[Freeipa-users] Re: Installing FreeIPA server + replica using Ansible Role FreeIPA

Thu, 22 Jun 2023 07:20:17 -0700 

Hello,

On 6/22/23 16:08, Finn Fysj via FreeIPA-users wrote:

The installation of IPA server and replica does not produce desired result.
Even though the mkhomedir is set to true the feature is not enabled in the 
authselect. Also the replica server does not replicate SUDO and HBAC rules from 
the IPA master.
Is the only solution to re-install the whole IPA server/replicas stuff? Kinda 
stupid.

Example of the IPA server role:
     - role: freeipa.ansible_freeipa.ipaserver
       vars:
         ipaserver: "{{ ansible_hostname }}.example"
         ipaserver_hostname: "{{ ansible_hostname }}.example"
         ipaadmin_password: "test123"
         ipadm_password: "test321"
         ipaserver_domain: "example.com"
         ipaserver_realm: "EXAMPLE.COM"
         ipaserver_no_host_dns: true
         ipaserver_mem_check: true
         ipaserver_install_packages: true
         ipaserver_setup_dns: false
         ipaserver_no_pkinit: true
         ipaserver_no_hbac_allow: true
         ipaserver_no_ui_redirect: false
         ipaclient_no_ntp: true
         ipaclient_mkhomedir: true
         ipaclient_no_sudo: false


which IPA and ansible-freeipa versions are you using?

Please provide more information about your inventory and setup.
Are you trying to use the ipaserver role to deploy also replicas? The ipaserver role is only useful to deploy the initial master only. The replicas need to be deployed using the ipareplica role. 

Regards,
Thomas


_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to