Commit b744d21d authored by julian.gethmann's avatar julian.gethmann

Add user handling role for IPA

* Add all users exported from IPA
parent 092bf0d0
...@@ -39,10 +39,6 @@ desktop_software: ...@@ -39,10 +39,6 @@ desktop_software:
- perl-Clipboard - perl-Clipboard
- perl-Capture-Tiny - perl-Capture-Tiny
ipaserver: las126.las.kit.edu
ipaserver2: las100.las.kit.edu
ipaserver3: las101.las.kit.edu
# this should be the IP or in the sshd_config the "UseDNS" must be set to yes # this should be the IP or in the sshd_config the "UseDNS" must be set to yes
ansible_server: 129.13.108.126 ansible_server: 129.13.108.126
...@@ -54,3 +50,11 @@ userinstall_vars: "{{ vault_userinstall_vars }}" ...@@ -54,3 +50,11 @@ userinstall_vars: "{{ vault_userinstall_vars }}"
admin_mail: "{{ vault_admin_mail }}" admin_mail: "{{ vault_admin_mail }}"
rootkey: "{{ vault_rootkey }}" rootkey: "{{ vault_rootkey }}"
# IPA
gid: "{{ vault_gid }}"
ipaserver1: "{{ vault_ipaserver1 }}"
ipaserver2: "{{ vault_ipaserver2 }}"
ipaserver3: "{{ vault_ipaserver3 }}"
ipa_users: "{{ vault_ipa_users }}"
This diff is collapsed.
...@@ -138,7 +138,7 @@ las-gethmann.las.kit.edu ...@@ -138,7 +138,7 @@ las-gethmann.las.kit.edu
las115.las.kit.edu las115.las.kit.edu
[local] [local]
# 127.0.0.1 ansible_connection=local 127.0.0.1 ansible_connection=local
[admin_pcs] [admin_pcs]
las101.las.kit.edu las101.las.kit.edu
......
---
- hosts: ipa
vars:
vars_prompt:
- name: "ipa_admin_pass"
prompt: "What is IPA's admin password?"
private: yes
roles:
- ipa_users
---
- name: install host
become: yes
dnf:
name: "{{ item }}"
state: installed
with_items:
- "freeipa-client"
- "sssd"
- name: add ipa hosts to etc
become: yes
lineinfile:
line: "{{ ipa_host_ip }} {{ ipa_host }}"
path: /etc/hosts
state: present
backup: yes
insertbefore: BOF
# TODO
# - name: copy server cert
# copy:
# src: las100.pem
# dest: /etc/pki/ca-trust/source/anchors/las100.pem
# notify: update certdb
- name: set hostname
become: yes
hostname:
name: "las{{ ip_suffix }}.las.kit.edu"
- name: add host
become: yes
ipa_host:
name: "{{ ansible_fqdn }}"
force: yes
description: "{{ computer_name }}"
ip_address: "{{ ansible_default_ipv4.address }}"
ns_host_location: "{{ loc }}"
ns_os_version: "{{ ansible_distribution }} {{ ansible_distribution_version }}"
ns_hardware_platform: "{{ ansible_bios_date }}"
# mac_address:
state: present
ipa_host: "{{ ipaserver1 }}"
ipa_user: admin
ipa_pass: "{{ ipa_pass }}"
random_password: True
# CHANGE THIS when implemented copy of cert!!!!
validate_certs: no
register: host_installed
- name: get random password
script: "./activate_ipa_host.py {{ansible_fqdn }}"
delegate_to: 127.0.0.1
register: random_pass
- name: activate host
become: yes
command: "ipa-client-install --hostname={{ ansible_fqdn }} --domain={{ ipa_domain }} --server={{ ipaserver1 }} --server={{ ipaserver2 }} --server={{ ipaserver3 }} --fixed-primary --mkhomedir -N --no-sshd --no-ssh -U --password={{ random_pass.stdout }}"
when: random_pass.changed
---
- name: activate user
ipa_user:
ipa_host: "{{ ipaserver1 }}"
ipa_pass: "{{ ipa_admin_pass }}"
uid: "{{ item.name }}"
mail: "{{ item.email }}"
state: "{{ item.state }}"
displayname: "{{ item.name }}"
givenname: "{{ item.firstname }}"
# sn: "{{ item.name }}"
uidnumber: "{{ item.uid }}"
gidnumber: "{{ gid }}"
with_items:
- "{{ ipa_user }}"
[localhost]
127.0.0.1 ansible_connection=local
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment