diff --git a/adhoc-ipadnsrecord.yml b/adhoc-ipadnsrecord.yml index 8e6ca7f..c72ddfe 100644 --- a/adhoc-ipadnsrecord.yml +++ b/adhoc-ipadnsrecord.yml @@ -4,7 +4,7 @@ # provided. # What is expected: # -> ipaadmin_password: This should be the password of the admin user -# -> ipa_admin: The admin user that has kerberos management capabilities (default is admin) +# -> ipaadmin_principal: The admin user that has kerberos management capabilities (default is admin) # -> ipa_zone: The zone name (eg, rockylinux.org) # -> ipa_name: The shortname (eg, buildbox instead of buildbox.rockylinux.org) # -> ipa_name_type: Type of record (eg, CNAME, A, AAAA, PTR) @@ -33,7 +33,7 @@ - name: "Creating DNS Record" freeipa.ansible_freeipa.ipadnsrecord: - ipaadmin_principal: "{{ ipa_admin|default('admin') }}" + ipaadmin_principal: "{{ ipaadmin_principal|default('admin') }}" ipaadmin_password: "{{ ipaadmin_password }}" zone_name: "{{ ipa_zone }}" name: "{{ ipa_name }}" @@ -48,7 +48,7 @@ # host doesn't exist, we'll ignore it. - name: "Creating host object for CNAME" freeipa.ansible_freeipa.ipahost: - ipaadmin_principal: "{{ ipa_admin|default('admin') }}" + ipaadmin_principal: "{{ ipaadmin_principal|default('admin') }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}.{{ ipa_zone }}" force: true diff --git a/adhoc-ipadnszone.yml b/adhoc-ipadnszone.yml index ae8e8dc..47f90d5 100644 --- a/adhoc-ipadnszone.yml +++ b/adhoc-ipadnszone.yml @@ -14,7 +14,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_zone | mandatory success_msg: "Required variables provided" @@ -22,7 +22,7 @@ - name: "Creating DNS Zone" freeipa.ansible_freeipa.ipadnszone: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_zone }}" dynamicupdate: true diff --git a/adhoc-ipagetkeytab.yml b/adhoc-ipagetkeytab.yml index 393b908..7305b16 100644 --- a/adhoc-ipagetkeytab.yml +++ b/adhoc-ipagetkeytab.yml @@ -10,7 +10,7 @@ # -> ipa_keytab_fullpath: The full path to the keytab. Example: /etc/gitlab/gitlab.keytab # -> ipa_server: This needs to be one of the IPA servers # -> ipa_owner: If applicable, the local account that can read this keytab (eg apache) -# -> ipa_admin: The admin user that has kerberos management capabilities (default is admin) +# -> ipaadmin_principal: The admin user that has kerberos management capabilities (default is admin) # -> ipaadmin_password: This should be the password of the admin user - name: Pull keytab from IPA @@ -24,7 +24,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_service | mandatory - ipa_keytab_fullpath | mandatory @@ -46,33 +46,33 @@ success_msg: "Keytab doesn't exist, moving on..." fail_msg: "Keytab with that name already exists, skipping." - - name: "Grant {{ host }} and {{ ipa_admin }} access to the service keytab" + - name: "Grant {{ host }} and {{ ipaadmin_principal }} access to the service keytab" delegate_to: "{{ ipa_server }}" freeipa.ansible_freeipa.ipaservice: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_service }}" allow_retrieve_keytab_user: - - "{{ ipa_admin }}" + - "{{ ipaadmin_principal }}" allow_retrieve_keytab_host: - "{{ host }}" action: member - - name: "Grant {{ host }} and {{ ipa_admin }} access to the host keytab" + - name: "Grant {{ host }} and {{ ipaadmin_principal }} access to the host keytab" delegate_to: "{{ ipa_server }}" freeipa.ansible_freeipa.ipahost: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ host }}" state: present allow_retrieve_keytab_user: - - "{{ ipa_admin }}" + - "{{ ipaadmin_principal }}" managedby_host: "{{ host }}" action: member - name: "Get kerberos ticket" delegate_to: "{{ ipa_server }}" - ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}" + ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipaadmin_principal }}" check_mode: false changed_when: "1 != 1" when: not keytab_status.stat.exists diff --git a/adhoc-ipagroup.yml b/adhoc-ipagroup.yml index d1a04d4..225b0d7 100644 --- a/adhoc-ipagroup.yml +++ b/adhoc-ipagroup.yml @@ -1,7 +1,7 @@ --- # This playbook is meant to be used with callable variables, like adhoc or AWX. # What: Creates groups in the idm infrastructure based on the variables provided -# You MUST provide an ipa_admin user to run this. +# You MUST provide an ipaadmin_principal user to run this. # If group is going to be a fas group (exposed in noggin), ensure ipa_fas is # set to true. @@ -18,7 +18,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_group | mandatory - ipa_description | mandatory @@ -28,7 +28,7 @@ - name: "Creating New Group" freeipa.ansible_freeipa.ipagroup: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_group }}" description: "{{ ipa_description }}" @@ -39,7 +39,7 @@ - groups - name: "Prepare FAS if required" - ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}" + ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipaadmin_principal }}" check_mode: false changed_when: "1 != 1" when: ipa_fas diff --git a/adhoc-ipaservice.yml b/adhoc-ipaservice.yml index 243916f..4191b88 100644 --- a/adhoc-ipaservice.yml +++ b/adhoc-ipaservice.yml @@ -13,7 +13,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_service | mandatory success_msg: "Required variables provided" @@ -21,7 +21,7 @@ - name: "Creating Kerberos Service" freeipa.ansible_freeipa.ipaservice: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_service }}" skip_host_check: "{{ ipa_skip_host_check | default(false) }}" diff --git a/adhoc-ipauser-disable-pdr.yml b/adhoc-ipauser-disable-pdr.yml index 8721c6b..20c91e5 100644 --- a/adhoc-ipauser-disable-pdr.yml +++ b/adhoc-ipauser-disable-pdr.yml @@ -17,7 +17,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_name | mandatory - ticket_id | mandatory @@ -26,7 +26,7 @@ - name: "Disabling User Account" freeipa.ansible_freeipa.ipauser: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}" state: disabled @@ -40,7 +40,7 @@ values: [] state: exact server_uri: ldap://localhost/ - bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" + bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org" bind_pw: "{{ ipaadmin_password }}" with_items: - fasGPGKeyId @@ -70,7 +70,7 @@ values: "Account Disabled: {{ ticket_id }}" state: exact server_uri: ldap://localhost/ - bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" + bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org" bind_pw: "{{ ipaadmin_password }}" - name: "Set FAS Account Information to Private" @@ -80,6 +80,6 @@ values: "TRUE" state: exact server_uri: ldap://localhost/ - bind_dn: "uid={{ ipa_admin }},cn=users,cn=accounts,dc=rockylinux,dc=org" + bind_dn: "uid={{ ipaadmin_principal }},cn=users,cn=accounts,dc=rockylinux,dc=org" bind_pw: "{{ ipaadmin_password }}" ... diff --git a/adhoc-ipauser-disable.yml b/adhoc-ipauser-disable.yml index 9a6f3aa..02e6af4 100644 --- a/adhoc-ipauser-disable.yml +++ b/adhoc-ipauser-disable.yml @@ -13,7 +13,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_name | mandatory success_msg: "Required variables provided" @@ -21,7 +21,7 @@ - name: "Disabling User Account" freeipa.ansible_freeipa.ipauser: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}" state: disabled diff --git a/adhoc-ipauser-enable.yml b/adhoc-ipauser-enable.yml index f38ba98..235b9de 100644 --- a/adhoc-ipauser-enable.yml +++ b/adhoc-ipauser-enable.yml @@ -13,7 +13,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_name | mandatory success_msg: "Required variables provided" @@ -21,7 +21,7 @@ - name: "Enabling User Account" freeipa.ansible_freeipa.ipauser: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}" state: enabled diff --git a/adhoc-ipauser.yml b/adhoc-ipauser.yml index 5e98011..75d3912 100644 --- a/adhoc-ipauser.yml +++ b/adhoc-ipauser.yml @@ -13,7 +13,7 @@ - name: "Checking for user variables" ansible.builtin.assert: that: - - ipa_admin | mandatory + - ipaadmin_principal | mandatory - ipaadmin_password | mandatory - ipa_name | mandatory - ipa_first | mandatory @@ -26,7 +26,7 @@ - name: "Creating User Account" freeipa.ansible_freeipa.ipauser: - ipaadmin_principal: "{{ ipa_admin }}" + ipaadmin_principal: "{{ ipaadmin_principal }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}" first: "{{ ipa_first }}"