mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-06-10 10:45:55 +00:00
50 lines
1.2 KiB
YAML
50 lines
1.2 KiB
YAML
---
|
|
- name: Playbook to configure IPA server step1
|
|
hosts: ipaserver
|
|
become: true
|
|
vars:
|
|
ipaserver_external_ca: yes
|
|
|
|
roles:
|
|
- role: ipaserver
|
|
state: present
|
|
|
|
post_tasks:
|
|
- name: Copy CSR /root/ipa.csr from node to "{{ groups.ipaserver[0] + '-ipa.csr' }}"
|
|
fetch:
|
|
src: /root/ipa.csr
|
|
dest: "{{ groups.ipaserver[0] + '-ipa.csr' }}"
|
|
flat: yes
|
|
|
|
- name: Get /root/ipa.csr, create CA, sign with our CA and copy to node
|
|
hosts: localhost
|
|
|
|
tasks:
|
|
- name: Run external-ca.sh
|
|
command: >
|
|
/bin/bash
|
|
external-ca.sh
|
|
"{{ groups.ipaserver[0] }}"
|
|
"{{ ipaserver_domain | default(groups.ipaserver[0].split('.')[1:] | join ('.')) }}"
|
|
args:
|
|
chdir: "{{ playbook_dir }}"
|
|
|
|
- name: Playbook to configure IPA server step2
|
|
hosts: ipaserver
|
|
become: true
|
|
vars:
|
|
ipaserver_external_cert_files: "/root/chain.crt"
|
|
#ipaserver_external_ca_file: "cacert.asc"
|
|
|
|
pre_tasks:
|
|
- name: Copy "{{ groups.ipaserver[0] + '-chain.crt' }}" to /root/chain.crt on node
|
|
copy:
|
|
src: "{{ groups.ipaserver[0] + '-chain.crt' }}"
|
|
dest: "/root/chain.crt"
|
|
force: yes
|
|
mode: preserve
|
|
|
|
roles:
|
|
- role: ipaserver
|
|
state: present
|