mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-12-22 10:58:29 +00:00
linting, ipa rdns
This commit is contained in:
parent
085c9ae83e
commit
33a6d29608
@ -91,6 +91,9 @@ At a minimum, there should be `pre_tasks` and `post_tasks` that can judge whethe
|
||||
file:
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
```
|
||||
|
||||
### Comments
|
||||
|
@ -8,15 +8,15 @@ ipa001.rockylinux.org ansible_host=10.100.1.110
|
||||
[ipaserver:vars]
|
||||
ipaserver_domain=rockylinux.org
|
||||
ipaserver_realm=ROCKYLINUX.ORG
|
||||
ipaserver_setup_dns=yes
|
||||
ipaserver_setup_dns=true
|
||||
ipaserver_setup_kra=true
|
||||
ipaserver_auto_forwarders=yes
|
||||
ipaserver_auto_forwarders=true
|
||||
ipaserver_no_host_dns=true
|
||||
ipaserver_hostname=ipa001.rockylinux.org
|
||||
ipaserver_allow_zone_overlap=yes
|
||||
ipaserver_setup_firewalld=yes
|
||||
ipaserver_allow_zone_overlap=true
|
||||
ipaserver_setup_firewalld=true
|
||||
ipaclient_no_ntp=true
|
||||
ipaclient_mkhomedir=yes
|
||||
ipaclient_mkhomedir=true
|
||||
ipaserver_reverse_zones=["1.100.10.in-addr.arpa."]
|
||||
|
||||
[ipareplicas]
|
||||
@ -25,17 +25,19 @@ ipa002.rockylinux.org ansible_host=10.100.1.111
|
||||
[ipareplicas:vars]
|
||||
ipaadmin_principal=admin
|
||||
ipaclient_no_ntp=true
|
||||
ipaclient_mkhomedir=yes
|
||||
ipaclient_mkhomedir=true
|
||||
ipaserver_realm=ROCKYLINUX.ORG
|
||||
ipaserver_hostname=ipa002.rockylinux.org
|
||||
ipareplica_domain=rockylinux.org
|
||||
ipareplica_auto_forwarders=yes
|
||||
ipareplica_setup_firewalld=yes
|
||||
ipareplica_setup_ca=yes
|
||||
ipareplica_setup_kra=yes
|
||||
ipareplica_setup_dns=yes
|
||||
ipareplica_auto_forwarders=true
|
||||
ipareplica_setup_firewalld=true
|
||||
ipareplica_setup_ca=true
|
||||
ipareplica_setup_kra=true
|
||||
ipareplica_setup_dns=true
|
||||
ipa_dns_master=10.100.1.110
|
||||
|
||||
# This is for example purposes - it is likely we'll use "all" instead of
|
||||
# putting everything under an ipaclient
|
||||
[ipaclients]
|
||||
build-a-box.rockylinux.org ansible_host=10.100.1.112
|
||||
|
||||
@ -43,4 +45,4 @@ build-a-box.rockylinux.org ansible_host=10.100.1.112
|
||||
ipaclient_domain=rockylinux.org
|
||||
ipaadmin_principal=admin
|
||||
ipaclient_no_ntp=true
|
||||
ipaclient_mkhomedir=yes
|
||||
ipaclient_mkhomedir=true
|
||||
|
@ -53,5 +53,5 @@
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
user: root
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -36,5 +36,5 @@
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
user: root
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -1,2 +1,3 @@
|
||||
---
|
||||
- src: freeipa.ansible_freeipa
|
||||
- src: community.general
|
||||
|
@ -19,6 +19,9 @@
|
||||
- "not no_ansible.stat.exists"
|
||||
msg: "/etc/no-ansible exists - skipping run on this node"
|
||||
|
||||
- name: Check if we can see LDAP srv records
|
||||
|
||||
|
||||
roles:
|
||||
- role: ipaclient
|
||||
state: present
|
||||
@ -29,5 +32,5 @@
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
user: root
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -59,5 +59,5 @@
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
user: root
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -1,6 +1,11 @@
|
||||
---
|
||||
# Creates the first server for an IPA infrastructure
|
||||
# Variables for the infrastructure are in inventory/ipainventory
|
||||
# Recommended specs for the IPA systems, that scale based on number of objects:
|
||||
# CPU: 2 cores
|
||||
# Memory: 4GB
|
||||
# Storage: 10G /var/lib/dirsrv
|
||||
# System fully up to date
|
||||
- name: Configure IPA server
|
||||
hosts: ipaserver
|
||||
become: true
|
||||
@ -48,5 +53,5 @@
|
||||
path: /var/log/ansible.run
|
||||
state: touch
|
||||
mode: '0644'
|
||||
user: root
|
||||
owner: root
|
||||
group: root
|
||||
|
@ -2,9 +2,15 @@
|
||||
rdns:
|
||||
- 0.1.10.in-addr.arpa.
|
||||
- 2.1.10.in-addr.arpa.
|
||||
- 4.1.10.in-addr.arpa.
|
||||
- 6.1.10.in-addr.arpa.
|
||||
- 8.1.10.in-addr.arpa.
|
||||
- 10.1.10.in-addr.arpa.
|
||||
- 14.1.10.in-addr.arpa.
|
||||
- 0.16.10.in-addr.arpa.
|
||||
- 2.16.10.in-addr.arpa.
|
||||
- 4.16.10.in-addr.arpa.
|
||||
- 6.16.10.in-addr.arpa.
|
||||
- 8.16.10.in-addr.arpa.
|
||||
- 10.16.10.in-addr.arpa.
|
||||
- 14.16.10.in-addr.arpa.
|
||||
|
Loading…
Reference in New Issue
Block a user