diff --git a/roles/ipa-krb5/tasks/main.yml b/roles/ipa-krb5/tasks/main.yml
index 2bbca6b0b24bc14ed932d62c4a0c2c00b3164a22..9d7e0fe207c15c99c879aa22ab5e4e8bbbf166b5 100644
--- a/roles/ipa-krb5/tasks/main.yml
+++ b/roles/ipa-krb5/tasks/main.yml
@@ -8,7 +8,7 @@
failed_when: false
- name: Install - Backup krb5.conf
- ipafstore:
+ ipaclient_fstore:
backup: "{{ krb5_conf }}"
- name: Template krb5.conf
diff --git a/roles/ipaclient/action_plugins/ipahost.py b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
similarity index 98%
rename from roles/ipaclient/action_plugins/ipahost.py
rename to roles/ipaclient/action_plugins/ipaclient_get_otp.py
index 92f3a5b6a9bcbb4cf8bcda0e538589d1dc143239..2a85e727e09bb2515d625708c1181e6450e4645c 100644
--- a/roles/ipaclient/action_plugins/ipahost.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -162,7 +162,7 @@ class ActionModule(ActionBase):
result['msg'] = "principal is required"
return result
- data = self._execute_module(module_name='ipa_facts', module_args=dict(),
+ data = self._execute_module(module_name='ipaclient_get_facts', module_args=dict(),
task_vars={ "ansible_python_interpreter": ansible_python_interpreter })
try:
domain = data['ansible_facts']['ipa']['domain']
diff --git a/roles/ipaclient/library/ipaapi.py b/roles/ipaclient/library/ipaclient_api.py
similarity index 99%
rename from roles/ipaclient/library/ipaapi.py
rename to roles/ipaclient/library/ipaclient_api.py
index f46b9d861c1de1aad096f2576de6b743065a8429..01aa26ccb521c30700600823e2eafa2a85be90dc 100644
--- a/roles/ipaclient/library/ipaapi.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -28,7 +28,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
-module: ipaapi
+module: ipaclient_api
short description: Create temporary NSS database, call IPA API for remaining enrollment parts
description:
Create temporary NSS database, call IPA API for remaining enrollment parts
@@ -50,11 +50,11 @@ author:
EXAMPLES = '''
- name: IPA API calls for remaining enrollment parts
- ipaapi:
+ ipaclient_api:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
hostname: client1.example.com
- register: ipaapi
+ register: result_ipaclient_api
'''
RETURN = '''
diff --git a/roles/ipaclient/library/ipaextras.py b/roles/ipaclient/library/ipaclient_extras.py
similarity index 99%
rename from roles/ipaclient/library/ipaextras.py
rename to roles/ipaclient/library/ipaclient_extras.py
index 5b315312c76bb9599402fd42e4f3492d9a5d2a4f..65142eb02482d3b7d3fc2355a6e37ffbd552d6d4 100644
--- a/roles/ipaclient/library/ipaextras.py
+++ b/roles/ipaclient/library/ipaclient_extras.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipaextras
+module: ipaclient_extras
short description: Configure IPA extras
description:
Configure IPA extras
@@ -106,7 +106,7 @@ author:
EXAMPLES = '''
- name: IPA extras configurations
- ipaextras:
+ ipaclient_extras:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
'''
diff --git a/roles/ipaclient/library/ipafixca.py b/roles/ipaclient/library/ipaclient_fix_ca.py
similarity index 98%
rename from roles/ipaclient/library/ipafixca.py
rename to roles/ipaclient/library/ipaclient_fix_ca.py
index 030f60ebf3189fcd6973bf9fcdbac67333b7b136..8e8794b83aceed969b1f2d3ff0ca3f7fde8b428b 100644
--- a/roles/ipaclient/library/ipafixca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -28,7 +28,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
-module: ipafixca
+module: ipaclient_fix_ca
short description: Fix IPA ca certificate
description:
Repair Fix IPA ca certificate
@@ -54,7 +54,7 @@ author:
EXAMPLES = '''
- name: Fix IPA ca certificate
- ipafixca:
+ ipaclient_fix_ca:
servers: ["server1.example.com","server2.example.com"]
realm: EXAMPLE.COM
basedn: dc=example,dc=com
diff --git a/roles/ipaclient/library/ipafstore.py b/roles/ipaclient/library/ipaclient_fstore.py
similarity index 97%
rename from roles/ipaclient/library/ipafstore.py
rename to roles/ipaclient/library/ipaclient_fstore.py
index c611346c65368f90cf54cfd36b506a277f5709dd..b74cf445cc0e7032fa830aa2b4b6b3d9cd1b4b02 100644
--- a/roles/ipaclient/library/ipafstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: fstore
+module: ipaclient_fstore
short description: Backup files using IPA client sysrestore
description:
Backup files using IPA client sysrestore
@@ -44,7 +44,7 @@ author:
EXAMPLES = '''
- name: Backup /etc/krb5.conf
- ipafstore:
+ ipaclient_fstore:
backup: "/etc/krb5.conf"
'''
diff --git a/roles/ipaclient/library/ipa_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py
similarity index 89%
rename from roles/ipaclient/library/ipa_facts.py
rename to roles/ipaclient/library/ipaclient_get_facts.py
index cad876d82a72f19d64d4195389c460a6dbfca584..8a70257ecfa7d3cff9bbea644446cf641c0ce23d 100644
--- a/roles/ipaclient/library/ipa_facts.py
+++ b/roles/ipaclient/library/ipaclient_get_facts.py
@@ -136,7 +136,7 @@ def main():
# The module does not change anything, meaning that
# check mode is supported
- ipa_facts = dict(
+ facts = dict(
packages= dict(
ipalib=HAS_IPALIB,
ipaserver=HAS_IPASERVER,
@@ -153,23 +153,23 @@ def main():
if HAS_IPALIB:
if is_client_configured():
- ipa_facts['configured']['client'] = True
+ facts['configured']['client'] = True
- ipa_facts['version'] = get_ipa_version()
+ facts['version'] = get_ipa_version()
for key,value in six.iteritems(get_ipa_conf()):
- ipa_facts[key] = value
+ facts[key] = value
if HAS_IPASERVER:
if is_server_configured():
- ipa_facts['configured']['server'] = True
- ipa_facts['configured']['dns'] = is_dns_configured()
- ipa_facts['configured']['ca'] = is_ca_configured()
- ipa_facts['configured']['kra'] = is_kra_configured()
- ipa_facts['configured']['ntpd'] = is_ntpd_configured()
+ facts['configured']['server'] = True
+ facts['configured']['dns'] = is_dns_configured()
+ facts['configured']['ca'] = is_ca_configured()
+ facts['configured']['kra'] = is_kra_configured()
+ facts['configured']['ntpd'] = is_ntpd_configured()
module.exit_json(
changed=False,
- ansible_facts=dict(ipa=ipa_facts)
+ ansible_facts=dict(ipa=facts)
)
if __name__ == '__main__':
diff --git a/roles/ipaclient/library/ipahost.py b/roles/ipaclient/library/ipaclient_get_otp.py
similarity index 98%
rename from roles/ipaclient/library/ipahost.py
rename to roles/ipaclient/library/ipaclient_get_otp.py
index b6da08e5e9304ddbd8a05a3c1d3a0ba60a71fcf5..8435699343a85b6e2739cfcdcc1888a15295019f 100644
--- a/roles/ipaclient/library/ipahost.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -26,7 +26,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
-module: ipahost
+module: ipaclient_get_otp
short description: Manage IPA hosts
description:
Manage hosts in a IPA domain.
@@ -84,28 +84,28 @@ author:
EXAMPLES = '''
# Example from Ansible Playbooks
# Add a new host with a random OTP, authenticate using principal/password
-- ipahost:
+- ipaclient_get_otp:
principal: admin
password: MySecretPassword
fqdn: ipaclient.ipa.domain.com
ipaddress: 192.168.100.23
random: True
- register: ipahost
+ register: result_ipaclient_get_otp
# Add a new host, authenticate with a keytab stored on the controller node
-- ipahost:
+- ipaclient_get_otp:
keytab: admin.keytab
fqdn: ipaclient.ipa.domain.com
# Remove a host, authenticate using principal/password
-- ipahost:
+- ipaclient_get_otp:
principal: admin
password: MySecretPassword
fqdn: ipaclient.ipa.domain.com
state: absent
# Modify a host, add ssh public key:
-- ipahost:
+- ipaclient_get_otp:
principal: admin
password: MySecretPassword
fqdn: ipaclient.ipa.domain.com
@@ -355,7 +355,7 @@ def main():
changed = ensure_host_absent(module, api, host)
except Exception as e:
- module.fail_json(msg="ipahost module failed : %s" % str(e))
+ module.fail_json(msg="ipaclient_get_otp module failed : %s" % str(e))
finally:
run([paths.KDESTROY], raiseonerr=False, env=os.environ)
diff --git a/roles/ipaclient/library/ipajoin.py b/roles/ipaclient/library/ipaclient_join.py
similarity index 99%
rename from roles/ipaclient/library/ipajoin.py
rename to roles/ipaclient/library/ipaclient_join.py
index 11a3fc14fa626ec5cdeaced223063e4df61d37e2..5b58858d25984a5bf8839399947eb4a27145816f 100644
--- a/roles/ipaclient/library/ipajoin.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipajoin
+module: ipaclient_join
short description: Join a machine to an IPA realm and get a keytab for the host service principal
description:
Join a machine to an IPA realm and get a keytab for the host service principal
@@ -88,7 +88,7 @@ author:
EXAMPLES = '''
# Join IPA to get the keytab
- name: Join IPA in force mode with maximum 5 kinit attempts
- ipajoin:
+ ipaclient_join:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
@@ -102,7 +102,7 @@ EXAMPLES = '''
# Join IPA to get the keytab using ipadiscovery return values
- name: Join IPA
- ipajoin:
+ ipaclient_join:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
diff --git a/roles/ipaclient/library/ipanss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
similarity index 98%
rename from roles/ipaclient/library/ipanss.py
rename to roles/ipaclient/library/ipaclient_setup_nss.py
index 46a7caac439936f67978af84be3b4e038552a86d..4c12ae1fef6ccd7ff03588f9acdf4836bafd1c05 100644
--- a/roles/ipaclient/library/ipanss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -30,8 +30,8 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipanss
-short description: Create IPA NSS database
+module: ipaclient_setup_nss
+short description: Create IPA client NSS database
description:
Create IPA NSS database
options:
@@ -77,8 +77,8 @@ author:
'''
EXAMPLES = '''
-- name: Create IPA NSS database
- ipanss:
+- name: Create IPA client NSS database
+ ipaclient_setup_nss:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
diff --git a/roles/ipaclient/library/ipasssd.py b/roles/ipaclient/library/ipaclient_setup_sssd.py
similarity index 98%
rename from roles/ipaclient/library/ipasssd.py
rename to roles/ipaclient/library/ipaclient_setup_sssd.py
index 4320a6bc44f309d768b02359af5fb346c6eb79ae..e486f3543b42b9d0a7a226076873549dfdbd199c 100644
--- a/roles/ipaclient/library/ipasssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -30,10 +30,10 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: sssd_conf
-short description: Configure sssd
+module: ipaclient_setup_sssd
+short description: Configure sssd for IPA client
description:
-Configure sssd
+ Configure sssd for IPA client
options:
servers:
description: The FQDN of the IPA servers to connect to.
@@ -93,7 +93,7 @@ author:
EXAMPLES = '''
- name: Configure SSSD
- sssd:
+ ipaclient_setup_sssd:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
diff --git a/roles/ipaclient/library/ipadiscovery.py b/roles/ipaclient/library/ipaclient_test.py
similarity index 96%
rename from roles/ipaclient/library/ipadiscovery.py
rename to roles/ipaclient/library/ipaclient_test.py
index 418c75287c167178196089be76d467974e95972e..6a0d1e64c50878b590294503847885a04dad615a 100644
--- a/roles/ipaclient/library/ipadiscovery.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipadiscovery
+module: ipaclient_test
short description: Tries to discover IPA server
description:
Tries to discover IPA server using DNS or host name
@@ -85,34 +85,34 @@ author:
'''
EXAMPLES = '''
-# Complete autodiscovery, register return values as ipadiscovery
+# Complete autodiscovery, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
- register: ipadiscovery
+ ipaclient_test:
+ register: register_ipaclient_test
-# Discovery using servers, register return values as ipadiscovery
+# Discovery using servers, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
servers: server1.domain.com,server2.domain.com
- register: ipadiscovery
+ register: register_ipaclient_test
-# Discovery using domain name, register return values as ipadiscovery
+# Discovery using domain name, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
domain: domain.com
- register: ipadiscovery
+ register: register_ipaclient_test
-# Discovery using realm, register return values as ipadiscovery
+# Discovery using realm, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
realm: DOMAIN.COM
- register: ipadiscovery
+ register: register_ipaclient_test
-# Discovery using hostname, register return values as ipadiscovery
+# Discovery using hostname, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
hostname: host.domain.com
- register: ipadiscovery
+ register: register_ipaclient_test
'''
RETURN = '''
diff --git a/roles/ipaclient/library/ipatest.py b/roles/ipaclient/library/ipaclient_test_keytab.py
similarity index 96%
rename from roles/ipaclient/library/ipatest.py
rename to roles/ipaclient/library/ipaclient_test_keytab.py
index 9dc5e42e2bfc2f4569b81116822fff95a6f6beed..37851deb88deab7cac6360cf573015ab333ab400 100644
--- a/roles/ipaclient/library/ipatest.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipatest
+module: ipaclient_test_keytab
short description: Test if the krb5.keytab on the machine is valid and can be used.
description:
Test if the krb5.keytab on the machine is valid and can be used.
@@ -64,7 +64,7 @@ author:
EXAMPLES = '''
# Test IPA with local keytab
- name: Test IPA in force mode with maximum 5 kinit attempts
- ipatest:
+ ipaclient_test_keytab:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
@@ -74,7 +74,7 @@ EXAMPLES = '''
# Test IPA with ipadiscovery return values
- name: Join IPA
- ipajoin:
+ ipaclient_test_keytab:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
@@ -94,7 +94,7 @@ krb5_conf_ok:
description: The flag describes if krb5.conf on the host is usable.
returned: always
type: bool
-ipa_test_ok:
+ping_test_ok:
description: The flag describes if ipa ping test succeded.
returned: always
type: bool
@@ -143,7 +143,7 @@ def main():
krb5_keytab_ok = False
krb5_conf_ok = False
- ipa_test_ok = False
+ ping_test_ok = False
ca_crt_exists = os.path.exists(paths.IPA_CA_CRT)
env = {'PATH': SECURE_PATH, 'KRB5CCNAME': paths.IPA_DNS_CCACHE}
@@ -160,7 +160,7 @@ def main():
try:
result = run(["/usr/bin/ipa", "ping"], raiseonerr=False, env=env)
if result.returncode == 0:
- ipa_test_ok = True
+ ping_test_ok = True
except OSError:
pass
except GSSError as e:
@@ -197,7 +197,7 @@ def main():
result = run(["/usr/bin/ipa", "ping"], raiseonerr=False,
env=env)
if result.returncode == 0:
- ipa_test_ok = True
+ ping_test_ok = True
except OSError:
pass
@@ -214,7 +214,7 @@ def main():
krb5_keytab_ok=krb5_keytab_ok,
krb5_conf_ok=krb5_conf_ok,
ca_crt_exists=ca_crt_exists,
- ipa_test_ok=ipa_test_ok)
+ ping_test_ok=ping_test_ok)
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index f609fbb2650f6258041255072672419caa67e9d9..14304bfedea8eac2817f445e289ab83bf22c3308 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -22,7 +22,7 @@
when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined
- name: Install - IPA discovery
- ipadiscovery:
+ ipaclient_test:
domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}"
servers: "{{ ipaclient_servers | default(omit) }}"
realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}"
@@ -32,7 +32,7 @@
ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
no_ntp: "{{ ipaclient_no_ntp }}"
- register: ipadiscovery
+ register: result_ipaclient_test
- name: Install - Set default principal if no keytab is given
set_fact:
@@ -46,19 +46,19 @@
- block:
- name: Install - Test if IPA client has working krb5.keytab
- ipatest:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- hostname: "{{ ipadiscovery.hostname }}"
- kdc: "{{ ipadiscovery.kdc }}"
+ ipaclient_test_keytab:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
+ kdc: "{{ result_ipaclient_test.kdc }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
- register: ipatest
+ register: result_ipaclient_test_keytab
- name: Install - Disable One-Time Password for client with working krb5.keytab
set_fact:
ipaclient_use_otp: "no"
- when: ipaclient_use_otp | bool and ipatest.krb5_keytab_ok and not ipaclient_force_join | bool
+ when: ipaclient_use_otp | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not ipaclient_force_join | bool
# The following block is executed when using OTP to enroll IPA client
@@ -77,30 +77,30 @@
- name: Install - Include Python2/3 import test
import_tasks: "{{role_path}}/tasks/python_2_3_test.yml"
- delegate_to: "{{ ipadiscovery.servers[0] }}"
+ delegate_to: "{{ result_ipaclient_test.servers[0] }}"
- name: Install - Get One-Time Password for client enrollment
#no_log: yes
- ipahost:
+ ipaclient_get_otp:
state: present
principal: "{{ ipaadmin_principal | default('admin') }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaadmin_keytab | default(omit) }}"
- fqdn: "{{ ipadiscovery.hostname }}"
+ fqdn: "{{ result_ipaclient_test.hostname }}"
lifetime: "{{ ipaclient_lifetime | default(omit) }}"
random: True
ansible_python_interpreter: "{{ ansible_python_interpreter }}"
- register: ipahost_output
+ register: result_ipaclient_get_otp
# If the host is already enrolled, this command will exit on error
# The error can be ignored
- failed_when: ipahost_output is failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
- delegate_to: "{{ ipadiscovery.servers[0] }}"
+ failed_when: result_ipaclient_get_otp is failed and "Password cannot be set on enrolled host" not in result_ipaclient_get_otp.msg
+ delegate_to: "{{ result_ipaclient_test.servers[0] }}"
delegate_facts: True
- name: Install - Store the previously obtained OTP
no_log: yes
set_fact:
- ipaadmin_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
+ ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword if result_ipaclient_get_otp.host is defined }}"
- name: Install - Restore client ansible_python_interpreter setting
set_fact:
@@ -115,42 +115,42 @@
- name: Install - Check if one of password and keytab are set
fail: msg="At least one of password or keytab must be specified"
- when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+ when: not result_ipaclient_test_keytab.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
when: not ipaclient_on_master | bool
- - name: Install - Purge {{ ipadiscovery.realm }} from host keytab
+ - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
command: >
/usr/sbin/ipa-rmkeytab
-k /etc/krb5.keytab
- -r "{{ ipadiscovery.realm }}"
- register: iparmkeytab
+ -r "{{ result_ipaclient_test.realm }}"
+ register: result_ipa_rmkeytab
# Do not fail on error codes 3 and 5:
# 3 - Unable to open keytab
# 5 - Principal name or realm not found in keytab
- failed_when: iparmkeytab.rc != 0 and iparmkeytab.rc != 3 and iparmkeytab.rc != 5
+ failed_when: result_ipa_rmkeytab.rc != 0 and result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
when: ipaclient_use_otp | bool or ipaclient_force_join | bool
- name: Install - Backup and set hostname
ipaclient_set_hostname:
- hostname: "{{ ipadiscovery.hostname }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
when: not ipaclient_on_master | bool
- name: Install - Join IPA
- ipajoin:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- kdc: "{{ ipadiscovery.kdc }}"
- basedn: "{{ ipadiscovery.basedn }}"
- hostname: "{{ ipadiscovery.hostname }}"
+ ipaclient_join:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ kdc: "{{ result_ipaclient_test.kdc }}"
+ basedn: "{{ result_ipaclient_test.basedn }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and ipaclient_keytab is not defined else '' }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
#ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
- register: ipajoin
- when: not ipaclient_on_master | bool and (not ipatest.krb5_keytab_ok or ipaclient_force_join)
+ register: result_ipaclient_join
+ when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
- block:
- name: Install - End playbook processing
@@ -159,33 +159,33 @@
state: absent
- fail:
msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
- when: not ipatest.krb5_conf_ok
+ when: not result_ipaclient_test_keytab.krb5_conf_ok
- fail:
msg: "The IPA test failed, please enable allow_repair to fix this."
- when: not ipatest.ipa_test_ok
+ when: not result_ipaclient_test_keytab.ping_test_ok
- fail:
msg: "The ca.crt file is missing, please enable allow_repair to fix this."
- when: not ipatest.ca_crt_exists
+ when: not result_ipaclient_test_keytab.ca_crt_exists
- meta: end_play
- when: not ipaclient_on_master | bool and not ipajoin.changed and not ipaclient_allow_repair | bool and (ipatest.krb5_keytab_ok or (ipajoin.already_joined is defined and ipajoin.already_joined))
+ when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
- name: Install - Configure IPA default.conf
include_role:
name: ipaconf
vars:
- ipaconf_server: "{{ ipadiscovery.servers[0] }}"
- ipaconf_domain: "{{ ipadiscovery.domain }}"
- ipaconf_realm: "{{ ipadiscovery.realm }}"
- ipaconf_hostname: "{{ ipadiscovery.hostname }}"
- ipaconf_basedn: "{{ ipadiscovery.basedn }}"
+ ipaconf_server: "{{ result_ipaclient_test.servers[0] }}"
+ ipaconf_domain: "{{ result_ipaclient_test.domain }}"
+ ipaconf_realm: "{{ result_ipaclient_test.realm }}"
+ ipaconf_hostname: "{{ result_ipaclient_test.hostname }}"
+ ipaconf_basedn: "{{ result_ipaclient_test.basedn }}"
when: not ipaclient_on_master | bool
- name: Install - Configure SSSD
- ipasssd:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- hostname: "{{ ipadiscovery.hostname }}"
+ ipaclient_setup_sssd:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
services: ["ssh", "sudo"]
krb5_offline_passwords: yes
on_master: "{{ ipaclient_on_master }}"
@@ -194,66 +194,66 @@
#dns_updates: no
#all_ip_addresses: no
- - name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }} <= 4.4"
+ - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} <= 4.4"
include_role:
name: ipa-krb5
vars:
- krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
- krb5_realm: "{{ ipadiscovery.realm }}"
- krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
+ krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
+ krb5_realm: "{{ result_ipaclient_test.realm }}"
+ krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
krb5_pkinit_anchors: "FILE:/etc/ipa/ca.crt"
- when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version <= 40400
+ when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version <= 40400
- - name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }} > 4.4"
+ - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} > 4.4"
include_role:
name: ipa-krb5
vars:
- krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
- krb5_realm: "{{ ipadiscovery.realm }}"
- krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
+ krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
+ krb5_realm: "{{ result_ipaclient_test.realm }}"
+ krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
krb5_dns_canonicalize_hostname: "false"
krb5_pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem"
krb5_pkinit_anchors: "FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
- when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version > 40400
+ when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version > 40400
- name: Install - IPA API calls for remaining enrollment parts
- ipaapi:
- servers: "{{ ipadiscovery.servers }}"
- realm: "{{ ipadiscovery.realm }}"
- hostname: "{{ ipadiscovery.hostname }}"
+ ipaclient_api:
+ servers: "{{ result_ipaclient_test.servers }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
#debug: yes
- register: ipaapi
+ register: result_ipaclient_api
- name: Install - Fix IPA ca
- ipafixca:
- servers: "{{ ipadiscovery.servers }}"
- realm: "{{ ipadiscovery.realm }}"
- basedn: "{{ ipadiscovery.basedn }}"
+ ipaclient_fix_ca:
+ servers: "{{ result_ipaclient_test.servers }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ basedn: "{{ result_ipaclient_test.basedn }}"
allow_repair: "{{ ipaclient_allow_repair }}"
- when: not ipaclient_on_master | bool and ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists
+ when: not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists
- name: Install - Create IPA NSS database
- ipanss:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- basedn: "{{ ipadiscovery.basedn }}"
- hostname: "{{ ipadiscovery.hostname }}"
- subject_base: "{{ ipaapi.subject_base }}"
+ ipaclient_setup_nss:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ basedn: "{{ result_ipaclient_test.basedn }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
+ subject_base: "{{ result_ipaclient_api.subject_base }}"
principal: "{{ ipaadmin_principal | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
- ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"
+ ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}"
on_master: "{{ ipaclient_on_master }}"
- name: Install - IPA extras configuration
- ipaextras:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- ntp_servers: "{{ ipadiscovery.ntp_servers }}"
+ ipaclient_extras:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ ntp_servers: "{{ result_ipaclient_test.ntp_servers }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
on_master: "{{ ipaclient_on_master }}"
#force_ntpd: no
diff --git a/roles/ipaconf/tasks/main.yml b/roles/ipaconf/tasks/main.yml
index d01a26170d5ea1885b05c5a78f9b3333815f7bb1..a4969dbf88776dee59230e8762abc92755bee5d2 100644
--- a/roles/ipaconf/tasks/main.yml
+++ b/roles/ipaconf/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Backup IPA default.conf
- ipafstore:
+ ipaclient_fstore:
backup: "{{ ipaconf_default_conf }}"
- name: Template IPA default.conf