diff options
| -rw-r--r-- | ansible/roles/ldap/README.md | 9 | ||||
| -rw-r--r-- | ansible/roles/ldap/handlers/main.yml | 5 | ||||
| -rw-r--r-- | ansible/roles/ldap/tasks/main.yml | 25 |
3 files changed, 39 insertions, 0 deletions
diff --git a/ansible/roles/ldap/README.md b/ansible/roles/ldap/README.md new file mode 100644 index 0000000..a3b79c8 --- /dev/null +++ b/ansible/roles/ldap/README.md @@ -0,0 +1,9 @@ +# LDAP + +This role prepares the environment for FreeIPA to be installed on our Rocky +Linux-based LDAP host. + +Note that the actual installation process and subsequent setup steps from +`ipa-server-install` must unfortunately be performed manually, as the automation +of this process is not something that we have deemed critical to automate at +this stage. diff --git a/ansible/roles/ldap/handlers/main.yml b/ansible/roles/ldap/handlers/main.yml new file mode 100644 index 0000000..e3867ac --- /dev/null +++ b/ansible/roles/ldap/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload the firewall + service: + name: firewalld + state: reloaded diff --git a/ansible/roles/ldap/tasks/main.yml b/ansible/roles/ldap/tasks/main.yml new file mode 100644 index 0000000..5e1c5c8 --- /dev/null +++ b/ansible/roles/ldap/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Install IPA server packages + package: + name: + - ipa-server + state: present + tags: + - role::ldap + +- name: Create firewall rules for FreeIPA + ansible.posix.firewalld: + service: "{{ item }}" + permanent: true + state: enabled + loop: + - http + - https + - dns + - ntp + - freeipa-ldap + - freeipa-ldaps + notify: + - Reload the firewall + tags: + - role::ldap |