55 lines
1.5 KiB
YAML
55 lines
1.5 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for role-ipa-server
|
|
- name: install freeipa-server
|
|
ansible.builtin.package:
|
|
name: freeipa-server
|
|
state: present
|
|
|
|
- name: install ipa-server-dns
|
|
ansible.builtin.package:
|
|
name: ipa-server-dns
|
|
state: present
|
|
|
|
#this should be moved to a dedicated firewall role down the road
|
|
- name: permit ipa-server traffic through firewall
|
|
ansible.posix.firewalld:
|
|
service: freeipa-4
|
|
state: enabled
|
|
permanent: true
|
|
immediate: true
|
|
offline: true
|
|
|
|
- name: deploy replication script
|
|
ansible.builtin.copy:
|
|
src: files/replicate.sh
|
|
dest: /scripts/replicate.sh
|
|
|
|
# create symlink for certs if letsencrypt is set up
|
|
- name: check if letsencrypt is set up
|
|
ansible.builtin.command: '[ -d "/etc/letsencrypt/" ]'
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: check if ipaserver is ready
|
|
ansible.builtin.command: '[ -d "/var/lib/ipa/certs/" ]'
|
|
register: result2
|
|
ignore_errors: true
|
|
|
|
- name: create symlink for certificate
|
|
ansible.builtin.file:
|
|
src: "/etc/letsencrypt/live/{{ansible_fqdn}}/cert.pem"
|
|
dest: /var/lib/ipa/certs/httpd.crt
|
|
state: link
|
|
force: yes
|
|
when: (result is succeeded) and (result2 is succeeded)
|
|
notify: restart httpd
|
|
|
|
- name: create symlink for private key
|
|
ansible.builtin.file:
|
|
src: "/etc/letsencrypt/live/{{ansible_fqdn}}/privkey.pem"
|
|
dest: /var/lib/ipa/private/httpd.key
|
|
state: link
|
|
force: yes
|
|
when: (result is succeeded) and (result2 is succeeded)
|
|
notify: restart httpd
|