Role Name
=========

A role that installs the FreeIPA server, <https://www.freeipa.org/>

Role Variables
--------------

The most important variables are listed below:

``` yaml
ipa_server_install: True
ipa_server_use_dns: True
ipa_server_is_master: False

ipa_server_domain: example.org
ipa_server_realm: '{{ ipa_server_domain | upper }}'

ipa_server_packages:
  - ipa-server
  - rng-tools
  - ntp

ipa_server_dns_packages:
  - ipa-server-dns

ipa_packages_to_remove:
  - chrony

# Installation command
# It uses letsencrypt certificates
ipa_installation_options: "--ca-cert-file=/etc/pki/ipa/{{ ipa_letsencrypt_ca_filename }} --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit -r {{ ipa_server_realm }} -n {{ ipa_server_domain }} -a {{ ipa_admin_password }} -p {{ ipa_manager_password }} --hostname={{ ansible_fqdn }} -U --setup-dns --no-forwarders --no-reverse --zonemgr=hostmaster@xample.com"

# Comand that installs a replica
ipa_replica_installation_command: "ipa-replica-install --no-reverse --setup-dns --no-forwarders --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit"
 
ipa_run_the_installation_command: True
ipa_ssl_letsencrypt_managed: True
ipa_ssl_letsencrypt_use_hook: False
ipa_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
ipa_letsencrypt_cron_job_day: '1'
```

Dependencies
------------

None

License
-------

EUPL-1.2

Author Information
------------------

Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>