forked from jakub/ansible
Update initial_install/roles/freeipa_client/tasks/main.yml
This commit is contained in:
@@ -1,13 +1,4 @@
|
||||
```yaml
|
||||
---
|
||||
- name: DEBUG - confirm new file is used
|
||||
ansible.builtin.debug:
|
||||
msg: "🔥 NEW FREEIPA ROLE VERSION IS RUNNING 🔥"
|
||||
|
||||
- name: DEBUG - show ipa_admin_password presence
|
||||
ansible.builtin.debug:
|
||||
msg: "ipa_admin_password={{ ipa_admin_password | default('NOT SET') }}"
|
||||
|
||||
- name: Install FreeIPA client packages
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
@@ -18,41 +9,49 @@
|
||||
- oddjob-mkhomedir
|
||||
state: present
|
||||
|
||||
- name: Set hostname (FQDN)
|
||||
- name: Set hostname FQDN
|
||||
ansible.builtin.hostname:
|
||||
name: "{{ inventory_hostname }}.im.lab"
|
||||
|
||||
- name: DEBUG - show hostname used
|
||||
ansible.builtin.debug:
|
||||
msg: "Hostname will be {{ inventory_hostname }}.im.lab"
|
||||
- name: Check if FreeIPA client is already configured
|
||||
ansible.builtin.stat:
|
||||
path: /etc/ipa/default.conf
|
||||
register: ipa_client_conf
|
||||
|
||||
- name: Enroll to FreeIPA
|
||||
ansible.builtin.command: >
|
||||
ipa-client-install
|
||||
--domain=im.lab
|
||||
--realm=IPA.IM.LAB
|
||||
--server=ipa.im.lab
|
||||
--hostname={{ inventory_hostname }}.im.lab
|
||||
--mkhomedir
|
||||
--principal=admin
|
||||
--password={{ ipa_admin_password }}
|
||||
--unattended
|
||||
args:
|
||||
creates: /etc/ipa/default.conf
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- ipa-client-install
|
||||
- --domain=im.lab
|
||||
- --realm=IPA.IM.LAB
|
||||
- --server=ipa.im.lab
|
||||
- "--hostname={{ inventory_hostname }}.im.lab"
|
||||
- --mkhomedir
|
||||
- --principal=admin
|
||||
- --password={{ ipa_admin_password }}
|
||||
- --unattended
|
||||
- --force-join
|
||||
no_log: true
|
||||
when: not ipa_client_conf.stat.exists
|
||||
|
||||
- name: Configure SSSD
|
||||
freeipa.ansible_freeipa.ipaclient_setup_sssd:
|
||||
servers:
|
||||
- ipa.im.lab
|
||||
domain: im.lab
|
||||
realm: IPA.IM.LAB
|
||||
hostname: "{{ inventory_hostname }}.im.lab"
|
||||
no_krb5_offline_passwords: true
|
||||
notify: Restart SSSD
|
||||
- name: Enable mkhomedir
|
||||
ansible.builtin.command:
|
||||
argv:
|
||||
- authselect
|
||||
- enable-feature
|
||||
- with-mkhomedir
|
||||
register: authselect_mkhomedir
|
||||
changed_when: "'already enabled' not in authselect_mkhomedir.stdout"
|
||||
failed_when: false
|
||||
|
||||
- name: Enable and start oddjobd
|
||||
ansible.builtin.service:
|
||||
name: oddjobd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Enable and start SSSD
|
||||
ansible.builtin.service:
|
||||
name: sssd
|
||||
state: started
|
||||
enabled: true
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user