add vnc to devops node for django csrf

Author: bgraef

olam/create_instance.yml

@@ -343,6 +343,10 @@
   ansible.builtin.import_playbook: provision_kvm.yml
   when: use_kvm
 
+- name: Provision vnc server on devops node
+  ansible.builtin.import_playbook: provision_vnc.yml
+  when: use_devops_vnc
+
 - name: Provision Oracle Linux Automation Builder Utility
   ansible.builtin.import_playbook: provision_builder.yml
   when: use_olam_builder

olam/default_vars.yml

@@ -23,6 +23,7 @@ update_all: false
 passwordless_ssh: false
 olam_type: single
 # use_olae_only: false
+use_devops_vnc: false
 use_olam_builder: false
 use_olam_pah: false
 add_pah_ports: false

olam/provision_vnc.yml

@@ -0,0 +1,86 @@
+---
+# Copyright (c) 2024 Oracle and/or its affiliates.
+# This software is made available to you under the terms of the Universal Permissive License (UPL), Version 1.0.
+# The Universal Permissive License (UPL), Version 1.0 (see COPYING or https://oss.oracle.com/licenses/upl)
+# See LICENSE.TXT for details.
+
+- name: Install VNC Server and GNOME Desktop
+  hosts: devops-node
+  become: true
+
+  vars_files:
+    - default_vars.yml
+
+  tasks:
+
+    - name: Install the "Server with GUI" package group
+      ansible.builtin.dnf:
+        name: '@Server with GUI'
+        state: present
+      retries: 5
+      delay: 10
+
+    - name: Installing the vnc package
+      ansible.builtin.dnf:
+        name:
+          - tigervnc-server
+          - tigervnc-server-module
+        state: present
+      retries: 5
+      delay: 10
+
+    - name: Set systemd default boot target to graphical.target
+      ansible.builtin.file:
+        src: /usr/lib/systemd/system/graphical.target
+        dest: /etc/systemd/system/default.target
+        state: link
+
+    - name: Set vncserver systemd template
+      ansible.builtin.copy:
+        src: "/usr/lib/systemd/system/[email protected]"
+        dest: "/etc/systemd/system/vncserver@:{{ vnc_port }}.service"
+        remote_src: true
+        mode: "0644"
+
+    - name: Assign username to vnc port
+      ansible.builtin.lineinfile:
+        path: /etc/tigervnc/vncserver.users
+        line: ":{{ vnc_port }}={{ username }}"
+
+    - name: Set vnc geometry and session
+      ansible.builtin.blockinfile:
+        path: /etc/tigervnc/vncserver-config-defaults
+        block: |
+          session=gnome
+          geometry={{ vnc_geometry }}
+
+    - name: Create .vnc directory for user
+      ansible.builtin.file:
+        path: /home/{{ username }}/.vnc
+        state: directory
+        mode: "0700"
+        owner: "{{ username }}"
+        group: "{{ username }}"
+
+    - name: Generate vnc password for the remote user
+      ansible.builtin.shell: |
+        set -o pipefail
+        echo {{ vnc_default_password }} | vncpasswd -f > /home/{{ username }}/.vnc/passwd
+      args:
+        chdir: "/home/{{ username }}/.vnc"
+        creates: "/home/{{ username }}/.vnc/passwd"
+        executable: /bin/bash
+
+    - name: Change the permission to 600 for .vnc/passwd file
+      ansible.builtin.file:
+        path: "/home/{{ username }}/.vnc/passwd"
+        owner: "{{ username }}"
+        group: "{{ usergroup }}"
+        mode: "0600"
+
+    - name: Start and enable the vnc service
+      ansible.builtin.systemd:
+        name: "vncserver@:{{ vnc_port }}.service"
+        daemon_reload: true
+        enabled: true
+        state: started