diff options
| author | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-10-13 14:31:15 +0000 |
|---|---|---|
| committer | Patrick Uiterwijk <puiterwijk@redhat.com> | 2016-10-13 14:31:15 +0000 |
| commit | 8f77ba7c00e5b3f461a3a304fecb6c0a07e32857 (patch) | |
| tree | 962053b2614002a4f878449cd947ed297f56f6a4 /roles/ipa | |
| parent | 39c59360d86ac2814d6fd53bcd0bcbe78fc69629 (diff) | |
| download | ansible-8f77ba7c00e5b3f461a3a304fecb6c0a07e32857.tar.gz ansible-8f77ba7c00e5b3f461a3a304fecb6c0a07e32857.tar.xz ansible-8f77ba7c00e5b3f461a3a304fecb6c0a07e32857.zip | |
Add configuration script for IPA
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'roles/ipa')
| -rw-r--r-- | roles/ipa/files/configure-ipa.sh | 30 | ||||
| -rw-r--r-- | roles/ipa/tasks/main.yml | 23 |
2 files changed, 43 insertions, 10 deletions
diff --git a/roles/ipa/files/configure-ipa.sh b/roles/ipa/files/configure-ipa.sh new file mode 100644 index 000000000..44880213e --- /dev/null +++ b/roles/ipa/files/configure-ipa.sh @@ -0,0 +1,30 @@ +#!/bin/bash +ADMIN_PASSWORD="$1" +DM_PASSWORD="$2" + +function cleanup { + kdestroy -A +} +trap cleanup EXIT + +echo $ADMIN_PASSWORD | kinit admin + +# Disallow all users to change their own settings +ipa selfservice-find | grep "Self-service name:" | sed -e "s/ Self-service name: //" | \ +while read line +do + echo "Removing $line" + ipa selfservice-del "$line" +done + +# Create fas_sync user +ipa user-add fas_sync --first=FAS --last=Sync + +# Allow sync user to update passwords +ldapmodify -x -D "cn=Directory Manager" -w "$DM_PASSWORD" -h localhost -p 389 <<EOF +dn: cn=ipa_pwd_extop,cn=plugins,cn=config +changetype: modify +add: passSyncManagersDNs +passSyncManagersDNs: uid=fas_sync,cn=users,cn=accounts,dc=fedoraproject,dc=org +EOF +exit 0 diff --git a/roles/ipa/tasks/main.yml b/roles/ipa/tasks/main.yml index 659b8b9db..4e616f531 100644 --- a/roles/ipa/tasks/main.yml +++ b/roles/ipa/tasks/main.yml @@ -119,14 +119,17 @@ - config when: not inventory_hostname.startswith("ipa01") and not replication_status.stat.exists -# -# switch this to use the systemd module as soon as ansible 2.2 is out. -# +- name: Deploy configuration script + copy: src=configure-ipa.sh dest=/root/configure-ipa.sh mode=0700 owner=root group=root + register: config_deployed + tags: + - ipa + - config + when: inventory_hostname.startswith("ipa01") -#- name: mask kadmin -# file: src=/dev/null -# dest=/etc/systemd/system/kadmin.service -# owner=root group=root state=link -# tags: -# - ipa -# - config +- name: Run configuration script + command: /bin/bash /root/configure-ipa.sh {{ipa_dm_password}} {{ipa_admin_password}} + tags: + - ipa + - config + when: inventory.hostname.startswith("ipa01") and config_deployed.changed |