Hello Mark, On 10/05/2017 03:57 PM, Mark Haney wrote: > I've been doing this using a custom Ansible playbook for over a month now. > It appears to me to be very variable dependent. > For the full autodetection case you do not need more than the client hostname and the admin password/keytab (with or without OTP).
The optional variables are there to alter the default configuration according to the needs. Or did I not get it right? Please be more specific on the things that you do not like. Regards, Thomas > On Thu, Oct 5, 2017 at 7:04 AM, Thomas Woerner via FreeIPA-users < > freeipa-users@lists.fedorahosted.org> wrote: > >> Hello, >> >> we have made big progress with ansible-freeipa to be able to install ipa >> clients using ansible. >> >> These are the things that we are able to do now: >> >> - Simple installation on more than one machine >> - One configuration file (inventory file) per realm (One place for >> configuration options) >> - Authentication types >> - Simple use of OTP for installation and update >> - More secure (admin password not transferred to the clients) >> - Only setting of a variable is needed to enable the use of OTP >> - Admin principal and password >> - Existing host keytab >> - Advanced auto detection (server only, no need to provide domain) >> - Repair of broken configurations >> - Known limitation: /etc/krb5.keytab can not be repaired >> - Working with freeipa-4.4 and up >> - RHEL-7.3 and up >> - Fedora-25+ >> - Support for Python3 based freeipa in Fedora-27 >> >> The basic usage is explained in the README of the repository: >> https://github.com/freeipa/ansible-freeipa >> >> I'd like to start a discussion about naming conventions and also about >> customer >> and user requests for extensions and changes. >> >> Please give it a try and report issues you are running into. >> >> Regards, >> Thomas >> _______________________________________________ >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org >> > > > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org