tee /home/auto/playbooks/deploy_lab/freeipa_client.yaml > /dev/null << 'EOT'
- name: Install FreeIPA on client systems
hosts: ipaclients
tasks:
- name: Install freeipa-client RPM
tags: freeipa-client
package:
name: freeipa-client
state: present
- name: Make/Update /etc/hosts
tags: freeipa-client
lineinfile:
path: /etc/hosts
line: "10.9.8.10 cwo02.rockyhowto.lab cwo02"
create: yes
- name: Install FreeIPA-Client
tags: freeipa-client
register: freeipa_client_cmd
ignore_errors: true
command: ipa-client-install \
--unattended \
--server=cwo02.rockyhowto.lab \
--domain=rockyhowto.lab \
--force \
--force-join \
--enable-dns-updates \
--mkhomedir \
--principal admin \
--password=password \
--ntp-server=10.9.8.10
- name: Make/Update /etc/auto.guests
tags: freeipa-client
lineinfile:
path: /etc/auto.guests
line: "* -rw 10.9.8.10:/home/domainusers/&"
create: yes
- name: Make/Update /etc/auto.master
tags: freeipa-client
lineinfile:
path: /etc/auto.master
line: "/home/domainusers /etc/auto.guests"
create: yes
- name: Make/Update /etc/fstab
tags: freeipa-client
lineinfile:
path: /etc/fstab
line: "10.9.8.10:/home/domainusers /home/domainusers nfs defaults 0 0"
create: yes
- name: Make/Update /etc/ssh/sshd_config
tags: freeipa-client
lineinfile:
path: /etc/ssh/sshd_config
line: "{{ item }}"
create: yes
with_items:
- "KerberosAuthentication no"
- "UsePAM yes"
- name: Enable sudo via authselect
tags: freeipa-client
command: /usr/bin/authselect enable-feature with-sudo
- name: sshd restart
tags: freeipa-client
ansible.builtin.service:
name: sshd
state: restarted
enabled: true
EOT
ansible-playbook /home/auto/playbooks/deploy_lab/freeipa_client.yaml
ansible-playbook /home/auto/playbooks/deploy_lab/freeipa_client.yaml \
--extra-vars 'ansible_user=domain\user ansible_password=PASSWORD ansible_sudo_pass=PASSWORD'