IPA Server

This role installs and sets up an IPA server.

Requirements

• Your Linux machine should not have other Kerberos installations (like MIT-KDC or Active Directory) because IPA installation will overwrite the krb5.conf file.
• If mod_ssl is set to listen on port 443, it will be changed to port 10443 to avoid conflicts with mod_nss.

Role Variables

Required variables (default values provided):

• ipaserver_realm: "EXAMPLE.COM"
• ipaserver_domain: "example.com"
• ipaserver_admin_password: **********
• ipaserver_dir_admin_password: **********

Optional variables (default values provided):

• ipaserver_configure_ssh: True
• ipaserver_configure_sshd: True
• ipaserver_hbac_allow: True
• ipaserver_idstart: 5000
• ipaserver_idmax: False
• ipaserver_setup_ntp: True
• ipaserver_setup_dns: False
• ipaserver_ssh_trust_dns: False
• ipaserver_dns_forwarder: 8.8.8.8
• ipaserver_ui_redirect: True

Variables that should not be changed:

• ipaserver_admin_username: admin

Dependencies

None.

Example Playbook

- hosts: localhost
  become_user: True
  gather_facts: True
  
  roles:
    - yabhinav.ipaserver

Issues

• It's not recommended to run this role from Ansible using Python virtualenv on Ubuntu 16.04 due to this issue. Check the same issue here.
• Freeipa-admintools is only available in Ubuntu 16.04, so this role does not support Debian 7, 8 and Ubuntu 12.04 and 14.04.

License

MIT

Author Information

Created by Abhinav Yalamanchili