force ipa_admin requirement in some adhoc

This commit is contained in:
nazunalika 2021-01-05 15:24:00 -07:00
parent 9928289f2e
commit 80a4efd099
4 changed files with 23 additions and 0 deletions

View File

@ -14,6 +14,7 @@
- name: "Checking for user variables"
assert:
that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory
- ipa_zone | mandatory
success_msg: "Required variables provided"
@ -21,6 +22,7 @@
- name: "Creating DNS Zone"
freeipa.ansible_freeipa.ipadnszone:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_zone }}"
tags:

View File

@ -1,6 +1,9 @@
---
# This playbook is meant to be used with callable variables, like adhoc or AWX.
# What: Creates groups in the idm infrastructure based on the variables provided
# You MUST provide an ipa_admin user to run this.
# If group is going to be a fas group (exposed in noggin), ensure ipa_fas is
# set to true.
- name: Create our initial users
hosts: ipaserver
@ -13,6 +16,7 @@
- name: "Checking for user variables"
assert:
that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory
- ipa_group | mandatory
- ipa_description | mandatory
@ -22,9 +26,22 @@
- name: "Creating Mandatory Groups"
freeipa.ansible_freeipa.ipagroup:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_group }}"
description: "{{ ipa_description }}"
nonposix: "{{ ipa_posix }}"
tags:
- groups
- name: "Prepare FAS if required"
shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}"
check_mode: false
changed_when: "1 != 1"
when: ipa_fas
- name: "Apply FAS"
command: "ipa group-mod --fasgroup {{ ipa_group }}"
check_mode: false
changed_when: "1 != 1"
when: ipa_fas

View File

@ -13,6 +13,7 @@
- name: "Checking for user variables"
assert:
that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory
- ipa_service | mandatory
success_msg: "Required variables provided"
@ -20,6 +21,7 @@
- name: "Creating Kerberos Service"
freeipa.ansible_freeipa.ipaservice:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_service }}"
skip_host_check: "{{ ipa_skip_host_check | default(false) }}"

View File

@ -13,6 +13,7 @@
- name: "Checking for user variables"
assert:
that:
- ipa_admin | mandatory
- ipaadmin_password | mandatory
- ipa_name | mandatory
- ipa_first | mandatory
@ -25,6 +26,7 @@
- name: "Creating User Account"
freeipa.ansible_freeipa.ipauser:
ipaadmin_principal: "{{ ipa_admin }}"
ipaadmin_password: "{{ ipaadmin_password }}"
name: "{{ ipa_name }}"
first: "{{ ipa_first }}"