mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
b3f024869c
The firewalld zone verification tasks in ipaserver, ipareplica, and ipabackup roles were triggering Ansible warnings due to variable ipareplica_firewalld_zone not being defined when evaluating the task name. This fix remove the Jinja template from the task names and wrap the tasks in a single block so the variable verification is done only once. Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>
816 lines
38 KiB
YAML
816 lines
38 KiB
YAML
---
|
|
# tasks file for ipareplica
|
|
|
|
- name: Install - Set ipareplica__dns_over_lts
|
|
ansible.builtin.set_fact:
|
|
ipareplica__dns_over_tls: "{{ ipareplica_dns_over_tls | default(ipaclient_dns_over_tls) | default(False) }}"
|
|
|
|
- name: Install - Package installation
|
|
when: ipareplica_install_packages | bool
|
|
block:
|
|
|
|
- name: Install - Set packages for installation
|
|
ansible.builtin.set_fact:
|
|
_ipapackages: "{{ ipareplica_packages }}"
|
|
|
|
- name: Install - Set packages for installlation, add DNS
|
|
ansible.builtin.set_fact:
|
|
_ipapackages: "{{ _ipapackages + ipareplica_packages_dns }}"
|
|
when: ipareplica_setup_dns | bool
|
|
|
|
- name: Install - Set packages for installlation, add DOT
|
|
ansible.builtin.set_fact:
|
|
_ipapackages: "{{ _ipapackages + ipareplica_packages_dot }}"
|
|
when: ipareplica__dns_over_tls | bool
|
|
|
|
- name: Install - Set packages for installlation, add adtrust
|
|
ansible.builtin.set_fact:
|
|
_ipapackages: "{{ _ipapackages + ipareplica_packages_adtrust }}"
|
|
when: ipareplica_setup_adtrust | bool
|
|
|
|
- name: Install - Set packages for installlation, add firewalld
|
|
ansible.builtin.set_fact:
|
|
_ipapackages: "{{ _ipapackages + ipareplica_packages_firewalld }}"
|
|
when: ipareplica_setup_firewalld | bool
|
|
|
|
- name: Install - Ensure that packages are installed
|
|
ansible.builtin.package:
|
|
name: "{{ _ipapackages }}"
|
|
state: present
|
|
|
|
- name: Firewall configuration
|
|
when: ipareplica_setup_firewalld | bool
|
|
block:
|
|
- name: Firewalld service - Ensure that firewalld is running
|
|
ansible.builtin.systemd:
|
|
name: firewalld
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Firewalld - Verify zones
|
|
when: ipareplica_firewalld_zone is defined
|
|
block:
|
|
- name: Firewalld - Verify runtime zone from ipareplica_firewalld_zone
|
|
ansible.builtin.shell: >
|
|
firewall-cmd
|
|
--info-zone="{{ ipareplica_firewalld_zone }}"
|
|
>/dev/null
|
|
|
|
- name: Firewalld - Verify permanent zone from ipareplica_firewalld_zone
|
|
ansible.builtin.shell: >
|
|
firewall-cmd
|
|
--permanent
|
|
--info-zone="{{ ipareplica_firewalld_zone }}"
|
|
>/dev/null
|
|
|
|
- name: Install - Set ipareplica_servers
|
|
ansible.builtin.set_fact:
|
|
ipareplica_servers: "{{ groups['ipaservers'] | list }}"
|
|
when: groups.ipaservers is defined and ipareplica_servers is not defined
|
|
|
|
- name: Install - Set ipareplica_servers from cluster inventory
|
|
ansible.builtin.set_fact:
|
|
ipareplica_servers: "{{ groups['ipaserver'] | list }}"
|
|
when: ipareplica_servers is not defined and groups.ipaserver is defined
|
|
|
|
- name: Install - Set default principal if no keytab is given
|
|
ansible.builtin.set_fact:
|
|
ipaadmin_principal: admin
|
|
when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
|
|
|
|
- name: Install - Replica installation test
|
|
ipareplica_test:
|
|
### basic ###
|
|
# dm_password: "{{ ipadm_password | default(omit) }}"
|
|
# password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ ipareplica_domain | default(ipaserver_domain) |
|
|
default(omit) }}"
|
|
servers: "{{ ipareplica_servers | default(omit) }}"
|
|
realm: "{{ ipareplica_realm | default(ipaserver_realm) | default(omit) }}"
|
|
hostname: "{{ ipareplica_hostname | default(ansible_facts['fqdn']) }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
hidden_replica: "{{ ipareplica_hidden_replica }}"
|
|
skip_mem_check: "{{ not ipareplica_mem_check }}"
|
|
### server ###
|
|
setup_adtrust: "{{ ipareplica_setup_adtrust }}"
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ ipareplica_setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
http_cert_files: "{{ ipareplica_http_cert_files | default([]) }}"
|
|
pkinit_cert_files: "{{ ipareplica_pkinit_cert_files | default([]) }}"
|
|
### client ###
|
|
no_ntp: "{{ ipaclient_no_ntp }}"
|
|
ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
|
|
ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
|
|
### dns ###
|
|
no_reverse: "{{ ipareplica_no_reverse }}"
|
|
auto_reverse: "{{ ipareplica_auto_reverse }}"
|
|
forwarders: "{{ ipareplica_forwarders | default([]) }}"
|
|
no_forwarders: "{{ ipareplica_no_forwarders }}"
|
|
auto_forwarders: "{{ ipareplica_auto_forwarders }}"
|
|
forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
|
|
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
|
dot_forwarders: "{{ ipareplica_dot_forwarders | default([]) }}"
|
|
dns_over_tls: "{{ ipareplica__dns_over_tls }}"
|
|
dns_over_tls_cert: "{{ ipareplica_dns_over_tls_cert | default(omit) }}"
|
|
dns_over_tls_key: "{{ ipareplica_dns_over_tls_key | default(omit) }}"
|
|
dns_policy: "{{ ipareplica_dns_policy | default(omit) }}"
|
|
register: result_ipareplica_test
|
|
|
|
- name: Install - Deploy replica
|
|
when: not ansible_check_mode and
|
|
not (result_ipareplica_test.client_already_configured is defined or
|
|
result_ipareplica_test.server_already_configured is defined)
|
|
block:
|
|
# This block is executed only when
|
|
# not ansible_check_mode and
|
|
# not (result_ipareplica_test.client_already_configured is defined or
|
|
# result_ipareplica_test.server_already_configured is defined)
|
|
|
|
- name: Install - Setup client
|
|
ansible.builtin.include_role:
|
|
name: ipaclient
|
|
vars:
|
|
state: present
|
|
ipaclient_domain: "{{ result_ipareplica_test.domain | default(omit) }}"
|
|
ipaclient_realm: "{{ result_ipareplica_test.realm | default(omit) }}"
|
|
ipaclient_servers: "{{ ipareplica_servers | default(omit) }}"
|
|
ipaclient_hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ipaclient_ip_addresses: "{{ ipareplica_ip_addresses | default(omit) }}"
|
|
ipaclient_install_packages: "{{ ipareplica_install_packages }}"
|
|
ipaclient_dns_over_tls: "{{ ipareplica__dns_over_tls }}"
|
|
ipaclient_no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
|
when: not result_ipareplica_test.client_enrolled
|
|
|
|
- name: Install - Configure firewalld
|
|
ansible.builtin.command: >
|
|
firewall-cmd
|
|
--permanent
|
|
--zone="{{ ipareplica_firewalld_zone if ipareplica_firewalld_zone is
|
|
defined else '' }}"
|
|
--add-service=freeipa-ldap
|
|
--add-service=freeipa-ldaps
|
|
{{ "--add-service=freeipa-trust" if result_ipareplica_test.setup_adtrust
|
|
else "" }}
|
|
{{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
|
|
{{ "--add-service=dns-over-tls" if ipareplica__dns_over_tls | bool
|
|
else "" }}
|
|
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
|
when: ipareplica_setup_firewalld | bool
|
|
|
|
- name: Install - Configure firewalld runtime
|
|
ansible.builtin.command: >
|
|
firewall-cmd
|
|
--zone="{{ ipareplica_firewalld_zone if ipareplica_firewalld_zone is
|
|
defined else '' }}"
|
|
--add-service=freeipa-ldap
|
|
--add-service=freeipa-ldaps
|
|
{{ "--add-service=freeipa-trust" if result_ipareplica_test.setup_adtrust
|
|
else "" }}
|
|
{{ "--add-service=dns" if ipareplica_setup_dns | bool else "" }}
|
|
{{ "--add-service=dns-over-tls" if ipareplica__dns_over_tls | bool
|
|
else "" }}
|
|
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
|
when: ipareplica_setup_firewalld | bool
|
|
|
|
- name: Install - Replica preparation
|
|
ipareplica_prepare:
|
|
### basic ###
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
principal: "{{ ipaadmin_principal | default(omit) }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
dirsrv_cert_name: "{{ ipareplica_dirsrv_cert_name | default(omit) }}"
|
|
dirsrv_pin: "{{ ipareplica_dirsrv_pin | default(omit) }}"
|
|
http_cert_files: "{{ ipareplica_http_cert_files | default([]) }}"
|
|
http_cert_name: "{{ ipareplica_http_cert_name | default(omit) }}"
|
|
http_pin: "{{ ipareplica_http_pin | default(omit) }}"
|
|
pkinit_cert_files: "{{ ipareplica_pkinit_cert_files | default([]) }}"
|
|
pkinit_cert_name: "{{ ipareplica_pkinit_cert_name | default(omit) }}"
|
|
pkinit_pin: "{{ ipareplica_pkinit_pin | default(omit) }}"
|
|
### client ###
|
|
keytab: "{{ ipaclient_keytab | default(omit) }}"
|
|
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
|
|
force_join: "{{ ipaclient_force_join | default(omit) }}"
|
|
no_ntp: "{{ ipaclient_no_ntp | default(omit) }}"
|
|
ssh_trust_dns: "{{ ipaclient_ssh_trust_dns | default(omit) }}"
|
|
no_ssh: no
|
|
no_sshd: no
|
|
no_dns_sshfp: no
|
|
### dns ###
|
|
allow_zone_overlap: "{{ ipareplica_allow_zone_overlap }}"
|
|
reverse_zones: "{{ ipareplica_reverse_zones | default([]) }}"
|
|
no_reverse: "{{ ipareplica_no_reverse }}"
|
|
auto_reverse: "{{ ipareplica_auto_reverse }}"
|
|
forwarders: "{{ ipareplica_forwarders | default([]) }}"
|
|
no_forwarders: "{{ ipareplica_no_forwarders }}"
|
|
auto_forwarders: "{{ ipareplica_auto_forwarders }}"
|
|
forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
|
|
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
|
dot_forwarders: "{{ ipareplica_dot_forwarders | default([]) }}"
|
|
dns_over_tls: "{{ ipareplica__dns_over_tls }}"
|
|
dns_over_tls_cert: "{{ ipareplica_dns_over_tls_cert | default(omit) }}"
|
|
dns_over_tls_key: "{{ ipareplica_dns_over_tls_key | default(omit) }}"
|
|
dns_policy: "{{ ipareplica_dns_policy | default(omit) }}"
|
|
### ad trust ###
|
|
enable_compat: "{{ ipareplica_enable_compat }}"
|
|
netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
|
|
rid_base: "{{ ipareplica_rid_base | default(omit) }}"
|
|
secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
skip_conncheck: "{{ ipareplica_skip_conncheck }}"
|
|
sid_generation_always: "{{ result_ipareplica_test.sid_generation_always }}"
|
|
ipa_client_installed: "{{ result_ipareplica_test.client_enrolled }}"
|
|
register: result_ipareplica_prepare
|
|
|
|
- name: Install - Add to ipaservers
|
|
ipareplica_add_to_ipaservers:
|
|
### server ###
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
when: result_ipareplica_prepare._add_to_ipaservers
|
|
|
|
- name: Install - Create dirman password
|
|
no_log: yes
|
|
ipareplica_master_password:
|
|
master_password: "{{ ipareplica_master_password | default(omit) }}"
|
|
register: result_ipareplica_master_password
|
|
|
|
- name: Install - Set dirman password
|
|
no_log: yes
|
|
ansible.builtin.set_fact:
|
|
__derived_dirman_password:
|
|
"{{ result_ipareplica_master_password.password }}"
|
|
|
|
- name: Install - Setup certmonger
|
|
ipareplica_setup_certmonger:
|
|
when: result_ipareplica_prepare._ca_enabled
|
|
|
|
- name: Install - Install CA certs
|
|
ipareplica_install_ca_certs:
|
|
### basic ###
|
|
dm_password: "{{ ipadm_password | default(omit) }}"
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
### client ###
|
|
force_join: "{{ ipaclient_force_join }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
config_ips: "{{ result_ipareplica_prepare.config_ips }}"
|
|
register: result_ipareplica_install_ca_certs
|
|
when: result_ipareplica_test.install_ca_certs
|
|
|
|
- name: Install - Setup DS
|
|
ipareplica_setup_ds:
|
|
### basic ###
|
|
dm_password: "{{ ipadm_password | default(omit) }}"
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
### client ###
|
|
force_join: "{{ ipaclient_force_join }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
config_ips: "{{ result_ipareplica_prepare.config_ips }}"
|
|
register: result_ipareplica_setup_ds
|
|
|
|
- name: Install - Create IPA conf
|
|
ipareplica_create_ipa_conf:
|
|
### basic ###
|
|
dm_password: "{{ ipadm_password | default(omit) }}"
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
### client ###
|
|
force_join: "{{ ipaclient_force_join }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
|
|
- name: Install - Setup KRB
|
|
ipareplica_setup_krb:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
|
|
# We need to point to the master in ipa default conf when certmonger
|
|
# asks for HTTP certificate in newer ipa versions. In these versions
|
|
# create_ipa_conf has the additional master argument.
|
|
- name: Install - Create override IPA conf
|
|
ipareplica_create_ipa_conf:
|
|
### basic ###
|
|
dm_password: "{{ ipadm_password | default(omit) }}"
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
### client ###
|
|
force_join: "{{ ipaclient_force_join }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
master:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
when: result_ipareplica_test.change_master_for_certmonger
|
|
|
|
- name: Install - DS enable SSL
|
|
ipareplica_ds_enable_ssl:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
|
|
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
|
|
|
|
- name: Install - Setup http
|
|
ipareplica_setup_http:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info if result_ipareplica_prepare._http_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
|
|
# Need to point back to ourself after the cert for HTTP is obtained
|
|
- name: Install - Create original IPA conf again
|
|
ipareplica_create_ipa_conf:
|
|
### basic ###
|
|
dm_password: "{{ ipadm_password | default(omit) }}"
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
### client ###
|
|
force_join: "{{ ipaclient_force_join }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
when: result_ipareplica_test.change_master_for_certmonger
|
|
|
|
- name: Install - Setup otpd
|
|
ipareplica_setup_otpd:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
|
|
- name: Install - Setup custodia
|
|
ipareplica_setup_custodia:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
|
|
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
|
|
- name: Install - Setup CA
|
|
ipareplica_setup_ca:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
pki_config_override:
|
|
"{{ ipareplica_pki_config_override | default(omit) }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
|
|
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name:
|
|
"{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
config_ips: "{{ result_ipareplica_prepare.config_ips }}"
|
|
when: result_ipareplica_prepare._ca_enabled
|
|
|
|
- name: Install - KRB enable SSL
|
|
ipareplica_krb_enable_ssl:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
|
|
- name: Install - DS apply updates
|
|
ipareplica_ds_apply_updates:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
|
|
dirsrv_config_file: "{{ ipareplica_dirsrv_config_file | default(omit) }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
|
|
|
|
- name: Install - Setup kra
|
|
ipareplica_setup_kra:
|
|
### basic ###
|
|
dm_password: "{{ ipadm_password | default(omit) }}"
|
|
password: "{{ ipaadmin_password | default(omit) }}"
|
|
ip_addresses: "{{ ipareplica_ip_addresses | default([]) }}"
|
|
domain: "{{ result_ipareplica_test.domain }}"
|
|
realm: "{{ result_ipareplica_test.realm }}"
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
|
|
no_host_dns: "{{ ipareplica_no_host_dns }}"
|
|
pki_config_override:
|
|
"{{ ipareplica_pki_config_override | default(omit) }}"
|
|
### replica ###
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### ssl certificate ###
|
|
dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
|
|
### client ###
|
|
force_join: "{{ ipaclient_force_join }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
server: "{{ result_ipareplica_test.server }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
|
|
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
|
|
_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
|
|
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
when: result_ipareplica_test.setup_kra
|
|
|
|
- name: Install - Restart KDC
|
|
ipareplica_restart_kdc:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
|
|
- name: Install - Custodia import dm password
|
|
ipareplica_custodia_import_dm_password:
|
|
### server ###
|
|
setup_ca: "{{ ipareplica_setup_ca }}"
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
no_pkinit: "{{ ipareplica_no_pkinit }}"
|
|
no_ui_redirect: "{{ ipareplica_no_ui_redirect }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
|
|
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
dirman_password: "{{ __derived_dirman_password }}"
|
|
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
|
|
- name: Install - Promote SSSD
|
|
ipareplica_promote_sssd:
|
|
### replica ###
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
|
|
- name: Install - Promote openldap.conf
|
|
ipareplica_promote_openldap_conf:
|
|
### replica ###
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
|
|
- name: Install - Setup DNS
|
|
ipareplica_setup_dns:
|
|
### server ###
|
|
setup_dns: "{{ ipareplica_setup_dns }}"
|
|
### replica ###
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### dns ###
|
|
zonemgr: "{{ ipareplica_zonemgr | default(omit) }}"
|
|
forwarders: "{{ ipareplica_forwarders | default([]) }}"
|
|
forward_policy: "{{ result_ipareplica_prepare.forward_policy if
|
|
result_ipareplica_prepare.forward_policy is
|
|
not none else omit }}"
|
|
no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
|
|
dot_forwarders: "{{ ipareplica_dot_forwarders | default([]) }}"
|
|
dns_over_tls: "{{ ipareplica__dns_over_tls }}"
|
|
dns_over_tls_cert: "{{ ipareplica_dns_over_tls_cert | default(omit) }}"
|
|
dns_over_tls_key: "{{ ipareplica_dns_over_tls_key | default(omit) }}"
|
|
dns_policy: "{{ ipareplica_dns_policy | default(omit) }}"
|
|
### additional ###
|
|
dns_ip_addresses: "{{ result_ipareplica_prepare.dns_ip_addresses }}"
|
|
dns_reverse_zones: "{{ result_ipareplica_prepare.dns_reverse_zones }}"
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
|
|
- name: Install - Setup adtrust
|
|
ipareplica_setup_adtrust:
|
|
### replica ###
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### ad trust ###
|
|
enable_compat: "{{ ipareplica_enable_compat }}"
|
|
rid_base: "{{ result_ipareplica_prepare.rid_base }}"
|
|
secondary_rid_base: "{{ result_ipareplica_prepare.secondary_rid_base }}"
|
|
### additional ###
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
adtrust_netbios_name:
|
|
"{{ result_ipareplica_prepare.adtrust_netbios_name }}"
|
|
adtrust_reset_netbios_name:
|
|
"{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}"
|
|
when: result_ipareplica_test.setup_adtrust or
|
|
result_ipareplica_test.sid_generation_always
|
|
|
|
- name: Install - Enable IPA
|
|
ipareplica_enable_ipa:
|
|
hostname: "{{ result_ipareplica_test.hostname }}"
|
|
hidden_replica: "{{ ipareplica_hidden_replica }}"
|
|
### server ###
|
|
### replica ###
|
|
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
|
|
### certificate system ###
|
|
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
### additional ###
|
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
config_master_host_name:
|
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
|
register: result_ipareplica_enable_ipa
|
|
|
|
always:
|
|
- name: Install - Cleanup root IPA cache
|
|
ansible.builtin.file:
|
|
path: "/root/.ipa_cache"
|
|
state: absent
|
|
|
|
- name: Cleanup temporary files
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- "/etc/ipa/.tmp_pkcs12_dirsrv"
|
|
- "/etc/ipa/.tmp_pkcs12_http"
|
|
- "/etc/ipa/.tmp_pkcs12_pkinit"
|