diff --git a/roles/hosted_engine_setup/README.md b/roles/hosted_engine_setup/README.md index 820f018a..3db12c7f 100644 --- a/roles/hosted_engine_setup/README.md +++ b/roles/hosted_engine_setup/README.md @@ -42,6 +42,7 @@ Ansible version >= 2.9.21 and < 2.10.0 | he_bridge_if | null | interface used for the management bridge | | he_force_ip4 | false | Force resolving engine FQDN to ipv4 only using DNS server | | he_force_ip6 | false | Force resolving engine FQDN to ipv6 only using DNS server | +| he_apply_repositories_role | false | apply the repositories role to the HE VM | | he_apply_openscap_profile | false | Apply an OpenSCAP security profile on HE VM | | he_openscap_profile_name | stig | OpenSCAP profile name, available options: *stig*, *pci-dss*. Requires `he_apply_openscap_profile` to be `True` | | he_enable_fips | false | Enable FIPS on HE VM | diff --git a/roles/hosted_engine_setup/defaults/main.yml b/roles/hosted_engine_setup/defaults/main.yml index 64c67e7d..62b8f370 100644 --- a/roles/hosted_engine_setup/defaults/main.yml +++ b/roles/hosted_engine_setup/defaults/main.yml @@ -17,6 +17,7 @@ he_local_vm_dir_prefix: localvm he_appliance_ova: '' he_root_ssh_pubkey: '' he_root_ssh_access: 'yes' +he_apply_repositories_role: false he_apply_openscap_profile: false he_openscap_profile_name: stig he_enable_fips: false diff --git a/roles/hosted_engine_setup/tasks/bootstrap_local_vm/03_engine_initial_tasks.yml b/roles/hosted_engine_setup/tasks/bootstrap_local_vm/03_engine_initial_tasks.yml index cdf840b2..b836d691 100644 --- a/roles/hosted_engine_setup/tasks/bootstrap_local_vm/03_engine_initial_tasks.yml +++ b/roles/hosted_engine_setup/tasks/bootstrap_local_vm/03_engine_initial_tasks.yml @@ -53,6 +53,10 @@ with_items: - "OVESETUP_DWH_DB/password=str:{{ he_dwh_db_password }}" when: he_dwh_db_password is defined + - name: Setup Repositories on Local VM + import_role: + name: @NAMESPACE@.@NAME@.repositories + when: he_apply_repositories_role|bool - name: Enable security policy block: - import_tasks: ../get_appliance_dist.yml