diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-11-28 10:54:55 +0000 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-11-28 10:54:55 +0000 |
| commit | bff96ef88ee6fd5fe0941ec3dd12dc397165efc3 (patch) | |
| tree | a168138f070594472a82cbc8746ad30da4ac15da /roles/ipa/server | |
| parent | 6691c6f07ffca6de3bfda8aec15a589dcc6629d6 (diff) | |
| download | ansible-bff96ef88ee6fd5fe0941ec3dd12dc397165efc3.tar.gz ansible-bff96ef88ee6fd5fe0941ec3dd12dc397165efc3.tar.xz ansible-bff96ef88ee6fd5fe0941ec3dd12dc397165efc3.zip | |
Move IPA setup to ansible
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'roles/ipa/server')
| -rw-r--r-- | roles/ipa/server/files/configure-ipa.sh | 9 | ||||
| -rw-r--r-- | roles/ipa/server/tasks/main.yml | 39 |
2 files changed, 39 insertions, 9 deletions
diff --git a/roles/ipa/server/files/configure-ipa.sh b/roles/ipa/server/files/configure-ipa.sh index 6467c341c..33515910e 100644 --- a/roles/ipa/server/files/configure-ipa.sh +++ b/roles/ipa/server/files/configure-ipa.sh @@ -15,12 +15,3 @@ do echo "Removing $line" ipa selfservice-del "$line" done - -# Create fas_sync user -ipa user-add fas_sync --first=FAS --last=Sync - -# Allow sync user to create and edit users -ipa group-add-member admins --users=fas_sync - -# Disable password expiration -ipa pwpolicy-mod global_policy --maxlife=0 --minlife=0 --history=0 --minclasses=0 --minlength=0 --maxfail=0 diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml index 471d4fdaa..1487a194c 100644 --- a/roles/ipa/server/tasks/main.yml +++ b/roles/ipa/server/tasks/main.yml @@ -136,6 +136,45 @@ - config when: inventory_hostname.startswith("ipa01") and config_deployed.changed +- name: Get admin ticket + shell: echo "{{ipa_admin_password}}" | kinit admin + tags: + - ipa/server + - keytab + - config + - krb5 + when: inventory_hostname.startswith("ipa01") + +- name: Create fas_sync user + command: ipa user-add fas_sync --first=FAS --last=Sync + tags: + - ipa/server + - config + when: inventory_hostname.startswith("ipa01") + +- name: Promote fas_sync user + command: ipa group-add-member admins --users=fas_sync + tags: + - ipa/server + - config + when: inventory_hostname.startswith("ipa01") + +- name: Configure password policy + command: ipa pwpolicy-mod global_policy --maxlife=0 --minlife=0 --history=0 --minclasses=0 --minlength=0 --maxfail=0 + tags: + - ipa/server + - config + when: inventory_hostname.startswith("ipa01") + +- name: Destroy admin ticket + command: kdestroy -A + tags: + - ipa/server + - keytab + - config + - krb5 + when: inventory_hostname.startswith("ipa01") + - name: Create LDIF directory file: path=/root/ldif state=directory user=root group=root mode=0750 tags: |