From 2d55a8bb7d45899045f14c5761fe11abc91bda9d Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 4 Aug 2016 16:37:47 +0000
Subject: [PATCH] IPA server role and playbook

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 playbooks/groups/ipa.yml | 48 ++++++++++++++++++++++++++++++++++++++++
 roles/ipa/tasks/main.yml | 16 ++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 playbooks/groups/ipa.yml
 create mode 100644 roles/ipa/tasks/main.yml

diff --git a/playbooks/groups/ipa.yml b/playbooks/groups/ipa.yml
new file mode 100644
index 0000000000..705dc8bb92
--- /dev/null
+++ b/playbooks/groups/ipa.yml
@@ -0,0 +1,48 @@
+- include: "/srv/web/infra/ansible/playbooks/include/virt-create.yml myhosts=ipsilon:ipsilon-stg"
+
+- name: make the box be real
+  hosts: ipa:ipa-stg
+  user: root
+  gather_facts: True
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  roles:
+  - base
+  - rkhunter
+  - nagios/client
+  - hosts
+  - fas_client
+  - rsyncd
+  - sudo
+  - { role: openvpn/client,
+      when: env != "staging" }
+  - apache
+
+  tasks:
+  - include: "{{ tasks }}/yumrepos.yml"
+  - include: "{{ tasks }}/2fa_client.yml"
+  - include: "{{ tasks }}/motd.yml"
+  - include: "{{ tasks }}/mod_wsgi.yml"
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
+
+- name: deploy ipa itself
+  hosts: ipa:ipa-stg
+  user: root
+  gather_facts: True
+
+  vars_files:
+   - /srv/web/infra/ansible/vars/global.yml
+   - "/srv/private/ansible/vars.yml"
+   - "{{ vars_path }}/{{ ansible_distribution }}.yml"
+
+  roles:
+  - ipa
+
+  handlers:
+  - include: "{{ handlers }}/restart_services.yml"
diff --git a/roles/ipa/tasks/main.yml b/roles/ipa/tasks/main.yml
new file mode 100644
index 0000000000..629590e875
--- /dev/null
+++ b/roles/ipa/tasks/main.yml
@@ -0,0 +1,16 @@
+---
+# Configuration for IPA
+
+- name: install needed packages
+  yum: pkg={{ item }} state=present update_cache=yes
+  with_items:
+  - ipa-server
+  - ipa-server-dns
+  tags:
+  - packages
+
+- name: install IPA
+  shell: ipa-server-install --realm={{ipa_realm}} --domain={{ipa_realm}} --ds-password{{ipa_dm_password}} --admin-password={{ipa_admin_password}} --mkhomedir --no-ntp --unattended --no-ssh --no-sshd --setup-dns --log-file=/var/log/ipainstall.log
+  creates: /etc/ipa/default.conf
+  tags:
+  - config