Initial import; migrate some roles from irl.wip
This commit is contained in:
commit
2ba6c6691b
44 changed files with 1573 additions and 0 deletions
52
roles/freeipa/tasks/main.yml
Normal file
52
roles/freeipa/tasks/main.yml
Normal file
|
|
@ -0,0 +1,52 @@
|
|||
---
|
||||
- name: FreeIPA | PATCH | Request or renew Let's Encrypt Certificates
|
||||
ansible.builtin.include_tasks:
|
||||
file: certs.yml
|
||||
|
||||
- name: FreeIPA | PATCH | Deploy first FreeIPA server
|
||||
ansible.builtin.include_role:
|
||||
role: freeipa.ansible_freeipa.ipaserver
|
||||
vars:
|
||||
ipaserver_ca_cert_files:
|
||||
- /root/isrgrootx1.pem
|
||||
- /root/isrg-root-x2.pem
|
||||
ipaserver_dirsrv_cert_name: "{{ ansible_inventory }}"
|
||||
ipaserver_dirsrv_cert_files: [ "/root/server.p12" ]
|
||||
ipaserver_dirsrv_pin: ""
|
||||
ipaserver_firewalld_zone: public
|
||||
ipaserver_http_cert_name: "{{ ansible_inventory }}"
|
||||
ipaserver_http_cert_files: [ "/root/server.p12" ]
|
||||
ipaserver_http_pin: ""
|
||||
ipaserver_no_hbac_allow: true
|
||||
ipaserver_no_pkinit: true
|
||||
ipaserver_setup_dns: false
|
||||
when: inventory_hostname == groups['ipaservers'][0]
|
||||
|
||||
- name: FreeIPA | PATCH | Deploy replica FreeIPA servers
|
||||
ansible.builtin.include_role:
|
||||
role: freeipa.ansible_freeipa.ipareplica
|
||||
vars:
|
||||
ipareplica_ca_cert_files:
|
||||
- /root/isrgrootx1.pem
|
||||
- /root/isrg-root-x2.pem
|
||||
ipareplica_dirsrv_cert_name: "{{ ansible_inventory }}"
|
||||
ipareplica_dirsrv_cert_files: [ "/root/server.p12" ]
|
||||
ipareplica_dirsrv_pin: ""
|
||||
ipareplica_firewalld_zone: public
|
||||
ipareplica_http_cert_name: "{{ ansible_inventory }}"
|
||||
ipareplica_http_cert_files: [ "/root/server.p12" ]
|
||||
ipareplica_http_pin: ""
|
||||
ipareplica_no_pkinit: true
|
||||
ipareplica_setup_dns: false
|
||||
|
||||
- name: FreeIPA | AUDIT | Check current authselect configuration
|
||||
command: authselect current
|
||||
register: freeipa_authselect_status
|
||||
changed_when: false
|
||||
|
||||
- name: FreeIPA | PATCH | Apply authselect profile with sssd, sudo, and mkhomedir if not set
|
||||
command: authselect select sssd with-sudo with-mkhomedir
|
||||
when: >
|
||||
'Profile ID: sssd' not in freeipa_authselect_status.stdout or
|
||||
'with-sudo' not in freeipa_authselect_status.stdout or
|
||||
'with-mkhomedir' not in freeipa_authselect_status.stdout
|
||||
Loading…
Add table
Add a link
Reference in a new issue