ipaserver

This is a flexible setup for creating a FreeIPA server, either as a main server or a backup. It works best on CentOS 7 and CentOS 8.

Requirements

It should run on any version of Red Hat 7.4 or newer.

Role Variables

There are 2 key variables you must provide; they don’t have default values:

• ipaserver_admin_password: The administrator password for the IPA server.
• ipaserver_dir_admin_password: The administrator password for the Directory Server.

The following variables are set automatically and can be found in defaults/main.yml:

• ipaserver_dns_forwarder: 8.8.8.8
• ipaserver_domain: example.com (Make sure it's all lowercase. This is your actual DNS domain.)
• ipaserver_realm: EXAMPLE.COM (Use all uppercase. It's better if it matches your domain, but it's not a must.)
• ipaserver_setup_dns: True (This sets up DNS.)
• ipaserver_setup_ntp: True (This sets up NTP.)
• ipaserver_primary: 1 (Use 1 for the main server. Use any other number for a backup server.)

Example Playbook

Here's a sample playbook that uses this role and allows for some flexibility, especially with password input.

- hosts: servers
  vars_files:
    - vars/private-idm.yml
  vars_prompt:
    - name: ipaserver_admin_password
      prompt: "What should the admin password be for IPA?"
      private: yes
      default: "{{ vault_ipaserver_admin_password }}"
    - name: ipaserver_dir_admin_password
      prompt: "What should the admin password be for the Directory Server?"
      private: yes
      default: "{{ vault_ipaserver_dir_admin_password }}"
  roles:
     - { role: clusterapps.freeipa-server }

License

GPLv2

Author Information

Michael Cleary mcleary@clusterapps.com

This project is based on https://github.com/gregswift/ansible-freeipa, with added support for backup servers and additional features.