internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 05:43:26 +00:00
Code Issues Projects Releases Wiki Activity
53 Commits 12 Branches 63 Tags
2d95d0df95cb2a257fbbb110746f93bdbe19bff2
Commit Graph

27 Commits

Author SHA1 Message Date
Thomas Woerner
2d95d0df95 roles/ipaclient: New ipaclient_use_otp setting to force otp usage 
The use of otp can be forced to not transfer the admin password while setting
up the ipa client. Only the one-time-password will be transferred to the
client machine.

ipaclient_password will be overwritten by the otp password.
 2017-09-15 12:49:22 +02:00
Thomas Woerner
c088e3f9a6 library/ipajoin.py: Add kinit_attempts default value 
Also: Add ipaclient_kinit_attempts default value to
roles/ipaclient/defaults/main.yml
 2017-09-15 12:26:03 +02:00
Thomas Woerner
e7520a5b1f roles/ipaclient/tasks/install.yml: Tew additional checks for password, keytab and otp 2017-09-15 10:09:28 +02:00
Thomas Woerner
0b4aec7b6a roles/krb5: Compatibility for ipa 4.4 and later 
New variables have been added (undefined by default):
  krb5_dns_canonicalize_hostname
  krb5_pkinit_anchors
  krb5_pkinit_pool

These are set according to the ipa version requirements. See
roles/ipaclient/tasks/install.yml
 2017-09-15 09:40:08 +02:00
Thomas Woerner
a572dfb69e library/sssd.py: Renamed to ipasssd 2017-09-15 09:40:08 +02:00
Thomas Woerner
0c5905fddb library/ipadiscovery.py: Add ca_cert_file argument for discovery 2017-09-15 09:40:08 +02:00
Thomas Woerner
4789595428 library/fstore.py: Renaed to ipafstore 2017-09-15 09:40:08 +02:00
Thomas Woerner
20538cc86e New module fstore to backup files using IPA client sysrestore 
- Backup ipa default conf
- Backup krb5.conf
 2017-08-31 18:45:28 +02:00
Thomas Woerner
893e32b7c6 roles/ipaclient/defaults/main.yml: Remove default values for some vars 
This is needed to be able to use defined and undefined checks.
 2017-08-31 17:44:57 +02:00
Thomas Woerner
ba1e5c210f roles/ipaclient/tasks/install.yml: Replace ipaserver_ by ipaclient_ 2017-08-31 17:36:47 +02:00
Thomas Woerner
5198eb5304 roles/ipaclient/tasks/install.yml: Use new roles and modules 
The sssd role has been deactivated in favor of the new sssd module, because the module is able to adapt an existing configuration.
 2017-08-30 14:45:01 +02:00
Thomas Woerner
d10d078a42 New role to configure ipa default.conf 2017-08-30 14:35:39 +02:00
Thomas Woerner
5f17e9a778 roles/krb5: New krb5_no_default_domain setting 2017-08-30 14:31:05 +02:00
Thomas Woerner
e65ba14e52 roles/sssd: Fixed several small defects, added libselinux-python to sssd_packages 2017-08-30 14:28:34 +02:00
Thomas Woerner
a484e5b2d2 roles/ipaclient/defaults/main.yml: ipaclient_ntp should default to no 2017-08-30 14:27:31 +02:00
Thomas Woerner
5cfcccd616 library/ipajoin.py: Doc updates, renamed ca_certs_file 
Documentation for domain, principal, keytab, ca_cert_file and kinit_attempts
has been added.

ca_certs_file has been renamed to ca_cert_file as it is used in
ipa-client-install.
 2017-08-24 12:54:37 +02:00
Thomas Woerner
18cc39dd30 roles/ipaclient/tasks/install.yml: Test code for krb5 and sssd 2017-08-24 12:39:01 +02:00
Thomas Woerner
bd8e23f211 New role for krb5 2017-08-24 12:38:15 +02:00
Thomas Woerner
3ae2a51c08 New sssd role 2017-08-24 12:36:51 +02:00
Thomas Woerner
44e4ee7459 library/ipajoin.py: New module for ipajoin 
The module is doing the important part of the code in ipa-client-install
to be able to use ipa-join on the client. get_ca_certs* from client.py are
used as a temporary solution.
 2017-08-24 12:33:23 +02:00
Thomas Woerner
4dea948fda roles/ipaclient/tasks/install.yml: Install IPA client early 
IPA client imports are needed for discovery
 2017-08-24 12:20:54 +02:00
Thomas Woerner
0246ad0079 roles/ipaclient/defaults/main.yml: Remove unused ipaclient_servers 2017-08-24 12:19:51 +02:00
Thomas Woerner
07a15c56e8 library/ipadiscovery.py: New module for ipa discovery 
The module is doing the same discovery that ipa-client-install is doing
internally. The results are saved into a structure named ipadiscovery for
the ansible module.

The discovery module is needed to be able to not depend on the definition
of the ipaservers group for example to get otp passwords, to be able to
join and to configure sssd and other services corretly.
 2017-08-23 20:40:46 +02:00
Thomas Woerner
97be0612fb library/ipaclient.py: servers needs to be a list 
More than one server could be specified
 2017-08-23 20:38:51 +02:00
Thomas Woerner
95c38d169d New ipaclient options: force_join, kinit_attempts, ntp and mkhomedir 2017-08-18 10:02:01 +02:00
Florence Blanc-Renaud
38d7223376 Modify ipahost module: the authentication is done locally on the controller 
node and the credential cache is copied to the managed node

ipahost module is also using facts gathered from the server to find the
domain and realm.
 2017-08-10 16:54:44 +02:00
Florence Blanc-Renaud
09f45e4acd Ansible for IPA 2017-07-03 09:55:23 +02:00