Skip to content

Latest commit

 

History

History
130 lines (114 loc) · 6.1 KB

README.md

File metadata and controls

130 lines (114 loc) · 6.1 KB
Raw

idm

This role installs and configures RHEL Identity Manager (IdM).

Requirements

  • Expects a working RHEL 7 system to target
  • Red Hat Network account with a RHEL subscription available

Role Variables

Variable Required Default Description
domain hattrick.lab The domain for the environment
dns_server_public 1.1.1.1 The default upstream DNS server to use
idm_hostname ✔️ The short hostname for IdM
idm_ssh_user root The default user to use for SSH access to IdM
idm_ssh_pwd p@ssw0rd The default password to use for SSH access to IdM. Obviously you'd change this :)
idm_public_ip ✔️ The reachable public IP for IdM
idm_repos see defaults/main.yml Dictionary of Repos to enable for IdM
idm_packages see defaults/main.yml Dictionary of Packages to create for IdM
idm_realm ✔️ Identity Realm for IdM (ex: HATTRICK.LAB)
idm_dm_pwd ✔️ Identity Realm for IdM (ex: HATTRICK.LAB)
idm_admin_pwd ✔️ Password for admin user for IdM
idm_forward_ip ✔️ {{ dns_server_public }} IP of Upstream DNS to set as the forwarder (for disconnected, don't set a forward IP)
idm_reverse_zone ✔️ Reverse zone to create in IdM (ex: "168.192.in-addr.arpa.")
idm_users ✔️ Dictionary of users to create in IdM post configuration
idm_dns_records ✔️ Dictionary of DNS records to create in IdM post configuration
idm_domain {{ domain }} The domain for the IDM server
idm_reverse_zones see defaults/main.yml List of all reverse zones to create
idm_forward_zones see defaults/main.yml List of all forward zones to create
idm_idstart see defaults/main.yml (--idstart) The starting user and group id number
idm_idmax see defaults/main.yml (--idmax) The maximum user and group id number
idm_mkhomedir see defaults/main.yml (--mkhomedir)
idm_setup_dns see defaults/main.yml (--setup-dns)
idm_ssh_trust_dns see defaults/main.yml (--ssh-trust-dns) Configure OpenSSH client to trust DNS SSHFP records.
idm_hbac_allow see defaults/main.yml (--no-hbac-allow) Don't install allow_all HBAC rule
idm_setup_ntp see defaults/main.yml Set to Flase to set (--no-ntp)
idm_configure_ssh see defaults/main.yml Set to false to disable ssh client (--no-ssh)
idm_configure_sshd see defaults/main.yml Set to False to not configure the SSH server (--no-sshd)
idm_ui_redirect see defaults/main.yml Set to False to not redirect to UI (--no-ui-redirect)
idm_host_dns see defaults/main.yml Do not use DNS for hostname lookup during install (--no-host-dns)
idm_auto_reverse see defaults/main.yml Creates reverse zone if not exist (--auto-reverse)
idm_setup_kra see defaults/main.yml Set to true to install secret service (--setup-kra)
idm_zone_overlap see defaults/main.yml Create zone if it already exists (--allow-zone-overlap)
idm_zones {{ idm_reverse_zones }},{{ idm_forward_zones }} Sets up array of all zones

Recent Updates

  • added configue_ipa_users, default value is false. It should be set to true if you are adding users.
  • added add_reverse_dns, default value is false. It should be set to true if you are adding users.

Dependencies

  • RedHatGov.rhsm

Example Playbook

---
- hosts: idm
  tags: install
  vars:
    domain: "example.com"
    dns_server_public: 1.1.1.1
    idm_hostname: idm #Short hostname
    idm_ssh_user: root
    idm_ssh_pwd: redhat
    idm_public_ip: "192.168.0.4"
    idm_repos:
      - rhel-7-server-rpms
      - rhel-7-server-extras-rpms
      - rhel-7-server-optional-rpms
    idm_packages:
      - ipa-server
      - ipa-server-dns
    idm_realm: "{{ domain | upper }}"
    idm_dm_pwd: "Redhat1993"
    idm_admin_pwd: "Redhat1993"
    idm_forward_ip: "{{ dns_server_public }}"
    idm_reverse_zone: "168.192.in-addr.arpa."
    idm_users:
       - username: operator
         password: redhat1234
         display_name: "Operator"
         first_name: Oper
         last_name: Ator
         email: "operator@redhat.com"
         phone: "+18887334281"
         title: "Systems Administrator"
    idm_dns_records:
       - hostname: router
         record_type: A
         ip_address: 192.168.0.1
         reverse_record: 1.0
       - hostname: switch
         record_type: A
         ip_address: 192.168.0.2
         reverse_record: 2.0
       - hostname: kvm
         record_type: A
         ip_address: 192.168.0.3
         reverse_record: 3.0
  tasks:
    - name: Install IDM
      include_role:
        name: idm
      tags: [install,preinstall,installer,firewall,always,result]

    - name: Configure IDM
      include_role:
        name: idm
        tasks_from: post_config
      tags: [install,preinstall,installer,firewall,always,result]

License

GPLv3

Author Information

Red Hat North American Public Sector Solution Architects