26 lines
949 B
YAML
26 lines
949 B
YAML
|
---
|
||
|
|
- name: FreeIPA Client | PATCH | Join IPA domain
|
||
|
|
ansible.builtin.include_role:
|
||
|
|
role: freeipa.ansible_freeipa.ipaclient
|
||
|
|
vars:
|
||
|
|
ipaclient_hostname: "{{ inventory_hostname }}"
|
||
|
|
|
||
|
|
- name: FreeIPA Client | AUDIT | Check current authselect configuration
|
||
|
|
ansible.builtin.command: authselect current
|
||
|
|
register: freeipa_authselect_status
|
||
|
|
changed_when: false
|
||
|
|
|
||
|
|
- name: FreeIPA Client | PATCH | Apply authselect profile with sssd, sudo, and mkhomedir if not set
|
||
|
|
ansible.builtin.command: authselect select sssd with-sudo with-mkhomedir --force
|
||
|
|
when: >
|
||
|
|
'Profile ID: sssd' not in freeipa_authselect_status.stdout or
|
||
|
|
'with-sudo' not in freeipa_authselect_status.stdout or
|
||
|
|
'with-mkhomedir' not in freeipa_authselect_status.stdout
|
||
|
|
|
||
|
|
- name: FreeIPA Client | PATCH | Enable oddjobd.service (for with-mkhomedir feature)
|
||
|
|
ansible.builtin.systemd_service:
|
||
|
|
name: oddjobd.service
|
||
|
|
state: started
|
||
|
|
enabled: true
|
||
|
|
masked: false
|