update handlers and fix template

This commit is contained in:
Louis Abel 2023-04-22 00:58:06 -07:00
parent 842927a7ec
commit 991360bbaa
Signed by: label
GPG Key ID: 6735C0E1BD65D048
5 changed files with 59 additions and 71 deletions

View File

@ -9,4 +9,14 @@
ansible.builtin.service:
name: named
state: restarted
- name: enable_firewalld
ansible.builtin.service:
name: firewalld
state: started
enabled: true
- name: enable_crb
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
changed_when: "1 != 1"
...

View File

@ -25,40 +25,8 @@
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
- name: Ensure 'dns=none' is set for Network Manager
community.general.ini_file:
path: /etc/NetworkManager/NetworkManager.conf
state: present
no_extra_spaces: true
section: main
option: dns
value: none
owner: root
group: root
mode: '0644'
backup: true
notify:
- reload_networkmanager
- name: Ensure epel-release is installed
ansible.builtin.dnf:
name: epel-release
state: present
- name: Enable CRB
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
- name: Install ipa-fas
ansible.builtin.dnf:
name: ipa-fas
state: present
- name: Open firewalld service before hand
ansible.posix.firewalld:
service: freeipa-4
permanent: true
immediate: true
state: enabled
- name: Perform domain pre-work
ansible.builtin.import_tasks: tasks/domain-prework.yml
roles:
- role: freeipa.ansible_freeipa.ipareplica
@ -74,5 +42,5 @@
group: root
- name: Configure recursion for private nets
import_tasks: tasks/dns-ext.yml
ansible.builtin.import_tasks: tasks/dns-ext.yml
...

View File

@ -30,40 +30,8 @@
success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node"
- name: Ensure 'dns=none' is set for Network Manager to avoid change
community.general.ini_file:
path: /etc/NetworkManager/NetworkManager.conf
state: present
no_extra_spaces: true
section: main
option: dns
value: none
owner: root
group: root
mode: '0644'
backup: true
notify:
- reload_networkmanager
- name: Ensure epel-release is installed
ansible.builtin.dnf:
name: epel-release
state: present
- name: Enable CRB
ansible.builtin.shell: "set -o pipefail && /usr/bin/crb enable"
- name: Install ipa-fas
ansible.builtin.dnf:
name: ipa-fas
state: present
- name: Open firewalld service before hand
ansible.posix.firewalld:
service: freeipa-4
permanent: true
immediate: true
state: enabled
- name: Perform domain pre-work
ansible.builtin.import_tasks: tasks/domain-prework.yml
roles:
- role: freeipa.ansible_freeipa.ipaserver
@ -84,5 +52,5 @@
allow_sync_ptr: true
- name: Configure recursion for private nets
import_tasks: tasks/dns-ext.yml
ansible.builtin.import_tasks: tasks/dns-ext.yml
...

42
tasks/domain-prework.yml Normal file
View File

@ -0,0 +1,42 @@
---
- name: Ensure epel-release and firewalld are installed
ansible.builtin.dnf:
name:
- epel-release
- firewalld
state: present
notify:
- enable_firewalld
- enable_crb
# We need this immediately.
- name: Flush handlers
ansible.builtin.meta: flush_handlers
- name: Ensure 'dns=none' is set for Network Manager
community.general.ini_file:
path: /etc/NetworkManager/NetworkManager.conf
state: present
no_extra_spaces: true
section: main
option: dns
value: none
owner: root
group: root
mode: '0644'
backup: true
notify:
- reload_networkmanager
- name: Install ipa-fas
ansible.builtin.dnf:
name: ipa-fas
state: present
- name: Open firewalld service before hand
ansible.posix.firewalld:
service: freeipa-4
permanent: true
immediate: true
state: enabled
...

View File

@ -15,4 +15,4 @@
* };
*/
acl "trusted_nets" { {{ ipa_trusted_nets|join(';') }} };
acl "trusted_nets" { {{ ipa_trusted_nets|join(';') }}; };