Добавить ansible.yml

ansible.yml

@@ -0,0 +1,151 @@
+---
+- hosts: ldap-server 
+  become: true
+  tasks:
+
+  - name: update
+    dnf: 
+      update_cache: yes 
+
+  - name: install freeipa-server
+    dnf:
+      name: freeipa-server
+      state: present
+
+  - name: install freeipa-server-dns
+    dnf:
+      name: ipa-server-dns
+      state: present
+
+  - name: enable firewalld
+    systemd:
+      name: firewalld
+      enabled: yes
+      state: started
+
+  - name: open firewalld ports
+    firewalld:
+      service: "{{ item }}"
+      permanent: yes
+      immediate: yes
+      state: enabled
+    loop:
+      - http
+      - https
+      - dns
+      - kerberos
+      - kpasswd
+      - ldap
+      - ldaps
+      - ntp
+
+  - name: enable firewalld
+    systemd:
+      name: firewalld
+      enabled: yes
+      state: started
+
+  - name: generate pass admin
+    set_fact:
+      admin_password: "{{ lookup('ansible.builtin.password', '/dev/null length=12') }}"
+
+  - name: generate pass directory manager
+    set_fact:
+      ds_password: "{{ lookup('ansible.builtin.password', '/dev/null length=12') }}"
+
+  - name: save admin pass
+    copy:
+      content: "{{ admin_password }}"
+      dest: "./admin_pass"
+    become: no 
+    delegate_to: localhost
+
+  - name: save directory manager pass
+    copy:
+      content: "{{ ds_password }}"
+      dest: "./ds_pass"
+    become: no 
+    delegate_to: localhost
+
+  - name: change hosts
+    lineinfile:
+      path: /etc/hosts
+      line: "10.10.1.10 ldap-server.lab.local ldap-server"
+      state: present
+
+  - name: freeipa server config
+    command: >
+      ipa-server-install -U
+      --domain=lab.local
+      --realm=LAB.LOCAL
+      --admin-password={{ admin_password }}
+      --ds-password={{ ds_password }}
+      --setup-dns
+      --auto-forwarders
+      --no-host-dns
+ 
+  - name: generate ssh key
+    openssh_keypair:
+      path: "./id_rsa"
+      type: rsa
+      size: 4096
+    register: key_data
+    delegate_to: localhost
+    become: false 
+
+  - name: auth kerberos
+    shell: echo "{{ admin_password }}" | kinit admin@LAB.LOCAL
+
+  - name: generate pass pupkin.v
+    set_fact:
+      user_password: "{{ lookup('ansible.builtin.password', '/dev/null length=12') }}"
+
+  - name: create user 
+    command: ipa user-add pupkin.a --first=Aristarkh --last=Pupkin --cn=pupkin.a --password
+    args:
+      stdin: "{{ user_password }}"
+    ignore_errors: yes
+
+  - name: add ssh public key 
+    command: ipa user-mod pupkin.a --sshpubkey="{{ key_data.public_key }}"
+
+  - name: show pass
+    debug:
+      msg: "ВНИМАНИЕ!!! Сохраните сгенерированные пароли: admin - {{ admin_password }}, directory manager - {{ ds_password }}, pupkin.a - {{ user_password }}"
+
+
+
+- hosts: ldap-client 
+  become: yes
+  tasks:
+
+  - name: update
+    dnf: 
+      update_cache: yes 
+
+  - name: install ipa-client
+    dnf:
+      name: ipa-client
+      state: present
+
+
+  - name: add dns
+    lineinfile:
+      path: /etc/resolv.conf
+      line: "nameserver 10.10.1.10"
+      insertbefore: BOF
+      state: present
+
+  - name: get admin pass
+    set_fact:
+      admin_password: "{{ lookup('file', './admin_pass') | trim }}"
+
+  - name: freeipa client config
+    command: >
+      ipa-client-install -U
+      --domain=lab.local
+      --realm=LAB.LOCAL
+      --server=ldap-server.lab.local
+      --principal=admin
+      --password={{ admin_password }}
+      --mkhomedir