diff --git a/CLIENT.md b/CLIENT.md index a4b2779fcb458da0bdd2c9dd120113951035167a..273ea89110949199628aa9954837ea9a4a19b615 100644 --- a/CLIENT.md +++ b/CLIENT.md @@ -109,6 +109,15 @@ Variables **ipaclient_mkhomedir** - Set to yes to configure PAM to create a users home directory if it does not exist. (string, optional) +Cluster Specific Variables +-------------------------- + +**ipaclient_no_dns_lookup** - Set to 'yes' to use groups.ipaserver in cluster environments as servers for the clients. This deactivates DNS lookup in krb5. + (bool, optional, default: 'no') + +**ipaclient_servers** - Manually override list of servers for example in a cluster environment on a per client basis. The list of servers is normally taken from from groups.ipaserver in cluster environments. + (list of strings, optional) + Requirements ------------ diff --git a/roles/ipaclient/defaults/main.yml b/roles/ipaclient/defaults/main.yml index ddc549788500aa153073907233c800a117f081b6..a7aedf9711f7ca838273dc4c358848b00b958490 100644 --- a/roles/ipaclient/defaults/main.yml +++ b/roles/ipaclient/defaults/main.yml @@ -9,3 +9,4 @@ ipaclient_use_otp: no ipaclient_allow_repair: no ipaclient_on_master: no ipaclient_no_ntp: no +ipaclient_no_dns_lookup: no diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml index e846b2e744965a49c3f77bf18e9df9fc4f185c1e..78724c7c0ffe794216a92dbc11be8650d83805d7 100644 --- a/roles/ipaclient/tasks/install.yml +++ b/roles/ipaclient/tasks/install.yml @@ -11,10 +11,20 @@ include: "{{role_path}}/tasks/python_2_3_test.yml" static: yes +- name: Install - Set ipaclient_servers + set_fact: + ipaclient_servers: "{{ groups['ipaservers'] | list }}" + when: groups.ipaservers is defined and ipaclient_servers is not defined + +- name: Install - Set ipaclient_servers from cluster inventory + set_fact: + ipaclient_servers: "{{ groups['ipaserver'] | list }}" + when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined + - name: Install - IPA discovery ipadiscovery: domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}" - servers: "{{ groups.ipaserver | default(groups.ipaservers) | default(omit) }}" + servers: "{{ ipaclient_servers | default(omit) }}" realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}" hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}" ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"