forked from jakub/ansible
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
---
|
|
- name: Install FreeIPA client packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- freeipa-client
|
|
- sssd
|
|
- sssd-tools
|
|
- oddjob
|
|
- oddjob-mkhomedir
|
|
state: present
|
|
|
|
- name: Set hostname
|
|
ansible.builtin.hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
|
|
- name: Configure resolv.conf
|
|
ansible.builtin.copy:
|
|
dest: /etc/resolv.conf
|
|
content: |
|
|
search im.lab
|
|
nameserver ipa.im.lab
|
|
when: ansible_facts.os_family != "Debian"
|
|
|
|
- name: Enroll to FreeIPA
|
|
ansible.builtin.command: >
|
|
ipa-client-install
|
|
--domain=im.lab
|
|
--realm=IPA.IM.LAB
|
|
--server=ipa.im.lab
|
|
--hostname={{ inventory_hostname }}
|
|
--mkhomedir
|
|
--unattended
|
|
args:
|
|
creates: /etc/ipa/default.conf
|
|
|
|
- name: Configure SSSD
|
|
freeipa.ansible_freeipa.ipaclient_setup_sssd:
|
|
servers: ["ipa.im.lab"]
|
|
domain: im.lab
|
|
realm: IPA.IM.LAB
|
|
hostname: "{{ inventory_hostname }}"
|
|
no_krb5_offline_passwords: yes
|
|
notify: Restart SSSD
|
|
|
|
- name: Enable and start SSSD
|
|
ansible.builtin.service:
|
|
name: sssd
|
|
state: started
|
|
enabled: true |