57 lines
1.3 KiB
YAML
57 lines
1.3 KiB
YAML
---
|
|
- name: Install FreeIPA client packages
|
|
ansible.builtin.package:
|
|
name:
|
|
- freeipa-client
|
|
- sssd
|
|
- sssd-tools
|
|
- oddjob
|
|
- oddjob-mkhomedir
|
|
state: present
|
|
|
|
- name: Set hostname FQDN
|
|
ansible.builtin.hostname:
|
|
name: "{{ inventory_hostname }}.im.lab"
|
|
|
|
- name: Check if FreeIPA client is already configured
|
|
ansible.builtin.stat:
|
|
path: /etc/ipa/default.conf
|
|
register: ipa_client_conf
|
|
|
|
- name: Enroll to FreeIPA
|
|
ansible.builtin.command:
|
|
argv:
|
|
- ipa-client-install
|
|
- --domain=im.lab
|
|
- --realm=IM.LAB
|
|
- --server=ipa.im.lab
|
|
- "--hostname={{ inventory_hostname }}.im.lab"
|
|
- --mkhomedir
|
|
- --principal=admin
|
|
- --password={{ ipa_admin_password }}
|
|
- --unattended
|
|
- --force-join
|
|
no_log: false
|
|
when: not ipa_client_conf.stat.exists
|
|
|
|
- name: Enable mkhomedir
|
|
ansible.builtin.command:
|
|
argv:
|
|
- authselect
|
|
- enable-feature
|
|
- with-mkhomedir
|
|
register: authselect_mkhomedir
|
|
changed_when: "'already enabled' not in authselect_mkhomedir.stdout"
|
|
failed_when: false
|
|
|
|
- name: Enable and start oddjobd
|
|
ansible.builtin.service:
|
|
name: oddjobd
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Enable and start SSSD
|
|
ansible.builtin.service:
|
|
name: sssd
|
|
state: started
|
|
enabled: true |