Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Revert "Use the new modules"

Browse source 
The version of ansible-freeipa we have does not have the new modules
yet.

This reverts commit dad2290c7f.
This commit is contained in:
Aurélien Bompard 2020-10-21 16:39:40 +02:00
parent dad2290c7f
commit dc9ad4da3f
No known key found for this signature in database
GPG key ID: 31584CFEB9BF64AD
1 changed files with 52 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

90
roles/ipa/server/tasks/main.yml
View file

@ -356,15 +356,6 @@
when: ipa_initial when: ipa_initial
register: output register: output
- name: Destroy admin ticket
command: kdestroy -A
tags:
- ipa/server
- keytab
- config
- krb5
when: ipa_initial
# Noggin user setup # Noggin user setup
- name: Register the proper noggin admin password - name: Register the proper noggin admin password
@ -391,57 +382,80 @@
when: ipa_initial when: ipa_initial
- name: Create the noggin privilege - name: Create the noggin privilege
ipaprivilege: command:
name: Self-service Portal Administrators argv:
description: Noggin admin users - ipa
ipaadmin_password: "{{ ipa_admin_password }}" - privilege-add
- Self-service Portal Administrators
- --desc=Noggin admin users
tags: tags:
- ipa/server - ipa/server
- config - config
when: ipa_initial when: ipa_initial
register: output
changed_when: "'already exists' not in output.stderr"
failed_when: "'already exists' not in output.stderr and output.rc != 0"
- name: Setup the noggin privilege - name: Setup the noggin privilege
ipaprivilege: command:
name: Self-service Portal Administrators argv:
permission: - ipa
- "System: Modify Users" - privilege-add-permission
- "System: Change User password" - Self-service Portal Administrators
- "System: Add Stage User" - "--permissions=System: Modify Users"
- "System: Read Stage Users" - "--permissions=System: Change User password"
- "System: Modify Stage User" - "--permissions=System: Add Stage User"
- "System: Modify User RDN" - "--permissions=System: Read Stage Users"
- "System: Remove Stage User" - "--permissions=System: Modify Stage User"
- "System: Add Users" - "--permissions=System: Modify User RDN"
- "System: Add User to default group" - "--permissions=System: Remove Stage User"
action: member - "--permissions=System: Add Users"
ipaadmin_password: "{{ ipa_admin_password }}" - "--permissions=System: Add User to default group"
tags:
- ipa/server
- config
when: ipa_initial
register: output
changed_when: "'Number of permissions added 0' not in output.stdout"
failed_when: "'Number of permissions added 0' not in output.stdout and output.rc != 0"
- name: Create the noggin role
ipa_role:
name: "Self-service Portal Administrator"
description: "Noggin admin user"
privilege:
- "Self-service Portal Administrators"
user:
- noggin
ipa_host: localhost
ipa_user: admin
ipa_pass: "{{ipa_admin_password}}"
validate_certs: no
tags: tags:
- ipa/server - ipa/server
- config - config
when: ipa_initial when: ipa_initial
- name: Create the noggin role - name: Destroy admin ticket
iparole: command: kdestroy -A
name: "Self-service Portal Administrator"
description: "Noggin admin user"
user:
- noggin
privilege:
- "Self-service Portal Administrators"
ipaadmin_password: "{{ ipa_admin_password }}"
tags: tags:
- ipa/server - ipa/server
- keytab
- config - config
- krb5
when: ipa_initial when: ipa_initial
- name: Set the members of the admin group - name: Set the members of the admin group
ipagroup: ipa_group:
name: admins name: admins
user: user:
- admin - admin
- fas_sync - fas_sync
ipaadmin_password: "{{ ipa_admin_password }}" ipa_host: localhost
ipa_user: admin
ipa_pass: "{{ipa_admin_password}}"
validate_certs: no
tags: tags:
- ipa/server - ipa/server
- config - config