Skip to content

This role provisions, installs, and configures RHEL Identity Manager (IdM).

License

Notifications You must be signed in to change notification settings

flyemsafe/ansible-idm

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

46 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

idm

This role installs and configures RHEL Identity Manager (IdM).

Requirements

  • Expects a working RHEL 7 system to target
  • Red Hat Network account with a RHEL subscription available

Role Variables

Variable Required Default Description
domain hattrick.lab The domain for the environment
dns_server_public 1.1.1.1 The default upstream DNS server to use
idm_hostname ✔️ The short hostname for IdM
idm_ssh_user root The default user to use for SSH access to IdM
idm_ssh_pwd p@ssw0rd The default password to use for SSH access to IdM. Obviously you'd change this :)
idm_public_ip ✔️ The reachable public IP for IdM
idm_repos see defaults/main.yml Dictionary of Repos to enable for IdM
idm_packages see defaults/main.yml Dictionary of Packages to create for IdM
idm_realm ✔️ Identity Realm for IdM (ex: HATTRICK.LAB)
idm_dm_pwd ✔️ Identity Realm for IdM (ex: HATTRICK.LAB)
idm_admin_pwd ✔️ Password for admin user for IdM
idm_forward_ip ✔️ {{ dns_server_public }} IP of Upstream DNS to set as the forwarder (for disconnected, don't set a forward IP)
idm_reverse_zone ✔️ Reverse zone to create in IdM (ex: "168.192.in-addr.arpa.")
idm_users ✔️ Dictionary of users to create in IdM post configuration
idm_dns_records ✔️ Dictionary of DNS records to create in IdM post configuration
idm_domain {{ domain }} The domain for the IDM server
idm_reverse_zones see defaults/main.yml List of all reverse zones to create
idm_forward_zones see defaults/main.yml List of all forward zones to create
idm_idstart see defaults/main.yml (--idstart) The starting user and group id number
idm_idmax see defaults/main.yml (--idmax) The maximum user and group id number
idm_mkhomedir see defaults/main.yml (--mkhomedir)
idm_setup_dns see defaults/main.yml (--setup-dns)
idm_ssh_trust_dns see defaults/main.yml (--ssh-trust-dns) Configure OpenSSH client to trust DNS SSHFP records.
idm_hbac_allow see defaults/main.yml (--no-hbac-allow) Don't install allow_all HBAC rule
idm_setup_ntp see defaults/main.yml Set to Flase to set (--no-ntp)
idm_configure_ssh see defaults/main.yml Set to false to disable ssh client (--no-ssh)
idm_configure_sshd see defaults/main.yml Set to False to not configure the SSH server (--no-sshd)
idm_ui_redirect see defaults/main.yml Set to False to not redirect to UI (--no-ui-redirect)
idm_host_dns see defaults/main.yml Do not use DNS for hostname lookup during install (--no-host-dns)
idm_auto_reverse see defaults/main.yml Creates reverse zone if not exist (--auto-reverse)
idm_setup_kra see defaults/main.yml Set to true to install secret service (--setup-kra)
idm_zone_overlap see defaults/main.yml Create zone if it already exists (--allow-zone-overlap)
idm_zones {{ idm_reverse_zones }},{{ idm_forward_zones }} Sets up array of all zones

Recent Updates

  • added configue_ipa_users, default value is false. It should be set to true if you are adding users.
  • added add_reverse_dns, default value is false. It should be set to true if you are adding users.

Dependencies

  • RedHatGov.rhsm

Example Playbook

---
- hosts: idm
  tags: install
  vars:
    domain: "example.com"
    dns_server_public: 1.1.1.1
    idm_hostname: idm #Short hostname
    idm_ssh_user: root
    idm_ssh_pwd: redhat
    idm_public_ip: "192.168.0.4"
    idm_repos:
      - rhel-7-server-rpms
      - rhel-7-server-extras-rpms
      - rhel-7-server-optional-rpms
    idm_packages:
      - ipa-server
      - ipa-server-dns
    idm_realm: "{{ domain | upper }}"
    idm_dm_pwd: "Redhat1993"
    idm_admin_pwd: "Redhat1993"
    idm_forward_ip: "{{ dns_server_public }}"
    idm_reverse_zone: "168.192.in-addr.arpa."
    idm_users:
       - username: operator
         password: redhat1234
         display_name: "Operator"
         first_name: Oper
         last_name: Ator
         email: "[email protected]"
         phone: "+18887334281"
         title: "Systems Administrator"
    idm_dns_records:
       - hostname: router
         record_type: A
         ip_address: 192.168.0.1
         reverse_record: 1.0
       - hostname: switch
         record_type: A
         ip_address: 192.168.0.2
         reverse_record: 2.0
       - hostname: kvm
         record_type: A
         ip_address: 192.168.0.3
         reverse_record: 3.0
  tasks:
    - name: Install IDM
      include_role:
        name: idm
      tags: [install,preinstall,installer,firewall,always,result]

    - name: Configure IDM
      include_role:
        name: idm
        tasks_from: post_config
      tags: [install,preinstall,installer,firewall,always,result]

License

GPLv3

Author Information

Red Hat North American Public Sector Solution Architects

About

This role provisions, installs, and configures RHEL Identity Manager (IdM).

Resources

License

Stars

Watchers

Forks

Packages

No packages published