internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-14 13:32:10 +00:00
Code Issues Projects Releases Wiki Activity

New role for ipaserver installation

Browse Source 
The support for external cert files is not complete yet.
This commit is contained in:
Thomas Woerner
2017-12-01 13:15:34 +01:00
parent 86323feb80
commit 079049fa66
39 changed files with 5207 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
roles/ipaserver/tasks/install-1.yml Normal file
View File

@@ -0,0 +1,153 @@
---
# tasks file for ipaserver
- name: Install - Install IPA server package
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server installation test
server_test:
# basic
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
# ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit)}}"
realm: "{{ ipaserver_realm | default(omit)}}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_file: "{{ ipaserver_ca_cert_file | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
#
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
#
no_pkinit: "{{ ipaserver_no_pkinit }}"
dirserv_config_file: "{{ ipaserver_dirserv_config_file | default(omit) }}"
# ssl certificate
dirserv_cert_file: "{{ ipaserver_dirserv_cert_file | default(omit) }}"
dirserv_pin: "{{ ipaserver_dirserv_pin | default(omit) }}"
dirserv_cert_name: "{{ ipaserver_dirserv_cert_name | default(omit) }}"
http_cert_file: "{{ ipaserver_http_cert_file | default(omit) }}"
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
pkinit_cert_file: "{{ ipaserver_pkinit_cert_file | default(omit) }}"
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
# client
no_ntp: "{{ ipaserver_no_ntp }}"
# certificate system
external_ca: "{{ ipaserver_external_ca | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
# dns
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(first) }}"
# repair
allow_repair: "{{ ipaserver_allow_repair }}"
# # compat_mode
# compat_mode: "{{ ipaserver_compat_mode }}"
register: server_test
##
- block:
- name: Install - Master password passthrough or creation
no_log: yes
master_password:
dm_password: "{{ ipaserver_dm_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
register: master_password
# - name: Install - Create directory server instance
# create_ds:
- name: Install - Install
server_install:
# basic
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ master_password.value }}"
# ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
ip_addresses: "{{ server_test.ip_addresses }}"
domain: "{{ server_test.domain }}"
realm: "{{ server_test.realm }}"
hostname: "{{ server_test.hostname }}"
ca_cert_file: "{{ ipaserver_ca_cert_file | default(omit) }}"
no_host_dns: "{{ server_test.no_host_dns }}"
# server
setup_adtrust: "{{ server_test.setup_adtrust }}"
setup_kra: "{{ server_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirserv_config_file: "{{ ipaserver_dirserv_config_file | default(omit) }}"
# ssl certificate
dirserv_cert_file: "{{ ipaserver_dirserv_cert_file | default(omit) }}"
dirserv_pin: "{{ ipaserver_dirserv_pin | default(omit) }}"
dirserv_cert_name: "{{ ipaserver_dirserv_cert_name | default(omit) }}"
http_cert_file: "{{ ipaserver_http_cert_file | default(omit) }}"
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
pkinit_cert_file: "{{ ipaserver_pkinit_cert_file | default(omit) }}"
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
# client
mkhomedir: "{{ ipaserver_mkhomedir }}"
no_ntp: "{{ ipaserver_no_ntp }}"
ssh_trust_dns: "{{ ipaserver_ssh_trust_dns }}"
no_ssh: "{{ ipaserver_no_ssh }}"
no_sshd: "{{ ipaserver_no_sshd }}"
no_dns_sshfp: "{{ ipaserver_no_dns_sshfp }}"
# certificate system
external_ca: "{{ ipaserver_external_ca | default(omit) }}"
external_ca_type: "{{ ipaserver_external_ca_type | default('generic') }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ server_test.ca_subject | default(omit) }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
# dns
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zone: "{{ ipaserver_reverse_zone | default(omit) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(first) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
# ad trust
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
# additional
hostname_overridden: "{{ server_test.hostname_overridden }}"
update_hosts_file: "{{ server_test.update_hosts_file }}"
setup_ca: "{{ server_test.setup_ca }}"
allow_repair: "{{ ipaserver_allow_repair }}"
reverse_zones: "{{ server_test.reverse_zones }}"
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent

88
roles/ipaserver/tasks/install-2.yml Normal file
View File

@@ -0,0 +1,88 @@
---
# tasks file for ipaserver
- name: Install - Install IPA server package
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server installation
server_install:
# basic
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit)}}"
realm: "{{ ipaserver_realm | default(omit)}}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_file: "{{ ipaserver_ca_cert_file | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
#
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirserv_config_file: "{{ ipaserver_dirserv_config_file | default(omit) }}"
# ssl certificate
dirserv_cert_file: "{{ ipaserver_dirserv_cert_file | default(omit) }}"
dirserv_pin: "{{ ipaserver_dirserv_pin | default(omit) }}"
dirserv_cert_name: "{{ ipaserver_dirserv_cert_name | default(omit) }}"
http_cert_file: "{{ ipaserver_http_cert_file | default(omit) }}"
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
pkinit_cert_file: "{{ ipaserver_pkinit_cert_file | default(omit) }}"
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
# client
mkhomedir: "{{ ipaserver_mkhomedir }}"
no_ntp: "{{ ipaserver_no_ntp }}"
ssh_trust_dns: "{{ ipaserver_ssh_trust_dns }}"
no_ssh: "{{ ipaserver_no_ssh }}"
no_sshd: "{{ ipaserver_no_sshd }}"
no_dns_sshfp: "{{ ipaserver_no_dns_sshfp }}"
# certificate system
external_ca: "{{ ipaserver_external_ca | default(omit) }}"
external_ca_type: "{{ ipaserver_external_ca_type | default('generic') }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
# dns
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zone: "{{ ipaserver_reverse_zone | default(omit) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(first) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
# ad trust
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
# additional
#hostname_overridden: "{{ server_test.hostname_overridden }}"
#update_hosts_file: "{{ server_test.update_hosts_file }}"
#setup_ca: "{{ server_test.setup_ca }}"
#allow_repair: "{{ ipaserver_allow_repair }}"
#reverse_zones: "{{ server_test.reverse_zones }}"
register: server_install
##
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent

215
roles/ipaserver/tasks/install-ipaserver.yml Normal file
View File

@@ -0,0 +1,215 @@
---
# tasks file for ipaserver
- name: Install - Install IPA server package
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server installation test
server_test:
# basic
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
# ip_addresses: "{{ ipaserver_ip_addresses }}"
domain: "{{ ipaserver_domain | default(omit)}}"
realm: "{{ ipaserver_realm | default(omit)}}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_file: "{{ ipaserver_ca_cert_file | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
#
# setup_adtrust: "{{ ipaserver_setup_adtrust }}"
# setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
#
no_pkinit: "{{ ipaserver_no_pkinit }}"
dirserv_config_file: "{{ ipaserver_dirserv_config_file | default(omit) }}"
# ssl certificate
dirserv_cert_file: "{{ ipaserver_dirserv_cert_file | default(omit) }}"
dirserv_pin: "{{ ipaserver_dirserv_pin | default(omit) }}"
dirserv_cert_name: "{{ ipaserver_dirserv_cert_name | default(omit) }}"
http_cert_file: "{{ ipaserver_http_cert_file | default(omit) }}"
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
pkinit_cert_file: "{{ ipaserver_pkinit_cert_file | default(omit) }}"
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
# client
no_ntp: "{{ ipaserver_no_ntp }}"
# certificate system
external_ca: "{{ ipaserver_external_ca | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
# dns
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(first) }}"
# repair
allow_repair: "{{ ipaserver_allow_repair }}"
register: server_test
##
- block:
- name: Install - Master password passthrough or creation
no_log: yes
master_password:
dm_password: "{{ ipaserver_dm_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
register: master_password
- name: Install - Install
master_password:
# basic
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
# ip_addresses: "{{ ipaserver_ip_addresses }}"
domain: "{{ ipaserver_domain }}"
realm: "{{ ipaserver_realm }}"
# hostname: "{{ ansible_fqdn }}"
ca_cert_file: "{{ ipaserver_ca_cert_file | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
# server
# setup_adtrust: "{{ ipaserver_setup_adtrust }}"
# setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirserv_config_file: "{{ ipaserver_dirserv_config_file | default(omit) }}"
# ssl certificate
dirserv_cert_file: "{{ ipaserver_dirserv_cert_file | default(omit) }}"
dirserv_pin: "{{ ipaserver_dirserv_pin | default(omit) }}"
dirserv_cert_name: "{{ ipaserver_dirserv_cert_name | default(omit) }}"
http_cert_file: "{{ ipaserver_http_cert_file | default(omit) }}"
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
pkinit_cert_file: "{{ ipaserver_pkinit_cert_file | default(omit) }}"
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
# client
mkhomedir: "{{ ipaserver_mkhomedir }}"
no_ntp: "{{ ipaserver_no_ntp }}"
ssh_trust_dns: "{{ ipaserver_ssh_trust_dns }}"
no_ssh: "{{ ipaserver_no_ssh }}"
no_sshd: "{{ ipaserver_no_sshd }}"
no_dns_sshfp: "{{ ipaserver_no_dns_sshfp }}"
# certificate system
external_ca: "{{ ipaserver_external_ca | default(omit) }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(generic) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
# dns
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zone: "{{ ipaserver_reverse_zone | default(omit) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(first) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
# ad trust
#enable_compat: "{{ ipaserver_enable_compat }}"
#netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
#rid_base: "{{ ipaserver_rid_base | default(omit) }}"
#secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
# - name: Install - Create directory server instance
# create_ds:
- fail:
- name: Install - Install server
ipaserver:
# basic
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
# ip_addresses: "{{ ipaserver_ip_addresses }}"
domain: "{{ ipaserver_domain }}"
realm: "{{ ipaserver_realm }}"
# hostname: "{{ ansible_fqdn }}"
ca_cert_file: "{{ ipaserver_ca_cert_file | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
# server
# setup_adtrust: "{{ ipaserver_setup_adtrust }}"
# setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirserv_config_file: "{{ ipaserver_dirserv_config_file | default(omit) }}"
# ssl certificate
dirserv_cert_file: "{{ ipaserver_dirserv_cert_file | default(omit) }}"
dirserv_pin: "{{ ipaserver_dirserv_pin | default(omit) }}"
dirserv_cert_name: "{{ ipaserver_dirserv_cert_name | default(omit) }}"
http_cert_file: "{{ ipaserver_http_cert_file | default(omit) }}"
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
pkinit_cert_file: "{{ ipaserver_pkinit_cert_file | default(omit) }}"
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
# client
mkhomedir: "{{ ipaserver_mkhomedir }}"
no_ntp: "{{ ipaserver_no_ntp }}"
ssh_trust_dns: "{{ ipaserver_ssh_trust_dns }}"
no_ssh: "{{ ipaserver_no_ssh }}"
no_sshd: "{{ ipaserver_no_sshd }}"
no_dns_sshfp: "{{ ipaserver_no_dns_sshfp }}"
# certificate system
external_ca: "{{ ipaserver_external_ca | default(omit) }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(generic) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
# dns
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zone: "{{ ipaserver_reverse_zone | default(omit) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(first) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
# ad trust
#enable_compat: "{{ ipaserver_enable_compat }}"
#netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
#rid_base: "{{ ipaserver_rid_base | default(omit) }}"
#secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
state: present
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent

31
roles/ipaserver/tasks/install-test.yml Normal file
View File

@@ -0,0 +1,31 @@
---
# tasks file for ipaserver
- name: Install - Install IPA server package
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server installation
server_install:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
domain: "{{ ipaserver_domain | default(omit)}}"
realm: "{{ ipaserver_realm | default(omit)}}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
setup_dns: "{{ ipaserver_setup_dns }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
register: server_install
##
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent

428
roles/ipaserver/tasks/install.yml Normal file
View File

@@ -0,0 +1,428 @@
---
# tasks file for ipaserver
- name: Install - Install IPA server package
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Install packages for dns
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages_dns }}"
when: ipaserver_setup_dns | bool
- name: Install - Install packages for adtrust
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages_adtrust }}"
when: ipaserver_setup_adtrust | bool
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server installation test
ipaserver_test:
### basic ###
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit) }}"
realm: "{{ ipaserver_realm | default(omit) }}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
# no_host_dns: "{{ ipaserver_no_host_dns }}"
### server ###
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
# no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
# no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
### ssl certificate ###
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
pkinit_cert_files: "{{ ipaserver_pkinit_cert_files | default([]) }}"
# dirsrv_pin
# http_pin
# pkinit_pin
# dirsrv_name
# http_name
# pkinit_name
### client ###
# mkhomedir
no_ntp: "{{ ipaserver_no_ntp }}"
# ssh_trust_dns
# no_ssh
# no_sshd
# no_dns_sshfp
### certificate system ###
external_ca: "{{ ipaserver_external_ca }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
# ca_signing_algorithm
### dns ###
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
### ad trust ###
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
### additional ###
allow_repair: "{{ ipaserver_allow_repair }}"
register: ipaserver_test
- block:
- block:
- name: Install - Master password creation
no_log: yes
ipaserver_master_password:
dm_password: "{{ ipaserver_dm_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
register: ipaserver_master_password
- name: Install - Use new master password
no_log: yes
set_fact:
ipaserver_master_password: "{{ ipaserver_master_password.value }}"
when: ipaserver_master_password is undefined
- name: Install - Server preparation
ipaserver_prepare:
### basic ###
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
# master_password
#ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit) }}"
realm: "{{ ipaserver_realm | default(omit) }}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
# no_host_dns: "{{ ipaserver_no_host_dns }}"
### server ###
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
# no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
# no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
### ssl certificate ###
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
pkinit_cert_files: "{{ ipaserver_pkinit_cert_files | default([]) }}"
# dirsrv_pin
# http_pin
# pkinit_pin
# dirsrv_name
# http_name
# pkinit_name
### client ###
# mkhomedir
no_ntp: "{{ ipaserver_no_ntp }}"
# ssh_trust_dns
# no_ssh
# no_sshd
# no_dns_sshfp
### certificate system ###
external_ca: "{{ ipaserver_external_ca }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_test.ca_subject | default(omit) }}"
# ca_signing_algorithm
### dns ###
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_test.forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
### ad trust ###
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
_hostname_overridden: "{{ ipaserver_test._hostname_overridden | default(omit) }}"
when: ipaserver_foo is defined
- name: Install - Server preparation
ipaserver_prepare:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
##ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
#no_pkinit: "{{ ipaserver_test.no_pkinit }}"
_hostname_overridden: "{{ ipaserver_test._hostname_overridden }}"
register: ipaserver_prepare
- name: Install - Setup NTP
ipaserver_setup_ntp:
when: not ipaserver_no_ntp | bool and (ipaserver_external_cert_files is undefined or ipaserver_external_cert_files|length < 1)
- name: Install - Setup DS
ipaserver_setup_ds:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
#master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm | default(omit) }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
#reverse_zones: "{{ ipaserver_test.reverse_zones }}"
#setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
#setup_kra: "{{ ipaserver_test.setup_kra }}"
#setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
#no_host_dns: "{{ ipaserver_test.no_host_dns }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
#no_reverse: "{{ ipaserver_no_reverse }}"
#auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
- name: Install - Setup KRB
ipaserver_setup_krb:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
_pkinit_pkcs12_info: "{{ ipaserver_test._pkinit_pkcs12_info }}"
- name: Install - Setup CA
ipaserver_setup_ca:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
_dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
external_ca: "{{ ipaserver_external_ca }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
_subject_base: "{{ ipaserver_test._subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
_ca_subject: "{{ ipaserver_test._ca_subject }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
- name: Install - Setup otpd
ipaserver_setup_otpd:
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
- name: Install - Setup custodia
ipaserver_setup_custodia:
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
- name: Install - Setup HTTP
ipaserver_setup_http:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
_subject_base: "{{ ipaserver_test._subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
_ca_subject: "{{ ipaserver_test._ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
- name: Install - Setup KRA
ipaserver_setup_kra:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
dm_password: "{{ ipaserver_dm_password }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
when: ipaserver_test.setup_kra | bool
- name: Install - Setup DNS
ipaserver_setup_dns:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
setup_dns: "{{ ipaserver_setup_dns }}"
forwarders: "{{ ipaserver_test.forwarders | default(omit) }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
when: ipaserver_setup_dns | bool
- name: Install - Setup ADTRUST
ipaserver_setup_adtrust:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
when: ipaserver_test.setup_adtrust
- name: Install - Set DS password
ipaserver_set_ds_password:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
_dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
#- name: Install - Setup client
# include_role:
# name: ipaclient
# private: yes
# defaults_from: "/roles/ipaclient/defaults/main.yml"
# tasks_from: "/roles/ipaclient/tasks/main.yml"
# vars_from: "/roles/ipaclient/vars/main.yml"
# vars:
# state: present
# on_master: yes
# domain: "{{ ipaserver_test.domain }}"
# realm: "{{ ipaserver_test.realm }}"
# server: "{{ ipaserver_test.hostname }}"
# hostname: "{{ ipaserver_test.hostname }}"
# #no_dns_sshfp: "{{ ipaserver_no_dns_sshfp }}"
# #ssh_trust_dns: "{{ ipaserver_ssh_trust_dns }}"
# #no_ssh: "{{ ipaserver_no_ssh }}"
# #no_sshd: "{{ ipaserver_no_sshd }}"
# mkhomedir: "{{ ipaserver_mkhomedir }}"
# #allow_repair: "{{ ipaserver_allow_repair }}"
- name: Install - Setup client
command: >
/usr/sbin/ipa-client-install
--unattended
--on-master
--domain "{{ ipaserver_test.domain }}"
--realm "{{ ipaserver_test.realm }}"
--server "{{ ipaserver_test.hostname }}"
--hostname "{{ ipaserver_test.hostname }}"
{{ "--mkhomedir" if ipaserver_mkhomedir | bool else "" }}
# {{ "--no-dns-sshfp" if ipaserver_no_dns_sshfp | bool else "" }}
# {{ "--ssh-trust-dns" if ipaserver_ssh_trust_dns | bool else "" }}
# {{ "--no-ssh" if ipaserver_no_ssh | bool else "" }}
# {{ "--no-sshd" if ipaserver_no_sshd | bool else "" }}
- name: Install - Enable IPA
ipaserver_enable_ipa:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
register: ipaserver_enable_ipa
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent
when: ipaserver_enable_ipa.changed

566
roles/ipaserver/tasks/install_cache.yml Normal file
View File

@@ -0,0 +1,566 @@
---
# tasks file for ipaserver
- name: Install - Install IPA server package
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Install packages for dns
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages_dns }}"
when: ipaserver_setup_dns | bool
- name: Install - Install packages for adtrust
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages_adtrust }}"
when: ipaserver_setup_adtrust | bool
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server load cache
ipaserver_load_cache:
dm_password: "{{ ipaserver_dm_password }}"
register: ipaserver_cache
- name: Install - Server apply cache
set_fact:
### basic ###
ipaserver_master_password: "{{ ipaserver_cache.master_password | default(omit) }}"
ipaserver_password: "{{ ipaserver_cache.admin_password | default(omit) }}"
ipaserver_ip_addresses: "{{ ipaserver_cache.ip_addresses | default(omit) }}"
ipaserver_domain: "{{ ipaserver_cache.domain_name | default(omit) }}"
ipaserver_realm: "{{ ipaserver_cache.realm_name | default(omit) }}"
ipaserver_hostname: "{{ ipaserver_cache.host_name | default(omit) }}"
ipaserver_ca_cert_files: "{{ ipaserver_cache.ca_cert_files | default(omit) }}"
ipaserver_no_host_dns: "{{ ipaserver_cache.no_host_dns | default(omit) }}"
### server ###
ipaserver_setup_adtrust: "{{ ipaserver_cache.setup_adtrust | default(omit) }}"
ipaserver_setup_kra: "{{ ipaserver_cache.setup_kra | default(omit) }}"
ipaserver_setup_dns: "{{ ipaserver_cache.setup_dns | default(omit) }}"
ipaserver_idstart: "{{ ipaserver_cache.idstart | default(omit) }}"
ipaserver_idmax: "{{ ipaserver_cache.idmax | default(omit) }}"
ipaserver_no_hbac_allow: "{{ ipaserver_cache.no_hbac_allow | default(omit) }}"
ipaserver_no_pkinit: "{{ ipaserver_cache.no_pkinit | default(omit) }}"
ipaserver_no_ui_redirect: "{{ ipaserver_cache.no_ui_redirect | default(omit) }}"
ipaserver_dirsrv_config_file: "{{ ipaserver_cache.dirsrv_config_file | default(omit) }}"
### ssl certificate ###
ipaserver_dirsrv_cert_files: "{{ ipaserver_cache.dirsrv_cert_files | default(omit) }}"
ipaserver_http_cert_files: "{{ ipaserver_cache.http_cert_files | default(omit) }}"
ipaserver_pkinit_cert_files: "{{ ipaserver_cache.pkinit_cert_files | default(omit) }}"
ipaserver_dirsrv_pin: "{{ ipaserver_cache.dirsrv_pin | default(omit) }}"
ipaserver_http_pin: "{{ ipaserver_cache.http_pin | default(omit) }}"
ipaserver_pkinit_pin: "{{ ipaserver_cache.pkinit_pin | default(omit) }}"
ipaserver_dirsrv_name: "{{ ipaserver_cache.dirsrv_name | default(omit) }}"
ipaserver_http_name: "{{ ipaserver_cache.http_name | default(omit) }}"
ipaserver_pkinit_name: "{{ ipaserver_cache.pkinit_name | default(omit) }}"
### client ###
ipaserver_mkhomedir: "{{ ipaserver_cache.mkhomedir | default(omit) }}"
ipaserver_no_ntp: "{{ ipaserver_cache.no_ntp | default(omit) }}"
ipaserver_ssh_trust_dns: "{{ ipaserver_cache.ssh_trust_dns | default(omit) }}"
ipaserver_no_ssh: "{{ ipaserver_cache.no_ssh | default(omit) }}"
ipaserver_no_sshd: "{{ ipaserver_cache.no_sshd | default(omit) }}"
ipaserver_no_dns_sshfp: "{{ ipaserver_cache.no_dns_sshfp | default(omit) }}"
### certificate system ###
ipaserver_external_ca: "{{ ipaserver_cache.external_ca | default(omit) }}"
ipaserver_external_ca_type: "{{ ipaserver_cache.external_ca_type | default(omit) }}"
ipaserver_external_cert_files: "{{ ipaserver_cache.external_cert_files | default(omit) }}"
ipaserver_subject_base: "{{ ipaserver_cache.subject_base | default(omit) }}"
ipaserver_ca_subject: "{{ ipaserver_cache.ca_subject | default(omit) }}"
ipaserver_ca_signing_algorithm: "{{ ipaserver_cache.ca_signing_algorithm | default(omit) }}"
### dns ###
ipaserver_allow_zone_overlap: "{{ ipaserver_cache.allow_zone_overlap | default(omit) }}"
ipaserver_reverse_zones: "{{ ipaserver_cache.reverse_zones | default(omit) }}"
ipaserver_no_reverse: "{{ ipaserver_cache.no_reverse | default(omit) }}"
ipaserver_auto_reverse: "{{ ipaserver_cache.auto_reverse | default(omit) }}"
ipaserver_zonemgr: "{{ ipaserver_cache.zonemgr | default(omit) }}"
ipaserver_forwarders: "{{ ipaserver_cache.forwarders | default(omit) }}"
ipaserver_no_forwarders: "{{ ipaserver_cache.no_forwarders | default(omit) }}"
ipaserver_auto_forwarders: "{{ ipaserver_cache.auto_forwarders | default(omit) }}"
ipaserver_forward_policy: "{{ ipaserver_cache.forward_policy | default(omit) }}"
ipaserver_no_dnssec_validation: "{{ ipaserver_cache.no_dnssec_validation | default(omit) }}"
### ad trust ###
ipaserver_enable_compat: "{{ ipaserver_cache.enable_compat | default(omit) }}"
ipaserver_netbios_name: "{{ ipaserver_cache.netbios_name | default(omit) }}"
ipaserver_rid_base: "{{ ipaserver_cache.rid_base | default(omit) }}"
ipaserver_secondary_rid_base: "{{ ipaserver_cache.secondary_rid_base | default(omit) }}"
### additional ###
ipaserver_allow_repair: "{{ ipaserver_cache.allow_repair | default(omit) }}"
ipaserver_domainlevel: "{{ ipaserver_cache.domainlevel | default(omit) }}"
ipaserver__subject_base: "{{ ipaserver_cache._subject_base | default(omit) }}"
ipaserver__ca_subject: "{{ ipaserver_cache._ca_subject | default(omit) }}"
ipaserver__hostname_overridden: "{{ ipaserver_cache._hostname_overridden | default(omit) }}"
ipaserver_setup_ca: "{{ ipaserver_cache.setup_ca | default(omit) }}"
ipaserver__installation_cleanup: "{{ ipaserver_cache._installation_cleanup | default(omit) }}"
ipaserver__dirsrv_pkcs12_file: "{{ ipaserver_cache._dirsrv_pkcs12_file | default(omit) }}"
ipaserver__dirsrv_pkcs12_info: "{{ ipaserver_cache._dirsrv_pkcs12_info | default(omit) }}"
ipaserver__dirsrv_ca_cert: "{{ ipaserver_cache._dirsrv_ca_cert | default(omit) }}"
ipaserver__http_pkcs12_file: "{{ ipaserver_cache._http_pkcs12_file | default(omit) }}"
ipaserver__http_pkcs12_info: "{{ ipaserver_cache._http_pkcs12_info | default(omit) }}"
ipaserver__http_ca_cert: "{{ ipaserver_cache._http_ca_cert | default(omit) }}"
ipaserver__pkinit_pkcs12_file: "{{ ipaserver_cache._pkinit_pkcs12_file | default(omit) }}"
ipaserver__pkinit_pkcs12_info: "{{ ipaserver_cache._pkinit_pkcs12_info | default(omit) }}"
ipaserver__pkinit_ca_cert: "{{ ipaserver_cache._pkinit_ca_cert | default(omit) }}"
when: ipaserver_cache.changed
- name: Install - Server installation test
ipaserver_test:
### basic ###
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit) }}"
realm: "{{ ipaserver_realm | default(omit) }}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
# no_host_dns: "{{ ipaserver_no_host_dns }}"
### server ###
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
# no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
# no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
### ssl certificate ###
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
pkinit_cert_files: "{{ ipaserver_pkinit_cert_files | default([]) }}"
# dirsrv_pin
# http_pin
# pkinit_pin
# dirsrv_name
# http_name
# pkinit_name
### client ###
# mkhomedir
no_ntp: "{{ ipaserver_no_ntp }}"
# ssh_trust_dns
# no_ssh
# no_sshd
# no_dns_sshfp
### certificate system ###
external_ca: "{{ ipaserver_external_ca }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
# ca_signing_algorithm
### dns ###
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
### ad trust ###
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
### additional ###
allow_repair: "{{ ipaserver_allow_repair }}"
register: ipaserver_test
#- name: Install - Server apply test results
# set_fact:
# #ipaserver_setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
# #ipaserver_setup_kra: "{{ ipaserver_test.setup_kra }}"
# #ipaserver_setup_ca: "{{ ipaserver_test.setup_ca }}"
# #ipaserver_reverse_zones: "{{ ipaserver_test.reverse_zones }}"
# #ipaserver_forwarders: "{{ ipaserver_test.forwarders }}"
# #ipaserver_subject_base: "{{ ipaserver_test.subject_base }}"
# #ipaserver_ca_subject: "{{ ipaserver_test.ca_subject }}"
# #ipaserver__subject_base: "{{ ipaserver_test._subject_base }}"
# #ipaserver__ca_subject: "{{ ipaserver_test._ca_subject }}"
# #ipaserver__hostname_overridden: "{{ ipaserver_test._hostname_overridden }}"
# #ipaserver__installation_cleanup: "{{ ipaserver_test._installation_cleanup }}"
# #ipaserver__dirsrv_pkcs12_file: "{{ ipaserver_test._dirsrv_pkcs12_file }}"
# #ipaserver__dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
# #ipaserver__dirsrv_ca_cert: "{{ ipaserver_test._dirsrv_ca_cert }}"
# #ipaserver__http_pkcs12_file: "{{ ipaserver_test._http_pkcs12_file }}"
# #ipaserver__http_pkcs12_info: "{{ ipaserver_test._http_pkcs12_info }}"
# #ipaserver__http_ca_cert: "{{ ipaserver_test._http_ca_cert }}"
# #ipaserver__pkinit_pkcs12_file: "{{ ipaserver_test._pkinit_pkcs12_file }}"
# #ipaserver__pkinit_pkcs12_info: "{{ ipaserver_test._pkinit_pkcs12_info }}"
# #ipaserver__pkinit_ca_cert: "{{ ipaserver_test._pkinit_ca_cert }}"
# when: ipaserver_test.changed
- block:
- block:
- name: Install - Master password creation
no_log: yes
ipaserver_master_password:
dm_password: "{{ ipaserver_dm_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
register: ipaserver_master_password
- name: Install - Use new master password
no_log: yes
set_fact:
ipaserver_master_password: "{{ ipaserver_master_password.value }}"
when: ipaserver_master_password is undefined
- name: Install - Server preparation
ipaserver_prepare:
### basic ###
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
# master_password
#ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit) }}"
realm: "{{ ipaserver_realm | default(omit) }}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
# no_host_dns: "{{ ipaserver_no_host_dns }}"
### server ###
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
# no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
# no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
### ssl certificate ###
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
pkinit_cert_files: "{{ ipaserver_pkinit_cert_files | default([]) }}"
# dirsrv_pin
# http_pin
# pkinit_pin
# dirsrv_name
# http_name
# pkinit_name
### client ###
# mkhomedir
no_ntp: "{{ ipaserver_no_ntp }}"
# ssh_trust_dns
# no_ssh
# no_sshd
# no_dns_sshfp
### certificate system ###
external_ca: "{{ ipaserver_external_ca }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_test.ca_subject | default(omit) }}"
# ca_signing_algorithm
### dns ###
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_test.forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
### ad trust ###
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
_hostname_overridden: "{{ ipaserver_test._hostname_overridden | default(omit) }}"
when: ipaserver_foo is defined
- name: Install - Server preparation
ipaserver_prepare:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
##ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
#no_pkinit: "{{ ipaserver_test.no_pkinit }}"
_hostname_overridden: "{{ ipaserver_test._hostname_overridden }}"
register: ipaserver_prepare
- name: Install - Setup NTP
ipaserver_setup_ntp:
when: not ipaserver_no_ntp | bool and (ipaserver_external_cert_files is undefined or ipaserver_external_cert_files|length < 1)
- name: Install - Setup DS
ipaserver_setup_ds:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
#master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm | default(omit) }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
#reverse_zones: "{{ ipaserver_test.reverse_zones }}"
#setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
#setup_kra: "{{ ipaserver_test.setup_kra }}"
#setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
#no_host_dns: "{{ ipaserver_test.no_host_dns }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
#no_reverse: "{{ ipaserver_no_reverse }}"
#auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
- name: Install - Setup KRB
ipaserver_setup_krb:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
- name: Install - Setup CA
ipaserver_setup_ca:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
_dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
external_ca: "{{ ipaserver_external_ca }}"
subject_base: "{{ ipaserver_test.subject_base }}"
_subject_base: "{{ ipaserver_test._subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
_ca_subject: "{{ ipaserver_test._ca_subject }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
- name: Install - Setup otpd
ipaserver_setup_otpd:
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
- name: Install - Setup custodia
ipaserver_setup_custodia:
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
- name: Install - Setup HTTP
ipaserver_setup_http:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
subject_base: "{{ ipaserver_test.subject_base }}"
_subject_base: "{{ ipaserver_test._subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
_ca_subject: "{{ ipaserver_test._ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
- name: Install - Setup KRA
ipaserver_setup_kra:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
dm_password: "{{ ipaserver_dm_password }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
when: ipaserver_test.setup_kra | bool
- name: Install - Setup DNS
ipaserver_setup_dns:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
setup_dns: "{{ ipaserver_setup_dns }}"
forwarders: "{{ ipaserver_test.forwarders | default(omit) }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
when: ipaserver_setup_dns | bool
- name: Install - Setup ADTRUST
ipaserver_setup_adtrust:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
when: ipaserver_test.setup_adtrust
- name: Install - Set DS password
ipaserver_set_ds_password:
dm_password: "{{ ipaserver_dm_password }}"
password: "{{ ipaserver_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
_dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
#- name: Install - Setup client
# include_role:
# name: ipaclient
# private: yes
# defaults_from: "/roles/ipaclient/defaults/main.yml"
# tasks_from: "/roles/ipaclient/tasks/main.yml"
# vars_from: "/roles/ipaclient/vars/main.yml"
# vars:
# state: present
# on_master: yes
# domain: "{{ ipaserver_test.domain }}"
# realm: "{{ ipaserver_test.realm }}"
# server: "{{ ipaserver_test.hostname }}"
# hostname: "{{ ipaserver_test.hostname }}"
# #no_dns_sshfp: "{{ ipaserver_no_dns_sshfp }}"
# #ssh_trust_dns: "{{ ipaserver_ssh_trust_dns }}"
# #no_ssh: "{{ ipaserver_no_ssh }}"
# #no_sshd: "{{ ipaserver_no_sshd }}"
# mkhomedir: "{{ ipaserver_mkhomedir }}"
# #allow_repair: "{{ ipaserver_allow_repair }}"
- name: Install - Setup client
command: >
/usr/sbin/ipa-client-install
--unattended
--on-master
--domain "{{ ipaserver_test.domain }}"
--realm "{{ ipaserver_test.realm }}"
--server "{{ ipaserver_test.hostname }}"
--hostname "{{ ipaserver_test.hostname }}"
{{ "--mkhomedir" if ipaserver_mkhomedir | bool else "" }}
# {{ "--no-dns-sshfp" if ipaserver_no_dns_sshfp | bool else "" }}
# {{ "--ssh-trust-dns" if ipaserver_ssh_trust_dns | bool else "" }}
# {{ "--no-ssh" if ipaserver_no_ssh | bool else "" }}
# {{ "--no-sshd" if ipaserver_no_sshd | bool else "" }}
- name: Install - Enable IPA
ipaserver_enable_ipa:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
register: ipaserver_enable_ipa
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent
when: ipaserver_enable_ipa.changed
#- name: Install - Server installation
# ipaserver_install:
# dm_password: "{{ ipaserver_dm_password }}"
# password: "{{ ipaserver_password }}"
# domain: "{{ ipaserver_domain | default(omit) }}"
# realm: "{{ ipaserver_realm | default(omit) }}"
# hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
# setup_dns: "{{ ipaserver_setup_dns }}"
# no_reverse: "{{ ipaserver_no_reverse }}"
# auto_forwarders: "{{ ipaserver_auto_forwarders }}"
# register: ipaserver_install
#- name: Install - Server installation
# ipaserver_install:
# dm_password: "{{ ipaserver_dm_password }}"
# password: "{{ ipaserver_password }}"
# domain: "{{ ipaserver_test.domain }}"
# realm: "{{ ipaserver_test.realm }}"
# hostname: "{{ ipaserver_test.hostname }}"
# #ip_addresses: "{{ ipaserver_test.ip_addresses }}"
# reverse_zones: "{{ ipaserver_test.reverse_zones }}"
# setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
# setup_kra: "{{ ipaserver_test.setup_kra }}"
# setup_dns: "{{ ipaserver_setup_dns }}"
# setup_ca: "{{ ipaserver_test.setup_ca }}"
# no_host_dns: "{{ ipaserver_test.no_host_dns }}"
# subject_base: "{{ ipaserver_test.subject_base }}"
# ca_subject: "{{ ipaserver_test.ca_subject }}"
# no_reverse: "{{ ipaserver_no_reverse }}"
# auto_forwarders: "{{ ipaserver_auto_forwarders }}"
# register: ipaserver_install
#
#- name: Install - Cleanup root IPA cache
# file:
# path: "/root/.ipa_cache"
# state: absent
# when: ipaserver_install.changed

18
roles/ipaserver/tasks/main.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# tasks file for ipaserver
- name: Import variables specific to distribution
include_vars: "{{ item }}"
with_first_found:
- "vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
- "vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
- "vars/{{ ansible_distribution }}.yml"
- "vars/default.yml"
- name: Install IPA server
include: tasks/install.yml
when: state|default('present') == 'present'
- name: Uninstall IPA server
include: tasks/uninstall.yml
when: state|default('present') == 'absent'

19
roles/ipaserver/tasks/python_2_3_test.yml Normal file
View File

@@ -0,0 +1,19 @@
- block:
- name: Verify Python3 import
script: py3test.py
register: py3test
failed_when: False
- name: Set python interpreter to 3
set_fact:
ansible_python_interpreter: "/usr/bin/python3"
when: py3test.rc == 0
- name: Fail for IPA 4.5.90
fail: msg="You need to install python2 bindings for ipa server usage"
when: py3test.rc != 0 and "not usable with python3" in py3test.stdout
- name: Set python interpreter to 2
set_fact:
ansible_python_interpreter: "/usr/bin/python2"
when: py3test.failed or py3test.rc != 0

24
roles/ipaserver/tasks/uninstall.yml Normal file
View File

@@ -0,0 +1,24 @@
---
# tasks to uninstall IPA server
#- name: Uninstall - Include Python2/3 import test
# include: "{{role_path}}/tasks/python_2_3_test.yml"
# static: yes
- name: Uninstall - Uninstall IPA server
command: >
/usr/sbin/ipa-server-install
--uninstall
-U
{{ '--ignore-topology-disconnect' if ipaserver_ignore_topology_disconnect | bool else '' }}
{{ '--ignore-last-of-role' if ipaserver_ignore_last_of_role | bool else ''}}
register: uninstall
# 2 means that uninstall failed because IPA server was not configured
failed_when: uninstall.rc != 0 and uninstall.rc != 2
changed_when: uninstall.rc == 0
#- name: Remove IPA server packages
# package:
# name: "{{ item }}"
# state: absent
# with_items: "{{ ipaserver_packages }}"

19
roles/ipaserver/tasks/uninstall.yml.old Normal file
View File

@@ -0,0 +1,19 @@
---
# tasks to uninstall IPA server
- name: Uninstall - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Uninstall - Uninstall IPA server
command: /usr/sbin/ipa-server-install --uninstall -U {% if ipaserver_ignore_topology_disconnect | bool %}--ignore-topology-disconnect{% endif %} {% if ipaserver_ignore_last_of_role | bool %}--ignore-last-of-role{% endif %}
register: uninstall
# 2 means that uninstall failed because IPA server was not configured
failed_when: uninstall.rc != 0 and uninstall.rc != 2
changed_when: uninstall.rc == 0
#- name: Remove IPA server packages
# package:
# name: "{{ item }}"
# state: absent
# with_items: "{{ ipaserver_packages }}"