diff --git a/ansible/playbooks/adhoc-ipadns.yml b/ansible/playbooks/adhoc-ipadns.yml index ce56a73..5fd76fd 100644 --- a/ansible/playbooks/adhoc-ipadns.yml +++ b/ansible/playbooks/adhoc-ipadns.yml @@ -14,6 +14,7 @@ - name: "Checking for user variables" assert: that: + - ipa_admin | mandatory - ipaadmin_password | mandatory - ipa_zone | mandatory success_msg: "Required variables provided" @@ -21,6 +22,7 @@ - name: "Creating DNS Zone" freeipa.ansible_freeipa.ipadnszone: + ipaadmin_principal: "{{ ipa_admin }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_zone }}" tags: diff --git a/ansible/playbooks/adhoc-ipagroups.yml b/ansible/playbooks/adhoc-ipagroup.yml similarity index 61% rename from ansible/playbooks/adhoc-ipagroups.yml rename to ansible/playbooks/adhoc-ipagroup.yml index dbb751a..320118f 100644 --- a/ansible/playbooks/adhoc-ipagroups.yml +++ b/ansible/playbooks/adhoc-ipagroup.yml @@ -1,6 +1,9 @@ --- # This playbook is meant to be used with callable variables, like adhoc or AWX. # What: Creates groups in the idm infrastructure based on the variables provided +# You MUST provide an ipa_admin user to run this. +# If group is going to be a fas group (exposed in noggin), ensure ipa_fas is +# set to true. - name: Create our initial users hosts: ipaserver @@ -13,6 +16,7 @@ - name: "Checking for user variables" assert: that: + - ipa_admin | mandatory - ipaadmin_password | mandatory - ipa_group | mandatory - ipa_description | mandatory @@ -22,9 +26,22 @@ - name: "Creating Mandatory Groups" freeipa.ansible_freeipa.ipagroup: + ipaadmin_principal: "{{ ipa_admin }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_group }}" description: "{{ ipa_description }}" nonposix: "{{ ipa_posix }}" tags: - groups + + - name: "Prepare FAS if required" + shell: "set -o pipefail && echo \"{{ ipaadmin_password }}\" | kinit {{ ipa_admin }}" + check_mode: false + changed_when: "1 != 1" + when: ipa_fas + + - name: "Apply FAS" + command: "ipa group-mod --fasgroup {{ ipa_group }}" + check_mode: false + changed_when: "1 != 1" + when: ipa_fas diff --git a/ansible/playbooks/adhoc-ipaservice.yml b/ansible/playbooks/adhoc-ipaservice.yml index ec3c7fc..b93527f 100644 --- a/ansible/playbooks/adhoc-ipaservice.yml +++ b/ansible/playbooks/adhoc-ipaservice.yml @@ -13,6 +13,7 @@ - name: "Checking for user variables" assert: that: + - ipa_admin | mandatory - ipaadmin_password | mandatory - ipa_service | mandatory success_msg: "Required variables provided" @@ -20,6 +21,7 @@ - name: "Creating Kerberos Service" freeipa.ansible_freeipa.ipaservice: + ipaadmin_principal: "{{ ipa_admin }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_service }}" skip_host_check: "{{ ipa_skip_host_check | default(false) }}" diff --git a/ansible/playbooks/adhoc-ipausers.yml b/ansible/playbooks/adhoc-ipauser.yml similarity index 93% rename from ansible/playbooks/adhoc-ipausers.yml rename to ansible/playbooks/adhoc-ipauser.yml index 4599d90..8c51c4e 100644 --- a/ansible/playbooks/adhoc-ipausers.yml +++ b/ansible/playbooks/adhoc-ipauser.yml @@ -13,6 +13,7 @@ - name: "Checking for user variables" assert: that: + - ipa_admin | mandatory - ipaadmin_password | mandatory - ipa_name | mandatory - ipa_first | mandatory @@ -25,6 +26,7 @@ - name: "Creating User Account" freeipa.ansible_freeipa.ipauser: + ipaadmin_principal: "{{ ipa_admin }}" ipaadmin_password: "{{ ipaadmin_password }}" name: "{{ ipa_name }}" first: "{{ ipa_first }}"