ipa/client: enable for oci_registry in prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-19 17:25:38 +01:00 · 2021-03-19 17:25:38 +01:00 · 40a5fed45e
commit 40a5fed45e
parent b0eb4e6c82
2 changed files with 8 additions and 5 deletions
--- a/inventory/group_vars/oci_registry
+++ b/inventory/group_vars/oci_registry
@ -1,6 +1,12 @@
 ---

-fas_client_groups: sysadmin-releng
+primary_auth_source: ipa
+ipa_host_group: oci-registry
+ipa_host_group_desc: OCI Registry service
+ipa_client_shell_groups:
+- sysadmin-releng
+ipa_client_sudo_groups:
+- sysadmin-releng

 sudoers: "{{ private }}/files/sudo/00releng-sudoers"

--- a/playbooks/groups/oci-registry.yml
+++ b/playbooks/groups/oci-registry.yml
@ -16,8 +16,7 @@
  - rkhunter
  - nagios_client
  - hosts
-  - { role: fas_client, when: env != "staging" }
-  - { role: ipa/client, when: env == "staging" }
+  - ipa/client
  - collectd/base
  - rsyncd
  - sudo
@ -40,8 +39,6 @@
  - import_tasks: "{{ tasks_path }}/yumrepos.yml"

  tasks:
-  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
-    when: env != "staging"
  - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers: