|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
# tasks file for ipaserver
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- block:
|
|
Packit |
8cb997 |
- name: Install - Ensure that IPA server packages are installed
|
|
Packit |
8cb997 |
package:
|
|
Packit |
8cb997 |
name: "{{ ipaserver_packages }}"
|
|
Packit |
8cb997 |
state: present
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Ensure that IPA server packages for dns are installed
|
|
Packit |
8cb997 |
package:
|
|
Packit |
8cb997 |
name: "{{ ipaserver_packages_dns }}"
|
|
Packit |
8cb997 |
state: present
|
|
Packit |
8cb997 |
when: ipaserver_setup_dns | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Ensure that IPA server packages for adtrust are installed
|
|
Packit |
8cb997 |
package:
|
|
Packit |
8cb997 |
name: "{{ ipaserver_packages_adtrust }}"
|
|
Packit |
8cb997 |
state: present
|
|
Packit |
8cb997 |
when: ipaserver_setup_adtrust | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Ensure that firewall packages installed
|
|
Packit |
8cb997 |
package:
|
|
Packit |
8cb997 |
name: "{{ ipaserver_packages_firewalld }}"
|
|
Packit |
8cb997 |
state: present
|
|
Packit |
8cb997 |
when: ipaserver_setup_firewalld | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Firewalld service - Ensure that firewalld is running
|
|
Packit |
8cb997 |
systemd:
|
|
Packit |
8cb997 |
name: firewalld
|
|
Packit |
8cb997 |
enabled: yes
|
|
Packit |
8cb997 |
state: started
|
|
Packit |
8cb997 |
when: ipaserver_setup_firewalld | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
when: ipaserver_install_packages | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
#- name: Install - Include Python2/3 import test
|
|
Packit |
8cb997 |
# import_tasks: "{{ role_path }}/tasks/python_2_3_test.yml"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- include_tasks: "{{ role_path }}/tasks/copy_external_cert.yml"
|
|
Packit |
8cb997 |
with_items: "{{ ipaserver_external_cert_files_from_controller }}"
|
|
Packit |
8cb997 |
when: ipaserver_external_cert_files_from_controller is defined and
|
|
Packit |
8cb997 |
ipaserver_external_cert_files_from_controller|length > 0 and
|
|
Packit |
8cb997 |
not ipaserver_external_cert_files is defined
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Server installation test
|
|
Packit |
8cb997 |
ipaserver_test:
|
|
Packit |
8cb997 |
### basic ###
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
master_password: "{{ ipaserver_master_password | default(omit) }}"
|
|
Packit |
8cb997 |
domain: "{{ ipaserver_domain | default(omit) }}"
|
|
Packit |
8cb997 |
realm: "{{ ipaserver_realm | default(omit) }}"
|
|
Packit |
8cb997 |
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
|
|
Packit |
8cb997 |
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
no_host_dns: "{{ ipaserver_no_host_dns }}"
|
|
Packit |
8cb997 |
pki_config_override: "{{ ipaserver_pki_config_override | default(omit) }}"
|
|
Packit |
8cb997 |
### server ###
|
|
Packit |
8cb997 |
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
|
|
Packit |
8cb997 |
setup_kra: "{{ ipaserver_setup_kra }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
idstart: "{{ ipaserver_idstart | default(omit) }}"
|
|
Packit |
8cb997 |
idmax: "{{ ipaserver_idmax | default(omit) }}"
|
|
Packit |
8cb997 |
# no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
Packit |
8cb997 |
no_pkinit: "{{ ipaserver_no_pkinit }}"
|
|
Packit |
8cb997 |
# no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
|
|
Packit |
8cb997 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
Packit |
8cb997 |
### ssl certificate ###
|
|
Packit |
8cb997 |
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
dirsrv_cert_name: "{{ ipaserver_dirsrv_cert_name | default(omit) }}"
|
|
Packit |
8cb997 |
dirsrv_pin: "{{ ipaserver_dirsrv_pin | default(omit) }}"
|
|
Packit |
8cb997 |
http_cert_files: "{{ ipaserver_http_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
http_cert_name: "{{ ipaserver_http_cert_name | default(omit) }}"
|
|
Packit |
8cb997 |
http_pin: "{{ ipaserver_http_pin | default(omit) }}"
|
|
Packit |
8cb997 |
pkinit_cert_files: "{{ ipaserver_pkinit_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
pkinit_cert_name: "{{ ipaserver_pkinit_cert_name | default(omit) }}"
|
|
Packit |
8cb997 |
pkinit_pin: "{{ ipaserver_pkinit_pin | default(omit) }}"
|
|
Packit |
8cb997 |
### client ###
|
|
Packit |
8cb997 |
# mkhomedir
|
|
Packit |
8cb997 |
ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}"
|
|
Packit |
8cb997 |
ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
|
|
Packit |
8cb997 |
no_ntp: "{{ ipaclient_no_ntp }}"
|
|
Packit |
8cb997 |
# ssh_trust_dns
|
|
Packit |
8cb997 |
# no_ssh
|
|
Packit |
8cb997 |
# no_sshd
|
|
Packit |
8cb997 |
# no_dns_sshfp
|
|
Packit |
8cb997 |
### certificate system ###
|
|
Packit |
8cb997 |
external_ca: "{{ ipaserver_external_ca }}"
|
|
Packit |
8cb997 |
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
|
|
Packit |
8cb997 |
external_ca_profile: "{{ ipaserver_external_ca_profile | default(omit) }}"
|
|
Packit |
8cb997 |
external_cert_files: "{{ ipaserver_external_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
|
|
Packit |
8cb997 |
# ca_signing_algorithm
|
|
Packit |
8cb997 |
### dns ###
|
|
Packit |
8cb997 |
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
|
|
Packit |
8cb997 |
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
|
|
Packit |
8cb997 |
no_reverse: "{{ ipaserver_no_reverse }}"
|
|
Packit |
8cb997 |
auto_reverse: "{{ ipaserver_auto_reverse }}"
|
|
Packit |
8cb997 |
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
|
|
Packit |
8cb997 |
forwarders: "{{ ipaserver_forwarders | default([]) }}"
|
|
Packit |
8cb997 |
no_forwarders: "{{ ipaserver_no_forwarders }}"
|
|
Packit |
8cb997 |
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
|
|
Packit |
8cb997 |
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
|
|
Packit |
8cb997 |
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
|
|
Packit |
8cb997 |
### ad trust ###
|
|
Packit |
8cb997 |
enable_compat: "{{ ipaserver_enable_compat }}"
|
|
Packit |
8cb997 |
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
|
|
Packit |
8cb997 |
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
|
|
Packit |
8cb997 |
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
### additional ###
|
|
Packit |
8cb997 |
register: result_ipaserver_test
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- block:
|
|
Packit |
8cb997 |
# This block is executed only when
|
|
Packit |
8cb997 |
# not ansible_check_mode and
|
|
Packit |
8cb997 |
# not (not result_ipaserver_test.changed and
|
|
Packit |
8cb997 |
# (result_ipaserver_test.client_already_configured is defined or
|
|
Packit |
8cb997 |
# result_ipaserver_test.server_already_configured is defined)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- block:
|
|
Packit |
8cb997 |
- name: Install - Master password creation
|
|
Packit |
8cb997 |
no_log: yes
|
|
Packit |
8cb997 |
ipaserver_master_password:
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
master_password: "{{ ipaserver_master_password | default(omit) }}"
|
|
Packit |
8cb997 |
register: result_ipaserver_master_password
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Use new master password
|
|
Packit |
8cb997 |
no_log: yes
|
|
Packit |
8cb997 |
set_fact:
|
|
Packit |
8cb997 |
ipaserver_master_password:
|
|
Packit |
8cb997 |
"{{ result_ipaserver_master_password.password }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
when: ipaserver_master_password is undefined
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Server preparation
|
|
Packit |
8cb997 |
ipaserver_prepare:
|
|
Packit |
8cb997 |
### basic ###
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
|
|
Packit |
8cb997 |
### server ###
|
|
Packit |
8cb997 |
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
|
|
Packit |
8cb997 |
setup_kra: "{{ ipaserver_setup_kra }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
### certificate system ###
|
|
Packit |
8cb997 |
external_ca: "{{ ipaserver_external_ca }}"
|
|
Packit |
8cb997 |
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
|
|
Packit |
8cb997 |
external_ca_profile:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_ca_profile | default(omit) }}"
|
|
Packit |
8cb997 |
external_cert_files:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
|
|
Packit |
8cb997 |
### dns ###
|
|
Packit |
8cb997 |
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
|
|
Packit |
8cb997 |
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
|
|
Packit |
8cb997 |
no_reverse: "{{ ipaserver_no_reverse }}"
|
|
Packit |
8cb997 |
auto_reverse: "{{ ipaserver_auto_reverse }}"
|
|
Packit |
8cb997 |
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
|
|
Packit |
8cb997 |
forwarders: "{{ ipaserver_forwarders | default([]) }}"
|
|
Packit |
8cb997 |
no_forwarders: "{{ ipaserver_no_forwarders }}"
|
|
Packit |
8cb997 |
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
|
|
Packit |
8cb997 |
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
|
|
Packit |
8cb997 |
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
|
|
Packit |
8cb997 |
### ad trust ###
|
|
Packit |
8cb997 |
enable_compat: "{{ ipaserver_enable_compat }}"
|
|
Packit |
8cb997 |
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
|
|
Packit |
8cb997 |
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
|
|
Packit |
8cb997 |
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
|
|
Packit |
8cb997 |
### additional ###
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
_hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
|
|
Packit |
8cb997 |
register: result_ipaserver_prepare
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup NTP
|
|
Packit |
8cb997 |
ipaserver_setup_ntp:
|
|
Packit |
8cb997 |
ntp_servers: "{{ result_ipaserver_test.ntp_servers | default(omit) }}"
|
|
Packit |
8cb997 |
ntp_pool: "{{ result_ipaserver_test.ntp_pool | default(omit) }}"
|
|
Packit |
8cb997 |
when: not ipaclient_no_ntp | bool and (ipaserver_external_cert_files
|
|
Packit |
8cb997 |
is undefined or ipaserver_external_cert_files|length < 1)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup DS
|
|
Packit |
8cb997 |
ipaserver_setup_ds:
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
# master_password: "{{ ipaserver_master_password }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm | default(omit) }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
# ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
|
|
Packit |
8cb997 |
# reverse_zones: "{{ result_ipaserver_prepare.reverse_zones }}"
|
|
Packit |
8cb997 |
# setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
|
|
Packit |
8cb997 |
# setup_kra: "{{ result_ipaserver_test.setup_kra }}"
|
|
Packit |
8cb997 |
# setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
# no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
|
|
Packit |
8cb997 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
Packit |
8cb997 |
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default(omit) }}"
|
|
Packit Service |
d0ebd5 |
_dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
|
|
Packit |
8cb997 |
external_cert_files:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ result_ipaserver_prepare.ca_subject }}"
|
|
Packit |
8cb997 |
# no_reverse: "{{ ipaserver_no_reverse }}"
|
|
Packit |
8cb997 |
# auto_forwarders: "{{ ipaserver_auto_forwarders }}"
|
|
Packit |
8cb997 |
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
|
|
Packit |
8cb997 |
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
Packit |
8cb997 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
Packit |
8cb997 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup KRB
|
|
Packit |
8cb997 |
ipaserver_setup_krb:
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
master_password: "{{ ipaserver_master_password }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
# ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
|
|
Packit |
8cb997 |
reverse_zones: "{{ result_ipaserver_prepare.reverse_zones }}"
|
|
Packit |
8cb997 |
setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
|
|
Packit |
8cb997 |
setup_kra: "{{ result_ipaserver_test.setup_kra }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
|
|
Packit |
8cb997 |
external_cert_files:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ result_ipaserver_prepare.ca_subject }}"
|
|
Packit |
8cb997 |
no_reverse: "{{ ipaserver_no_reverse }}"
|
|
Packit |
8cb997 |
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
|
|
Packit |
8cb997 |
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
|
|
Packit |
8cb997 |
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
Packit |
8cb997 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
Packit |
8cb997 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
Packit Service |
d0ebd5 |
_pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info if result_ipaserver_test._pkinit_pkcs12_info != None else omit }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup custodia
|
|
Packit |
8cb997 |
ipaserver_setup_custodia:
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup CA
|
|
Packit |
8cb997 |
ipaserver_setup_ca:
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
master_password: "{{ ipaserver_master_password }}"
|
|
Packit |
8cb997 |
# ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
|
|
Packit |
8cb997 |
pki_config_override: "{{ ipaserver_pki_config_override |
|
|
Packit |
8cb997 |
default(omit) }}"
|
|
Packit |
8cb997 |
setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
|
|
Packit |
8cb997 |
setup_kra: "{{ result_ipaserver_test.setup_kra }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
Packit |
8cb997 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
Packit |
8cb997 |
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
Packit |
8cb997 |
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
|
|
Packit |
8cb997 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
Packit |
8cb997 |
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
|
|
Packit Service |
d0ebd5 |
_dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
|
|
Packit |
8cb997 |
external_ca: "{{ ipaserver_external_ca }}"
|
|
Packit |
8cb997 |
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
|
|
Packit |
8cb997 |
external_ca_profile:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_ca_profile | default(omit) }}"
|
|
Packit |
8cb997 |
external_cert_files:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
|
|
Packit |
8cb997 |
_subject_base: "{{ result_ipaserver_prepare._subject_base }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ result_ipaserver_prepare.ca_subject }}"
|
|
Packit |
8cb997 |
_ca_subject: "{{ result_ipaserver_prepare._ca_subject }}"
|
|
Packit |
8cb997 |
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm |
|
|
Packit |
8cb997 |
default(omit) }}"
|
|
Packit |
8cb997 |
reverse_zones: "{{ result_ipaserver_prepare.reverse_zones }}"
|
|
Packit |
8cb997 |
no_reverse: "{{ ipaserver_no_reverse }}"
|
|
Packit |
8cb997 |
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
|
|
Packit Service |
0f71a7 |
_http_ca_cert: "{{ result_ipaserver_test._http_ca_cert }}"
|
|
Packit |
8cb997 |
register: result_ipaserver_setup_ca
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Copy /root/ipa.csr to "{{ inventory_hostname }}-ipa.csr"
|
|
Packit |
8cb997 |
fetch:
|
|
Packit |
8cb997 |
src: /root/ipa.csr
|
|
Packit |
8cb997 |
dest: "{{ inventory_hostname }}-ipa.csr"
|
|
Packit |
8cb997 |
flat: yes
|
|
Packit |
8cb997 |
when: result_ipaserver_setup_ca.csr_generated | bool and
|
|
Packit |
8cb997 |
ipaserver_copy_csr_to_controller | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- block:
|
|
Packit |
8cb997 |
- name: Install - Setup otpd
|
|
Packit |
8cb997 |
ipaserver_setup_otpd:
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup HTTP
|
|
Packit |
8cb997 |
ipaserver_setup_http:
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
master_password: "{{ ipaserver_master_password }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
# ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
|
|
Packit |
8cb997 |
reverse_zones: "{{ result_ipaserver_prepare.reverse_zones }}"
|
|
Packit |
8cb997 |
setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
|
|
Packit |
8cb997 |
setup_kra: "{{ result_ipaserver_test.setup_kra }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
|
|
Packit |
8cb997 |
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
|
|
Packit |
8cb997 |
external_cert_files:
|
|
Packit |
8cb997 |
"{{ ipaserver_external_cert_files | default(omit) }}"
|
|
Packit |
8cb997 |
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
|
|
Packit |
8cb997 |
_subject_base: "{{ result_ipaserver_prepare._subject_base }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ result_ipaserver_prepare.ca_subject }}"
|
|
Packit |
8cb997 |
_ca_subject: "{{ result_ipaserver_prepare._ca_subject }}"
|
|
Packit |
8cb997 |
no_reverse: "{{ ipaserver_no_reverse }}"
|
|
Packit |
8cb997 |
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
|
|
Packit |
8cb997 |
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
|
|
Packit |
8cb997 |
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
Packit |
8cb997 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
Packit |
8cb997 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
Packit |
8cb997 |
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
|
|
Packit |
8cb997 |
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
|
|
Packit Service |
d0ebd5 |
_http_pkcs12_info: "{{ result_ipaserver_test._http_pkcs12_info if result_ipaserver_test._http_pkcs12_info != None else omit }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup KRA
|
|
Packit |
8cb997 |
ipaserver_setup_kra:
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
setup_kra: "{{ result_ipaserver_test.setup_kra }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
pki_config_override: "{{ ipaserver_pki_config_override |
|
|
Packit |
8cb997 |
default(omit) }}"
|
|
Packit |
8cb997 |
when: result_ipaserver_test.setup_kra | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup DNS
|
|
Packit |
8cb997 |
ipaserver_setup_dns:
|
|
Packit |
8cb997 |
ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
forwarders: "{{ result_ipaserver_prepare.forwarders }}"
|
|
Packit |
8cb997 |
forward_policy: "{{ result_ipaserver_prepare.forward_policy }}"
|
|
Packit |
8cb997 |
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
|
|
Packit |
8cb997 |
no_dnssec_validation: "{{ result_ipaserver_prepare.no_dnssec_validation }}"
|
|
Packit |
8cb997 |
### additional ###
|
|
Packit |
8cb997 |
dns_ip_addresses: "{{ result_ipaserver_prepare.dns_ip_addresses }}"
|
|
Packit |
8cb997 |
dns_reverse_zones: "{{ result_ipaserver_prepare.dns_reverse_zones }}"
|
|
Packit |
8cb997 |
when: ipaserver_setup_dns | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup ADTRUST
|
|
Packit |
8cb997 |
ipaserver_setup_adtrust:
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
|
|
Packit |
8cb997 |
### ad trust ###
|
|
Packit |
8cb997 |
enable_compat: "{{ ipaserver_enable_compat }}"
|
|
Packit |
8cb997 |
rid_base: "{{ result_ipaserver_test.rid_base }}"
|
|
Packit |
8cb997 |
secondary_rid_base: "{{ result_ipaserver_test.secondary_rid_base }}"
|
|
Packit |
8cb997 |
### additional ###
|
|
Packit |
8cb997 |
adtrust_netbios_name: "{{ result_ipaserver_prepare.adtrust_netbios_name }}"
|
|
Packit |
8cb997 |
adtrust_reset_netbios_name:
|
|
Packit |
8cb997 |
"{{ result_ipaserver_prepare.adtrust_reset_netbios_name }}"
|
|
Packit |
8cb997 |
when: result_ipaserver_test.setup_adtrust
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Set DS password
|
|
Packit |
8cb997 |
ipaserver_set_ds_password:
|
|
Packit |
8cb997 |
dm_password: "{{ ipadm_password }}"
|
|
Packit |
8cb997 |
password: "{{ ipaadmin_password }}"
|
|
Packit |
8cb997 |
domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
|
|
Packit |
8cb997 |
ca_subject: "{{ result_ipaserver_prepare.ca_subject }}"
|
|
Packit |
8cb997 |
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
|
|
Packit |
8cb997 |
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
Packit |
8cb997 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
Packit |
8cb997 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
Packit |
8cb997 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
Packit Service |
d0ebd5 |
_dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Setup client
|
|
Packit |
8cb997 |
include_role:
|
|
Packit |
8cb997 |
name: ipaclient
|
|
Packit |
8cb997 |
vars:
|
|
Packit |
8cb997 |
state: present
|
|
Packit |
8cb997 |
ipaclient_on_master: yes
|
|
Packit |
8cb997 |
ipaclient_domain: "{{ result_ipaserver_test.domain }}"
|
|
Packit |
8cb997 |
ipaclient_realm: "{{ result_ipaserver_test.realm }}"
|
|
Packit |
8cb997 |
ipaclient_servers: ["{{ result_ipaserver_test.hostname }}"]
|
|
Packit |
8cb997 |
ipaclient_hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
ipaclient_no_ntp:
|
|
Packit |
8cb997 |
"{{ 'true' if result_ipaserver_test.ipa_python_version >= 40690
|
|
Packit |
8cb997 |
else 'false' }}"
|
|
Packit |
8cb997 |
ipaclient_install_packages: "{{ ipaserver_install_packages }}"
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Enable IPA
|
|
Packit |
8cb997 |
ipaserver_enable_ipa:
|
|
Packit |
8cb997 |
hostname: "{{ result_ipaserver_test.hostname }}"
|
|
Packit |
8cb997 |
setup_dns: "{{ ipaserver_setup_dns }}"
|
|
Packit |
8cb997 |
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
|
Packit |
8cb997 |
register: result_ipaserver_enable_ipa
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Cleanup root IPA cache
|
|
Packit |
8cb997 |
file:
|
|
Packit |
8cb997 |
path: "/root/.ipa_cache"
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
when: result_ipaserver_enable_ipa.changed
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Configure firewalld
|
|
Packit |
8cb997 |
command: >
|
|
Packit |
8cb997 |
firewall-cmd
|
|
Packit |
8cb997 |
--permanent
|
|
Packit |
8cb997 |
--add-service=freeipa-ldap
|
|
Packit |
8cb997 |
--add-service=freeipa-ldaps
|
|
Packit |
8cb997 |
{{ "--add-service=freeipa-trust" if ipaserver_setup_adtrust | bool
|
|
Packit |
8cb997 |
else "" }}
|
|
Packit |
8cb997 |
{{ "--add-service=dns" if ipaserver_setup_dns | bool else "" }}
|
|
Packit |
8cb997 |
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
|
Packit |
8cb997 |
when: ipaserver_setup_firewalld | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- name: Install - Configure firewalld runtime
|
|
Packit |
8cb997 |
command: >
|
|
Packit |
8cb997 |
firewall-cmd
|
|
Packit |
8cb997 |
--add-service=freeipa-ldap
|
|
Packit |
8cb997 |
--add-service=freeipa-ldaps
|
|
Packit |
8cb997 |
{{ "--add-service=freeipa-trust" if ipaserver_setup_adtrust | bool
|
|
Packit |
8cb997 |
else "" }}
|
|
Packit |
8cb997 |
{{ "--add-service=dns" if ipaserver_setup_dns | bool else "" }}
|
|
Packit |
8cb997 |
{{ "--add-service=ntp" if not ipaclient_no_ntp | bool else "" }}
|
|
Packit |
8cb997 |
when: ipaserver_setup_firewalld | bool
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
when: not result_ipaserver_setup_ca.csr_generated | bool
|
|
Packit |
8cb997 |
|
|
Packit Service |
0f71a7 |
always:
|
|
Packit Service |
0f71a7 |
- name: Cleanup temporary files
|
|
Packit Service |
0f71a7 |
file:
|
|
Packit Service |
0f71a7 |
path: "{{ item }}"
|
|
Packit Service |
0f71a7 |
state: absent
|
|
Packit Service |
0f71a7 |
with_items:
|
|
Packit Service |
0f71a7 |
- "/etc/ipa/.tmp_pkcs12_dirsrv"
|
|
Packit Service |
0f71a7 |
- "/etc/ipa/.tmp_pkcs12_http"
|
|
Packit Service |
0f71a7 |
- "/etc/ipa/.tmp_pkcs12_pkinit"
|
|
Packit Service |
0f71a7 |
|
|
Packit |
8cb997 |
when: not ansible_check_mode and not
|
|
Packit |
8cb997 |
(not result_ipaserver_test.changed and
|
|
Packit |
8cb997 |
(result_ipaserver_test.client_already_configured is defined or
|
|
Packit |
8cb997 |
result_ipaserver_test.server_already_configured is defined))
|