internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-23 09:14:43 +00:00
Code Issues Projects Releases Wiki Activity

New ipaclient_setup_krb5: Use ipaclient_setup_krb5 instead of ipa-krb5 role

Browse Source 
The advantage of this is that the krb5 configuration is created in the same
way as in the normal installers. The same functionality as in the normal
installers is used in ipaclient_setup_krb5. There is no need to adapt the
ipa-krb5 role or the the ask file for changes in how the krb5 configuration
is done. Additionally ipaclient_force is now a supported parameter as
it is in the normal installer.

New config option:

ipaclient_force

The variable has been added to ipaclient/defaults/main.yml.
This commit is contained in:
Thomas Woerner
2019-03-25 16:49:44 +01:00
parent b942661788
commit 099317fe9c
3 changed files with 142 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
roles/ipaclient/tasks/install.yml
View File

@@ -226,31 +226,18 @@
preserve_sssd: "{{ ipassd_preserve_sssd }}"
no_krb5_offline_passwords: "{{ ipassd_no_krb5_offline_passwords }}"
- name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} <= 4.4"
include_role:
name: ipa-krb5
vars:
krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
krb5_realm: "{{ result_ipaclient_test.realm }}"
krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
krb5_pkinit_anchors: "FILE:/etc/ipa/ca.crt"
when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version <= 40400
- name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} > 4.4"
include_role:
name: ipa-krb5
vars:
krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
krb5_realm: "{{ result_ipaclient_test.realm }}"
krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
krb5_dns_canonicalize_hostname: "false"
krb5_pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem"
krb5_pkinit_anchors: "FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version > 40400
- name: Install - Configure krb5 for IPA realm
ipaclient_setup_krb5:
realm: "{{ result_ipaclient_test.realm }}"
domain: "{{ result_ipaclient_test.domain }}"
servers: "{{ result_ipaclient_test.servers }}"
kdc: "{{ result_ipaclient_test.kdc }}"
dnsok: "{{ result_ipaclient_test.dnsok }}"
client_domain: "{{ result_ipaclient_test.client_domain }}"
hostname: "{{ result_ipaclient_test.hostname }}"
sssd: "{{ result_ipaclient_test.sssd }}"
force: "{{ ipaclient_force }}"
#on_master: "{{ ipaclient_on_master }}"
- name: Install - IPA API calls for remaining enrollment parts
ipaclient_api: