58 lines
1.6 KiB
Markdown
58 lines
1.6 KiB
Markdown
Role Name
|
|
=========
|
|
|
|
A role that installs the FreeIPA server, <https://www.freeipa.org/>
|
|
|
|
Role Variables
|
|
--------------
|
|
|
|
The most important variables are listed below:
|
|
|
|
``` yaml
|
|
ipa_server_install: True
|
|
ipa_server_use_dns: True
|
|
ipa_server_is_master: False
|
|
|
|
ipa_server_domain: example.org
|
|
ipa_server_realm: '{{ ipa_server_domain | upper }}'
|
|
|
|
ipa_server_packages:
|
|
- ipa-server
|
|
- rng-tools
|
|
- ntp
|
|
|
|
ipa_server_dns_packages:
|
|
- ipa-server-dns
|
|
|
|
ipa_packages_to_remove:
|
|
- chrony
|
|
|
|
# Installation command
|
|
# It uses letsencrypt certificates
|
|
ipa_installation_options: "--ca-cert-file=/etc/pki/ipa/{{ ipa_letsencrypt_ca_filename }} --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit -r {{ ipa_server_realm }} -n {{ ipa_server_domain }} -a {{ ipa_admin_password }} -p {{ ipa_manager_password }} --hostname={{ ansible_fqdn }} -U --setup-dns --no-forwarders --no-reverse --zonemgr=hostmaster@xample.com"
|
|
|
|
# Comand that installs a replica
|
|
ipa_replica_installation_command: "ipa-replica-install --no-reverse --setup-dns --no-forwarders --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit"
|
|
|
|
ipa_run_the_installation_command: True
|
|
ipa_ssl_letsencrypt_managed: True
|
|
ipa_ssl_letsencrypt_use_hook: False
|
|
ipa_letsencrypt_ca_filename: lets-encrypt-x3-cross-signed.pem
|
|
ipa_letsencrypt_cron_job_day: '1'
|
|
```
|
|
|
|
Dependencies
|
|
------------
|
|
|
|
None
|
|
|
|
License
|
|
-------
|
|
|
|
EUPL-1.2
|
|
|
|
Author Information
|
|
------------------
|
|
|
|
Andrea Dell'Amico, <andrea.dellamico@isti.cnr.it>
|