diff options
Diffstat (limited to 'roles/cups_server/tasks/freeipa.yml')
-rw-r--r-- | roles/cups_server/tasks/freeipa.yml | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/roles/cups_server/tasks/freeipa.yml b/roles/cups_server/tasks/freeipa.yml new file mode 100644 index 0000000..0acb36d --- /dev/null +++ b/roles/cups_server/tasks/freeipa.yml @@ -0,0 +1,58 @@ +- name: create admin group + ipagroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ cups_admin_group }}' + nonposix: no + state: present + run_once: yes + +- name: create HBAC service + ipahbacsvc: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ cups_hbac_service }}' + description: CUPS Print Server + state: present + run_once: yes + +- name: create cups-servers hostgroup + ipahostgroup: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: '{{ cups_hbac_hostgroup }}' + description: CUPS Servers + host: "{{ groups[cups_hostgroup] | map('regex_replace', '$', '.' ~ ansible_domain) }}" + run_once: yes + +- name: create HBAC rule for cups-admin + ipahbacrule: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: allow_cups_on_cups_servers + description: Allow CUPS admin on CUPS servers + hostgroup: '{{ cups_hbac_hostgroup }}' + group: '{{ cups_admin_group }}' + hbacsvc: '{{ cups_hbac_service }}' + run_once: yes + +- name: generate pam configuration + copy: + content: | + auth required pam_sss.so + account required pam_sss.so + dest: /etc/pam.d/cups + +- name: create HTTP service principal + ipaservice: + ipaadmin_principal: '{{ ipa_user }}' + ipaadmin_password: '{{ ipa_pass }}' + name: 'HTTP/{{ ansible_fqdn }}' + state: present + +- name: retrieve HTTP keytab + include_role: + name: freeipa_keytab + vars: + keytab_principal: 'HTTP/{{ ansible_fqdn }}' + keytab_path: /etc/krb5.keytab |