Newer
Older
- name: Install - Install IPA client package
package:
name: "{{ ipaclient_package }}"
state: present
- name: Install - IPA discovery
ipadiscovery:
domain: "{{ ipaclient_domain | default(omit) }}"
servers: "{{ groups.ipaservers | default(omit) }}"
realm: "{{ ipaclient_realm | default(omit) }}"
hostname: "{{ ansible_fqdn }}"
register: ipadiscovery
Florence Blanc-Renaud
committed
# The following block is executed when using OTP to enroll IPA client
# ie when neither ipaclient_password not ipaclient_keytab is set
# It connects to ipaserver and add the host with --random option in order
# to create a OneTime Password
- block:
- name: Install - Get a One-Time Password for client enrollment
ipahost:
state: present
principal: "{{ ipaserver_principal | default('admin') }}"
password: "{{ ipaserver_password | default(omit) }}"
keytab: "{{ ipaserver_keytab | default(omit) }}"
fqdn: "{{ ansible_fqdn }}"
lifetime: "{{ ipaserver_lifetime | default(omit) }}"
random: True
register: ipahost_output
# If the host is already enrolled, this command will exit on error
# The error can be ignored
failed_when: ipahost_output|failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
delegate_to: "{{ ipadiscovery.servers[0] }}"
Florence Blanc-Renaud
committed
- name: Install - Store the previously obtained OTP
set_fact:
ipaclient_otp: "{{ipahost_output.host.randompassword if ipahost_output.host is defined else 'dummyotp' }}"
when: ipaclient_password is not defined and ipaclient_keytab is not defined
- name: Install - Join IPA
ipajoin:
servers: "{{ ipadiscovery.servers | default(omit) }}"
basedn: "{{ ipadiscovery.basedn | default(omit) }}"
realm: "{{ ipadiscovery.realm | default(omit) }}"
kdc: "{{ ipadiscovery.kdc | default(omit) }}"
hostname: "{{ ipadiscovery.hostname }}"
domain: "{{ ipadiscovery.domain | default(omit) }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
principal: "{{ ipaclient_principal | default(omit) }}"
password: "{{ ipaclient_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
#ca_certs_file: "{{ ipaclient_ca_certs_file | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
- name: Install - Configure IPA client
ipaclient:
state: present
Florence Blanc-Renaud
committed
domain: "{{ ipaclient_domain | default(omit) }}"
realm: "{{ ipaclient_realm | default(omit) }}"
servers: "{{ groups.ipaservers | default(omit) }}"
Florence Blanc-Renaud
committed
principal: "{{ ipaclient_principal | default(omit) }}"
password: "{{ ipaclient_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
otp: "{{ ipaclient_otp | default(omit) }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
Florence Blanc-Renaud
committed
extra_args: "{{ ipaclient_extraargs | default(omit) }}"