Renamed ipaclient_{principal,password} to ipaadmin_{principal,password}

This has been done to make clear that these are admin settings and to make these settings consistent to ipaadmin_keytab.

Renamed ipaclient_{principal,password} to ipaadmin_{principal,password}
4918ac50 · Thomas Woerner · 2ca42001 · 4918ac50 · 4918ac50 · 4918ac50
Commit 4918ac50 authored 7 years ago by Thomas Woerner
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Example inventory file with fixed principal using auto-discovery with DNS record
    ipaclient2.example.com
    [ipaclients:vars]
-    ipaclient_principal=admin
+    ipaadmin_principal=admin
 Example playbook to setup the IPA client(s) using principal from inventory file and password from an [Ansible Vault](http://docs.ansible.com/ansible/latest/playbooks_vault.html) file:
@@ -51,8 +51,8 @@ Example inventory file with fixed servers, principal, password and domain:
    [ipaclients:vars]
    ipaclient_domain=example.com
-    ipaclient_principal=admin
+    ipaadmin_principal=admin
-    ipaclient_password=MySecretPassword123
+    ipaadmin_password=MySecretPassword123
 Example playbook to setup the IPA client(s) using principal and password from inventory file:
@@ -79,10 +79,10 @@ Variables
 **ipaclient_realm** - The Kerberos realm of an existing IPA deployment.
 (string, optional)
-**ipaclient_principal** - The authorized kerberos principal used to join the IPA realm.
+**ipaadmin_principal** - The authorized kerberos principal used to join the IPA realm.
 (string, optional)
-**ipaclient_password** - The password for the kerberos principal.
+**ipaadmin_password** - The password for the kerberos principal.
 (string, optional)
 **ipaclient_keytab** - The path to a backed-up host keytab from previous enrollment.

--- a/inventory/hosts
+++ b/inventory/hosts
 [ipaclients]
-ipaclient.ipadomain.com
+ipaclient1.mine.dom
+#ipaclient2.mine.dom
+#ipaclient3.mine.dom
+#ipaclient4.mine.dom
+#ipaclient5.mine.dom
+ipaclient6.mine.dom
+ipaclient7.mine.dom
-# Disabled for auto detection
 #[ipaservers]
-#ipaserver.ipadomain.com
+#ipa.mine.dom
+#[ipaservers:vars]
+#ipaserver_domain=mine.dom
+#ipaserver_realm=MINE.DOM
+#ipaserver_principal=admin
+#ipaserver_password=password1
 [ipaclients:vars]
-# if neither ipaclient_password nor ipaclient_keytab is defined,
-# the enrollement will create a OneTime Password and enroll with this OTP
-# In this case ipaserver_password or ipaserver_keytab is required
-#ipaclient_principal=admin
-#ipaclient_password=SecretPassword123
 #ipaclient_keytab=/tmp/krb5.keytab
-ipaclient_principal=admin
+#ipaclient_domain=mine.dom
-#ipaclient_password=SecretPassword123
+#ipaclient_realm=MINE.DOM
-ipaclient_keytab=files/admin.keytab
+#ipaadmin_principal=admin
+#ipaadmin_password=password1
+#ipaclient_use_otp=yes
+#ipaclient_force_join=yes
+#ipaclient_kinit_attempts=3
+#ipaclient_mkhomedir=yes
+#ipaadmin_principal=admin
+#ipaclient_use_otp=yes
+#ipaclient_force_join=yes
+#ipaclient_use_otp=yes
+ipaclient_allow_repair=yes
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -18,8 +18,8 @@
 - name: Install - Set default principal if no keytab is given
  set_fact:
-    ipaclient_principal: admin
+    ipaadmin_principal: admin
-  when: ipaclient_principal is undefined and ipaclient_keytab is undefined
+  when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
 - block:
  - name: Install - Test if IPA client has working krb5.keytab
@@ -29,7 +29,7 @@
      realm: "{{ ipadiscovery.realm }}"
      hostname: "{{ ipadiscovery.hostname }}"
      kdc: "{{ ipadiscovery.kdc }}"
-      principal: "{{ ipaclient_principal if not ipaclient_use_otp | bool else '' }}"
+      principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool else '' }}"
      kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
    register: ipatest
@@ -48,8 +48,8 @@
  - name: Install - Get a One-Time Password for client enrollment
    ipahost:
      state: present
-      principal: "{{ ipaclient_principal | default('admin') }}"
+      principal: "{{ ipaadmin_principal | default('admin') }}"
-      password: "{{ ipaclient_password | default(omit) }}"
+      password: "{{ ipaadmin_password | default(omit) }}"
      keytab: "{{ ipaadmin_keytab | default(omit) }}"
      fqdn: "{{ ansible_fqdn }}"
      lifetime: "{{ ipaclient_lifetime | default(omit) }}"
@@ -62,17 +62,17 @@
  - name: Install - Store the previously obtained OTP
    set_fact:
-      ipaclient_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
+      ipaadmin_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
  when: ipaclient_use_otp | bool
 - name: Install - Check if principal and keytab are set
  fail: msg="Principal and keytab cannot be used together"
-  when: ipaclient_principal is defined and ipaclient_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
+  when: ipaadmin_principal is defined and ipaadmin_principal != "" and ipaclient_keytab is defined and ipaclient_keytab != ""
 - name: Install - Check if one of password and keytab are set
  fail: msg="At least one of password or keytab must be specified"
-  when: not ipatest.krb5_keytab_ok and (ipaclient_password is undefined or ipaclient_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+  when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
 - name: Install - Purge {{ ipadiscovery.realm }} from host keytab
  command: /usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r "{{ ipadiscovery.realm }}"
@@ -92,8 +92,8 @@
    basedn: "{{ ipadiscovery.basedn }}"
    hostname: "{{ ipadiscovery.hostname }}"
    force_join: "{{ ipaclient_force_join | default(omit) }}"
-    principal: "{{ ipaclient_principal if not ipaclient_use_otp | bool and ipaclient_keytab is not defined else '' }}"
+    principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and ipaclient_keytab is not defined else '' }}"
-    password: "{{ ipaclient_password | default(omit) }}"
+    password: "{{ ipaadmin_password | default(omit) }}"
    keytab: "{{ ipaclient_keytab | default(omit) }}"
    #ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
    kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
@@ -173,7 +173,7 @@
    basedn: "{{ ipadiscovery.basedn }}"
    hostname: "{{ ipadiscovery.hostname }}"
    subject_base: "{{ ipadiscovery.subject_base }}"
-    principal: "{{ ipaclient_principal | default(omit) }}"
+    principal: "{{ ipaadmin_principal | default(omit) }}"
    mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
    ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"
    #on_master: no