ped-1089-Ansible system roles

DC-SLES-ansible-roles

@@ -0,0 +1,16 @@
+# This file originates from the project https://github.com/openSUSE/doc-kit
+# This file can be edited downstream.
+
+MAIN="ansible-roles.asm.xml"
+# Point to the ID of the <structure> of your assembly
+#ROOTID="article-example"
+SRC_DIR="articles"
+IMG_SRC_DIR="images"
+
+PROFOS="sles"
+PROFCONDITION="suse-product"
+#PROFCONDITION="suse-product;beta"
+#PROFCONDITION="community-project"
+
+STYLEROOT="/usr/share/xml/docbook/stylesheet/suse2022-ns"
+FALLBACK_STYLEROOT="/usr/share/xml/docbook/stylesheet/suse-ns"

articles/ansible-roles.asm.xml

@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?xml-model href="https://cdn.docbook.org/schema/5.2/rng/assemblyxi.rnc"
+            type="application/relax-ng-compact-syntax"?>
+<!DOCTYPE assembly
+[
+    <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<assembly version="5.2" xml:lang="en"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:trans="http://docbook.org/ns/transclusion"
+          xmlns:its="http://www.w3.org/2005/11/its"
+          xmlns="http://docbook.org/ns/docbook">
+<!-- R E S O U R C E S -->
+  <resources>
+    <resource href="../concepts/about-ansible-roles.xml" xml:id="_about-ansible-roles"/>
+    <resource href="../tasks/install-ansible-role.xml" xml:id="_install-ansible-role"/>
+    <resource href="../concepts/ansible-role-suseconnect.xml" xml:id="_ansible-role-suseconnect"/>
+    <resource href="../concepts/ansible-role-ssh.xml" xml:id="_ansible-role-ssh"/>
+    <resource href="../concepts/ansible-role-timesync.xml" xml:id="_ansible-role-timesync"/>
+    <resource href="../concepts/ansible-role-keylime.xml" xml:id="_ansible-role-keylime"/>
+    <resource href="../concepts/ansible-role-postfix.xml" xml:id="_ansible-role-postfix"/>
+    <resource href="../concepts/ansible-role-crypto.xml" xml:id="_ansible-role-crypto"/>
+    <resource href="../concepts/ansible-role-journald.xml" xml:id="_ansible-role-journald"/>
+    <resource href="../concepts/ansible-role-systemd.xml" xml:id="_ansible-role-systemd"/>
+    <resource href="../concepts/ansible-role-aide.xml" xml:id="_ansible-role-aide"/>
+    <resource href="../concepts/ansible-role-cockpit.xml" xml:id="_ansible-role-cockpit"/>
+    <resource href="../concepts/ansible-role-firewall.xml" xml:id="_ansible-role-firewall"/>
+    <resource href="../concepts/ansible-role-mssql.xml" xml:id="_ansible-role-mssql"/>
+    <resource href="../concepts/ansible-role-selinux.xml" xml:id="_ansible-role-selinux"/>
+    <resource href="../concepts/ansible-role-cert.xml" xml:id="_ansible-role-cert"/>
+    <resource href="../concepts/ansible-role-podman.xml" xml:id="_ansible-role-podman"/>
+    <resource href="../concepts/ansible-role-ha-cluster.xml" xml:id="_ansible-role-ha-cluster"/>
+           <resource href="../common/legal.xml" xml:id="_legal"/>
+    <resource href="../common/license_gfdl1.2.xml" xml:id="_gfdl"/>
+  </resources>
+<!-- S T R U C T U R E -->
+  <structure renderas="article" xml:id="ansible-roles" xml:lang="en">
+    <merge>
+      <title>Ansible Linux system roles</title>
+      <revhistory xml:id="rh-ansible">
+        <revision><date>2025-16-19</date>
+          <revdescription>
+            <para>
+              Initial version
+            </para>
+          </revdescription>
+        </revision>
+      </revhistory>
+
+      <!-- Maintainer-->
+      <meta name="maintainer" content="[email protected]" its:translate="no"/>
+
+      <!-- Series-->
+      <meta name="series" its:translate="no">Smart Docs</meta>
+
+      <!-- Task -->
+      <meta name="task" its:translate="no">
+        <phrase>Administration</phrase>
+        <phrase>Configuration</phrase>
+        <phrase>Security</phrase>
+      </meta>
+
+      <!-- Docmanager -->
+      <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
+        <dm:bugtracker>
+          <dm:url>https://bugzilla.suse.com/enter_bug.cgi</dm:url>
+          <dm:component>Documentation</dm:component>
+          <dm:product>SUSE Linux Enterprise Server 16.0</dm:product>
+          <dm:assignee>[email protected]</dm:assignee>
+        </dm:bugtracker>
+        <dm:translation>yes</dm:translation>
+      </dm:docmanager>
+
+      <!-- Architecture -->
+      <meta name="architecture" its:translate="no">
+        <phrase>&x86-64;</phrase>
+        <phrase>&power;</phrase>
+        <phrase>&zseries;</phrase>
+        <phrase>&aarch64;</phrase>
+      </meta>
+
+      <!-- Productname & Version -->
+      <meta name="productname" its:translate="no">
+        <productname version="16">&sles;</productname>
+      </meta>
+
+      <!-- Social Media -->
+      <meta name="title" its:translate="yes">Ansible Linux system roles</meta>
+      <meta name="social-descr" its:translate="yes">Learn about Ansible Linux system roles</meta>
+
+      <!-- Search -->
+      <meta name="description" its:translate="yes">Save time by using Ansible Linux system roles to automate IT tasks </meta>
+
+      <abstract>
+        <variablelist>
+          <varlistentry>
+            <term>WHAT?</term>
+            <listitem>
+              <para>
+This article gives an introduction to various Ansible Linux system roles that help to automate the configuration and management
+on &productname; 16.0 systems.
+              </para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>WHY?</term>
+            <listitem>
+              <para>
+Learn how to automate IT infrastructure with Ansible Linux system roles.
+              </para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>EFFORT</term>
+            <listitem>
+              <para>
+The average reading time of this article is approximately 40 minutes.
+              </para>
+            </listitem>
+          </varlistentry>
+          <varlistentry>
+            <term>REQUIREMENTS</term>
+            <listitem>
+              <itemizedlist>
+                <listitem>
+                  <para>
+<emphasis>Linux fundamentals:</emphasis> Understanding basic Linux commands,file permissions, directory structures
+and usage of the command line.
+                  </para>
+                </listitem>
+                <listitem>
+                  <para>
+<emphasis>Networking:</emphasis> Ansible connects to remote machines via SSH so knowledge of IP addresses, SSH, host names and ports is required.
+                  </para>
+                </listitem>
+                <listitem>
+                  <para>
+<emphasis>YAML:</emphasis> Ansible playbooks are written in YAML so knowing how to structure a YAML file is essential.
+                  </para>
+                </listitem>
+              </itemizedlist>
+            </listitem>
+          </varlistentry>
+        </variablelist>
+      </abstract>
+    </merge>
+    <module resourceref="_about-ansible-roles"></module>
+    <module resourceref="_install-ansible-role"></module>
+     <module resourceref="_ansible-role-suseconnect">
+         </module>
+         <module resourceref="_ansible-role-ssh"></module>
+         <module resourceref="_ansible-role-timesync"></module>
+         <module resourceref="_ansible-role-keylime"></module>
+         <module resourceref="_ansible-role-postfix"></module>
+         <module resourceref="_ansible-role-crypto"></module>
+         <module resourceref="_ansible-role-journald"></module>
+         <module resourceref="_ansible-role-systemd"></module>
+         <module resourceref="_ansible-role-aide"></module>
+         <module resourceref="_ansible-role-firewall"></module>
+         <module resourceref="_ansible-role-mssql"></module>
+         <module resourceref="_ansible-role-selinux"></module>
+         <module resourceref="_ansible-role-cert"></module>
+         <module resourceref="_ansible-role-podman"></module>
+         <module resourceref="_ansible-role-ha-cluster"></module>
+          <module resourceref="_legal"/>
+    <module resourceref="_gfdl">
+      <output renderas="appendix"/>
+    </module>
+  </structure>
+</assembly>

concepts/about-ansible-roles.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="about-ansible-roles"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>About &ansible; Linux system roles</title>
+    <meta name="maintainer" content="[email protected]" its:translate="no"/>
+    <abstract>
+      <para>
+        Linux system roles are a set of &ansible; roles designed to automate and configure common components and services of the Linux operating system.
+      </para>
+    </abstract>
+  </info>
+  <para>Linux system roles are typically used with &ansible; playbooks. You define the desired state of your systems in an &ansible; playbook, specifying which roles to apply
+    and with what parameters. &ansible; then connects to your Linux hosts and executes the tasks defined within the roles to bring your systems into the desired state.
+  </para>
+  <para>The system roles are shipped in the <package>ansible-linux-system-roles</package> package on &productname; 16.0 systems.
+   These roles can be run from any supported Ansible control node and do not require installation on managed nodes.
+  </para>
+  <para>
+  Once the <package>ansible-linux-system-roles</package> package is installed, you can access:</para>
+  <itemizedlist>
+<listitem>
+ <para><emphasis>Roles</emphasis>:<filename>/usr/share/ansible/collections/ansible_collections/suse/linux_system_roles/roles</filename> </para>
+</listitem>
+<listitem>
+  <para><emphasis>Documentation</emphasis>:<filename>/usr/share/ansible/collections/ansible_collections/suse/linux_system_roles/docs
+  </filename> </para>
+ </listitem>
+ </itemizedlist>
+ <para>Each role has a <literal>README</literal> in the <literal>docs</literal> directory that includes:</para>
+ <itemizedlist>
+  <listitem>
+   <para>Description of the role</para>
+  </listitem>
+  <listitem>
+    <para>Supported variables and their usage</para>
+   </listitem>
+   <listitem>
+    <para>Example playbooks</para>
+   </listitem>
+   </itemizedlist>
+ </topic>

concepts/ansible-role-aide.xml

@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE topic
+[
+  <!ENTITY % entities SYSTEM "../common/generic-entities.ent">
+    %entities;
+]>
+<!-- refers to legacy doc: <add github link to legacy doc piece, if applicable> -->
+<!-- point back to this document with a similar comment added to your legacy doc piece -->
+<!-- refer to README.md for file and id naming conventions -->
+<!-- metadata is dealt with on the assembly level -->
+<topic xml:id="ansible-role-aide"
+ role="concept" xml:lang="en"
+ xmlns="http://docbook.org/ns/docbook" version="5.2"
+ xmlns:its="http://www.w3.org/2005/11/its"
+ xmlns:xi="http://www.w3.org/2001/XInclude"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns:trans="http://docbook.org/ns/transclusion">
+  <info>
+    <title>&aide;</title>
+    <meta name="maintainer" content="[email protected]" its:translate="no"/>
+    <abstract>
+      <para>
+  This role automates the installation, configuration, and management of the Advanced Intrusion Detection Environment (AIDE) on remote servers using Ansible.
+  It streamlines the process of setting up a critical security tool, ensuring consistency across your infrastructure.
+     </para>
+    </abstract>
+  </info>
+  <para>With this role, you can automate a complex and vital security task, ensuring your servers are continuously monitored for unauthorized file changes with minimal manual effort.
+    </para>
+    <section xml:id="aide-role-variables">
+      <title> &aide; role variables</title>
+      <para>These variables are a set of customizable parameters used to control the behavior of the AIDE setup.
+      </para>
+      <table xml:id="aide-sub-table">
+        <title><literal>&aide; variables</literal></title>
+        <tgroup cols="4">
+        <colspec colname="c1"/>
+        <colspec colname="c2"/>
+        <colspec colname="c3"/>
+        <colspec colname="c4"/>
+         <thead>
+        <row>
+        <entry>Variable</entry>
+        <entry>Description</entry>
+        <entry>Type</entry>
+        <entry>Default</entry>
+        </row>
+        </thead>
+        <tbody>
+        <row>
+        <entry><literal>aide_config_template</literal></entry>
+        <entry>Specifies the path to the  <literal>Jinja2</literal> template for the <literal>aide.conf</literal> file.</entry>
+        <entry><literal>string</literal></entry>
+        <entry><literal>Null</literal></entry>
+        </row>
+       <row>
+      <entry><literal>aide_db_fetch_dir</literal></entry>
+      <entry> Defines the directory on the control node where the AIDE database will be securely stored after being retrieved from the managed host.</entry>
+        <entry><literal>string</literal></entry>
+        <entry><literal>files</literal></entry>
+      </row>
+      <row>
+        <entry><literal>aide_init</literal></entry>
+        <entry>Initializes the AIDE database.</entry>
+          <entry><literal>bool</literal></entry>
+          <entry><literal>false</literal></entry>
+        </row>
+        <row>
+          <entry><literal>aide_fetch_db</literal></entry>
+          <entry>Fetches the database from the remote nodes to store it on the control node.</entry>
+            <entry><literal>bool</literal></entry>
+            <entry><literal>false</literal></entry>
+          </row>
+          <row>
+            <entry><literal>aide_check</literal></entry>
+            <entry>Runs an integrity check on the remote nodes.</entry>
+              <entry><literal>bool</literal></entry>
+              <entry><literal>false</literal></entry>
+            </row>
+            <row>
+              <entry><literal>aide_update</literal></entry>
+              <entry>Updates the AIDE database and stores it on the controller node.</entry>
+                <entry><literal>bool</literal></entry>
+                <entry><literal>false</literal></entry>
+              </row>
+              <row>
+                <entry><literal>aide_cron_check</literal></entry>
+                <entry>If set to <literal>true</literal>, configures periodic cron check for &aide;.
+                  If set to <literal>false</literal>, removes the periodic cron check.</entry>
+                  <entry><literal>bool</literal></entry>
+                  <entry><literal>null</literal></entry>
+                </row>
+                <row>
+                  <entry><literal>aide_cron_interval</literal></entry>
+                  <entry>Set check interval for cron.</entry>
+                    <entry><literal>string</literal></entry>
+                    <entry><literal>0 12 * * *</literal></entry>
+                  </row>
+      </tbody>
+      </tgroup>
+      </table>
+
+       <example><title>An &aide; playbook example </title>
+        <para>This playbook initializes the AIDE database on the hosts in the <literal>targets</literal> group.
+        </para>
+      <screen>
+- name: Example aide role invocation
+  hosts: targets
+  tasks:
+    - name: Include role aide
+      vars:
+        aide_db_fetch_dir: files
+        aide_init: true
+        aide_fetch_db: false
+        aide_check: false
+        aide_update: false
+      ansible.builtin.include_role:
+        name: linux-system-roles.aide
+              </screen>
+          </example>
+       </section>
+    </topic>