use FQCN across the board

This commit is contained in:
nazunalika 2022-03-27 18:54:24 -07:00
parent 4c55917561
commit b97263aae6
Signed by: label
GPG Key ID: 6735C0E1BD65D048
18 changed files with 45 additions and 41 deletions

View File

@ -11,7 +11,7 @@
tasks: tasks:
- name: "Check for user variables" - name: "Check for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_binder_name | mandatory - ipa_binder_name | mandatory
- ipa_binder_password | mandatory - ipa_binder_password | mandatory
@ -19,7 +19,7 @@
fail_msg: "We are missing user information" fail_msg: "We are missing user information"
- name: "Creating bind account template - binder" - name: "Creating bind account template - binder"
template: ansible.builtin.template:
src: "tmp/binder_template.update" src: "tmp/binder_template.update"
dest: "/tmp/binder.update" dest: "/tmp/binder.update"
owner: root owner: root
@ -29,14 +29,14 @@
- users - users
- name: "Adding in the bind account" - name: "Adding in the bind account"
command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update" ansible.builtin.command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update"
register: bind_account register: bind_account
changed_when: "bind_account.rc == 0" changed_when: "bind_account.rc == 0"
tags: tags:
- users - users
- name: "Remove template" - name: "Remove template"
file: ansible.builtin.file:
path: "/tmp/binder.update" path: "/tmp/binder.update"
state: absent state: absent
... ...

View File

@ -18,7 +18,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
- ipa_zone | mandatory - ipa_zone | mandatory

View File

@ -10,7 +10,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -20,7 +20,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
@ -31,14 +31,14 @@
fail_msg: "We are missing required information" fail_msg: "We are missing required information"
- name: "Check that a keytab doesn't already exist" - name: "Check that a keytab doesn't already exist"
stat: ansible.builtin.stat:
path: "{{ ipa_keytab_fullpath }}" path: "{{ ipa_keytab_fullpath }}"
register: keytab_status register: keytab_status
check_mode: false check_mode: false
changed_when: "1 != 1" changed_when: "1 != 1"
- name: "Verify keytab existence" - name: "Verify keytab existence"
assert: ansible.builtin.assert:
that: that:
- "not keytab_status.stat.exists" - "not keytab_status.stat.exists"
success_msg: "Keytab doesn't exist, moving on..." success_msg: "Keytab doesn't exist, moving on..."
@ -70,14 +70,14 @@
- name: "Get kerberos ticket" - name: "Get kerberos ticket"
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}" ansible.builtin.shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}"
check_mode: false check_mode: false
changed_when: "1 != 1" changed_when: "1 != 1"
when: not keytab_status.stat.exists when: not keytab_status.stat.exists
- name: "Attempt to retrieve keytab" - name: "Attempt to retrieve keytab"
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
command: "ipa-getkeytab -r -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt" ansible.builtin.command: "ipa-getkeytab -r -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt"
register: ret_result register: ret_result
check_mode: false check_mode: false
changed_when: "1 != 1" changed_when: "1 != 1"
@ -85,30 +85,30 @@
- name: "Create keytab if it didn't exist, based on the last task" - name: "Create keytab if it didn't exist, based on the last task"
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
command: "ipa-getkeytab -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt" ansible.builtin.command: "ipa-getkeytab -s {{ ipa_server }} -p {{ ipa_service }} -k /tmp/{{ host }}.kt"
when: "'krbPrincipalKey not found' in ret_result.stderr" when: "'krbPrincipalKey not found' in ret_result.stderr"
- name: "Destroy admin ticket" - name: "Destroy admin ticket"
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
command: "kdestroy -A" ansible.builtin.command: "kdestroy -A"
register: kdestroy_result register: kdestroy_result
changed_when: "kdestroy_result.rc == 0" changed_when: "kdestroy_result.rc == 0"
- name: "Put the keytab into a register" - name: "Put the keytab into a register"
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
command: "base64 /tmp/{{ host }}.kt" ansible.builtin.command: "base64 /tmp/{{ host }}.kt"
register: keytab register: keytab
check_mode: false check_mode: false
changed_when: "keytab.rc == 0" changed_when: "keytab.rc == 0"
- name: "Destroy local keytab" - name: "Destroy local keytab"
delegate_to: "{{ ipa_server }}" delegate_to: "{{ ipa_server }}"
file: ansible.builtin.file:
path: "/tmp/{{ host }}.kt" path: "/tmp/{{ host }}.kt"
state: absent state: absent
- name: "Deploy keytab to {{ host }} from register" - name: "Deploy keytab to {{ host }} from register"
copy: ansible.builtin.copy:
dest: "{{ ipa_keytab_fullpath }}.b64" dest: "{{ ipa_keytab_fullpath }}.b64"
content: "{{ keytab.stdout }}" content: "{{ keytab.stdout }}"
owner: "{{ ipa_owner|default('root') }}" owner: "{{ ipa_owner|default('root') }}"
@ -116,16 +116,16 @@
mode: '0600' mode: '0600'
- name: "Decode keytab" - name: "Decode keytab"
shell: "umask 077 && base64 -d {{ ipa_keytab_fullpath }}.b64 > {{ ipa_keytab_fullpath }}" ansible.builtin.shell: "umask 077 && base64 -d {{ ipa_keytab_fullpath }}.b64 > {{ ipa_keytab_fullpath }}"
changed_when: "1 != 1" changed_when: "1 != 1"
- name: "Destroy encoded keytab" - name: "Destroy encoded keytab"
file: ansible.builtin.file:
path: "{{ ipa_keytab_fullpath }}.b64" path: "{{ ipa_keytab_fullpath }}.b64"
state: absent state: absent
- name: "Set ownership if applicable, otherwise it's root owned" - name: "Set ownership if applicable, otherwise it's root owned"
file: ansible.builtin.file:
path: "{{ ipa_keytab_fullpath }}" path: "{{ ipa_keytab_fullpath }}"
owner: "{{ ipa_owner|default('root') }}" owner: "{{ ipa_owner|default('root') }}"
group: "{{ ipa_owner|default('root') }}" group: "{{ ipa_owner|default('root') }}"

View File

@ -14,7 +14,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -9,7 +9,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -13,7 +13,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -9,7 +9,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -9,7 +9,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -9,7 +9,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipa_admin | mandatory - ipa_admin | mandatory
- ipaadmin_password | mandatory - ipaadmin_password | mandatory

View File

@ -2,3 +2,6 @@
# Collections # Collections
collections: collections:
- name: freeipa.ansible_freeipa - name: freeipa.ansible_freeipa
- name: community.general
- name: ansible.posix
...

View File

@ -48,7 +48,7 @@
- users - users
- name: "Creating bind account template - binder" - name: "Creating bind account template - binder"
template: ansible.builtin.template:
src: "tmp/binder.update" src: "tmp/binder.update"
dest: "/tmp/binder.update" dest: "/tmp/binder.update"
owner: root owner: root
@ -58,14 +58,14 @@
- users - users
- name: "Adding in the bind account - binder" - name: "Adding in the bind account - binder"
command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update" ansible.builtin.command: "/usr/sbin/ipa-ldap-updater /tmp/binder.update"
register: bind_account register: bind_account
changed_when: "bind_account.rc == 0" changed_when: "bind_account.rc == 0"
tags: tags:
- users - users
- name: "Remove template" - name: "Remove template"
file: ansible.builtin.file:
path: "/tmp/binder.update" path: "/tmp/binder.update"
state: absent state: absent
... ...

View File

@ -10,7 +10,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
success_msg: "Required variables provided" success_msg: "Required variables provided"

View File

@ -13,7 +13,7 @@
tasks: tasks:
- name: "Checking for user variables" - name: "Checking for user variables"
assert: ansible.builtin.assert:
that: that:
- ipaadmin_password | mandatory - ipaadmin_password | mandatory
- users | mandatory - users | mandatory

View File

@ -9,12 +9,12 @@
pre_tasks: pre_tasks:
- name: Check if ansible cannot be run here - name: Check if ansible cannot be run here
stat: ansible.builtin.stat:
path: /etc/no-ansible path: /etc/no-ansible
register: no_ansible register: no_ansible
- name: Verify if we can run ansible - name: Verify if we can run ansible
assert: ansible.builtin.assert:
that: that:
- "not no_ansible.stat.exists" - "not no_ansible.stat.exists"
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
@ -32,7 +32,7 @@
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: ansible.builtin.file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'

View File

@ -11,19 +11,19 @@
pre_tasks: pre_tasks:
- name: Check if ansible cannot be run here - name: Check if ansible cannot be run here
stat: ansible.builtin.stat:
path: /etc/no-ansible path: /etc/no-ansible
register: no_ansible register: no_ansible
- name: Verify if we can run ansible - name: Verify if we can run ansible
assert: ansible.builtin.assert:
that: that:
- "not no_ansible.stat.exists" - "not no_ansible.stat.exists"
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node"
- name: Ensure 'dns=none' is set for Network Manager - name: Ensure 'dns=none' is set for Network Manager
ini_file: community.general.ini_file:
path: /etc/NetworkManager/NetworkManager.conf path: /etc/NetworkManager/NetworkManager.conf
state: present state: present
no_extra_spaces: true no_extra_spaces: true
@ -43,7 +43,7 @@
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: ansible.builtin.file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'

View File

@ -16,19 +16,19 @@
pre_tasks: pre_tasks:
- name: Check if ansible cannot be run here - name: Check if ansible cannot be run here
stat: ansible.builtin.stat:
path: /etc/no-ansible path: /etc/no-ansible
register: no_ansible register: no_ansible
- name: Verify if we can run ansible - name: Verify if we can run ansible
assert: ansible.builtin.assert:
that: that:
- "not no_ansible.stat.exists" - "not no_ansible.stat.exists"
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node"
- name: Ensure 'dns=none' is set for Network Manager to avoid change - name: Ensure 'dns=none' is set for Network Manager to avoid change
ini_file: community.general.ini_file:
path: /etc/NetworkManager/NetworkManager.conf path: /etc/NetworkManager/NetworkManager.conf
state: present state: present
no_extra_spaces: true no_extra_spaces: true
@ -48,7 +48,7 @@
post_tasks: post_tasks:
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: ansible.builtin.file:
path: /var/log/ansible.run path: /var/log/ansible.run
state: touch state: touch
mode: '0644' mode: '0644'

View File

@ -4,3 +4,4 @@ roles:
- name: rockylinux.ipagetcert - name: rockylinux.ipagetcert
src: https://github.com/rocky-linux/ansible-role-ipa-getcert src: https://github.com/rocky-linux/ansible-role-ipa-getcert
version: main version: main
...