From 58e1f03bcbc561ea96379124d37e2308429dced6 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Tue, 14 May 2019 17:38:20 +0200 Subject: [PATCH] Update README.md Fixed wrong use of ipareplica name in ipaclient inventory examples. Added tier1 and tier2 replica handling. --- README.md | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1310261c..de0f764b 100644 --- a/README.md +++ b/README.md @@ -121,12 +121,34 @@ This will create a chain from ```ipaserver.test.local <- ipareplica1.test.local If you need to set more than one server for a replica (for fallbacks etc.), simply use a comma separated list for ```ipareplica_servers```: ```yaml -[ipareplicas] +[ipareplicas_tier1] ipareplica1.test.local + +[ipareplicas_tier2] ipareplica2.test.local ipareplica_servers=ipareplica1.test.local,ipaserver.test.local ``` The first entry in ```ipareplica_servers``` will be used as the master. +In this case you need to have separate tasks in the playbook to first deploy replicas from tier1 and then replicas from tier2: +```yaml +--- +- name: Playbook to configure IPA replicas (tier1) + hosts: ipareplicas_tier1 + become: true + + roles: + - role: ipareplica + state: present + +- name: Playbook to configure IPA replicas (tier2) + hosts: ipareplicas_tier2 + become: true + + roles: + - role: ipareplica + state: present +``` + You can add settings for replica deployment: ```yaml [ipareplicas:vars] @@ -179,7 +201,7 @@ If you need to set more than one server for a client (for fallbacks etc.), simpl You can add settings for client deployment: ```yaml -[ipareplicas:vars] +[ipaclients:vars] ipaadmin_password=ADMPassword1 ipaserver_domain=test.local ipaserver_realm=TEST.LOCAL @@ -188,7 +210,7 @@ ipaserver_realm=TEST.LOCAL For enhanced security it is possible to use a auto-generated one-time-password (OTP). This will be generated on the controller using the (first) server. It is needed to have the Python gssapi bindings installed on the controller for this. To enable the generation of the one-time-password: ```yaml -[ipareplicas:vars] +[ipaclients:vars] ipaclient_use_otp=yes ```