internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 18:55:53 +00:00
Code Issues Projects Releases Wiki Activity
Files
6d8874ad63869119236b0779682eef2917ea9ada
ansible-freeipa/roles/ipaclient/tasks/install.yml
Thomas Woerner 5198eb5304 roles/ipaclient/tasks/install.yml: Use new roles and modules 
The sssd role has been deactivated in favor of the new sssd module, because the module is able to adapt an existing configuration.
2017-08-30 14:45:01 +02:00

131 lines
4.5 KiB
YAML
Raw Blame History

---
# tasks file for ipaclient
- name: Install - Install IPA client package
package:
name: "{{ ipaclient_package }}"
state: present
- name: Install - IPA discovery
ipadiscovery:
domain: "{{ ipaclient_domain | default(omit) }}"
servers: "{{ groups.ipaservers | default(omit) }}"
realm: "{{ ipaclient_realm | default(omit) }}"
hostname: "{{ ansible_fqdn }}"
check: yes
register: ipadiscovery
# The following block is executed when using OTP to enroll IPA client
# ie when neither ipaclient_password not ipaclient_keytab is set
# It connects to ipaserver and add the host with --random option in order
# to create a OneTime Password
- block:
- name: Install - Get a One-Time Password for client enrollment
ipahost:
state: present
principal: "{{ ipaserver_principal | default('admin') }}"
password: "{{ ipaserver_password | default(omit) }}"
keytab: "{{ ipaserver_keytab | default(omit) }}"
fqdn: "{{ ansible_fqdn }}"
lifetime: "{{ ipaserver_lifetime | default(omit) }}"
random: True
register: ipahost_output
# If the host is already enrolled, this command will exit on error
# The error can be ignored
failed_when: ipahost_output|failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
delegate_to: "{{ ipadiscovery.servers[0] }}"
- name: Install - Store the previously obtained OTP
set_fact:
ipaclient_otp: "{{ipahost_output.host.randompassword if ipahost_output.host is defined else 'dummyotp' }}"
when: ipaclient_password is not defined and ipaclient_keytab is not defined
- name: Install - Join IPA
ipajoin:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
kdc: "{{ ipadiscovery.kdc }}"
basedn: "{{ ipadiscovery.basedn }}"
hostname: "{{ ipadiscovery.hostname }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
principal: "{{ ipaclient_principal | default(omit) }}"
password: "{{ ipaclient_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
#ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
- name: Install - Configure IPA default.conf
include_role:
name: ipaconf
vars:
ipaconf_server: "{{ ipadiscovery.servers[0] }}"
ipaconf_domain: "{{ ipadiscovery.domain }}"
ipaconf_realm: "{{ ipadiscovery.realm }}"
ipaconf_hostname: "{{ ipadiscovery.hostname }}"
ipaconf_basedn: "{{ ipadiscovery.basedn }}"
- name: Install - Configure SSSD
sssd:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
hostname: "{{ ipadiscovery.hostname }}"
services: ["ssh", "sudo"]
krb5_offline_passwords: yes
#on_master: no
#primary: no
#permit: no
#dns_updates: no
#all_ip_addresses: no
- name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }}"
include_role:
name: krb5
vars:
krb5_servers: "{{ [ ] if ipadiscovery.dnsok else ipadiscovery.servers }}"
krb5_realm: "{{ ipadiscovery.realm }}"
krb5_dns_lookup_realm: "{{ 'true' if ipadiscovery.dnsok else 'false' }}"
krb5_dns_lookup_kdc: "{{ 'true' if ipadiscovery.dnsok else 'false' }}"
krb5_no_default_domain: "{{ 'true' if ipadiscovery.domain != ipadiscovery.client_domain else 'false' }}"
- name: Install - IPA API calls for remaining enrollment parts
ipaapi:
servers: "{{ ipadiscovery.servers }}"
realm: "{{ ipadiscovery.realm }}"
hostname: "{{ ipadiscovery.hostname }}"
#debug: yes
register: ipaapi
- name: Install - Create IPA NSS database
ipanss:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
basedn: "{{ ipadiscovery.basedn }}"
hostname: "{{ ipadiscovery.hostname }}"
subject_base: "{{ ipadiscovery.subject_base }}"
principal: "{{ ipaclient_principal | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"
#on_master: no
- name: Install - IPA extras configuration
ipaextras:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
ntp_servers: "{{ ipadiscovery.ntp_servers }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
#force_ntpd: no
#sssd: yes
#ssh: yes"
#trust_sshfp: yes
#sshd: yes
#automount_location:
#firefox: no
#firefox_dir:
#no_nisdomain: no
#nisdomain:
#on_master: no
Reference in New Issue View Git Blame Copy Permalink