blob: 392a7a004dd54ac1eb85980a4a4080ac600ee0b5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
|
freeipa_packages:
- ipa-server
- ipa-server-trust-ad
- ipa-server-dns
freeipa_backup_dir: /var/lib/ipa/backup
# These services must be explicitly allowed if the default HBAC-allow-all policy
# is not used. See https://pagure.io/freeipa/issue/7831
freeipa_system_services:
- systemd-user
- sudo
- sudo-i
- polkit-1
freeipa_automount_maps:
- auto.nfs
- auto.home
- auto.nfs_user
- auto.nfs_group
- auto.nfs_media
freeipa_automount_keys:
- map: auto.master
key: /net
info: -hosts
- map: auto.master
key: /nfs
info: auto.nfs -browse
- map: auto.nfs
key: user
info: -fstype=autofs auto.nfs_user
- map: auto.nfs
key: group
info: -fstype=autofs auto.nfs_group
- map: auto.nfs
key: media
info: -fstype=autofs auto.nfs_media
freeipa_log_files:
- path: /var/log/pki/pki-tomcat/ca/transactions
tag: ipa-ca
- path: /var/log/dirsrv/slapd-{{ freeipa_realm | replace('.', '-') }}/access
tag: slapd
- path: /var/log/dirsrv/slapd-{{ freeipa_realm | replace('.', '-') }}/audit
tag: slapd
- path: /var/log/dirsrv/slapd-{{ freeipa_realm | replace('.', '-') }}/errors
tag: slapd
severity: error
- path: /var/log/httpd/access_log
tag: httpd
- path: /var/log/httpd/error_log
tag: httpd
severity: error
freeipa_custom_schema_dir: /usr/local/share/dirsrv/schema
freeipa_archive_shell: >-
ipa-backup &&
find {{ freeipa_backup_dir | quote }} -mindepth 1 -maxdepth 1 -type d
-exec cp --preserve=timestamps -vr {} . \;
-exec rm -vrf {} \; &&
find . -mindepth 1 -type d -exec chmod -v 770 {} +
|