85 lines
2.3 KiB
YAML
85 lines
2.3 KiB
YAML
- name: Install paramiko to patch it (Python3)
|
|
pip:
|
|
name: paramiko
|
|
executable: pip{{ python_version }}
|
|
become: true
|
|
when: python_version is defined
|
|
|
|
- name: Find Paramiko ssh_gss.py (Python3)
|
|
command: python{{ python_version }} -c "from paramiko import ssh_gss; print(ssh_gss.__file__.rstrip('c'))"
|
|
register: ssh_gss_file
|
|
when: python_version is defined
|
|
|
|
- name: Patch Paramiko (https://github.com/paramiko/paramiko/pull/1311)
|
|
replace:
|
|
path: '{{ ssh_gss_file.stdout }}'
|
|
regexp: 'GSS_EXCEPTIONS = \(gssapi.GSSException,\)'
|
|
replace: 'GSS_EXCEPTIONS = ()'
|
|
become: true
|
|
when: python_version is defined
|
|
|
|
- name: Patch Paramiko (https://github.com/paramiko/paramiko/pull/1311)
|
|
replace:
|
|
path: '{{ ssh_gss_file.stdout }}'
|
|
regexp: 'GSS_AUTH_AVAILABLE = True'
|
|
replace: 'GSS_AUTH_AVAILABLE = False'
|
|
become: true
|
|
when: python_version is defined
|
|
|
|
- name: Uninstall urllib3 to fix later conflict with python-urllib3 system package
|
|
pip:
|
|
name: urllib3
|
|
state: absent
|
|
become: true
|
|
when: python_version is not defined
|
|
|
|
- name: Install FreeIPA
|
|
package:
|
|
name: ipa-server-dns
|
|
state: present
|
|
become: true
|
|
|
|
- name: check if mod_nss is installed
|
|
package:
|
|
name: mod_nss
|
|
state: present
|
|
check_mode: true
|
|
ignore_errors: yes
|
|
register: mod_nss_check
|
|
become: true
|
|
|
|
- name: Remove mod_ssl config which conflicts with FreeIPA
|
|
file:
|
|
path: /etc/httpd/conf.d/ssl.conf
|
|
state: absent
|
|
become: true
|
|
when: not mod_nss_check.changed
|
|
|
|
- name: Stop unbound
|
|
systemd:
|
|
name: unbound
|
|
state: stopped
|
|
become: true
|
|
|
|
- name: Workaround https://bugzilla.redhat.com/show_bug.cgi?id=1624606
|
|
file:
|
|
path: /etc/crypto-policies/local.d/nss-p11-kit.config
|
|
state: absent
|
|
register: nss_policy_workaround
|
|
ignore_errors: yes
|
|
become: true
|
|
|
|
- name: Update crypto policies
|
|
command: update-crypto-policies
|
|
become: true
|
|
when: nss_policy_workaround.changed
|
|
|
|
- name: Configure FreeIPA
|
|
command: >
|
|
ipa-server-install -U -r EXAMPLE.TEST
|
|
-p password -a password --hostname {{ ansible_hostname }}.example.test
|
|
--ip-address={{ ansible_default_ipv4.address }} --setup-dns --no-reverse
|
|
--forwarder={{ unbound_primary_nameserver_v4 | default('1.1.1.1') }}
|
|
--forwarder={{ unbound_secondary_nameserver_v4 | default('8.8.8.8') }}
|
|
become: true
|