Newer
Older
- name: Install - Ensure that IPA server packages are installed
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages }}"
- name: Install - Ensure that IPA server packages for dns are installed
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages_dns }}"
when: ipaserver_setup_dns | bool
- name: Install - Ensure that IPA server packages for adtrust are installed
package:
name: "{{ item }}"
state: present
with_items: "{{ ipaserver_packages_adtrust }}"
when: ipaserver_setup_adtrust | bool
- name: Install - Include Python2/3 import test
include: "{{role_path}}/tasks/python_2_3_test.yml"
static: yes
- name: Install - Server installation test
ipaserver_test:
### basic ###
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
ip_addresses: "{{ ipaserver_ip_addresses | default([]) }}"
domain: "{{ ipaserver_domain | default(omit) }}"
realm: "{{ ipaserver_realm | default(omit) }}"
hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
# no_host_dns: "{{ ipaserver_no_host_dns }}"
### server ###
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
setup_kra: "{{ ipaserver_setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
idstart: "{{ ipaserver_idstart | default(omit) }}"
idmax: "{{ ipaserver_idmax | default(omit) }}"
# no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_no_pkinit }}"
# no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
### ssl certificate ###
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
pkinit_cert_files: "{{ ipaserver_pkinit_cert_files | default([]) }}"
# dirsrv_pin
# http_pin
# pkinit_pin
# dirsrv_name
# http_name
# pkinit_name
### client ###
# mkhomedir
no_ntp: "{{ ipaclient_no_ntp }}"
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# ssh_trust_dns
# no_ssh
# no_sshd
# no_dns_sshfp
### certificate system ###
external_ca: "{{ ipaserver_external_ca }}"
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_subject_base | default(omit) }}"
ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
# ca_signing_algorithm
### dns ###
allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
reverse_zones: "{{ ipaserver_reverse_zones | default([]) }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
forwarders: "{{ ipaserver_forwarders | default([]) }}"
no_forwarders: "{{ ipaserver_no_forwarders }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
### ad trust ###
enable_compat: "{{ ipaserver_enable_compat }}"
netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
rid_base: "{{ ipaserver_rid_base | default(omit) }}"
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
### additional ###
register: ipaserver_test
- block:
- block:
- name: Install - Master password creation
no_log: yes
ipaserver_master_password:
dm_password: "{{ ipadm_password }}"
master_password: "{{ ipaserver_master_password | default(omit) }}"
register: ipaserver_master_password
- name: Install - Use new master password
set_fact:
Thomas Woerner
committed
ipaserver_master_password: "{{ ipaserver_master_password.password }}"
when: ipaserver_master_password is undefined
- name: Install - Server preparation
ipaserver_prepare:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
##ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_reverse: "{{ ipaserver_auto_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
#no_pkinit: "{{ ipaserver_test.no_pkinit }}"
_hostname_overridden: "{{ ipaserver_test._hostname_overridden }}"
register: ipaserver_prepare
- name: Install - Setup NTP
ipaserver_setup_ntp:
when: not ipaclient_no_ntp | bool and (ipaserver_external_cert_files is undefined or ipaserver_external_cert_files|length < 1)
- name: Install - Setup DS
ipaserver_setup_ds:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
#master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm | default(omit) }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
#reverse_zones: "{{ ipaserver_test.reverse_zones }}"
#setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
#setup_kra: "{{ ipaserver_test.setup_kra }}"
#setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
#no_host_dns: "{{ ipaserver_test.no_host_dns }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
#no_reverse: "{{ ipaserver_no_reverse }}"
#auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
- name: Install - Setup KRB
ipaserver_setup_krb:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
_pkinit_pkcs12_info: "{{ ipaserver_test._pkinit_pkcs12_info }}"
- name: Install - Setup CA
ipaserver_setup_ca:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
master_password: "{{ ipaserver_master_password }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
_dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
external_ca: "{{ ipaserver_external_ca }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
_subject_base: "{{ ipaserver_test._subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
_ca_subject: "{{ ipaserver_test._ca_subject }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm | default(omit) }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
- name: Install - Setup otpd
ipaserver_setup_otpd:
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
- name: Install - Setup custodia
ipaserver_setup_custodia:
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
- name: Install - Setup HTTP
ipaserver_setup_http:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
master_password: "{{ ipaserver_master_password }}"
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
#ip_addresses: "{{ ipaserver_test.ip_addresses }}"
reverse_zones: "{{ ipaserver_test.reverse_zones }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
setup_dns: "{{ ipaserver_setup_dns }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
no_host_dns: "{{ ipaserver_test.no_host_dns }}"
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
external_cert_files: "{{ ipaserver_external_cert_files | default([]) }}"
subject_base: "{{ ipaserver_test.subject_base }}"
_subject_base: "{{ ipaserver_test._subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
_ca_subject: "{{ ipaserver_test._ca_subject }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
- name: Install - Setup KRA
ipaserver_setup_kra:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
dm_password: "{{ ipadm_password }}"
setup_kra: "{{ ipaserver_test.setup_kra }}"
when: ipaserver_test.setup_kra | bool
- name: Install - Setup DNS
ipaserver_setup_dns:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
setup_dns: "{{ ipaserver_setup_dns }}"
forwarders: "{{ ipaserver_test.forwarders | default(omit) }}"
forward_policy: "{{ ipaserver_forward_policy | default(omit) }}"
zonemgr: "{{ ipaserver_zonemgr | default(omit) }}"
no_dnssec_validation: "{{ ipaserver_no_dnssec_validation }}"
Thomas Woerner
committed
### additional ###
dns_ip_addresses: "{{ ipaserver_test.dns_ip_addresses }}"
dns_reverse_zones: "{{ ipaserver_test.dns_reverse_zones }}"
when: ipaserver_setup_dns | bool
- name: Install - Setup ADTRUST
ipaserver_setup_adtrust:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
setup_adtrust: "{{ ipaserver_test.setup_adtrust }}"
when: ipaserver_test.setup_adtrust
- name: Install - Set DS password
ipaserver_set_ds_password:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
domain: "{{ ipaserver_test.domain }}"
realm: "{{ ipaserver_test.realm }}"
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
subject_base: "{{ ipaserver_test.subject_base }}"
ca_subject: "{{ ipaserver_test.ca_subject }}"
no_pkinit: "{{ ipaserver_test.no_pkinit }}"
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
idstart: "{{ ipaserver_test.idstart }}"
idmax: "{{ ipaserver_test.idmax }}"
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
_dirsrv_pkcs12_info: "{{ ipaserver_test._dirsrv_pkcs12_info }}"
#- name: Install - Setup client
# include_role:
# name: ipaclient
# private: yes
# defaults_from: "/roles/ipaclient/defaults/main.yml"
# tasks_from: "/roles/ipaclient/tasks/main.yml"
# vars_from: "/roles/ipaclient/vars/main.yml"
# vars:
# state: present
# on_master: yes
# domain: "{{ ipaserver_test.domain }}"
# realm: "{{ ipaserver_test.realm }}"
# server: "{{ ipaserver_test.hostname }}"
# hostname: "{{ ipaserver_test.hostname }}"
# #no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
# #ssh_trust_dns: "{{ ipaclient_ssh_trust_dns }}"
# #no_ssh: "{{ ipaclient_no_ssh }}"
# #no_sshd: "{{ ipaclient_no_sshd }}"
# mkhomedir: "{{ ipaclient_mkhomedir }}"
- name: Install - Setup client
command: >
/usr/sbin/ipa-client-install
--unattended
--on-master
--domain "{{ ipaserver_test.domain }}"
--realm "{{ ipaserver_test.realm }}"
--server "{{ ipaserver_test.hostname }}"
--hostname "{{ ipaserver_test.hostname }}"
{{ "--mkhomedir" if ipaclient_mkhomedir | bool else "" }}
# {{ "--no-dns-sshfp" if ipaclient_no_dns_sshfp | bool else "" }}
# {{ "--ssh-trust-dns" if ipaclient_ssh_trust_dns | bool else "" }}
# {{ "--no-ssh" if ipaclient_no_ssh | bool else "" }}
# {{ "--no-sshd" if ipaclient_no_sshd | bool else "" }}
- name: Install - Enable IPA
ipaserver_enable_ipa:
hostname: "{{ ipaserver_test.hostname }}"
setup_ca: "{{ ipaserver_test.setup_ca }}"
register: ipaserver_enable_ipa
- name: Install - Cleanup root IPA cache
file:
path: "/root/.ipa_cache"
state: absent
when: ipaserver_enable_ipa.changed