rarguello/rhel-idm-automation

RHEL IdM Automation

RHEL IdM Automation

Ansible playbooks for RHEL IdM automation.

Contents

• inventory | doc
  • Example inventory
• vars_ad.yml | doc, vars_ca.yml | doc, vars_dns.yml | doc, vars_ipa.yml | doc
  • Vars files for installing IdM servers
• vault_ipa.yml | doc
  • Unencrypted example vault file
• ipa_server_install.yml | doc
  • Playbook to install IdM first server
• ipa_replica_install.yml | doc
  • Playbook to install IdM replica servers
• ipa_cluster_configure.yml | doc
  • Playbook to configure IdM cluster servers
• ipa_adtrust_setup.yml | doc
  • Playbook to setup IdM AD trust
• ipa_setup_users.yml | doc, doc, doc
  • Playbook to setup users and groups
• ipa_setup_hosts.yml | doc, doc
  • Playbook to setup hosts and hostgroups
• ipa_setup_hbac.yml | doc, doc, doc
  • Playbook to setup HBAC services and rules
• ipa_setup_sudo.yml | doc, doc, doc
  • Playbook to setup sudo commands and rules
• ipa_client_install.yml | doc
  • Playbook to install IdM clients
• ipa_backup_create.yml | doc
  • Playbook to create IdM backup
• ipa_backup_restore.yml | doc
  • Playbook to restore IdM backup
• ipa_cluster_update.yml | doc
  • Playbook to update IdM cluster servers

Depending on the environment and requirements separate playbooks and/or vars files, group vars, variables defined in an inventory, or some other approach might be appropriate for providing IPA/IdM configuration. These examples aim to provide a known-good starting point for typical installations.

Quick Usage Example

To install IPA/IdM servers, configure IPA/IdM cluster, populate IPA/IdM with identity and policy data, and connect clients:

# Edit inventory and settings to suite local environment
vi inventory vars_ipa.yml
# By default no AD trust, use internal CA, no DNS setup
vi vars_ad.yml vars_ca.yml vars_dns.yml
# Install IPA/IdM first server
ansible-playbook -i inventory ipa_server_install.yml
# Install IPA/IdM replica servers
ansible-playbook -i inventory ipa_replica_install.yml
# Configure IPA/IdM cluster servers
ansible-playbook -i inventory ipa_cluster_configure.yml
# Edit identity and policy data as needed
vi vars_users.yml vars_hosts.yml vars_hbac.yml vars_sudo.yml
# Setup and populate IPA/IdM identity and policy data
ansible-playbook -i inventory ipa_setup_users.yml
ansible-playbook -i inventory ipa_setup_hosts.yml
ansible-playbook -i inventory ipa_setup_hbac.yml
ansible-playbook -i inventory ipa_setup_sudo.yml
# Backup and update IPA/IdM cluster
ansible-playbook -i inventory ipa_backup_create.yml
ansible-playbook -i inventory ipa_cluster_update.yml
# Connect clients to IPA/IdM
ansible-playbook -i inventory ipa_client_install.yml

See Also

See also https://github.com/freeipa/ansible-freeipa.

See also https://console.redhat.com/ansible/automation-hub/repo/published/redhat/rhel_idm.

See also https://github.com/myllynen/rhel-ansible-roles.

License

GPLv3+