This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Using Ansible SSH transport with GSSAPI in FreeIPA. | |
``` | |
[root@master ~]# cat my-hosts | |
[mymachines] | |
master.ipa.test | |
[root@master ~]# id ansible | |
id: ‘ansible’: no such user | |
[root@master ~]# kinit admin | |
Password for [email protected]: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: "Set DNS to IPA master" | |
hosts: | |
- ipareplicas | |
- ipaclients | |
tasks: | |
- name: determine resolvers | |
set_fact: | |
resolvers: "{{ resolvers|default([]) + [hostvars[item].ansible_default_ipv4.address] }}" | |
with_items: "{{ groups.ipaserver }}" | |
- debug: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from ipaserver.install import replication | |
def check_ids_in_modified_range(ldap, old_base, old_size, new_base, new_size): | |
from ipalib import errors | |
if new_base is None and new_size is None: | |
# nothing to check | |
return (0, []) | |
if new_base is None: | |
new_base = old_base |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Assuming that HOSTNAME is enrolled to IPA realm already, | |
# run the following on HOSTNAME where RADIUS server will be deployed | |
# In FreeIPA 4.6+ host principal has permissions to create own services | |
kinit -k | |
ipa service-add 'radius/HOSTNAME' | |
# create keytab for radius user | |
ipa-getkeytab -p 'radius/HOSTNAME' -k /etc/raddb/radius.keytab | |
chown root:radiusd /etc/raddb/radius.keytab | |
chmod 640 /etc/raddb/radius.keytab |