On 10/05/2017 03:57 PM, Mark Haney wrote:
> I've been doing this using a custom Ansible playbook for over a month now.
> It appears to me to be very variable dependent.
For the full autodetection case you do not need more than the client hostname
and the admin password/keytab (with or without OTP).
The optional variables are there to alter the default configuration according
to the needs. Or did I not get it right?
Please be more specific on the things that you do not like.
> On Thu, Oct 5, 2017 at 7:04 AM, Thomas Woerner via FreeIPA-users <
> firstname.lastname@example.org> wrote:
>> we have made big progress with ansible-freeipa to be able to install ipa
>> clients using ansible.
>> These are the things that we are able to do now:
>> - Simple installation on more than one machine
>> - One configuration file (inventory file) per realm (One place for
>> configuration options)
>> - Authentication types
>> - Simple use of OTP for installation and update
>> - More secure (admin password not transferred to the clients)
>> - Only setting of a variable is needed to enable the use of OTP
>> - Admin principal and password
>> - Existing host keytab
>> - Advanced auto detection (server only, no need to provide domain)
>> - Repair of broken configurations
>> - Known limitation: /etc/krb5.keytab can not be repaired
>> - Working with freeipa-4.4 and up
>> - RHEL-7.3 and up
>> - Fedora-25+
>> - Support for Python3 based freeipa in Fedora-27
>> The basic usage is explained in the README of the repository:
>> I'd like to start a discussion about naming conventions and also about
>> and user requests for extensions and changes.
>> Please give it a try and report issues you are running into.
>> FreeIPA-users mailing list -- email@example.com
>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org