internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
61 Commits 12 Branches 63 Tags
4b2b6751b29709917bb024dd3733024b6f4b3120
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Thomas Woerner 4b2b6751b2 roles/ipaclient/tasks/install.yml: Purge realm from keytab after otp generation 
If a otp has bene generated it is needed to purge the realm from an exising
host keytab. If there is no host keytab or if the keytab is not containing
information about the realm, ipa-rmkeytab will fail and these two errors are
ignored.
2017-09-15 15:08:22 +02:00
action_plugins
Modify ipahost module: the authentication is done locally on the controller
2017-08-10 16:54:44 +02:00
inventory
inventory/hosts: Updated inventory file
2017-08-30 14:51:42 +02:00
library
Merge remote-tracking branch 'upstream/master'
2017-09-15 14:12:12 +02:00
roles
roles/ipaclient/tasks/install.yml: Purge realm from keytab after otp generation
2017-09-15 15:08:22 +02:00
README.md
Add newline in authors list
2017-08-30 14:56:32 +02:00
site.yml
Modify ipahost module: the authentication is done locally on the controller
2017-08-10 16:54:44 +02:00

README.md

ansible-freeipa

Description

This role allows to join hosts as clients to an IPA domain. This can be done in differnt ways using auto-discovery of the servers, domain and other settings or by specifying them.

Usage

Example inventory file with fixed principal and using auto-discovery with DNS records:

[ipaclients]
ipaclient1.example.com
ipaclient2.example.com

[ipaclients:vars]
ipaclient_principal=admin

Example playbook to setup the IPA client(s) using principal from inventory file and password from an Ansible Vault file:

- name: Playbook to configure IPA clients with username/password
  hosts: ipaclients
  become: true
  vars_files:
  - playbook_sensitive_data.yml

  roles:
  - role: ipaclient
    state: present

Example playbook to unconfigure the IPA client(s) using principal and password from inventory file:

- name: Playbook to unconfigure IPA clients
  hosts: ipaclients
  become: true

  roles:
  - role: ipaclient
    state: absent

Example inventory file with fixed servers, principal, password and domain:

[ipaclients]
ipaclient1.example.com
ipaclient2.example.com

[ipaservers]
ipaserver.example.com

[ipaclients:vars]
ipaclient_domain=example.com
ipaclient_principal=admin
ipaclient_password=MySecretPassword123

Example playbook to setup the IPA client(s) using principal and password from inventory file:

- name: Playbook to configure IPA clients with username/password
  hosts: ipaclients
  become: true

  roles:
  - role: ipaclient
    state: present

Variables

ipaservers - Group of IPA server hostnames. (list of strings, optional)

ipaclient_domain - The primary DNS domain of an existing IPA deployment. (string, optional)

ipaclient_realm - The Kerberos realm of an existing IPA deployment. (string, optional)

ipaclient_principal - The authorized kerberos principal used to join the IPA realm. (string, optional)

ipaclient_password - The password for the kerberos principal. (string, optional)

ipaclient_keytab - The path to a backed-up host keytab from previous enrollment. (string, optional)

ipaclient_force_join - Set force_join to yes to join the host even if it is already enrolled. (bool, optional)

ipaclient_kinit_attempts - Repeat the request for host Kerberos ticket X times if it fails. (int, optional)

ipaclient_ntp - Set to no to not configure and enable NTP (bool, optional)

ipaclient_mkhomedir - Set to yes to configure PAM to create a users home directory if it does not exist. (string, optional)

Requirements

freeipa-client v4.6

Authors

Florence Blanc-Renaud

Thomas Woerner

Description
No description provided
Readme 13 MiB
Languages
Python 95.6%
Shell 4.4%