Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

ipa/client: specify ipa server when enrolling VPN hosts

Browse source 
This is needed for clients that cannot access the internal DNS
where IPA servers are announced.

Signed-off-by: Nils Philippsen <nils@redhat.com>
This commit is contained in:
Nils Philippsen 2021-03-24 11:49:22 +01:00
parent 2c04966b51
commit 28cc2e8d93
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inventory/group_vars/all
View file

@ -353,6 +353,10 @@ wsgi_wants_apache: true
# IPA settings # IPA settings
additional_host_keytabs: [] additional_host_keytabs: []
ipa_server: ipa01.iad2.fedoraproject.org ipa_server: ipa01.iad2.fedoraproject.org
ipa_server_nodes:
- ipa01.iad2.fedoraproject.org
- ipa02.iad2.fedoraproject.org
- ipa03.iad2.fedoraproject.org
ipa_realm: FEDORAPROJECT.ORG ipa_realm: FEDORAPROJECT.ORG
ipa_admin_password: "{{ ipa_prod_admin_password }}" ipa_admin_password: "{{ ipa_prod_admin_password }}"
# Let this become "ipa" at some point # Let this become "ipa" at some point

3
roles/ipa/client/tasks/main.yml
View file

@ -17,6 +17,9 @@
- name: Enroll system as IPA client - name: Enroll system as IPA client
command: command:
cmd: ipa-client-install cmd: ipa-client-install
{% if (vpn | default(false)) %}{% for node in ipa_server_nodes | default([]) %}
--server={{ node }}
{% endfor %}{% endif %}
--hostname={{ inventory_hostname }} --hostname={{ inventory_hostname }}
--domain={{ ipa_realm | lower }} --domain={{ ipa_realm | lower }}
--realm={{ ipa_realm }} --realm={{ ipa_realm }}