update handlers and fix template
This commit is contained in:
parent
842927a7ec
commit
991360bbaa
5 changed files with 59 additions and 71 deletions
|
@ -9,4 +9,14 @@
|
||||||
ansible.builtin.service:
|
ansible.builtin.service:
|
||||||
name: named
|
name: named
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
- name: enable_firewalld
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: firewalld
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: enable_crb
|
||||||
|
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
|
||||||
|
changed_when: "1 != 1"
|
||||||
...
|
...
|
||||||
|
|
|
@ -25,40 +25,8 @@
|
||||||
success_msg: "We are able to run on this node"
|
success_msg: "We are able to run on this node"
|
||||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||||
|
|
||||||
- name: Ensure 'dns=none' is set for Network Manager
|
- name: Perform domain pre-work
|
||||||
community.general.ini_file:
|
ansible.builtin.import_tasks: tasks/domain-prework.yml
|
||||||
path: /etc/NetworkManager/NetworkManager.conf
|
|
||||||
state: present
|
|
||||||
no_extra_spaces: true
|
|
||||||
section: main
|
|
||||||
option: dns
|
|
||||||
value: none
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
backup: true
|
|
||||||
notify:
|
|
||||||
- reload_networkmanager
|
|
||||||
|
|
||||||
- name: Ensure epel-release is installed
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: epel-release
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Enable CRB
|
|
||||||
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
|
|
||||||
|
|
||||||
- name: Install ipa-fas
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: ipa-fas
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Open firewalld service before hand
|
|
||||||
ansible.posix.firewalld:
|
|
||||||
service: freeipa-4
|
|
||||||
permanent: true
|
|
||||||
immediate: true
|
|
||||||
state: enabled
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- role: freeipa.ansible_freeipa.ipareplica
|
- role: freeipa.ansible_freeipa.ipareplica
|
||||||
|
@ -74,5 +42,5 @@
|
||||||
group: root
|
group: root
|
||||||
|
|
||||||
- name: Configure recursion for private nets
|
- name: Configure recursion for private nets
|
||||||
import_tasks: tasks/dns-ext.yml
|
ansible.builtin.import_tasks: tasks/dns-ext.yml
|
||||||
...
|
...
|
||||||
|
|
|
@ -30,40 +30,8 @@
|
||||||
success_msg: "We are able to run on this node"
|
success_msg: "We are able to run on this node"
|
||||||
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
fail_msg: "/etc/no-ansible exists - skipping run on this node"
|
||||||
|
|
||||||
- name: Ensure 'dns=none' is set for Network Manager to avoid change
|
- name: Perform domain pre-work
|
||||||
community.general.ini_file:
|
ansible.builtin.import_tasks: tasks/domain-prework.yml
|
||||||
path: /etc/NetworkManager/NetworkManager.conf
|
|
||||||
state: present
|
|
||||||
no_extra_spaces: true
|
|
||||||
section: main
|
|
||||||
option: dns
|
|
||||||
value: none
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
backup: true
|
|
||||||
notify:
|
|
||||||
- reload_networkmanager
|
|
||||||
|
|
||||||
- name: Ensure epel-release is installed
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: epel-release
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Enable CRB
|
|
||||||
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
|
|
||||||
|
|
||||||
- name: Install ipa-fas
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: ipa-fas
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Open firewalld service before hand
|
|
||||||
ansible.posix.firewalld:
|
|
||||||
service: freeipa-4
|
|
||||||
permanent: true
|
|
||||||
immediate: true
|
|
||||||
state: enabled
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- role: freeipa.ansible_freeipa.ipaserver
|
- role: freeipa.ansible_freeipa.ipaserver
|
||||||
|
@ -84,5 +52,5 @@
|
||||||
allow_sync_ptr: true
|
allow_sync_ptr: true
|
||||||
|
|
||||||
- name: Configure recursion for private nets
|
- name: Configure recursion for private nets
|
||||||
import_tasks: tasks/dns-ext.yml
|
ansible.builtin.import_tasks: tasks/dns-ext.yml
|
||||||
...
|
...
|
||||||
|
|
42
tasks/domain-prework.yml
Normal file
42
tasks/domain-prework.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: Ensure epel-release and firewalld are installed
|
||||||
|
ansible.builtin.dnf:
|
||||||
|
name:
|
||||||
|
- epel-release
|
||||||
|
- firewalld
|
||||||
|
state: present
|
||||||
|
notify:
|
||||||
|
- enable_firewalld
|
||||||
|
- enable_crb
|
||||||
|
|
||||||
|
# We need this immediately.
|
||||||
|
- name: Flush handlers
|
||||||
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Ensure 'dns=none' is set for Network Manager
|
||||||
|
community.general.ini_file:
|
||||||
|
path: /etc/NetworkManager/NetworkManager.conf
|
||||||
|
state: present
|
||||||
|
no_extra_spaces: true
|
||||||
|
section: main
|
||||||
|
option: dns
|
||||||
|
value: none
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
backup: true
|
||||||
|
notify:
|
||||||
|
- reload_networkmanager
|
||||||
|
|
||||||
|
- name: Install ipa-fas
|
||||||
|
ansible.builtin.dnf:
|
||||||
|
name: ipa-fas
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Open firewalld service before hand
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: freeipa-4
|
||||||
|
permanent: true
|
||||||
|
immediate: true
|
||||||
|
state: enabled
|
||||||
|
...
|
|
@ -15,4 +15,4 @@
|
||||||
* };
|
* };
|
||||||
*/
|
*/
|
||||||
|
|
||||||
acl "trusted_nets" { {{ ipa_trusted_nets|join(';') }} };
|
acl "trusted_nets" { {{ ipa_trusted_nets|join(';') }}; };
|
||||||
|
|
Loading…
Reference in a new issue