Merge pull request #14965 from rocky-linux/develop

prepping for AWX future
This commit is contained in:
Louis Abel 2021-01-09 22:12:25 -07:00 committed by GitHub
commit 912b07f761
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 39 additions and 9 deletions

View File

@ -5,3 +5,5 @@ ipaclient_realm: ROCKYLINUX.ORG
ipaadmin_principal: admin ipaadmin_principal: admin
ipaclient_no_ntp: true ipaclient_no_ntp: true
ipaclient_mkhomedir: true ipaclient_mkhomedir: true
ipaclient_ssh_trust_dns: true
ipasssd_enable_dns_updates: true

View File

@ -1,8 +1,8 @@
--- ---
# Configures an IPA client for the Rocky infrastructure # Configures an IPA client for the Rocky infrastructure
# Define "host" as a hostgroup name or a single host
- name: Configure IPA client - name: Configure IPA client
hosts: ipaclients hosts: "{{ host }}"
become: true become: true
vars_files: vars_files:
- vars/vaults/encpass.yml - vars/vaults/encpass.yml
@ -21,9 +21,6 @@
success_msg: "We are able to run on this node" success_msg: "We are able to run on this node"
fail_msg: "/etc/no-ansible exists - skipping run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node"
# - name: Check if we can see LDAP srv records
roles: roles:
- role: freeipa.ansible_freeipa.ipaclient - role: freeipa.ansible_freeipa.ipaclient
state: present state: present

View File

@ -1,11 +1,12 @@
--- ---
# Creates an IPA replica # Creates an IPA replica
# Define "host" as a hostgroup name or a single host
- name: Configure IPA server - name: Configure IPA server
hosts: ipareplicas hosts: "{{ host }}"
become: true become: true
vars_files: vars_files:
- vars/vaults/encpass.yml - vars/vaults/encpass.yml
- vars/ipa/ipareplica.yml
# This is to try to avoid the handler issue in pre/post tasks # This is to try to avoid the handler issue in pre/post tasks
handlers: handlers:

View File

@ -5,11 +5,13 @@
# Memory: 4GB # Memory: 4GB
# Storage: 10G /var/lib/dirsrv # Storage: 10G /var/lib/dirsrv
# System fully up to date # System fully up to date
# Define "host" as a hostgroup name or a single host
- name: Configure IPA server - name: Configure IPA server
hosts: ipaserver hosts: "{{ host }}"
become: true become: true
vars_files: vars_files:
- vars/vaults/encpass.yml - vars/vaults/encpass.yml
- vars/ipa/ipaserver.yml
# This is to try to avoid the handler issue in pre/post tasks # This is to try to avoid the handler issue in pre/post tasks
handlers: handlers:

View File

@ -1,8 +1,10 @@
--- ---
# IPA Client Vars
ipaclient_domain: rockylinux.org ipaclient_domain: rockylinux.org
ipaclient_realm: ROCKYLINUX.ORG ipaclient_realm: ROCKYLINUX.ORG
ipaadmin_principal: admin ipaadmin_principal: admin
ipaclient_no_ntp: true ipaclient_no_ntp: true
ipaclient_mkhomedir: true ipaclient_mkhomedir: true
ipaclient_ssh_trust_dns: true
ipasssd_enable_dns_updates: true
ipatype: client ipatype: client

View File

@ -0,0 +1,13 @@
---
# IPA Replica
ipaadmin_principal: admin
ipaclient_no_ntp: true
ipaclient_mkhomedir: true
ipaserver_realm: ROCKYLINUX.ORG
ipareplica_domain: rockylinux.org
ipareplica_auto_forwarders: true
ipareplica_setup_firewalld: true
ipareplica_setup_ca: true
ipareplica_setup_kra: true
ipareplica_setup_dns: true
ipatype: replica

View File

@ -1,2 +1,15 @@
--- ---
# IPA Server
ipaserver_domain: rockylinux.org
ipaserver_realm: ROCKYLINUX.ORG
ipaserver_setup_dns: true
ipaserver_setup_kra: true
ipaserver_auto_forwarders: true
ipaserver_no_host_dns: true
ipaserver_allow_zone_overlap: true
ipaserver_setup_firewalld: true
ipaclient_no_ntp: true
ipaclient_mkhomedir: true
ipaserver_no_hbac_allow: true
ipaserver_reverse_zones: ["32.10.in-addr.arpa."]
ipatype: server ipatype: server