From 893a1c5417232122d4fd6bc0aef22c270e38d57e Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 26 Sep 2021 13:15:27 +0000
Subject: [PATCH] Add sshsign hosts

---
 group_vars/sshsign.yml              |  6 ++++++
 host_vars/sshsign01.home.foo.sh.yml |  6 ++++++
 host_vars/sshsign02.home.foo.sh.yml |  6 ++++++
 hosts                               |  8 +++++++-
 playbooks/sshsign.yml               | 24 ++++++++++++++++++++++++
 5 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 group_vars/sshsign.yml
 create mode 100644 host_vars/sshsign01.home.foo.sh.yml
 create mode 100644 host_vars/sshsign02.home.foo.sh.yml
 create mode 100644 playbooks/sshsign.yml

diff --git a/group_vars/sshsign.yml b/group_vars/sshsign.yml
new file mode 100644
index 0000000..e479a50
--- /dev/null
+++ b/group_vars/sshsign.yml
@@ -0,0 +1,6 @@
+---
+datadisks:
+  - 10
+firewall_in:
+  - {proto: tcp, port: 22, from: [172.20.20.0/22]}
+  - {proto: tcp, port: 443}
diff --git a/host_vars/sshsign01.home.foo.sh.yml b/host_vars/sshsign01.home.foo.sh.yml
new file mode 100644
index 0000000..12efc17
--- /dev/null
+++ b/host_vars/sshsign01.home.foo.sh.yml
@@ -0,0 +1,6 @@
+---
+vmhost: vmhost01.home.foo.sh
+network_interfaces:
+  - device: vio0
+    vlan: 20
+    mac: 52:54:00:ac:dc:5b
diff --git a/host_vars/sshsign02.home.foo.sh.yml b/host_vars/sshsign02.home.foo.sh.yml
new file mode 100644
index 0000000..11748d5
--- /dev/null
+++ b/host_vars/sshsign02.home.foo.sh.yml
@@ -0,0 +1,6 @@
+---
+vmhost: vmhost02.home.foo.sh
+network_interfaces:
+  - device: vio0
+    vlan: 20
+    mac: 52:54:00:ac:dc:5c
diff --git a/hosts b/hosts
index 5cc552e..4726e8f 100644
--- a/hosts
+++ b/hosts
@@ -72,6 +72,10 @@ shell02.foo.sh
 [sqldb]
 sqldb02.home.foo.sh
 
+[sshsign]
+sshsign01.home.foo.sh
+sshsign02.home.foo.sh
+
 [static]
 static01.home.foo.sh
 static02.home.foo.sh
@@ -101,6 +105,7 @@ ns
 proxy
 relay
 shell
+sshsign
 static
 zm
 
@@ -121,8 +126,8 @@ vmhost
 zm
 
 [centos7:children]
-ldap
 collab
+ldap
 
 [fedora:children]
 registry
@@ -135,3 +140,4 @@ log
 ns
 proxy
 relay
+sshsign
diff --git a/playbooks/sshsign.yml b/playbooks/sshsign.yml
new file mode 100644
index 0000000..1df0581
--- /dev/null
+++ b/playbooks/sshsign.yml
@@ -0,0 +1,24 @@
+---
+- import_playbook: "include/deploy-kvm-guest.yml myhosts=sshsign"
+
+- name: configure instance
+  hosts: sshsign
+  user: root
+  gather_facts: true
+
+  vars_files:
+    - "{{ ansible_private }}/vars.yml"
+
+  pre_tasks:
+    - name: mount /export
+      mount:
+        name: /export
+        src: /dev/sd1a
+        fstype: ffs
+        opts: rw,softdep,noatime
+        passno: "1"
+        dump: "2"
+        state: mounted
+
+  roles:
+    - base