mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-11 00:11:25 +00:00
ec056805ff
moved inv vars to group vars moved roles to collections and fixed playbooks added a prepare ansible host playbook to download needed roles and playbooks modified public roles and collection paths to install inside our dir structure to keep them from global installation
62 lines
1.5 KiB
YAML
62 lines
1.5 KiB
YAML
---
|
|
# Creates the first server for an IPA infrastructure
|
|
# Recommended specs for the IPA systems, that scale based on number of objects:
|
|
# CPU: 2 cores
|
|
# Memory: 4GB
|
|
# Storage: 10G /var/lib/dirsrv
|
|
# System fully up to date
|
|
- name: Configure IPA server
|
|
hosts: ipaserver
|
|
become: true
|
|
vars_files:
|
|
- vars/encpass.yml
|
|
|
|
# This is to try to avoid the handler issue in pre/post tasks
|
|
handlers:
|
|
- include: handlers/main.yml
|
|
|
|
pre_tasks:
|
|
- name: Check if ansible cannot be run here
|
|
stat:
|
|
path: /etc/no-ansible
|
|
register: no_ansible
|
|
|
|
- name: Verify if we can run ansible
|
|
assert:
|
|
that:
|
|
- "not no_ansible.stat.exists"
|
|
msg: "/etc/no-ansible exists - skipping run on this node"
|
|
|
|
- name: Ensure 'dns=none' is set for Network Manager to avoid change
|
|
ini_file:
|
|
path: /etc/NetworkManager/NetworkManager.conf
|
|
state: present
|
|
no_extra_spaces: true
|
|
section: main
|
|
option: dns
|
|
value: none
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: true
|
|
notify:
|
|
- reload_networkmanager
|
|
|
|
roles:
|
|
- role: freeipa.ansible_freeipa.ipaserver
|
|
state: present
|
|
|
|
post_tasks:
|
|
- name: Touching run file that ansible has ran here
|
|
file:
|
|
path: /var/log/ansible.run
|
|
state: touch
|
|
mode: '0644'
|
|
owner: root
|
|
group: root
|
|
|
|
- name: "Turn on reverse zone syncing"
|
|
freeipa.ansible_freeipa.ipadnsconfig:
|
|
ipaadmin_password: '{{ ipaadmin_password }}'
|
|
allow_sync_ptr: true
|