Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
Ansible FreeIPA
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Model registry
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Mirror
Ansible FreeIPA
Commits
d1af0ff4
Commit
d1af0ff4
authored
5 years ago
by
Uumas
Browse files
Options
Downloads
Patches
Plain Diff
Added support for predefining client OTP using ipaclient_otp
parent
0240ec34
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
roles/ipaclient/tasks/install.yml
+18
-5
18 additions, 5 deletions
roles/ipaclient/tasks/install.yml
with
18 additions
and
5 deletions
roles/ipaclient/tasks/install.yml
+
18
−
5
View file @
d1af0ff4
...
@@ -72,6 +72,11 @@
...
@@ -72,6 +72,11 @@
servers
:
"
{{
result_ipaclient_test.servers
}}"
servers
:
"
{{
result_ipaclient_test.servers
}}"
domain
:
"
{{
result_ipaclient_test.domain
}}"
domain
:
"
{{
result_ipaclient_test.domain
}}"
-
name
:
Install - Make sure One-Time Password is enabled if it's already defined
set_fact
:
ipaclient_use_otp
:
"
yes"
when
:
ipaclient_otp is defined
-
name
:
Install - Disable One-Time Password for on_master
-
name
:
Install - Disable One-Time Password for on_master
set_fact
:
set_fact
:
ipaclient_use_otp
:
"
no"
ipaclient_use_otp
:
"
no"
...
@@ -95,15 +100,16 @@
...
@@ -95,15 +100,16 @@
result_ipaclient_test_keytab.krb5_keytab_ok and
result_ipaclient_test_keytab.krb5_keytab_ok and
not ipaclient_force_join | bool
not ipaclient_force_join | bool
# The following block is executed when using OTP to enroll IPA client
# The following block is executed when using OTP to enroll IPA client and
# ie when ipaclient_use_otp is set.
# the OTP isn't predefined, ie when ipaclient_use_otp is set and ipaclient_otp
# is not set.
# It connects to ipaserver and add the host with --random option in order
# It connects to ipaserver and add the host with --random option in order
# to create a OneTime Password
# to create a OneTime Password
# If a keytab is specified in the hostent, then the hostent will be disabled
# If a keytab is specified in the hostent, then the hostent will be disabled
# if ipaclient_use_otp is set.
# if ipaclient_use_otp is set.
-
block
:
-
block
:
-
name
:
Install - Keytab or password is required for otp
-
name
:
Install - Keytab or password is required for
getting
otp
fail
:
msg="Keytab or password is required for otp"
fail
:
msg="Keytab or password is required for
getting
otp"
when
:
ipaadmin_keytab is undefined and ipaadmin_password is undefined
when
:
ipaadmin_keytab is undefined and ipaadmin_password is undefined
#- name: Install - Include Python2/3 import test
#- name: Install - Include Python2/3 import test
...
@@ -143,7 +149,14 @@
...
@@ -143,7 +149,14 @@
ipaadmin_password
:
"
{{
result_ipaclient_get_otp.host.randompassword
ipaadmin_password
:
"
{{
result_ipaclient_get_otp.host.randompassword
if
result_ipaclient_get_otp.host
is
defined
}}"
if
result_ipaclient_get_otp.host
is
defined
}}"
when
:
ipaclient_use_otp | bool
when
:
ipaclient_use_otp | bool and ipaclient_otp is not defined
-
name
:
Store predefined OTP in admin_password
no_log
:
yes
set_fact
:
ipaadmin_orig_password
:
"
{{
ipaadmin_password
|
default(omit)
}}"
ipaadmin_password
:
"
{{
ipaclient_otp
}}"
when
:
ipaclient_otp is defined
-
block
:
-
block
:
# This block is executed only when
# This block is executed only when
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
