ipa/client: enable for certgetter in prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
2026-04-26 03:23:08 +08:00 · 2021-03-19 17:25:38 +01:00
parent e5212e01b5
commit e33f6c5ef2
2 changed files with 2 additions and 5 deletions
--- a/inventory/group_vars/certgetter
+++ b/inventory/group_vars/certgetter
@@ -12,4 +12,4 @@ tcp_ports: [ 80, 443 ]
 # Neeed for rsync from log01 for logs.
 custom_rules: [ '-A INPUT -p tcp -m tcp -s 10.3.163.39 --dport 873 -j ACCEPT', '-A INPUT -p tcp -m tcp -s 192.168.1.59 --dport 873 -j ACCEPT' ]

-fas_client_groups: sysadmin-main
+primary_auth_source: ipa
--- a/playbooks/groups/certgetter.yml
+++ b/playbooks/groups/certgetter.yml
@@ -15,8 +15,7 @@
  - rkhunter
  - nagios_client
  - hosts
-  - { role: fas_client, when: env != "staging" }
-  - { role: ipa/client, when: env == "staging" }
+  - ipa/client
  - rsyncd
  - sudo
  - apache
@@ -27,8 +26,6 @@
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: env != "staging"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  - name: make sure certbot is installed