infrastructure/mono-infrastructure
7
0
Fork 0
mirror of https://github.com/rocky-linux/infrastructure synced 2024-12-22 10:58:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #14969 from rocky-linux/develop

Browse Source 
ipa getcert adhoc
This commit is contained in:
Louis Abel 2021-01-17 13:07:26 -07:00 committed by GitHub
commit 27e05b44fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
ansible/playbooks/adhoc-ipagetcert.yml Normal file
View File

@ -0,0 +1,30 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Requests and signs a certificate from an IPA CA
# What is expected:
# -> getcert_name: Name of the certificate (FQDN)
# -> getcert_owner: what account owns the certificate files
# -> getcert_key: path to the certificate key
# -> getcert_cert: path to the certificate
# -> getcert_postcmd: command to run after a certificate renews
# -> getcert_chain: true/false, should cert and key be chained together
# -> getcert_chain_location: location for the chain
# TODO: Add CNAME/SAN support
- name: Request and sign an IPA Certificate
hosts: "{{ host }}"
become: true
gather_facts: false
vars:
ipa_getcert_requested_hostnames:
- name: "{{ getcert_name|default(ansible_fqdn) }}"
owner: "{{ getcert_owner|default(omit} }}"
key_location: "{{ getcert_key|default(omit) }}"
cert_location: "{{ getcert_cert|defailt(omit) }}"
postcmd: "{{ getcert_postcmd|default(omit) }}"
ipa_getcert_chain: "{{ getcert_chain|default(omit) }}"
ipa_getcert_chain_location: "{{ getcert_chain_location|default(omit) }}"
roles:
- role: rockylinux.ipagetcert
state: present

6
ansible/playbooks/role-rocky-ipa-client.yml
View File

@ -21,6 +21,12 @@
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node"
- name: Apply hostname based on inventory name
hostname:
name: "{{ inventory_hostname }}"
use: systemd
when: ansible_fqdn != inventory_hostname
roles: roles:
- role: freeipa.ansible_freeipa.ipaclient - role: freeipa.ansible_freeipa.ipaclient
state: present state: present

6
ansible/playbooks/role-rocky-ipsilon.yml
View File

@ -62,6 +62,12 @@
state: present state: present
post_tasks: post_tasks:
- name: Start and enable httpd
service:
name: httpd
state: running
enabled: true
- name: Touching run file that ansible has ran here - name: Touching run file that ansible has ran here
file: file:
path: /var/log/ansible.run path: /var/log/ansible.run