42.10/24"]
+        remus:
+          ansible_host: remus.net.enp.one
+          omni_description: EN1 Hypervisor/Datastore
+          omni_networking:
+            eno1:
+              dhcp: true
+              dhcp_address: 10.42.101.20/24
+            eno2:
+              dhcp: false
+              addresses: ["192.168.42.20/24"]
+        romulus:
+          ansible_host: romulus.net.enp.one
+          omni_description: EN1 Hypervisor/Datastore
+          omni_networking:
+            eno1:
+              dhcp: true
+              dhcp_address: 10.42.101.30/24
+            eno2:
+              dhcp: false
+              addresses: ["192.168.42.30/24"]
       children:
-        worker:
+        virtualization: {}
+        datastore: {}
+
+    virtualization:
+      hosts:
+        jupiter:
+          omni_docker_swarm_iface: eno2
+      children:
+        virtualization_worker:
           hosts:
             remus:
-              ansible_host: remus.net.enp.one
-              omni_description: EN1 Hypervisor/Datastore
-              omni_networking:
-                eno1:
-                  dhcp: true
-                  dhcp_address: 10.42.101.20/24
-                eno2:
-                  dhcp: false
-                  addresses: ["192.168.42.20/24"]
+              omni_docker_swarm_iface: eno2
             romulus:
-              ansible_host: romulus.net.enp.one
-              omni_description: EN1 Hypervisor/Datastore
-              omni_networking:
-                eno1:
-                  dhcp: true
-                  dhcp_address: 10.42.101.30/24
-                eno2:
-                  dhcp: false
-                  addresses: ["192.168.42.30/24"]
+              omni_docker_swarm_iface: eno2
+
+    datastore:
+      children:
+        datastore_arbiter:
+          hosts:
+            jupiter:
+              omni_gluster_brick:
+                mount: /mnt/brick0
+                fs: xfs
+        datastore_block:
+          hosts:
+            remus:
+              omni_gluster_brick:
+                mount: /mnt/brick0
+                fs: xfs
+            romulus:
+              omni_gluster_brick:
+                mount: /mnt/brick0
+                fs: xfs

playbooks/configure-webproxy.yml

@@ -1,37 +1,28 @@
 ---
-# TBW
+- import_playbook: initialize.yml
 
-# - name: Install Nginx
-#   hosts: jupiter
-#   handlers:
-#     - name: restart_nginx
-#       become: true
-#       systemd:
-#         name: nginx
-#         state: restarted
-#   tasks:
-#     - name: Install nginx and certbot
-#       become: true
-#       dnf:
-#         name:
-#           - nginx
-#           - certbot
-#           - python3-certbot-nginx
-#         state: present
-#
-#     - name: Enable and start nginx
-#       become: true
-#       systemd:
-#         name: nginx
-#         state: started
-#         enabled: true
-#
-#     - name: Install configuration
-#       become: true
-#       copy:
-#         src: nginx.conf
-#         dest: /etc/nginx/nginx.conf
-#       notify:
-#         - restart_nginx
-#
-# # sudo setsebool -P httpd_can_network_connect on
+
+- name: Install Nginx
+  hosts: jupiter
+  handlers:
+    - name: restart-nginx
+      import_tasks: tasks/nginx/services.yml
+  tasks:
+    - import_tasks: tasks/nginx/install.yml
+
+    - name: Install configuration
+      become: true
+      copy:
+        src: nginx.conf
+        dest: /etc/nginx/nginx.conf
+      notify:
+        - restart-nginx
+
+    - name: Set required SELinux options
+      become: true
+      seboolean:
+        name: httpd_can_network_connect
+        persistent: true
+        state: true
+      notify:
+        - restart-nginx

playbooks/initialize.yml

@@ -1,7 +1,6 @@
 ---
 - name: Bootstrap remote ansible environment
   hosts: all
-
   tags:
     - always
   vars:
@@ -39,16 +38,6 @@
         cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages"
         creates: "{{ omni_ansible_venv }}/bin/python"
 
-    # - name: Assign ownership of the virtualenv to ansible
-    #   become: true
-    #   file:
-    #     path: "{{ omni_ansible_venv }}"
-    #     state: directory
-    #     owner: "{{ ansible_user }}"
-    #     group: "{{ ansible_user }}"
-    #     mode: 0755
-    #     follow: false
-
     - name: Generate remote requirements file locally
       delegate_to: 127.0.0.1
       command:

resources/nginx.conf

@@ -0,0 +1,37 @@
+# Ansible managed file
+# DO NOT MANUALLY EDIT
+#
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+}
+#
+# EOF

tasks/networkd/install.yml

@@ -17,7 +17,7 @@
 
 
 - name: Install systemd-networkd on Fedora
-  when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8"
+  when: ansible_distribution == "Fedora"
   become: true
   dnf:
     state: "{{ _runtime_update_state }}"

tasks/nginx/install.yml

@@ -0,0 +1,36 @@
+---
+- name: Install Nginx and CertBot on CentOS 8 and Fedora
+  when: >-
+    (ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
+    or
+    ansible_distribution == "Fedora"
+  become: true
+  dnf:
+    state: "{{ _runtime_update_state }}"
+    name:
+      - nginx
+      - certbot
+      - python3-certbot-nginx
+  notify:
+    - restart-nginx
+
+- name: Install Nginx and CertBot on CentOS 7
+  when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
+  become: true
+  yum:
+    state: "{{ _runtime_update_state }}"
+    name:
+      - nginx
+      - certbot
+      - python-certbot-nginx
+  notify:
+    - restart-nginx
+
+#
+#     - name: Install configuration
+#       become: true
+#       copy:
+#         src: nginx.conf
+#         dest: /etc/nginx/nginx.conf
+#       notify:
+#         - restart_nginx

tasks/nginx/services.yml

@@ -0,0 +1,7 @@
+---
+- name: Restart nginx
+  become: true
+  systemd:
+    name: nginx
+    state: restarted
+    enabled: true