From b7d384fd7afefaa8bea0601ceebf38d514dad6a2 Mon Sep 17 00:00:00 2001
From: Ondra Machacek <omachace@redhat.com>
Date: Tue, 12 Mar 2024 13:51:32 +0100
Subject: [PATCH] Extend system_settings role

- Proxy
- DNS
- IP

Signed-off-by: Ondra Machacek <omachace@redhat.com>
---
 roles/system_settings/README.md         | 11 ++++-
 roles/system_settings/defaults/main.yml |  2 +
 roles/system_settings/handlers/main.yml |  8 ++++
 roles/system_settings/tasks/dns.yml     | 55 +++++++++++++++++++++++++
 roles/system_settings/tasks/main.yml    | 38 +++--------------
 roles/system_settings/tasks/ntpd.yml    | 36 ++++++++++++++++
 roles/system_settings/tasks/proxy.yml   | 19 +++++++++
 7 files changed, 136 insertions(+), 33 deletions(-)
 create mode 100644 roles/system_settings/handlers/main.yml
 create mode 100644 roles/system_settings/tasks/dns.yml
 create mode 100644 roles/system_settings/tasks/ntpd.yml
 create mode 100644 roles/system_settings/tasks/proxy.yml

diff --git a/roles/system_settings/README.md b/roles/system_settings/README.md
index 397cf421..6e0c4ed7 100644
--- a/roles/system_settings/README.md
+++ b/roles/system_settings/README.md
@@ -20,7 +20,7 @@ N/A
 - **system_settings_validate_certs**
   - Allows connection when SSL certificates are not valid. Set to false when certificates are not trusted.
 
-### Security
+### System settings
 - **system_settings_ntp_servers**:
   - List of NTP servers. This method updates old NTP servers from configuration and sets the input NTP servers in the configuration. If NTP based time synchronization is used internally, the NTP daemon will be restarted to reload given NTP configuration. In case NTP based time synchronization is not used, this method only replaces servers in the NTP configuration.
 
@@ -36,6 +36,15 @@ N/A
 - **system_settings_resize_storage**:
   - Resize all partitions to 100 percent of disk size. Default is `false`.
 
+- **system_settings_dns_mode**:
+  - Set the DNS mode - either static or DHCP.
+
+- **system_settings_dns_servers**:
+  - List of DNS servers to add/set.
+
+- **system_settings_dns_state**:
+  - If `set` the appliance DNS servers will be set to `system_settings_dns_servers`. If `add` value of `system_settings_dns_servers` will be added to appliance DNS servers.
+
 ## Dependencies
 
 - NA
diff --git a/roles/system_settings/defaults/main.yml b/roles/system_settings/defaults/main.yml
index b2c9e603..83de05ed 100644
--- a/roles/system_settings/defaults/main.yml
+++ b/roles/system_settings/defaults/main.yml
@@ -1 +1,3 @@
 system_settings_resize_storage: false
+system_settings_dns_mode_append: false
+system_settings_proxy: []
diff --git a/roles/system_settings/handlers/main.yml b/roles/system_settings/handlers/main.yml
new file mode 100644
index 00000000..8d97d771
--- /dev/null
+++ b/roles/system_settings/handlers/main.yml
@@ -0,0 +1,8 @@
+- name: Restart ntpd
+  vmware.vmware_rest.appliance_services:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    service: ntpd
+    state: restart
diff --git a/roles/system_settings/tasks/dns.yml b/roles/system_settings/tasks/dns.yml
new file mode 100644
index 00000000..aff4575e
--- /dev/null
+++ b/roles/system_settings/tasks/dns.yml
@@ -0,0 +1,55 @@
+- name: Append the DNS servers
+  vmware.vmware_rest.appliance_networking_dns_servers:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    mode: "{{ system_settings_dns_mode | d(omit) }}"
+    server: "{{ item }}"
+    state: "add"
+  loop: "{{ system_settings_dns_servers }}"
+  when: "system_settings_dns_mode is defined or system_settings_dns_servers is defined or system_settings_dns_state is defined"
+
+- name: Set the DNS servers
+  vmware.vmware_rest.appliance_networking_dns_servers:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    mode: "{{ system_settings_dns_mode | d(omit) }}"
+    servers: "{{ system_settings_dns_servers }}"
+    state: "set"
+  when:
+    "(system_settings_dns_mode is defined or system_settings_dns_servers is defined or system_settings_dns_state is defined)
+    and not system_settings_dns_mode_append"
+
+- name: Append the DNS domains
+  vmware.vmware_rest.appliance_networking_dns_domains:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    domain: "{{ item }}"
+    state: "add"
+  loop: "{{ system_settings_dns_domains }}"
+  when: "system_settings_dns_domains is defined and system_settings_dns_mode_append"
+
+- name: Set the DNS domains
+  vmware.vmware_rest.appliance_networking_dns_domains:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    domains: "{{ system_settings_dns_domains }}"
+    state: "set"
+  when: "system_settings_dns_domains is defined and not system_settings_dns_mode_append"
+
+- name: Set the DNS hostname
+  vmware.vmware_rest.appliance_networking_dns_hostname:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    name: "{{ system_settings_dns_hostname | d(omit) }}"
+    state: "{{ system_settings_dns_mode | d(omit) }}"
+  when: "system_settings_dns_hostname is defined or system_settings_dns_state is defined"
diff --git a/roles/system_settings/tasks/main.yml b/roles/system_settings/tasks/main.yml
index 7cd7ebd2..58eab7fe 100644
--- a/roles/system_settings/tasks/main.yml
+++ b/roles/system_settings/tasks/main.yml
@@ -1,37 +1,11 @@
-- name: Set NTP servers
-  when: system_settings_ntp_servers is defined
-  block:
-    - name: Test NTP servers
-      vmware.vmware_rest.appliance_ntp:
-        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
-        vcenter_password: "{{ system_settings_password | d(omit) }}"
-        vcenter_username: "{{ system_settings_username | d(omit) }}"
-        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
-        state: test
-        servers: "{{ system_settings_ntp_servers }}"
-      register: __ntp_state
+- name: Configure ntpd
+  ansible.builtin.include_tasks: ntpd.yml
 
-    - name: Print the state of NTP servers
-      ansible.builtin.debug:
-        msg: "Warning: server {{ item.server }} status: {{ item.message }}"
-      loop: "{{ __ntp_state.value }}"
-      when: item.status == 'SERVER_UNREACHABLE'
+- name: Configure DNS
+  ansible.builtin.include_tasks: dns.yml
 
-    - name: Set NTP servers
-      vmware.vmware_rest.appliance_ntp:
-        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
-        vcenter_password: "{{ system_settings_password | d(omit) }}"
-        vcenter_username: "{{ system_settings_username | d(omit) }}"
-        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
-        servers: "{{ system_settings_ntp_servers }}"
-
-    - name: Set the timesync mode
-      vmware.vmware_rest.appliance_timesync:
-        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
-        vcenter_password: "{{ system_settings_password | d(omit) }}"
-        vcenter_username: "{{ system_settings_username | d(omit) }}"
-        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
-        mode: "NTP"
+- name: Configure proxy
+  ansible.builtin.include_tasks: proxy.yml
 
 - name: Set the timesync mode
   vmware.vmware_rest.appliance_timesync:
diff --git a/roles/system_settings/tasks/ntpd.yml b/roles/system_settings/tasks/ntpd.yml
new file mode 100644
index 00000000..4247555d
--- /dev/null
+++ b/roles/system_settings/tasks/ntpd.yml
@@ -0,0 +1,36 @@
+- name: Set NTP servers
+  when: system_settings_ntp_servers is defined
+  block:
+    - name: Test NTP servers
+      vmware.vmware_rest.appliance_ntp:
+        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+        vcenter_password: "{{ system_settings_password | d(omit) }}"
+        vcenter_username: "{{ system_settings_username | d(omit) }}"
+        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+        state: test
+        servers: "{{ system_settings_ntp_servers }}"
+      register: __ntp_state
+
+    - name: Print the state of NTP servers
+      ansible.builtin.debug:
+        msg: "Warning: server {{ item.server }} status: {{ item.message }}"
+      loop: "{{ __ntp_state.value }}"
+      when: item.status == 'SERVER_UNREACHABLE'
+
+    - name: Set NTP servers
+      vmware.vmware_rest.appliance_ntp:
+        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+        vcenter_password: "{{ system_settings_password | d(omit) }}"
+        vcenter_username: "{{ system_settings_username | d(omit) }}"
+        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+        servers: "{{ system_settings_ntp_servers }}"
+      notify: Restart ntpd
+
+    - name: Set the timesync mode
+      vmware.vmware_rest.appliance_timesync:
+        vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+        vcenter_password: "{{ system_settings_password | d(omit) }}"
+        vcenter_username: "{{ system_settings_username | d(omit) }}"
+        vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+        mode: "NTP"
+      notify: Restart ntpd
diff --git a/roles/system_settings/tasks/proxy.yml b/roles/system_settings/tasks/proxy.yml
new file mode 100644
index 00000000..e6d8268f
--- /dev/null
+++ b/roles/system_settings/tasks/proxy.yml
@@ -0,0 +1,19 @@
+- name: Set the noproxy hosts
+  vmware.vmware_rest.appliance_networking_noproxy:
+    vcenter_hostname: "{{ system_settings_hostname | d(omit) }}"
+    vcenter_password: "{{ system_settings_password | d(omit) }}"
+    vcenter_username: "{{ system_settings_username | d(omit) }}"
+    vcenter_validate_certs: "{{ system_settings_validate_certs | d(omit) }}"
+    servers: "{{ system_settings_noproxy }}"
+  when: "system_settings_noproxy is defined"
+  notify: Restart ntpd
+
+- name: Configure the proxy configuration
+  vmware.vmware_rest.appliance_networking_proxy:
+    enabled: "{{ item.enabled | d(omit) }}"
+    server: "{{ item.server | d(omit) }}"
+    port: "{{ item.port | d(omit) }}"
+    protocol: "{{ item.protocol | d(omit) }}"
+    state: "{{ item.state | d(omit) }}"
+  loop: "{{ system_settings_proxy }}"
+  notify: Restart ntpd