zeus.yml

---
- name: "Zeus"
  hosts: "{{ zeus_target_group | default('localhost') }}"
  gather_facts: yes
  become: yes
  become_user: root
  vars_files:
      - vars/vault.yml
      - vars/ansible.yml
      - vars/olympus.yml
      - vars/ssh.yml
      - vars/aphrodite.yml
      - vars/netrc.yml
      - vars/monit.yml
      - vars/caches.yml
      - vars/java.yml
      - vars/java_certs.yml
      - vars/jenkins_sso.yml
      - vars/jobs.yml
      - vars/component-alignment.yml
      - vars/mailer.yml
      - vars/ldap.yml
      - vars/pgsql.yml
      - vars/hosts.yml
      - vars/qualys.yml
  roles:
      - name: sshd
      - name: ares
      - name: java
      - name: pgsql
      - name: jenkins
      - name: nginx
      - name: podman
      - name: systemd
      - name: java_certs
      - name: payload_status

  pre_tasks:

    - name: "Load local secrets - if any"
      ansible.builtin.include_tasks: load_secrets.yml

    - name: "Block"
      block:
        - name: "Load Secrets from Vault"
          ansible.builtin.include_role:
            name: "vault"
      environment:
        ANSIBLE_HASHI_VAULT_ROLE_ID: "{{ ansible_hashi_vault_role_id }}"
        ANSIBLE_HASHI_VAULT_SECRET_ID: "{{ ansible_hashi_vault_secret_id }}"

    - name: "Ensure target is register in RHN"
      community.general.redhat_subscription:
        state: present
        username: "{{ cci_worker_rhel_subscription_username }}"
        password: "{{ cci_worker_rhel_subscription_password }}"
        autosubscribe: yes
      when:
        - cci_worker_rhel_subscription_username is defined
        - cci_worker_rhel_subscription_password is defined

    - ansible.builtin.include_role:
        name: qualys_fix

    - ansible.builtin.include_role:
        name: fast_yum_install
      loop:
        - python3-pyOpenSSL.noarch
        - firewalld
      loop_control:
        loop_var: package_name

    - name: "Ensure target has the appropriate hostname: {{ ansible_hostname }}"
      ansible.builtin.hostname:
        name: "{{ ansible_hostname }}"

    - ansible.builtin.include_role:
        name: account
      vars:
        account:
          username: "{{ jenkins_name }}"
          uid: "{{ jenkins_uid }}"
          group: "{{ jenkins_group }}"
          gid: "{{ jenkins_gid }}"
          home: "{{ jenkins_home | default('/home/jenkins') }}"

    - ansible.builtin.include_role:
        name: "{{ pre_tasks_role_name }}"
      with_items:
        # OS settings and optimizations
        - selinux
        - motd
        - bashrc
        - kdump
        - sysctl
        - tuned
        - hosts
        - netrc
        - git
        - ansible
        - ssh
      loop_control:
        loop_var: pre_tasks_role_name

  post_tasks:
    - ansible.builtin.include_role:
        name: "{{ post_tasks_role_name }}"
      with_items:
        - monit
        - cron
        - infosec.qualys-cloud-agent
      loop_control:
        loop_var: post_tasks_role_name

- ansible.builtin.import_playbook: jenkins.yml