forked from timorunge/ansible-freeipa-server
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.yml
48 lines (40 loc) · 1.64 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
---
# Install FreeIPA packages (set to false if you're using `timorunge.freeipa`)
# Type: Bool
freeipa_server_install_pkgs: true
# Enable/Disable manage RedHat epel repository
# Type: Bool
freeipa_server_enable_epel_repo: true
# Automatically setting an entry in /etc/hosts
# Type: Bool
freeipa_server_manage_host: true
# Choice FreeIPA server installation type (master/replica)
# Type: Str
freeipa_server_type: master
# FQDN of the master FreeIPA server
# Type: Str
freeipa_server_master_fqdn: ''
# Fixes a bug in FreeIPA which causes the Google Authenticator to fail to
# reconize the QR code. Fur further defails take a look at
# https://www.freeipa.org/page/Using_FreeIPA_and_FreeRadius_as_a_RADIUS_based_software_token_OTP_system_with_CentOS/RedHat_7
# Type: Bool
freeipa_server_fix_google_authenticator_qr_code_recognition: false
# The base command for the FreeIPA server installation
# Type: Str
freeipa_server_install_base_command: "ipa-{{ 'server' if freeipa_server_type == 'master' else 'replica' }}-install --unattended {{ '--server=' + freeipa_server_master_fqdn if freeipa_server_type == 'replica' else '' }}"
# The default FreeIPA server installation options
# Type: List
freeipa_server_install_options:
- "--realm={{ freeipa_server_realm }}"
- "--domain={{ freeipa_server_domain }}"
- "--setup-dns"
- "--ds-password {{ freeipa_server_ds_password }}"
- "--admin-password {{ freeipa_server_admin_password }}"
- "--mkhomedir"
- "--hostname={{ freeipa_server_fqdn | default(ansible_fqdn) }}"
- "--ip-address={{ freeipa_server_ip }}"
- "--no-host-dns"
- "--idstart=5000"
- "--ssh-trust-dns"
- "--forwarder=8.8.8.8"
- "--auto-forwarders"