ipaserver

This is a straightforward role designed to set up a FreeIPA server, mainly tested on Fedora.

Requirements

• CentOS 8
• CentOS 7

Role Variables

Two key variables must be provided when using this role, and they don’t have default values:

1. ipaserver_admin_password
2. ipaserver_dir_admin_password

The role also includes these predefined variables, which are found in defaults/main.yml:

• ipaserver_base_command: ipa-server-install -U
• ipaserver_configure_ssh: True
• ipaserver_configure_sshd: True
• ipaserver_dns_forwarders:
  • 8.8.8.8
  • 8.8.4.4
• ipaserver_domain: example.com (Use all lowercase. This is the actual DNS domain.)
• ipaserver_hbac_allow: True
• ipaserver_idstart: 5000
• ipaserver_idmax: False
• ipaserver_mkhomedir: True
• ipaserver_packages:
  • ipa-server
  • bind
  • bind-dyndb-ldap
• ipaserver_realm: EXAMPLE.COM (Use all caps. It's best if it matches the domain, but it’s not required.)
• ipaserver_setup_dns: True
• ipaserver_setup_ntp: True
• ipaserver_ssh_trust_dns: True
• ipaserver_ui_redirect: True

Example Playbook

Here’s a sample playbook that uses this role while allowing some flexibility. Normally, you don't need to vary the password source this much.

- hosts: servers
  vars_files:
    - vars/private-idm.yml
  vars_prompt:
    - name: ipaserver_admin_password
      prompt: "What should the admin password be for IPA?"
      private: yes
      default: "{{ vault_ipaserver_admin_password }}"
    - name: ipaserver_dir_admin_password
      prompt: "What should the admin password be for the Directory Server?"
      private: yes
      default: "{{ vault_ipaserver_dir_admin_password }}"
  roles:
     - { role: gregswift.ipaserver }

License

GPLv2

Author Information

For more information, visit: GitHub - gregswift/ansible-freeipa