summaryrefslogtreecommitdiffstats
path: root/roles/ipa
diff options
context:
space:
mode:
authorPatrick Uiterwijk <puiterwijk@redhat.com>2016-11-28 10:54:55 +0000
committerPatrick Uiterwijk <puiterwijk@redhat.com>2016-11-28 10:54:55 +0000
commitbff96ef88ee6fd5fe0941ec3dd12dc397165efc3 (patch)
treea168138f070594472a82cbc8746ad30da4ac15da /roles/ipa
parent6691c6f07ffca6de3bfda8aec15a589dcc6629d6 (diff)
downloadansible-bff96ef88ee6fd5fe0941ec3dd12dc397165efc3.tar.gz
ansible-bff96ef88ee6fd5fe0941ec3dd12dc397165efc3.tar.xz
ansible-bff96ef88ee6fd5fe0941ec3dd12dc397165efc3.zip
Move IPA setup to ansible
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Diffstat (limited to 'roles/ipa')
-rw-r--r--roles/ipa/server/files/configure-ipa.sh9
-rw-r--r--roles/ipa/server/tasks/main.yml39
2 files changed, 39 insertions, 9 deletions
diff --git a/roles/ipa/server/files/configure-ipa.sh b/roles/ipa/server/files/configure-ipa.sh
index 6467c341c..33515910e 100644
--- a/roles/ipa/server/files/configure-ipa.sh
+++ b/roles/ipa/server/files/configure-ipa.sh
@@ -15,12 +15,3 @@ do
echo "Removing $line"
ipa selfservice-del "$line"
done
-
-# Create fas_sync user
-ipa user-add fas_sync --first=FAS --last=Sync
-
-# Allow sync user to create and edit users
-ipa group-add-member admins --users=fas_sync
-
-# Disable password expiration
-ipa pwpolicy-mod global_policy --maxlife=0 --minlife=0 --history=0 --minclasses=0 --minlength=0 --maxfail=0
diff --git a/roles/ipa/server/tasks/main.yml b/roles/ipa/server/tasks/main.yml
index 471d4fdaa..1487a194c 100644
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -136,6 +136,45 @@
- config
when: inventory_hostname.startswith("ipa01") and config_deployed.changed
+- name: Get admin ticket
+ shell: echo "{{ipa_admin_password}}" | kinit admin
+ tags:
+ - ipa/server
+ - keytab
+ - config
+ - krb5
+ when: inventory_hostname.startswith("ipa01")
+
+- name: Create fas_sync user
+ command: ipa user-add fas_sync --first=FAS --last=Sync
+ tags:
+ - ipa/server
+ - config
+ when: inventory_hostname.startswith("ipa01")
+
+- name: Promote fas_sync user
+ command: ipa group-add-member admins --users=fas_sync
+ tags:
+ - ipa/server
+ - config
+ when: inventory_hostname.startswith("ipa01")
+
+- name: Configure password policy
+ command: ipa pwpolicy-mod global_policy --maxlife=0 --minlife=0 --history=0 --minclasses=0 --minlength=0 --maxfail=0
+ tags:
+ - ipa/server
+ - config
+ when: inventory_hostname.startswith("ipa01")
+
+- name: Destroy admin ticket
+ command: kdestroy -A
+ tags:
+ - ipa/server
+ - keytab
+ - config
+ - krb5
+ when: inventory_hostname.startswith("ipa01")
+
- name: Create LDIF directory
file: path=/root/ldif state=directory user=root group=root mode=0750
tags:
generated by cgit (git 2.34.1) at 2026-01-06 11:57:06 +0000