diff options
Diffstat (limited to 'playbooks/populate_domain.yml')
-rw-r--r-- | playbooks/populate_domain.yml | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/playbooks/populate_domain.yml b/playbooks/populate_domain.yml new file mode 100644 index 0000000..acb1ec7 --- /dev/null +++ b/playbooks/populate_domain.yml @@ -0,0 +1,99 @@ +- name: populate freeipa domain + hosts: freeipa_master + vars: + default_user_password: ChangeMe123! + tasks: + - name: create users + ipauser: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ item.name }}' + givenname: '{{ item.givenname }}' + sn: '{{ item.sn }}' + email: '{{ [item.mail] if item.mail is defined else omit }}' + loginshell: '{{ item.loginshell | default(omit) }}' + password: '{{ item.password | default(default_user_password) }}' + update_password: on_create + state: present + loop: '{{ freeipa_users | default([]) }}' + tags: users + + - name: add custom attributes + ldap_attrs: + dn: 'uid={{ item.name }},{{ freeipa_user_basedn }}' + attributes: + mailAlternateAddress: '{{ item.mail_aliases | default([]) }}' + jid: '{{ item.jid | default([]) }}' + bind_dn: uid={{ ipa_user }},{{ freeipa_user_basedn }} + bind_pw: '{{ ipa_pass }}' + server_uri: ldaps://{{ ipa_host }} + state: exact + loop: "{{ freeipa_users | default([]) }}" + tags: users + + - name: create groups + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ item.name }}' + description: '{{ item.description | default(omit) }}' + user: '{{ item.user | default(omit) }}' + group: '{{ item.group | default(omit) }}' + nonposix: '{{ item.nonposix | default(omit) }}' + action: '{{ "member" if (item.append | default(false)) else "group" }}' + state: present + loop: '{{ freeipa_groups | default([]) }}' + tags: groups + + - name: add group email addresses + ldap_attrs: + dn: 'cn={{ item.name }},{{ freeipa_group_basedn }}' + attributes: + mail: '{{ item.mail | default([]) }}' + mailAlternateAddress: '{{ item.mail_aliases | default([]) }}' + bind_dn: uid={{ ipa_user }},{{ freeipa_user_basedn }} + bind_pw: '{{ ipa_pass }}' + server_uri: ldaps://{{ ipa_host }} + state: exact + loop: "{{ freeipa_groups | default([]) }}" + tags: groups + + - name: create sudo rules + ipasudorule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ item.name }}' + description: '{{ item.description | default(omit) }}' + allow_sudocmd: '{{ item.cmd | default(omit) }}' + cmdcategory: '{{ item.cmdcategory | default(omit) }}' + allow_sudocmdgroup: '{{ item.cmdgroup | default(omit) }}' + host: '{{ item.host | default(omit) }}' + hostcategory: '{{ item.hostcategory | default(omit) }}' + hostgroup: '{{ item.hostgroup | default(omit) }}' + runasusercategory: '{{ item.runasusercategory | default(omit) }}' + runasgroupcategory: '{{ item.runasgroupcategory | default(omit) }}' + user: '{{ item.user | default(omit) }}' + usercategory: '{{ item.usercategory | default(omit) }}' + group: '{{ item.usergroup | default(omit) }}' + state: present + loop: '{{ freeipa_sudo_rules | default([]) }}' + tags: sudo + + - name: create hbac rules + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ item.name }}' + description: '{{ item.description | default(omit) }}' + host: '{{ item.host | default(omit) }}' + hostcategory: '{{ item.hostcategory | default(omit) }}' + hostgroup: '{{ item.hostgroup | default(omit) }}' + hbacsvc: '{{ item.service | default(omit) }}' + servicecategory: '{{ item.servicecategory | default(omit) }}' + hbacsvcgroup: '{{ item.servicegroup | default(omit) }}' + user: '{{ item.user | default(omit) }}' + usercategory: '{{ item.usercategory | default(omit) }}' + group: '{{ item.usergroup | default(omit) }}' + state: present + loop: '{{ freeipa_hbac_rules | default([]) }}' + tags: hbac |