ISTI-ansible-roles
/
ansible-role-ipa-server
4
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
Role that installs a FreIPA server https://www.freeipa.org/
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
53 KiB
Shell 91.8%
Jinja 8.2%
 
 
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
Andrea Dell'Amico 89ad15151c
Add the root CA to the full chain. 		3 years ago
defaults Add the root CA to the full chain. 3 years ago
files New letsencrypt chain of trust. 3 years ago
handlers Import the old ipa-server role. 4 years ago
meta Import the old ipa-server role. 4 years ago
tasks New letsencrypt chain of trust. 3 years ago
templates Add the root CA to the full chain. 3 years ago
tests Initial commit 4 years ago
vars Add the root CA to the full chain. 3 years ago
.gitignore Initial commit 4 years ago
LICENSE Initial commit 4 years ago
README.md Import the old ipa-server role. 4 years ago

README.md
Unescape Escape

Role Name

A role that installs the FreeIPA server, https://www.freeipa.org/

Role Variables

The most important variables are listed below:

ipa_server_install: True
ipa_server_use_dns: True
ipa_server_is_master: False

ipa_server_domain: example.org
ipa_server_realm: '{{ ipa_server_domain | upper }}'

ipa_server_packages:
  - ipa-server
  - rng-tools
  - ntp

ipa_server_dns_packages:
  - ipa-server-dns

ipa_packages_to_remove:
  - chrony

# Installation command
# It uses letsencrypt certificates
ipa_installation_options: "--ca-cert-file=/etc/pki/ipa/{{ ipa_letsencrypt_ca_filename }} --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit -r {{ ipa_server_realm }} -n {{ ipa_server_domain }} -a {{ ipa_admin_password }} -p {{ ipa_manager_password }} --hostname={{ ansible_fqdn }} -U --setup-dns --no-forwarders --no-reverse --zonemgr=hostmaster@xample.com"

# Comand that installs a replica
ipa_replica_installation_command: "ipa-replica-install --no-reverse --setup-dns --no-forwarders --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit"
 
ipa_run_the_installation_command: True
ipa_ssl_letsencrypt_managed: True
ipa_ssl_letsencrypt_use_hook: False
ipa_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
ipa_letsencrypt_cron_job_day: '1'

Dependencies

None

License

EUPL-1.2

Author Information

Andrea DellAmico, andrea.dellamico@isti.cnr.it