forked from jakub/ansible
Update initial_install/roles/freeipa_client/tasks/main.yml
This commit is contained in:
@@ -1,13 +1,4 @@
|
|||||||
```yaml
|
|
||||||
---
|
---
|
||||||
- name: DEBUG - confirm new file is used
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "🔥 NEW FREEIPA ROLE VERSION IS RUNNING 🔥"
|
|
||||||
|
|
||||||
- name: DEBUG - show ipa_admin_password presence
|
|
||||||
ansible.builtin.debug:
|
|
||||||
msg: "ipa_admin_password={{ ipa_admin_password | default('NOT SET') }}"
|
|
||||||
|
|
||||||
- name: Install FreeIPA client packages
|
- name: Install FreeIPA client packages
|
||||||
ansible.builtin.package:
|
ansible.builtin.package:
|
||||||
name:
|
name:
|
||||||
@@ -18,41 +9,49 @@
|
|||||||
- oddjob-mkhomedir
|
- oddjob-mkhomedir
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Set hostname (FQDN)
|
- name: Set hostname FQDN
|
||||||
ansible.builtin.hostname:
|
ansible.builtin.hostname:
|
||||||
name: "{{ inventory_hostname }}.im.lab"
|
name: "{{ inventory_hostname }}.im.lab"
|
||||||
|
|
||||||
- name: DEBUG - show hostname used
|
- name: Check if FreeIPA client is already configured
|
||||||
ansible.builtin.debug:
|
ansible.builtin.stat:
|
||||||
msg: "Hostname will be {{ inventory_hostname }}.im.lab"
|
path: /etc/ipa/default.conf
|
||||||
|
register: ipa_client_conf
|
||||||
|
|
||||||
- name: Enroll to FreeIPA
|
- name: Enroll to FreeIPA
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command:
|
||||||
ipa-client-install
|
argv:
|
||||||
--domain=im.lab
|
- ipa-client-install
|
||||||
--realm=IPA.IM.LAB
|
- --domain=im.lab
|
||||||
--server=ipa.im.lab
|
- --realm=IPA.IM.LAB
|
||||||
--hostname={{ inventory_hostname }}.im.lab
|
- --server=ipa.im.lab
|
||||||
--mkhomedir
|
- "--hostname={{ inventory_hostname }}.im.lab"
|
||||||
--principal=admin
|
- --mkhomedir
|
||||||
--password={{ ipa_admin_password }}
|
- --principal=admin
|
||||||
--unattended
|
- --password={{ ipa_admin_password }}
|
||||||
args:
|
- --unattended
|
||||||
creates: /etc/ipa/default.conf
|
- --force-join
|
||||||
|
no_log: true
|
||||||
|
when: not ipa_client_conf.stat.exists
|
||||||
|
|
||||||
- name: Configure SSSD
|
- name: Enable mkhomedir
|
||||||
freeipa.ansible_freeipa.ipaclient_setup_sssd:
|
ansible.builtin.command:
|
||||||
servers:
|
argv:
|
||||||
- ipa.im.lab
|
- authselect
|
||||||
domain: im.lab
|
- enable-feature
|
||||||
realm: IPA.IM.LAB
|
- with-mkhomedir
|
||||||
hostname: "{{ inventory_hostname }}.im.lab"
|
register: authselect_mkhomedir
|
||||||
no_krb5_offline_passwords: true
|
changed_when: "'already enabled' not in authselect_mkhomedir.stdout"
|
||||||
notify: Restart SSSD
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Enable and start oddjobd
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: oddjobd
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
- name: Enable and start SSSD
|
- name: Enable and start SSSD
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: sssd
|
name: sssd
|
||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
```
|
|
||||||
Reference in New Issue
Block a user