x/tripleo-ipa
Code Issues Proposed changes
tripleo-ipa/tripleo_ipa/playbooks/ipa-server-create-role.yaml
afariasa fa63e4f3d9 Replacing community.general ipa modules with ansible-freeipa 
The community.general ipa modules used in tripleo-ipa don't work
under FIPS deployment. This patch is fixing that by replacing it
with the ansible-freeipa ipa modules.

Co-Author: Ade Lee <alee@redhat.com>
Co-Author: Grzegorz Grasza <xek@redhat.com>
Change-Id: Ibfd1b34fdf3d533579512f531ac8619b356f9ba0
2022-08-01 11:04:01 +02:00

53 lines
2.1 KiB
YAML
Raw Blame History

---
# Copyright 2020 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# This playbook adds a role with the correct privileges needed by tripleo-ipa
# and TLS-e to add hosts and services to the IPA server. The operations in
# this playbook likely need admin privileges and should be executed on an
# IPA client. This playbook only needs to be run once per IPA server as
# multiple tripleo deployments can utilize the same role.
- name: Playbook to setup an IPA role with correct privileges for TLS-e
connection: "{{ (tripleo_ipa_host is defined) | ternary('ssh', 'local') }}"
hosts: "{{ tripleo_ipa_host | default('localhost') }}"
tasks:
- name: ensure definitions
fail:
msg: >-
{{ item }} is undefined
when: not item.ansible_var and not item.env_var
with_items:
- name: ipa_principal
ansible_var: "{{ ipa_principal | default('') }}"
env_var: "{{ lookup('env', 'IPA_PRINCIPAL') }}"
- name: ipa_password
ansible_var: "{{ ipa_password | default('') }}"
env_var: "{{ lookup('env', 'IPA_PASSWORD') }}"
- name: set IPA server facts
set_fact:
ipa_principal: "{{ tripleo_ipa_principal | default(lookup('env', 'IPA_PRINCIPAL')) }}"
ipa_password: "{{ tripleo_ipa_password | default(lookup('env', 'IPA_PASSWORD')) }}"
- name: set perms, privs, roles
include_role:
name: triple_ipa_setup
tasks_from: setup
apply:
environment:
IPA_USER: "{ ipa_principal }"
IPA_PASS: "{ ipa_password }"
View Git Blame Copy Permalink