Skip to content
GitLab
Explore
Sign in
This is an archived project. Repository and other project resources are read-only.
Tools
Ansible
Playbooks
IDM FreeIPA Setup - After
Compare revisions
5109897c2199fbecc5280a4e8cf8d4b679ffcc79 to 8c05a644ae2067f4b085797457200559ad51d28d
Commits on Source (2)
.
· 942fb6e4
Дмитрий Сафронов
authored
May 26, 2021
942fb6e4
Merge branch 'fix' into 'master'
· 8c05a644
Дмитрий Сафронов
authored
May 26, 2021
. See merge request ansible/playbooks/idm-freeipa-setup-after!20
8c05a644
Hide whitespace changes
Inline
Side-by-side
requirements.yml
View file @
8c05a644
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/essential
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/essential
scm
:
git
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/ucarp_systemd
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/freeipa_le_ca
scm
:
git
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/ssl_refresher
scm
:
git
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/ucarp_systemd
scm
:
git
-
src
:
https://gitlab.cyberbrain.pw/ansible/roles/ucarp_systemd_dependency
scm
:
git
run.yml
View file @
8c05a644
...
@@ -19,20 +19,32 @@
...
@@ -19,20 +19,32 @@
become
:
yes
become
:
yes
vars
:
vars
:
-
ssl_refresher_success
:
|
-
ssl_refresher_success
:
|
ipa-server-certinstall -w -d /opt/ssl/cert.pem /opt/ssl/privkey.pem --pin='' -p "{{ ipadm_password }}"
systemctl restart httpd
roles
:
roles
:
-
ssl_refresher
-
ssl_refresher
-
name
:
Update IPA certs
#- name: Bind ssl-refresher certs
# hosts: ipaserver:ipareplicas
# become: yes
# tasks:
# - ssl_refresher
-
name
:
Install ucarp with dependencies
hosts
:
ipaserver:ipareplicas
hosts
:
ipaserver:ipareplicas
become
:
yes
become
:
yes
task
s
:
role
s
:
-
name
:
Update IPA certs
-
{
role
:
ucarp_systemd_dependency
,
ucarp_dependency
:
"
httpd"
}
ansible.builtin.shell
:
ipa-certupdate
-
{
role
:
ucarp_systemd_dependency
,
ucarp_dependency
:
"
krb5kdc"
}
changed_when
:
False
-
{
role
:
ucarp_systemd_dependency
,
ucarp_dependency
:
"
named-pkcs11"
}
-
name
:
Install ucarp
-
name
:
Add ucarp dependencies on server
hosts
:
ipaserver:ipareplicas
hosts
:
ipaserver
become
:
yes
roles
:
-
{
role
:
ucarp_systemd_dependency
,
ucarp_dependency
:
"
dirsrv@{{
ipaserver_realm
}}"
}
-
name
:
Add ucarp dependencies on replicas
hosts
:
ipareplicas
become
:
yes
become
:
yes
roles
:
roles
:
-
ucarp_systemd
-
{
role
:
ucarp_systemd
_dependency
,
ucarp_dependency
:
"
dirsrv@{{
ipareplicas_realm
}}"
}