ipa getcert adhoc

2024-12-22 02:58:28 +00:00 · 2021-01-17 13:04:57 -07:00 · 2021-01-17 13:04:57 -07:00 · a784cdd6cc
commit a784cdd6cc
parent 3d7ac6090c
3 changed files with 42 additions and 0 deletions
--- a/ansible/playbooks/adhoc-ipagetcert.yml
+++ b/ansible/playbooks/adhoc-ipagetcert.yml
@ -0,0 +1,30 @@
+---
+# This playbook is meant to be used with callable variables, like adhoc or AWX.
+# What: Requests and signs a certificate from an IPA CA
+# What is expected:
+#  -> getcert_name: Name of the certificate (FQDN)
+#  -> getcert_owner: what account owns the certificate files
+#  -> getcert_key: path to the certificate key
+#  -> getcert_cert: path to the certificate
+#  -> getcert_postcmd: command to run after a certificate renews
+#  -> getcert_chain: true/false, should cert and key be chained together
+#  -> getcert_chain_location: location for the chain
+# TODO: Add CNAME/SAN support
+
+- name: Request and sign an IPA Certificate
+  hosts: "{{ host }}"
+  become: true
+  gather_facts: false
+  vars:
+    ipa_getcert_requested_hostnames:
+      - name: "{{ getcert_name|default(ansible_fqdn) }}"
+        owner: "{{ getcert_owner|default(omit} }}"
+        key_location: "{{ getcert_key|default(omit) }}"
+        cert_location: "{{ getcert_cert|defailt(omit) }}"
+        postcmd: "{{ getcert_postcmd|default(omit) }}"
+    ipa_getcert_chain: "{{ getcert_chain|default(omit) }}"
+    ipa_getcert_chain_location: "{{ getcert_chain_location|default(omit) }}"
+
+  roles:
+    - role: rockylinux.ipagetcert
+      state: present
--- a/ansible/playbooks/role-rocky-ipa-client.yml
+++ b/ansible/playbooks/role-rocky-ipa-client.yml
@ -21,6 +21,12 @@
        success_msg: "We are able to run on this node"
        fail_msg: "/etc/no-ansible exists - skipping run on this node"

+    - name: Apply hostname based on inventory name
+      hostname:
+        name: "{{ inventory_hostname }}"
+        use: systemd
+      when: ansible_fqdn != inventory_hostname
+
  roles:
    - role: freeipa.ansible_freeipa.ipaclient
      state: present
--- a/ansible/playbooks/role-rocky-ipsilon.yml
+++ b/ansible/playbooks/role-rocky-ipsilon.yml
@ -62,6 +62,12 @@
      state: present

  post_tasks:
+    - name: Start and enable httpd
+      service:
+        name: httpd
+        state: running
+        enabled: true
+
    - name: Touching run file that ansible has ran here
      file:
        path: /var/log/ansible.run