I never said I didn't like. Just that it's not that complicated to setup a
playbook to do what you're doing.


On Thu, Oct 5, 2017 at 11:17 AM, Thomas Woerner <twoer...@redhat.com> wrote:

> Hello Mark,
>
> On 10/05/2017 03:57 PM, Mark Haney wrote:
> > I've been doing this using a custom Ansible playbook for over a month
> now.
> > It appears to me to be very variable dependent.
> >
> For the full autodetection case you do not need more than the client
> hostname
> and the admin password/keytab (with or without OTP).
>
> The optional variables are there to alter the default configuration
> according
> to the needs. Or did I not get it right?
>
> Please be more specific on the things that you do not like.
>
> Regards,
> Thomas
>
> > On Thu, Oct 5, 2017 at 7:04 AM, Thomas Woerner via FreeIPA-users <
> > freeipa-users@lists.fedorahosted.org> wrote:
> >
> >> Hello,
> >>
> >> we have made big progress with ansible-freeipa to be able to install ipa
> >> clients using ansible.
> >>
> >> These are the things that we are able to do now:
> >>
> >> - Simple installation on more than one machine
> >> - One configuration file (inventory file) per realm (One place for
> >>   configuration options)
> >> - Authentication types
> >>   - Simple use of OTP for installation and update
> >>     - More secure (admin password not transferred to the clients)
> >>     - Only setting of a variable is needed to enable the use of OTP
> >>   - Admin principal and password
> >>   - Existing host keytab
> >> - Advanced auto detection (server only, no need to provide domain)
> >> - Repair of broken configurations
> >>   - Known limitation: /etc/krb5.keytab can not be repaired
> >> - Working with freeipa-4.4 and up
> >>   - RHEL-7.3 and up
> >>   - Fedora-25+
> >>   - Support for Python3 based freeipa in Fedora-27
> >>
> >> The basic usage is explained in the README of the repository:
> >> https://github.com/freeipa/ansible-freeipa
> >>
> >> I'd like to start a discussion about naming conventions and also about
> >> customer
> >> and user requests for extensions and changes.
> >>
> >> Please give it a try and report issues you are running into.
> >>
> >> Regards,
> >> Thomas
> >> _______________________________________________
> >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> >> To unsubscribe send an email to freeipa-users-leave@lists.
> fedorahosted.org
> >>
> >
> >
> >
>



-- 
[image: photo]
Mark Haney
Network Engineer at NeoNova
919-460-3330 <(919)%20460-3330> (opt 1) • mark.ha...@neonova.net
www.neonova.net <https://neonova.net/>
<https://www.facebook.com/NeoNovaNNS/>  <https://twitter.com/NeoNova_NNS>
<http://www.linkedin.com/company/neonova-network-services>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to