| | |
| | | shell: "/usr/sbin/ipa-client-install --domain=OPENTLC.COM -w {{ipa_host_password}} -N -U --mkhomedir --no-dns-sshfp --hostname={{bastion_public_dns_chomped}}" |
| | | |
| | | # quick fix for sssd |
| | | # TODO: test /usr/bin/sss_ssh_authorizedkeys $username |
| | | # if it works, then no need to restart |
| | | - name: Wait before restarting sssd |
| | | pause: |
| | | seconds: 5 |
| | | - name: check IPA authorized_key |
| | | command: /usr/bin/sss_ssh_authorizedkeys jenkins-sfo01 |
| | | register: output_sss |
| | | changed_when: false |
| | | ignore_errors: true |
| | | |
| | | - name: Restart sssd |
| | | service: |
| | | name: sssd |
| | | state: restarted |
| | | - name: restart until IPA is working |
| | | until: output_sss | succeeded |
| | | retries: 10 |
| | | delay: 20 |
| | | block: |
| | | - name: Restart sssd |
| | | service: |
| | | name: sssd |
| | | state: restarted |
| | | |
| | | - name: check IPA authorized_key |
| | | command: /usr/bin/sss_ssh_authorizedkeys jenkins-sfo01 |
| | | register: output_sss |
| | | changed_when: false |
| | | ignore_errors: true |
| | | |
| | | - name: Add opentlc-access ipa group to sudoers.d |
| | | lineinfile: |