ipa/client: enable for retrace in prod

Signed-off-by: Nils Philippsen <nils@redhat.com>
2021-03-19 17:25:38 +01:00 · 2021-03-19 17:25:38 +01:00 · 8463ae106f
commit 8463ae106f
parent d34b4ff501
3 changed files with 15 additions and 6 deletions
--- a/inventory/group_vars/retrace
+++ b/inventory/group_vars/retrace
@ -1,7 +1,13 @@
 ---
-fas_client_groups: retrace
+primary_auth_source: ipa
+ipa_host_group: retrace
+ipa_host_group_desc: Retrace servers
+ipa_client_shell_groups:
+- retrace
+ipa_client_sudo_groups:
+- retrace
+
 freezes: false
-sudoers: "{{ private }}/files/sudo/arm-retrace-sudoers"
 ansible_ifcfg_blocklist: true

 tcp_ports: [ 80, 443 ]
--- a/inventory/group_vars/retrace_stg_aws
+++ b/inventory/group_vars/retrace_stg_aws
@ -1,5 +1,10 @@
 ---
-fas_client_groups: retrace
+ipa_host_group: retrace
+ipa_host_group_desc: Retrace servers
+ipa_client_shell_groups:
+- retrace
+ipa_client_sudo_groups:
+- retrace
 devel: true

 tcp_ports: [22, 80, 443 ]
--- a/playbooks/groups/retrace.yml
+++ b/playbooks/groups/retrace.yml
@ -64,14 +64,12 @@
  tasks:
    - import_role: name=base
    - import_role: name=hosts
-    - { import_role: name=ipa/client, when: env == "staging" }
-    - { import_role: name=fas_client, when: env != "staging" }
+    - import_role: name=ipa/client
    - import_role: name=rkhunter
    - import_role: name=nagios_client
    - import_role: name=openvpn/client
    - import_role: name=sudo

-    - import_tasks: "{{ tasks_path }}/2fa_client.yml"
    - import_tasks: "{{ tasks_path }}/motd.yml"

  handlers: