ansible ipa -i ~/.ossipee/inventory.ini -m shell -u centos --sudo -a "ipa-server-install -U -r AYOUNG -p FreeIPA4All -a FreeIPA4All --setup-dns --forwarder 192.168.52.3"
Next attempt is using a Ansible playbooks. Here is install_ipa.yml
--- - hosts: ipa tasks: - command: ipa-server-install -U -r AYOUNG -p FreeIPA4All -a FreeIPA4All --setup-dns --forwarder 192.168.52.3
ansible-playbook -i ~/.ossipee/inventory.ini -u centos --sudo install_ipa.yml
While this is acceptable for a development setup, I want to improve a few things.
- Hide the passwords used for the admin accounts.
- Calculate the Realm from the domain (mostly a to-upper hack using a variable for both)
- Read the resolver out of the existing resolv.conf
Just for completeness, also did this as an Ansible module.
#!/usr/bin/python import os import json import subprocess def iparesolver(): for text in open("/etc/resolv.conf","r"): words = text.split() if words == "nameserver": return words def ipa_install_command(): iparealm="RDO.CLOUDLAB.FREEIPA.ORG" install_command = ["ipa-server-install","-U","-r", iparealm, "-p", "FreeIPA4All", "-a", "FreeIPA4All", "--setup-dns", "--forwarder", iparesolver()] return install_command subprocess.call(ipa_install_command())
ansible ipa -i ~/.ossipee/inventory.ini -m ipa_server_install -M ./ansible -u centos --sudo
It reports a failure due to the volumes of data returned, but actually successfully installed IPA.