ISTI-ansible-roles
/
ansible-role-ipa-server
4
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
ansible-role-ipa-server/defaults/main.yml

35 lines
1.4 KiB
YAML
Raw Blame History

---
# See https://github.com/antevens/letsencrypt-freeipa for the letsencrypt hints
ipa_server_install: True
ipa_server_use_dns: True
ipa_server_is_master: False
ipa_server_domain: example.org
ipa_server_realm: '{{ ipa_server_domain | upper }}'
ipa_zonemaneger_email: hostmaster@xample.com
ipa_server_packages:
- ipa-server
- rng-tools
- ntp
ipa_server_dns_packages:
- ipa-server-dns
ipa_packages_to_remove:
- chrony
# Installation command
# It uses letsencrypt certificates
ipa_installation_options: "--ca-cert-file=/etc/pki/ipa/{{ ipa_letsencrypt_ca_filename }} --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit -r {{ ipa_server_realm }} -n {{ ipa_server_domain }} -a {{ ipa_admin_password }} -p {{ ipa_manager_password }} --hostname={{ ansible_fqdn }} -U --setup-dns --no-forwarders --no-reverse --zonemgr={{ ipa_zonemaneger_email }}"
# Comand that installs a replica
ipa_replica_installation_command: "ipa-replica-install --no-reverse --setup-dns --no-forwarders --dirsrv-cert-file=/etc/pki/ipa/fullchain.pem --dirsrv-pin='' --http-cert-file=/etc/pki/ipa/fullchain.pem --http-pin='' --no-pkinit"
ipa_run_the_installation_command: True
ipa_ssl_letsencrypt_managed: True
ipa_ssl_letsencrypt_use_hook: False
ipa_letsencrypt_root_ca: /etc/pki/ca-trust/source/anchors/isrgrootx1.pem
ipa_letsencrypt_ca_filename: letsencrypt-ca-all.pem
ipa_letsencrypt_cron_job_day: '1'
View Git Blame Copy Permalink