Upgrade to CentOS 8, Foreman 3.2, Python 3 (Ansible)

Vagrantfile

@@ -4,37 +4,56 @@
 # Vagrantfile docs: https://docs.vagrantup.com
 # For more boxes see https://vagrantcloud.com/search
 
+# ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
+
 ansible_roles = []
+vagrant_plugins = [
+  # 'vagrant-libvirt',
+  # 'vagrant-mutate',
+]
 
 ansible_roles.each do |role|
   system("ansible-galaxy install #{role}")
 end
 
+vagrant_plugins.each do |plugin|
+  system("vagrant plugin list | grep -q #{plugin} || vagrant plugin install #{plugin}")
+end
+
 Vagrant.configure("2") do |config|
   config.vm.define "identity" do |identity|
-    identity.vm.box = "centos/7"
+    identity.vm.box = "generic/centos8"
     identity.vm.hostname = "identity.painless.software"
     identity.vm.network :forwarded_port, host: 8444, guest: 443, auto_correct: true
     identity.vm.post_up_message = "Identity management is ready. FreeIPA: https://127.0.0.1:8444/"
+    # identity.vm.provider :libvirt do |libvirt|
+    #   libvirt.driver = "kvm"
+    #   libvirt.memory = 1024
+    #   libvirt.cpus = 1
     identity.vm.provider :virtualbox do |vb|
       vb.customize ["modifyvm", :id, "--name", "Groundcontrol IdentityManagement"]
-      vb.customize ["modifyvm", :id, "--memory", "1024"]
+      vb.customize ["modifyvm", :id, "--memory", "2048"]
       vb.customize ["modifyvm", :id, "--vram", "16"]
       vb.customize ["modifyvm", :id, "--ioapic", "on"]
       vb.customize ["modifyvm", :id, "--cpus", "4"]
     end
     identity.vm.provision "ansible" do |ansible|
       ansible.compatibility_mode = "2.0"
       ansible.playbook = "ansible/playbook-identity.yml"
+      ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3" }
     end
     identity.vm.synced_folder ".", "/vagrant", disabled: true
   end
 
   config.vm.define "enc" do |enc|
-    enc.vm.box = "centos/7"
+    enc.vm.box = "generic/centos8"
     enc.vm.hostname = "enc.painless.software"
     enc.vm.network :forwarded_port, host: 8443, guest: 443, auto_correct: true
     enc.vm.post_up_message = "ENC frontend is ready. The Foreman: https://127.0.0.1:8443/"
+    # enc.vm.provider :libvirt do |libvirt|
+    #   libvirt.driver = "kvm"
+    #   libvirt.memory = 1024
+    #   libvirt.cpus = 1
     enc.vm.provider :virtualbox do |vb|
       vb.customize ["modifyvm", :id, "--name", "Groundcontrol ENCfrontend"]
       vb.customize ["modifyvm", :id, "--memory", "1024"]
@@ -45,6 +64,7 @@ Vagrant.configure("2") do |config|
     enc.vm.provision "ansible" do |ansible|
       ansible.compatibility_mode = "2.0"
       ansible.playbook = "ansible/playbook-enc.yml"
+      ansible.extra_vars = { ansible_python_interpreter: "/usr/bin/python3" }
     end
     enc.vm.synced_folder ".", "/vagrant", disabled: true
   end

ansible/playbook-enc.yml

@@ -2,7 +2,7 @@
 - name: Set up a ENC frontend and virtualization for Groundcontrol Genesis
   hosts: all
   roles:
-    - virtualization
+    # - virtualization
     - encfrontend
   vars:
     HOSTNAME: '{{ ansible_hostname }}'

ansible/roles/encfrontend/tasks/main.yml

@@ -1,32 +1,42 @@
 ---
-# https://theforeman.org/manuals/1.17/index.html#2.1Installation
+# https://theforeman.org/manuals/3.2/index.html#2.1Installation
 
-- name: Install Puppet 5
-  package:
-    name: https://yum.puppetlabs.com/puppet5/puppet5-release-el-7.noarch.rpm
-    state: present
-  become: true
+- name: Set up The Foreman
+  block:
 
-- name: Install EPEL (Extra Packages for Enterprise Linux)
-  package:
-    name: http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-    state: present
-  become: true
+    - name: Puppet 7
+      command: dnf install -y https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
+      # dnf:
+      #   name: https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
+      #   state: present
 
-- name: Add Foreman repos
-  package:
-    name: https://yum.theforeman.org/releases/1.17/el7/x86_64/foreman-release.rpm
-    state: present
-  become: true
+    - name: Enable Ruby module (1/2)
+      command: dnf module -y reset ruby
 
-- name: Install foreman-installer package
-  package: name=foreman-installer state=latest
-  become: true
+    - name: Enable Ruby module (2/2)
+      command: dnf module -y enable ruby:2.7
+      # dnf:
+      #   name: '@ruby:2.7'
+      #   state: present
 
-- name: Run foreman-installer
-  command: foreman-installer -v --foreman-admin-password={{ ADMIN_PASSWORD }}
-  become: true
+    - name: Add Foreman repos
+      command: dnf install -y https://yum.theforeman.org/releases/3.2/el8/x86_64/foreman-release.rpm
+      # dnf:
+      #   name: https://yum.theforeman.org/releases/3.2/el8/x86_64/foreman-release.rpm
+      #   state: present
+
+    - name: Install foreman-installer package
+      command: dnf install -y foreman-installer
+      # package:
+      #   name: foreman-installer
+      #   state: latest
+
+    - name: Run foreman-installer
+      command: foreman-installer -v -s --foreman-initial-admin-password={{ ADMIN_PASSWORD }}
+
+    - name: Remove webserver default configuration
+      file:
+        path: /etc/httpd/conf.d/15-default.conf
+        state: absent
 
-- name: Remove webserver default configuration
-  file: path=/etc/httpd/conf.d/15-default.conf state=absent
   become: true

ansible/roles/identitymanagement/tasks/main.yml

@@ -1,46 +1,55 @@
 ---
 # https://access.redhat.com/products/identity-management#getstarted
+# https://www.howtoforge.com/tutorial/install-and-configure-freeipa-server-on-centos-8/
 
-- name: Ensure hostname doesn't resolve to localhost
-  replace:
-    path: /etc/hosts
-    regexp: '^127.0.0.1\t{{ FQDN }}\t{{ HOSTNAME }}'
-    replace: '{{ IP_ADDRESS }}\t{{ FQDN }}\t{{ HOSTNAME }}'
-  become: true
+- name: Set up FreeIPA
+  block:
 
-- name: Install FreeIPA server
-  package: name=freeipa-server
-  become: true
+    - name: Ensure hostname doesn't resolve to localhost
+      replace:
+        path: /etc/hosts
+        regexp: '^127.0.0.1\t{{ FQDN }}\t{{ HOSTNAME }}'
+        replace: '{{ IP_ADDRESS }}\t{{ FQDN }}\t{{ HOSTNAME }}'
 
-- name: Configure FreeIPA server
-  command: ipa-server-install --unattended --admin-password={{ ADMIN_PASSWORD }} --ds-password={{ ADMIN_PASSWORD }} --hostname={{ FQDN }} --domain={{ DOMAIN }} --realm={{ DOMAIN|upper }}
-  args:
-    creates: /var/log/ipaserver-install.log
-  become: true
+    - name: Enable FreeIPA package
+      command: dnf module -y enable idm:DL1
 
-- name: Ensure admin config / auth to Kerberos realm
-  shell: echo '{{ ADMIN_PASSWORD }}' | kinit admin
-  become: true
+    - name: Install FreeIPA server
+      command: dnf install -y ipa-server
+      # package:
+      #   name: ipa-server
 
-- name: Disable redirects to hard-coded domain
-  replace: path=/etc/httpd/conf.d/ipa-rewrite.conf regexp='{{ item.regexp }}' replace='{{ item.replace }}'
-  with_items:
-    - { regexp: '^(RewriteRule \^/\$) (https://.*)(/ipa/ui.*)$', replace: '\1 \3' }
-    - { regexp: '^(RewriteRule \^\/ipa\/\(.*)$', replace: '#\1' }
-    - { regexp: '^(RewriteCond .*)$', replace: '#\1' }
-  become: true
+    - name: Configure FreeIPA server
+      command: ipa-server-install --unattended --admin-password={{ ADMIN_PASSWORD }} --ds-password={{ ADMIN_PASSWORD }} --hostname={{ FQDN }} --domain={{ DOMAIN }} --realm={{ DOMAIN|upper }}
+      args:
+        creates: /var/log/ipaserver-install.log
 
-- name: Deactivate HTTP RefererError
-  replace:
-    path: '/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py'
-    regexp: '{{ item }}'
-    replace: '\1pass  # \2'
-  with_items:
-    - "^([ ]*)(return self.marshal\\(result, RefererError\\(referer)"
-  become: true
+    - name: Ensure admin config / auth to Kerberos realm
+      shell: echo '{{ ADMIN_PASSWORD }}' | kinit admin
+
+    - name: Disable redirects to hard-coded domain
+      replace:
+        path: /etc/httpd/conf.d/ipa-rewrite.conf
+        regexp: '{{ item.regexp }}'
+        replace: '{{ item.replace }}'
+      with_items:
+        - { regexp: '^(RewriteRule \^/\$) (https://.*)(/ipa/ui.*)$', replace: '\1 \3' }
+        - { regexp: '^(RewriteRule \^\/ipa\/\(.*)$', replace: '#\1' }
+        - { regexp: '^(RewriteCond .*)$', replace: '#\1' }
+
+    - name: Deactivate HTTP RefererError
+      replace:
+        path: '/usr/lib/python2.7/site-packages/ipaserver/rpcserver.py'
+        regexp: '{{ item }}'
+        replace: '\1pass  # \2'
+      with_items:
+        - "^([ ]*)(return self.marshal\\(result, RefererError\\(referer)"
+
+    - name: Activate webserver configuration changes
+      service:
+        name: httpd
+        state: reloaded
 
-- name: Activate webserver configuration changes
-  service: name=httpd state=reloaded
   become: true
 
 - name: Create a couple of demo accounts (FreeIPA)