Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Use the new modules

Browse source 
Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
This commit is contained in:
Aurélien Bompard 2020-10-21 16:33:16 +02:00
parent 77b9de661e
commit dad2290c7f
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 33 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

80
roles/ipa/server/tasks/main.yml
View file

@ -356,6 +356,15 @@
when: ipa_initial when: ipa_initial
register: output register: output
- name: Destroy admin ticket
command: kdestroy -A
tags:
- ipa/server
- keytab
- config
- krb5
when: ipa_initial
# Noggin user setup # Noggin user setup
- name: Register the proper noggin admin password - name: Register the proper noggin admin password
@ -382,80 +391,57 @@
when: ipa_initial when: ipa_initial
- name: Create the noggin privilege - name: Create the noggin privilege
command: ipaprivilege:
argv: name: Self-service Portal Administrators
- ipa description: Noggin admin users
- privilege-add ipaadmin_password: "{{ ipa_admin_password }}"
- Self-service Portal Administrators
- --desc=Noggin admin users
tags: tags:
- ipa/server - ipa/server
- config - config
when: ipa_initial when: ipa_initial
register: output
changed_when: "'already exists' not in output.stderr"
failed_when: "'already exists' not in output.stderr and output.rc != 0"
- name: Setup the noggin privilege - name: Setup the noggin privilege
command: ipaprivilege:
argv: name: Self-service Portal Administrators
- ipa permission:
- privilege-add-permission - "System: Modify Users"
- Self-service Portal Administrators - "System: Change User password"
- "--permissions=System: Modify Users" - "System: Add Stage User"
- "--permissions=System: Change User password" - "System: Read Stage Users"
- "--permissions=System: Add Stage User" - "System: Modify Stage User"
- "--permissions=System: Read Stage Users" - "System: Modify User RDN"
- "--permissions=System: Modify Stage User" - "System: Remove Stage User"
- "--permissions=System: Modify User RDN" - "System: Add Users"
- "--permissions=System: Remove Stage User" - "System: Add User to default group"
- "--permissions=System: Add Users" action: member
- "--permissions=System: Add User to default group" ipaadmin_password: "{{ ipa_admin_password }}"
tags: tags:
- ipa/server - ipa/server
- config - config
when: ipa_initial when: ipa_initial
register: output
changed_when: "'Number of permissions added 0' not in output.stdout"
failed_when: "'Number of permissions added 0' not in output.stdout and output.rc != 0"
- name: Create the noggin role - name: Create the noggin role
ipa_role: iparole:
name: "Self-service Portal Administrator" name: "Self-service Portal Administrator"
description: "Noggin admin user" description: "Noggin admin user"
privilege:
- "Self-service Portal Administrators"
user: user:
- noggin - noggin
ipa_host: localhost privilege:
ipa_user: admin - "Self-service Portal Administrators"
ipa_pass: "{{ipa_admin_password}}" ipaadmin_password: "{{ ipa_admin_password }}"
validate_certs: no
tags: tags:
- ipa/server - ipa/server
- config - config
when: ipa_initial when: ipa_initial
- name: Destroy admin ticket
command: kdestroy -A
tags:
- ipa/server
- keytab
- config
- krb5
when: ipa_initial
- name: Set the members of the admin group - name: Set the members of the admin group
ipa_group: ipagroup:
name: admins name: admins
user: user:
- admin - admin
- fas_sync - fas_sync
ipa_host: localhost ipaadmin_password: "{{ ipa_admin_password }}"
ipa_user: admin
ipa_pass: "{{ipa_admin_password}}"
validate_certs: no
tags: tags:
- ipa/server - ipa/server
- config - config