internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-10 18:55:53 +00:00
Code Issues Projects Releases Wiki Activity
Files
dc9bb51a1a6c6925c64e912e725af9d32867a9d6
ansible-freeipa/roles/ipaclient/tasks/install.yml
Thomas Woerner 07a15c56e8 library/ipadiscovery.py: New module for ipa discovery 
The module is doing the same discovery that ipa-client-install is doing
internally. The results are saved into a structure named ipadiscovery for
the ansible module.

The discovery module is needed to be able to not depend on the definition
of the ipaservers group for example to get otp passwords, to be able to
join and to configure sssd and other services corretly.
2017-08-23 20:40:46 +02:00

58 lines
2.3 KiB
YAML
Raw Blame History

---
# tasks file for ipaclient
- name: Install - IPA discovery
ipadiscovery:
domain: "{{ ipaclient_domain | default(omit) }}"
servers: "{{ groups.ipaservers | default(omit) }}"
realm: "{{ ipaclient_realm | default(omit) }}"
hostname: "{{ ansible_fqdn }}"
register: ipadiscovery
# The following block is executed when using OTP to enroll IPA client
# ie when neither ipaclient_password not ipaclient_keytab is set
# It connects to ipaserver and add the host with --random option in order
# to create a OneTime Password
- block:
- name: Install - Get a One-Time Password for client enrollment
ipahost:
state: present
principal: "{{ ipaserver_principal | default('admin') }}"
password: "{{ ipaserver_password | default(omit) }}"
keytab: "{{ ipaserver_keytab | default(omit) }}"
fqdn: "{{ ansible_fqdn }}"
lifetime: "{{ ipaserver_lifetime | default(omit) }}"
random: True
register: ipahost_output
# If the host is already enrolled, this command will exit on error
# The error can be ignored
failed_when: ipahost_output|failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
delegate_to: "{{ ipadiscovery.servers[0] }}"
- name: Install - Store the previously obtained OTP
set_fact:
ipaclient_otp: "{{ipahost_output.host.randompassword if ipahost_output.host is defined else 'dummyotp' }}"
when: ipaclient_password is not defined and ipaclient_keytab is not defined
- name: Install - Install IPA client package
package:
name: "{{ ipaclient_package }}"
state: present
- name: Install - Configure IPA client
ipaclient:
state: present
domain: "{{ ipaclient_domain | default(omit) }}"
realm: "{{ ipaclient_realm | default(omit) }}"
servers: "{{ groups.ipaservers | default(omit) }}"
principal: "{{ ipaclient_principal | default(omit) }}"
password: "{{ ipaclient_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
otp: "{{ ipaclient_otp | default(omit) }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
extra_args: "{{ ipaclient_extraargs | default(omit) }}"
Reference in New Issue View Git Blame Copy Permalink