added replica script, https symlink, and ipactl handler (might need to change)
This commit is contained in:
parent
ad248d5666
commit
7bf624aca0
3 changed files with 69 additions and 1 deletions
12
files/replicate.sh
Normal file
12
files/replicate.sh
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
read -s -p "Admin Password:" ADMIN_PASSWORD
|
||||||
|
echo ""
|
||||||
|
read -p "Server to replicate (default ipa.actcur.com):" SERVER
|
||||||
|
|
||||||
|
if [ -z $SERVER ]
|
||||||
|
then
|
||||||
|
SERVER="ipa.actcur.com"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ipa-client-install -U -p admin -w $ADMIN_PASSWORD --server=ipa-replica2.actcur.com --domain actcur.com --mkhomedir --force-join
|
||||||
|
|
||||||
|
ipa-replica-install --skip-mem-check
|
||||||
|
|
@ -1,3 +1,7 @@
|
||||||
#SPDX-License-Identifier: MIT-0
|
#SPDX-License-Identifier: MIT-0
|
||||||
---
|
---
|
||||||
# handlers file for role-ipa-server
|
# handlers file for role-ipa-server
|
||||||
|
- name: restart ipactl
|
||||||
|
service:
|
||||||
|
name: ipactl
|
||||||
|
state: restarted
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,55 @@
|
||||||
#SPDX-License-Identifier: MIT-0
|
#SPDX-License-Identifier: MIT-0
|
||||||
---
|
---
|
||||||
# tasks file for role-ipa-server
|
# tasks file for role-ipa-server
|
||||||
|
- name: install freeipa-server
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: freeipa-server
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: install ipa-server-dns
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: ipa-server-dns
|
||||||
|
state: present
|
||||||
|
|
||||||
|
#this should be moved to a dedicated firewall role down the road
|
||||||
|
- name: permit ipa-server traffic through firewall
|
||||||
|
ansible.builtin.package:
|
||||||
|
service: freeipa-4
|
||||||
|
state: enabled
|
||||||
|
permanent: true
|
||||||
|
immediate: true
|
||||||
|
offline: true
|
||||||
|
|
||||||
|
- name: deploy replication script
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: files/replicate.sh
|
||||||
|
dest: /scripts/replicate.sh
|
||||||
|
|
||||||
|
# create symlink for certs if letsencrypt is set up
|
||||||
|
- name: check if letsencrypt is set up
|
||||||
|
ansible.builtin.command: '[ -d "/etc/letsencrypt/" ]'
|
||||||
|
register: result
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: check if ipaserver is ready
|
||||||
|
ansible.builtin.command: '[ -d "/var/lib/ipa/certs/" ]'
|
||||||
|
register: result2
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: create symlink for certificate
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: /etc/letsencrypt/live
|
||||||
|
dest: /var/lib/ipa/certs/httpd.crt
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
when: (result is succeeded) and (result2 is succeeded)
|
||||||
|
notify: restart ipactl
|
||||||
|
|
||||||
|
- name: create symlink for private key
|
||||||
|
ansible.builtin.file:
|
||||||
|
src: /etc/letsencrypt/live
|
||||||
|
dest: /var/lib/ipa/private/httpd.key
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
when: (result is succeeded) and (result2 is succeeded)
|
||||||
|
notify: restart ipactl
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue