x/tripleo-ipa
Code Issues Proposed changes
tripleo-ipa/tripleo_ipa/molecule/default/prepare.yml
Grzegorz Grasza e404fe19a8 Update to new quay.io images 
This updates the freeipa-server image to fedora-36 and
molecule images to stream9.

Change-Id: I026207760d917524cee69dddd41448f3bc0245d2
2022-08-03 09:51:26 +02:00

110 lines
3.4 KiB
YAML
Raw Blame History

---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
- hosts: localhost
connection: local
tasks:
- name: set facts for domains
set_fact:
domain: example.test
ipa_password: password123
- name: Download FreeIPA Container
containers.podman.podman_image:
name: quay.io/freeipa/freeipa-server:fedora-36
pull: true
become: true
- name: Make IPA data dir
ansible.builtin.file:
path: /tmp/ipa-data
state: directory
- name: Toggle SELinux boolean
ansible.posix.seboolean:
name: container_manage_cgroup
state: true
persistent: true
become: true
- name: Remove any old IPA container
containers.podman.podman_container:
name: freeipa-server-container
state: absent
become: true
- name: Get configuration from NetworkManager
command: nmcli device show
register: nmcli_device_show
- name: Configure FreeIPA
shell: >
sudo podman run -d --name freeipa-server-container
--sysctl net.ipv6.conf.lo.disable_ipv6=0
--security-opt seccomp=unconfined
--ip 10.88.0.22
-e IPA_SERVER_IP={{ ansible_default_ipv4.address | default('127.0.0.1') }}
-e PASSWORD={{ ipa_password }}
-h ipa.{{ domain }}
--read-only --tmpfs /run --tmpfs /tmp
-v /sys/fs/cgroup:/sys/fs/cgroup:ro
-v /tmp/ipa-data:/data:Z freeipa/freeipa-server:fedora-36 no-exit
-U -r {{ domain | upper }} --setup-dns --no-reverse --no-ntp
--no-dnssec-validation
--forwarder={{ nameservers[0] | default('8.8.8.8') }}
vars:
nameservers: "{{ nmcli_device_show.stdout | regex_findall('\\s*IP4.DNS\\[.\\]:\\s*(.*)') }}"
- block:
- name: Wait for FreeIPA server install
wait_for:
path: "/tmp/ipa-data/var/log/ipaserver-install.log"
search_regex: "(INFO The ipa-server-install command was successful|ERROR The ipa-server-install command failed)"
timeout: 900
become: true
rescue:
- name: Get the last lines from IPA install
command: tail -50 /tmp/ipa-data/var/log/ipaserver-install.log
become: true
register: file_log
- name: Print info
debug:
msg: "{{ file_log.stdout }}"
- name: Fail task if timeout reached
fail:
msg: "Timeout of IPA server installation has been reached"
- name: Wait for FreeIPA LDAP port to open
wait_for:
host=10.88.0.22
port=389
delay=1
timeout=300
ignore_errors: true
- name: Check the status of ipactl to make sure all services are started
command: "sudo podman exec freeipa-server-container ipactl status"
retries: 10
delay: 3
register: result
until: result.rc == 0
- name: Print ipactl status
debug:
msg: "{{ result.stdout }}"
View Git Blame Copy Permalink