RedHatGov.idm

Panoramica Versioni Approfondimenti

idm

=========

This role is used to install and configure RHEL Identity Manager (IdM).

NOTE: This role will be replaced by the roles in the FreeIPA collection.

Requirements

  • A working RHEL 7 system to set up.
  • A Red Hat Network account with a RHEL subscription.

Role Variables

Here are the variables used in this role:

Variable Required Default Description
domain No hattrick.lab The domain for your environment.
dns_server_public No 1.1.1.1 The default DNS server to use.
idm_hostname Yes The short hostname for IdM.
idm_ssh_user No root The default user for SSH access to IdM.
idm_ssh_pwd No p@ssw0rd The default password for SSH access to IdM (you should change this).
idm_public_ip Yes The public IP address that can reach IdM.
idm_repos No see defaults/main.yml The list of repositories to enable for IdM.
idm_packages No see defaults/main.yml The list of packages to install for IdM.
idm_realm Yes The Identity Realm for IdM (e.g., HATTRICK.LAB).
idm_dm_pwd Yes Password for accessing the Identity Realm.
idm_admin_pwd Yes Password for the admin user in IdM.
idm_forward_ip Yes {{ dns_server_public }} IP of the upstream DNS server to use for forwarding. Use None for disconnected setups.
idm_reverse_zone Yes Reverse zone that will be created in IdM (e.g., "168.192.in-addr.arpa.").
idm_users Yes A list of users to create in IdM after configuration.
idm_dns_records Yes A list of DNS records to create in IdM after configuration.
idm_domain No {{ domain }} The domain for the IdM server.
idm_reverse_zones No see defaults/main.yml List of all reverse zones to create.
idm_forward_zones No see defaults/main.yml List of all forward zones to create.
idm_idstart No see defaults/main.yml Starting user and group ID number.
idm_idmax No see defaults/main.yml Maximum user and group ID number.
idm_mkhomedir No see defaults/main.yml
idm_setup_dns No see defaults/main.yml
idm_ssh_trust_dns No see defaults/main.yml Configure SSH client to trust DNS SSHFP records.
idm_hbac_allow No see defaults/main.yml Do not install the allow_all HBAC rule.
idm_setup_ntp No see defaults/main.yml Set to False to skip setting up NTP.
idm_configure_ssh No see defaults/main.yml Set to False to skip SSH client configuration.
idm_configure_sshd No see defaults/main.yml Set to False to skip SSH server configuration.
idm_ui_redirect No see defaults/main.yml Set to False to skip redirecting to UI.
idm_host_dns No see defaults/main.yml Do not use DNS for hostname lookup during installation.
idm_auto_reverse No see defaults/main.yml Create reverse zone if it does not exist.
idm_setup_kra No see defaults/main.yml Set to true to install the secret service.
idm_zone_overlap No see defaults/main.yml Create zone even if it already exists.
idm_zones No {{ idm_reverse_zones }},{{ idm_forward_zones }} Sets up all zones in the array.

Dependencies

  • RedHatGov.rhsm

Example Playbook

Here’s an example of how to use this role:

---
- hosts: idm
  tags: install
  vars:
    domain: "example.com"
    dns_server_public: 1.1.1.1
    idm_hostname: idm # Short hostname
    idm_ssh_user: root
    idm_ssh_pwd: redhat
    idm_public_ip: "192.168.0.4"
    idm_repos:
      - rhel-7-server-rpms
      - rhel-7-server-extras-rpms
      - rhel-7-server-optional-rpms
    idm_packages:
      - ipa-server
      - ipa-server-dns
    idm_realm: "{{ domain | upper }}"
    idm_dm_pwd: "Redhat1993"
    idm_admin_pwd: "Redhat1993"
    idm_forward_ip: "{{ dns_server_public }}"
    idm_reverse_zone: "168.192.in-addr.arpa."
    idm_users:
       - username: operator
         password: redhat1234
         display_name: "Operator"
         first_name: Oper
         last_name: Ator
         email: "[email protected]"
         phone: "+18887334281"
         title: "Systems Administrator"
    idm_dns_records:
       - hostname: router
         record_type: A
         ip_address: 192.168.0.1
         reverse_zone: "{{ idm_reverse_zone }}"
         reverse_record: 1.0
       - hostname: switch
         record_type: A
         ip_address: 192.168.0.2
         reverse_zone: "{{ idm_reverse_zone }}"
         reverse_record: 2.0
       - hostname: kvm
         record_type: A
         ip_address: 192.168.0.3
         reverse_zone: "{{ idm_reverse_zone }}"
         reverse_record: 3.0
  tasks:
    - name: Install IDM
      include_role:
        name: idm
      tags: [install, preinstall, installer, firewall, always, result]

    - name: Configure IDM
      include_role:
        name: idm
        tasks_from: post_config
      tags: [install, preinstall, installer, firewall, always, result]

License

GPLv3

Author Information

Written by Red Hat North American Public Sector Solution Architects

Informazioni sul progetto

Deploy RHEL Identity Manager (IdM)

role cloud idm kvm rhel
Installa
ansible-galaxy install RedHatGov.idm
GitHub repository
4 stelle
4 fork
1 problemi aperti
Licenza
gpl-3.0
Download
176
Proprietario
Red Hat Government
Code contributions from Red Hat's Public Sector practice