internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
91c4b83311a5ddde2d7a7396574d6bc54be81a44
ansible-freeipa/roles/ipasmartcard_client
History
Rafael Guterres Jeffman 91c4b83311 Configure yamllint to be compatible with ansible-lint 
Current version of ansible-list pre-commit hook required changes in the
ansible-freeipa yamllint configuration and these changes triggered
issues in the current playbooks on roles and tests.

This patch adds the required changes to yaml lint configuration and
fixes the affected playbooks.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
2025-01-31 11:32:59 -03:00
..
defaults
New roles for smartcard server and client setup
2022-06-22 15:13:52 +02:00
files
New roles for smartcard server and client setup
2022-06-22 15:13:52 +02:00
library
Role modules: Docs: Fix default value for string list parameters
2024-07-01 11:33:28 +02:00
meta
Change minimum Ansible version to 2.14
2024-11-26 11:56:24 +01:00
tasks
Configure yamllint to be compatible with ansible-lint
2025-01-31 11:32:59 -03:00
vars
New roles for smartcard server and client setup
2022-06-22 15:13:52 +02:00
README.md
Change minimum Ansible version to 2.14
2024-11-26 11:56:24 +01:00

README.md

ipasmartcard_client role

Description

This role allows to configure IPA clients for Smart Card authentication.

Note: The ansible-freeipa smartcard client role requires an enrolled IPA client.

Features

  • Client setup for Smart Card authentication

Supported FreeIPA Versions

FreeIPA versions 4.5 and up are supported by this role.

Supported Distributions

  • RHEL/CentOS 7.6+
  • CentOS Stream 8+
  • Fedora 26+

Requirements

Controller

  • Ansible version: 2.14+

Node

  • Supported FreeIPA version (see above)
  • Supported distribution (needed for package installation only, see above)
  • Enrolled IPA client

Limitations

Only the enablement of smartcards is supported by the role, there is no disablement.

Usage

Example inventory file with IPA clients:

[ipaclients]
ipaclient1.example.com
ipaclient2.example.com

[ipaclients:vars]
ipaadmin_password=SomeADMINpassword
ipasmartcard_client_ca_certs=/etc/ipa/ca.crt

Example playbook to setup smartcard for the IPA clients using admin password and ipasmartcard_client_ca_certs from inventory file:

---
- name: Playbook to setup smartcard for IPA clients
  hosts: ipaclients
  become: true

  roles:
  - role: ipasmartcard_client
    state: present

Playbooks

The playbooks needed to setup smartcard for the IPA clients is part of the repository in the playbooks folder.

install-smartcard-clients.yml

Please remember to link or copy the playbooks to the base directory of ansible-freeipa if you want to use the roles within the source archive.

How to setup smartcard for clients

ansible-playbook -v -i inventory/hosts install-smartcard-clients.yml

This will setup the clients for smartcard use.

Variables

Variable Description Required
ipaadmin_principal The kerberos principal used for admin. Will be set to admin if not set. (string) no
ipaadmin_password The password for the IPA admin user. As an alternative an admin user keytab can be used instead with ipaadmin_keytab. (string) yes
ipaadmin_keytab The admin keytab as an alternative to ipaadmin_password. (string) no
ipasmartcard_client_ca_certs The CA certificates for smartcard use. If ipasmartcard_client_ca_certs is not set, but ipasmartcard_server_ca_certs, then ipasmartcard_server_ca_certs will be used. yes

Authors

Thomas Woerner