| | |
|---|
| | | - name: Register bastion with IPA |
|---|
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
|---|
| | | |
|---|
| | | # quick fix for sssd |
|---|
| | | - name: copy over fix_ipa.sh script |
|---|
| | | copy: |
|---|
| | | src: "{{ role_path }}/files/fix_ipa.sh" |
|---|
| | | dest: /opt/fix_ipa.sh |
|---|
| | | owner: root |
|---|
| | | group: root |
|---|
| | | mode: 0700 |
|---|
| | | |
|---|
| | | - name: check IPA authorized_key |
|---|
| | | command: /opt/fix_ipa.sh |
|---|
| | | register: result_sss |
|---|
| | | until: result_sss | succeeded |
|---|
| | | retries: 10 |
|---|
| | | delay: 20 |
|---|
| | | |
|---|
| | | - name: Add opentlc-access ipa group to sudoers.d |
|---|
| | | lineinfile: |
|---|
| | | path: /etc/sudoers.d/opentlc-sudoers |
|---|
| | |
|---|
| | | group: root |
|---|
| | | mode: 0700 |
|---|
| | | notify: Run ipa_optimize.sh |
|---|
| | | |
|---|
| | | # quick fix for sssd |
|---|
| | | - name: copy over fix_ipa.sh script |
|---|
| | | copy: |
|---|
| | | src: "{{ role_path }}/files/fix_ipa.sh" |
|---|
| | | dest: /opt/fix_ipa.sh |
|---|
| | | owner: root |
|---|
| | | group: root |
|---|
| | | mode: 0700 |
|---|
| | | |
|---|
| | | - name: restart sssd until bastion it's working |
|---|
| | | command: /opt/fix_ipa.sh |
|---|
| | | register: result_sss |
|---|
| | | until: result_sss | succeeded |
|---|
| | | retries: 10 |
|---|
| | | delay: 20 |
|---|
