Hello,
we have made big progress with ansible-freeipa to be able to install ipa
clients using ansible.
These are the things that we are able to do now:
- Simple installation on more than one machine
- One configuration file (inventory file) per realm (One place for
configuration options)
- Authentication types
- Simple use of OTP for installation and update
- More secure (admin password not transferred to the clients)
- Only setting of a variable is needed to enable the use of OTP
- Admin principal and password
- Existing host keytab
- Advanced auto detection (server only, no need to provide domain)
- Repair of broken configurations
- Known limitation: /etc/krb5.keytab can not be repaired
- Working with freeipa-4.4 and up
- RHEL-7.3 and up
- Fedora-25+
- Support for Python3 based freeipa in Fedora-27
The basic usage is explained in the README of the repository:
https://github.com/freeipa/ansible-freeipa
I'd like to start a discussion about naming conventions and also about customer
and user requests for extensions and changes.
Please give it a try and report issues you are running into.
Regards,
Thomas