blob: 7641670812cef65e0378d299defc1b15a7c14ef8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
- name: Install ipa-client
package: name=ipa-client state=present
- name: "Check if ipa is already configured"
shell: "grep {{ ands_domain }} /etc/krb5.conf"
register: ipa_check
changed_when: ipa_check is failed
failed_when: false
- name: "Read FQDN"
command: "cat /etc/hostname"
register: hostname
changed_when: false
- name: "Configure ipa"
command: "/usr/sbin/ipa-client-install -p admin -w {{ config.ands_idm_admin_password | quote }} --hostname={{ hostname.stdout }} --domain={{ ands_domain }} --server={{ ands_idm_server }} --enable-dns-updates --mkhomedir --request-cert --unattended"
when:
- ipa_check.rc != 0
# This may break krb authentication for users with exsiting tickets all together until idm server is restarted
- name: "Enable hostname canonicalization"
lineinfile: path="/etc/krb5.conf" regexp="dns_canonicalize_hostname" line=" dns_canonicalize_hostname = true" state="present"
notify:
- restart sssd
|
