force ipa_admin requirement in some adhoc

ansible/playbooks/adhoc-ipadns.yml

@@ -14,6 +14,7 @@
     - name: "Checking for user variables"
       assert:
         that:
+          - ipa_admin | mandatory
           - ipaadmin_password | mandatory
           - ipa_zone | mandatory
         success_msg: "Required variables provided"
@@ -21,6 +22,7 @@
 
     - name: "Creating DNS Zone"
       freeipa.ansible_freeipa.ipadnszone:
+        ipaadmin_principal: "{{ ipa_admin }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_zone }}"
       tags:

ansible/playbooks/adhoc-ipagroup.yml

@@ -1,6 +1,9 @@
 ---
 # This playbook is meant to be used with callable variables, like adhoc or AWX.
 # What: Creates groups in the idm infrastructure based on the variables provided
+# You MUST provide an ipa_admin user to run this.
+# If group is going to be a fas group (exposed in noggin), ensure ipa_fas is
+# set to true.
 
 - name: Create our initial users
   hosts: ipaserver
@@ -13,6 +16,7 @@
     - name: "Checking for user variables"
       assert:
         that:
+          - ipa_admin | mandatory
           - ipaadmin_password | mandatory
           - ipa_group | mandatory
           - ipa_description | mandatory
@@ -22,9 +26,22 @@
 
     - name: "Creating Mandatory Groups"
       freeipa.ansible_freeipa.ipagroup:
+        ipaadmin_principal: "{{ ipa_admin }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_group }}"
         description: "{{ ipa_description }}"
         nonposix: "{{ ipa_posix }}"
       tags:
         - groups
+
+    - name: "Prepare FAS if required"
+      shell: "set -o pipefail && echo \"{{ ipaadmin_password  }}\" | kinit {{ ipa_admin }}"
+      check_mode: false
+      changed_when: "1 != 1"
+      when: ipa_fas
+
+    - name: "Apply FAS"
+      command: "ipa group-mod --fasgroup {{ ipa_group }}"
+      check_mode: false
+      changed_when: "1 != 1"
+      when: ipa_fas

ansible/playbooks/adhoc-ipaservice.yml

@@ -13,6 +13,7 @@
     - name: "Checking for user variables"
       assert:
         that:
+          - ipa_admin | mandatory
           - ipaadmin_password | mandatory
           - ipa_service | mandatory
         success_msg: "Required variables provided"
@@ -20,6 +21,7 @@
 
     - name: "Creating Kerberos Service"
       freeipa.ansible_freeipa.ipaservice:
+        ipaadmin_principal: "{{ ipa_admin }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_service }}"
         skip_host_check: "{{ ipa_skip_host_check | default(false) }}"

ansible/playbooks/adhoc-ipauser.yml

@@ -13,6 +13,7 @@
     - name: "Checking for user variables"
       assert:
         that:
+          - ipa_admin | mandatory
           - ipaadmin_password | mandatory
           - ipa_name | mandatory
           - ipa_first | mandatory
@@ -25,6 +26,7 @@
 
     - name: "Creating User Account"
       freeipa.ansible_freeipa.ipauser:
+        ipaadmin_principal: "{{ ipa_admin }}"
         ipaadmin_password: "{{ ipaadmin_password }}"
         name: "{{ ipa_name }}"
         first: "{{ ipa_first }}"