diff --git a/ansible/inventories/production/group_vars/ipaclients/main.yml b/ansible/inventories/production/group_vars/ipaclients/main.yml index 0c6edac..abd0ae9 100644 --- a/ansible/inventories/production/group_vars/ipaclients/main.yml +++ b/ansible/inventories/production/group_vars/ipaclients/main.yml @@ -5,3 +5,5 @@ ipaclient_realm: ROCKYLINUX.ORG ipaadmin_principal: admin ipaclient_no_ntp: true ipaclient_mkhomedir: true +ipaclient_ssh_trust_dns: true +ipasssd_enable_dns_updates: true diff --git a/ansible/playbooks/role-rocky-ipa-client.yml b/ansible/playbooks/role-rocky-ipa-client.yml index 19feebb..7b44dd9 100644 --- a/ansible/playbooks/role-rocky-ipa-client.yml +++ b/ansible/playbooks/role-rocky-ipa-client.yml @@ -1,8 +1,8 @@ --- # Configures an IPA client for the Rocky infrastructure - +# Define "host" as a hostgroup name or a single host - name: Configure IPA client - hosts: ipaclients + hosts: "{{ host }}" become: true vars_files: - vars/vaults/encpass.yml @@ -21,9 +21,6 @@ success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" -# - name: Check if we can see LDAP srv records - - roles: - role: freeipa.ansible_freeipa.ipaclient state: present diff --git a/ansible/playbooks/role-rocky-ipa-replica.yml b/ansible/playbooks/role-rocky-ipa-replica.yml index d600c90..3aebeff 100644 --- a/ansible/playbooks/role-rocky-ipa-replica.yml +++ b/ansible/playbooks/role-rocky-ipa-replica.yml @@ -1,11 +1,12 @@ --- # Creates an IPA replica - +# Define "host" as a hostgroup name or a single host - name: Configure IPA server - hosts: ipareplicas + hosts: "{{ host }}" become: true vars_files: - vars/vaults/encpass.yml + - vars/ipa/ipareplica.yml # This is to try to avoid the handler issue in pre/post tasks handlers: diff --git a/ansible/playbooks/role-rocky-ipa.yml b/ansible/playbooks/role-rocky-ipa.yml index 43feecb..f361b8a 100644 --- a/ansible/playbooks/role-rocky-ipa.yml +++ b/ansible/playbooks/role-rocky-ipa.yml @@ -5,11 +5,13 @@ # Memory: 4GB # Storage: 10G /var/lib/dirsrv # System fully up to date +# Define "host" as a hostgroup name or a single host - name: Configure IPA server - hosts: ipaserver + hosts: "{{ host }}" become: true vars_files: - vars/vaults/encpass.yml + - vars/ipa/ipaserver.yml # This is to try to avoid the handler issue in pre/post tasks handlers: diff --git a/ansible/playbooks/vars/ipa/ipaclient.yml b/ansible/playbooks/vars/ipa/ipaclient.yml index 27ff67a..5dc1f47 100644 --- a/ansible/playbooks/vars/ipa/ipaclient.yml +++ b/ansible/playbooks/vars/ipa/ipaclient.yml @@ -1,8 +1,10 @@ --- - +# IPA Client Vars ipaclient_domain: rockylinux.org ipaclient_realm: ROCKYLINUX.ORG ipaadmin_principal: admin ipaclient_no_ntp: true ipaclient_mkhomedir: true +ipaclient_ssh_trust_dns: true +ipasssd_enable_dns_updates: true ipatype: client diff --git a/ansible/playbooks/vars/ipa/ipareplica.yml b/ansible/playbooks/vars/ipa/ipareplica.yml new file mode 100644 index 0000000..feb8faf --- /dev/null +++ b/ansible/playbooks/vars/ipa/ipareplica.yml @@ -0,0 +1,13 @@ +--- +# IPA Replica +ipaadmin_principal: admin +ipaclient_no_ntp: true +ipaclient_mkhomedir: true +ipaserver_realm: ROCKYLINUX.ORG +ipareplica_domain: rockylinux.org +ipareplica_auto_forwarders: true +ipareplica_setup_firewalld: true +ipareplica_setup_ca: true +ipareplica_setup_kra: true +ipareplica_setup_dns: true +ipatype: replica diff --git a/ansible/playbooks/vars/ipa/ipaserver.yml b/ansible/playbooks/vars/ipa/ipaserver.yml index b6854f0..44adc67 100644 --- a/ansible/playbooks/vars/ipa/ipaserver.yml +++ b/ansible/playbooks/vars/ipa/ipaserver.yml @@ -1,2 +1,15 @@ --- +# IPA Server +ipaserver_domain: rockylinux.org +ipaserver_realm: ROCKYLINUX.ORG +ipaserver_setup_dns: true +ipaserver_setup_kra: true +ipaserver_auto_forwarders: true +ipaserver_no_host_dns: true +ipaserver_allow_zone_overlap: true +ipaserver_setup_firewalld: true +ipaclient_no_ntp: true +ipaclient_mkhomedir: true +ipaserver_no_hbac_allow: true +ipaserver_reverse_zones: ["32.10.in-addr.arpa."] ipatype: server