From 0261160bd4a1a8aa97f9177a0f2f149106416be0 Mon Sep 17 00:00:00 2001
From: Rafael Laszlo <rlacko99@gmail.com>
Date: Tue, 9 Nov 2021 15:56:46 +0100
Subject: [PATCH] Update playbook to use kszk base role

---
 README.md                                     |  2 +-
 ansible/main/base.yaml                        |  2 +-
 .../main/templates/etc/iptables/rules.v4.j2   |  2 +-
 .../main/templates/etc/iptables/rules.v6.j2   |  2 +-
 ansible/main/vars/harbor.yaml                 | 19 +++++++++----------
 ansible/requirements.galaxy.yaml              |  4 ++--
 6 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 5304386..cce459a 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ with `ansible-playbook harbor/base.yaml`.
 The playbook handles everything and auto start
 harbor. 
 If you want to change the configuration 
-refer to the `ansible/harbor/templates/home/user/harbor/harbor.yml` file
+refer to the `ansible/main/templates/home/user/harbor/harbor.yml` file
 
 ## LDAP
 
diff --git a/ansible/main/base.yaml b/ansible/main/base.yaml
index 770a55d..3c7203d 100644
--- a/ansible/main/base.yaml
+++ b/ansible/main/base.yaml
@@ -2,7 +2,7 @@
 - hosts: harbor
   become: true
   roles:
-    - role: kszk-k8s.base
+    - role: kszk.base
       tags: ["base"]
     - role: kszk.iptables
       tags: ["iptables"]
diff --git a/ansible/main/templates/etc/iptables/rules.v4.j2 b/ansible/main/templates/etc/iptables/rules.v4.j2
index 0567efa..afa1ba1 100644
--- a/ansible/main/templates/etc/iptables/rules.v4.j2
+++ b/ansible/main/templates/etc/iptables/rules.v4.j2
@@ -14,7 +14,7 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p icmp -j ACCEPT
 
--A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 # Accept from the Kubernetes cluster
diff --git a/ansible/main/templates/etc/iptables/rules.v6.j2 b/ansible/main/templates/etc/iptables/rules.v6.j2
index a9c2f3f..2b938ff 100644
--- a/ansible/main/templates/etc/iptables/rules.v6.j2
+++ b/ansible/main/templates/etc/iptables/rules.v6.j2
@@ -14,7 +14,7 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -p ipv6-icmp -j ACCEPT
 
--A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 2001:738:2001::/48 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 2001:738:2001::/48 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 # TODO node exporter from Kubernetes ipv6
diff --git a/ansible/main/vars/harbor.yaml b/ansible/main/vars/harbor.yaml
index d38d45c..cd1b891 100644
--- a/ansible/main/vars/harbor.yaml
+++ b/ansible/main/vars/harbor.yaml
@@ -1,20 +1,18 @@
 # KSZK Base role
-motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor
+base_motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor
+base_hostname: harbor
+base_motd_text: "Harbor"
 
-hostname: harbor
-motd_text: "Harbor"
-
-user: harbor
-users:
+base_users:
   - name: rlacko
     sudo: yes
     passwordless_sudo: yes
     ssh_key: https://git.sch.bme.hu/rlacko.keys
   - name: harbor
-    sudo: yes
-    passwordless_sudo: yes
+    sudo: no
+    passwordless_sudo: no
 
-ssh:
+base_ssh:
   port: 10022
   permitRootLogin: "no"
   pubkeyAuthentication: "yes"
@@ -22,7 +20,7 @@ ssh:
   allow:
     users: "rlacko"
 
-netplan:
+base_netplan:
   network:
     version: 2
     renderer: networkd
@@ -42,6 +40,7 @@ iptables_rules_v6_file: etc/iptables/rules.v6.j2
 
 # Playbook vars
 
+user: harbor
 harbor_hostname: harbor.sch.bme.hu
 acme_email: laszlo.rafael@kszk.bme.hu
 sites: 
diff --git a/ansible/requirements.galaxy.yaml b/ansible/requirements.galaxy.yaml
index c4dda09..f65c412 100644
--- a/ansible/requirements.galaxy.yaml
+++ b/ansible/requirements.galaxy.yaml
@@ -5,10 +5,10 @@ collections:
   - ansible.posix
 
 roles:
-  - src: git@git.sch.bme.hu:kszk/sysadmin/kubernetes/base-ansible-role.git
+  - src: git@git.sch.bme.hu:kszk/ansible/roles/base.git
     scm: git
     version: master
-    name: kszk-k8s.base
+    name: kszk.base
   - src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git
     scm: git
     version: master
-- 
GitLab