Merge branch 'devel' into omnia_security

control_plane/roles/provision_cobbler/files/Dockerfile_rocky

@@ -64,7 +64,6 @@ EXPOSE 69 80 443 25151
 
 VOLUME [ "/var/www/cobbler", "/var/lib/cobbler/backup", "/mnt" ]
 
-RUN systemctl enable httpd
 RUN systemctl enable dhcpd
 
 CMD ["sbin/init"]

control_plane/roles/provision_cobbler/files/cobbler_configurations_rocky.yml

@@ -41,11 +41,40 @@
     shell: echo "LoadModule wsgi_module modules/mod_wsgi_python3.so" >/etc/httpd/conf.d/wsgi.conf
     changed_when: false
 
+  - name: Change http port to 8000 in httpd.conf
+    replace:
+      path: "/etc/httpd/conf/httpd.conf"
+      regexp: '^Listen 80'
+      replace: 'Listen 8000'
+    changed_when: false
+
+  - name: Change http port to 8000 in cobbler.conf
+    replace:
+      path: "/etc/httpd/conf.d/cobbler.conf"
+      regexp: '^<VirtualHost.*'
+      replace: '<VirtualHost *:8000>'
+    changed_when: false
+
+  - name: Make https to listen on port 8008
+    replace:
+      path: "/etc/httpd/conf.d/ssl.conf"
+      regexp: '^Listen 443 https'
+      replace: 'Listen 8008 https'
+    changed_when: false
+
+  - name: Change https port to 8008
+    replace:
+      path: "/etc/httpd/conf.d/ssl.conf"
+      regexp: '^<VirtualHost _default_:443>'
+      replace: '<VirtualHost _default_:8008>'
+    changed_when: false
+
   - name: Enable cobbler
     command: systemctl enable {{ item }}
     with_items:
       - cobblerd
       - tftp
+      - httpd
     changed_when: false
 
   - name: Restart httpd

control_plane/roles/provision_cobbler/files/cobbler_settings

@@ -149,7 +149,7 @@ enable_menu: true
 
 # change this port if Apache is not running plaintext on port
 # 80.  Most people can leave this alone.
-http_port: 80
+http_port: 8000
 
 # kernel options that should be present in every Cobbler installation.
 # kernel options can also be applied at the distro/profile/system
@@ -428,7 +428,7 @@ always_write_dhcp_entries: false
 
 # External proxy - used by: "get-loaders", "reposync", "signature update"
 # Eg: "http://192.168.1.1:8080" (HTTP), "https://192.168.1.1:8443" (HTTPS)
-proxy_url_ext: ""
+proxy_url_ext: "http://ip:port"
 
 # Internal proxy - used by systems to reach Cobbler for templates
 # Eg: proxy_url_int: "http://10.0.0.1:8080"

control_plane/roles/provision_cobbler/files/temp_centos7.ks

@@ -1,7 +1,7 @@
 #version=CENTOS7
 
 # Use network installation
-url --url http://ip/cblr/links/centos-x86_64/
+url --url http://ip:port/cblr/links/centos-x86_64/
 
 # Install OS instead of upgrade
 install

control_plane/roles/provision_cobbler/files/temp_rocky8.ks

@@ -1,7 +1,7 @@
 #version=RHEL8
 
 # Use network installation
-url --url http://ip/cblr/links/rocky-x86_64/
+url --url http://ip:port/cblr/links/rocky-x86_64/
 
 # SELinux configuration
 selinux --disabled

control_plane/roles/provision_cobbler/tasks/dhcp_configure.yml

@@ -70,6 +70,12 @@
     regexp: '^next_server: 127.0.0.1'
     replace: 'next_server: {{ hpc_ip }}'
 
+- name: Assign proxy_url_ext url
+  replace:
+    path: "{{ role_path }}/files/settings.yaml"
+    regexp: '^proxy_url_ext: "http://ip:port"'
+    replace: 'proxy_url_ext: "http://{{ hpc_ip }}:{{ http_port }}"'
+
 - name: Set the server_args for {{ provision_os }} in tftp file
   replace:
     path: "{{ role_path }}/files/tftp"

control_plane/roles/provision_cobbler/tasks/firewall_settings.yml

@@ -15,16 +15,16 @@
 
 #Tasks for modifying firewall configurations for Cobbler
 
-- name: Permit traffic in default zone on port 80/tcp
+- name: Permit traffic in default zone on port 8000/tcp
   firewalld:
-    port: 80/tcp
+    port: 8000/tcp
     permanent: yes
     state: enabled
   tags: install
 
-- name:  Permit traffic in default zone on port 443/tcp
+- name:  Permit traffic in default zone on port 8008/tcp
   firewalld:
-    port: 443/tcp
+    port: 8008/tcp
     permanent: yes
     state: enabled
   tags: install

control_plane/roles/provision_cobbler/tasks/provision_password.yml

@@ -54,8 +54,8 @@
     - name: Configure kickstart file - IP
       replace:
         path: "{{ role_path }}/files/{{ cobbler_kickstart_file }}"
-        regexp: '^url --url http://ip/cblr/links/centos-x86_64/'
-        replace: url --url http://{{ hpc_ip }}/cblr/links/centos-x86_64/
+        regexp: '^url --url http://ip:port/cblr/links/centos-x86_64/'
+        replace: url --url http://{{ hpc_ip }}:{{ http_port }}/cblr/links/centos-x86_64/
       tags: install
 
     - name: Configure kickstart file - nic
@@ -79,8 +79,8 @@
     - name: Configure kickstart file - IP
       replace:
         path: "{{ role_path }}/files/{{ cobbler_kickstart_file }}"
-        regexp: '^url --url http://ip/cblr/links/rocky-x86_64/'
-        replace: url --url http://{{ hpc_ip }}/cblr/links/rocky-x86_64/
+        regexp: '^url --url http://ip:port/cblr/links/rocky-x86_64/'
+        replace: url --url http://{{ hpc_ip }}:{{ http_port }}/cblr/links/rocky-x86_64/
       tags: install
 
     - name: Configure kickstart file - nic

control_plane/roles/provision_cobbler/vars/main.yml

@@ -57,6 +57,7 @@ rocky_host_nic:
  - ens2f1
  - ens1f0
  - ens1f1
+http_port: 8000
 
 # Usage: cobbler_image.yml
 cobbler_image_name: cobbler