WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-04-26 19:42:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
5a316c72d414857d6772ad48e9cef19aec00a3ca
fedora-infra_ansible/roles/ipa/server/tasks/main.yml
Patrick Uiterwijk c74bd6d108 Move ipa to ipa/server 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
2016-10-18 17:43:22 +00:00

136 lines
3.8 KiB
YAML
Raw Blame History

---
# Configuration for IPA
- name: install needed packages
yum: pkg={{ item }} state=present
with_items:
- haveged
- ipa-server
- ipa-server-dns
tags:
- ipa/server
- packages
- name: enable haveged
service: name=haveged state=started enabled=yes
tags:
- ipa/server
- config
- name: install IPA
command: ipa-server-install
--realm={{ipa_realm}}
--domain={{ipa_realm}}
--ds-password={{ipa_dm_password}}
--admin-password={{ipa_admin_password}}
--mkhomedir
--no-ntp
--unattended
--no-ssh
--no-sshd
--setup-dns
--forwarder=10.5.126.21
--forwarder=10.5.126.22
--log-file=/var/log/ipainstall.log
creates=/etc/ipa/default.conf
tags:
- ipa/server
- config
when: inventory_hostname.startswith("ipa01")
- name: install IPA vault
command: ipa-kra-install
--password={{ipa_dm_password}}
--unattended
--log-file=/var/log/ipakrainstall.log
creates=/var/log/ipakrainstall.log
tags:
- ipa/server
- config
when: inventory_hostname.startswith("ipa01")
- name: determine whether we need to set up replication
stat: path=/etc/ipa/default.conf
register: replication_status
tags:
- ipa/server
- config
when: not inventory_hostname.startswith("ipa01")
- name: create replica file
delegate_to: ipa01.phx2.fedoraproject.org
command: ipa-replica-prepare
--password={{ipa_dm_password}}
--ip-address={{eth0_ip}}
{{inventory_hostname}}
creates=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
tags:
- ipa/server
- config
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
- name: retrieve replica file
delegate_to: ipa01.phx2.fedoraproject.org
fetch: src=/var/lib/ipa/replica-info-{{inventory_hostname}}.gpg
dest=/tmp/ipa_replica_{{inventory_hostname}}.gpg
flat=yes
tags:
- ipa/server
- config
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
- name: deploy replica file
copy: src=/tmp/ipa_replica_{{inventory_hostname}}.gpg
dest=/root/ipa_replica_{{inventory_hostname}}.gpg
mode=0600 owner=root group=root
tags:
- ipa/server
- config
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
- name: destroy replica file on ansible host
delegate_to: localhost
file: path=/tmp/ipa_replica_{{inventory_hostname}}.gpg state=absent
tags:
- ipa/server
- config
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
- name: deploy replica
command: ipa-replica-install
--setup-ca
--setup-kra
--password={{ipa_dm_password}}
--admin-password={{ipa_admin_password}}
--mkhomedir
--no-ntp
--unattended
--no-ssh
--no-sshd
--setup-dns
--forwarder=10.5.126.21
--forwarder=10.5.126.22
--skip-conncheck
--log-file=/var/log/ipainstall.log
/root/ipa_replica_{{inventory_hostname}}.gpg
creates=/etc/ipa/default.conf
tags:
- ipa/server
- config
when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists
- name: Deploy configuration script
copy: src=configure-ipa.sh dest=/root/configure-ipa.sh mode=0700 owner=root group=root
register: config_deployed
tags:
- ipa/server
- config
when: inventory_hostname.startswith("ipa01")
- name: Run configuration script
command: /bin/bash /root/configure-ipa.sh {{ipa_dm_password}} {{ipa_admin_password}}
tags:
- ipa/server
- config
when: inventory_hostname.startswith("ipa01") and config_deployed.changed
Reference in New Issue View Git Blame Copy Permalink