Commit 7d8514e4 authored by julian.gethmann's avatar julian.gethmann

Add add_ipa_hosts.yml to add hosts to IPA

This role is not idempotent!
Add 'computer_name's to all host_vars/las*.las.kit.edu
Add and update OS infos in host_vars
Update host names for ipa_users
parent b744d21d
......@@ -90,3 +90,12 @@ Be aware that the development branches here are not save and the owner might for
* you can decrypt the file `ansible-vault decrypt --vault-id @prompt group_vars/all/vault.yml`, edit the file and encrypt it again `ansible-vault encrypt --ask-vault-pass group_vars/all/vault.yml`
The first one is of cause the preferred one, because there is no rist to add a unencrypted file to the repo.
## Bootstrap IPA hosts
* Get a Kerberos ticket (``kinit admin@LAS.KIT.EDU``)
* For the host with the hostname `lasXXX.las.kit.edu` run the following command
* Edit a file ``host_vars/lasXXX.las.kit.edu``
```
ansible -l lasXXX.las.kit.edu add_ipa_host.yml -k
```
and provide the root password for the new host.
---
- hosts: ipa
remote_user: root
vars:
# loc: 620
# computer_name: Idefix
ipa_host: "las{{ ip_suffix }}.las.kit.edu"
ipa_host_ip: "129.13.108.{{ ip_suffix }}"
ipa_domain: las.kit.edu
vars_prompt:
- name: "ipa_pass"
prompt: "What is the admin@LAS.KIT.EDU password?"
private: yes
# - name: uninstall host
# become: yes
# command: ipa-client --uninstall -U
roles:
- ipa_users
......@@ -5,3 +5,5 @@ remote_user: gethmann
ip_suffix: 101
loc: 612
os: Fedora 28
computer_name: Kneipix
os: Fedora 26
#!/usr/bin/python3
# -*- coding: utf-8 -*-
"""
:Authors: Julian Gethmann
:Contact: phd@gethmann.org
:Date: 2017-11-27
:Version: 0.1
For more info see get_ipa_users.py
Usage: activate_ipa_host.py $hostname
"""
from ipalib import api, cli
def bootstrap():
"""
Bootstrap the script.
I hope that all of this stuff is re-entrant.
Also, api is defined in __init__.py.
"""
api.bootstrap_with_global_options(context='cli')
api.finalize()
api.Backend.rpcclient.connect()
def main(host="las117.las.kit.edu"):
bootstrap()
result = api.Command.host_mod(host, random=True)
print(result["result"]["randompassword"])
if __name__ == "__main__":
import sys
if len(sys.argv) != 2:
print(__doc__)
sys.exit(0)
main(host=sys.argv[1])
# vim: tabstop=4 expandtab shiftwidth=4 softtabstop=4
---
- include_task: add_ipa_host.yml
---
- name: activate user
ipa_user:
ipa_host: "{{ ipaserver1 }}"
ipa_pass: "{{ ipa_admin_pass }}"
uid: "{{ item.name }}"
mail: "{{ item.email }}"
state: "{{ item.state }}"
displayname: "{{ item.name }}"
givenname: "{{ item.firstname }}"
# sn: "{{ item.name }}"
uidnumber: "{{ item.uid }}"
gidnumber: "{{ gid }}"
with_items:
- "{{ ipa_user }}"
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment