Yes, I'm thinking of one or more modules that gives the system
administrator the ability to do the most basic tasks directly from Ansible.
My vision is to automate the whole life cycle chain of a server, from
deployment, configuration, administation to decomission. In my environment
we are using cobbler and ansible, these two applications together provides
most of the necessary information to be used by our IPA installation. IP
numbers, DNS names, group belongings etc etc. I imagine this wouldn't be
unique for my environment.
As Wildi Shaari mentioned the IPA has a pretty good cli, One can of course
write scripts that gets executed by Ansible, but I think that a much
cleaner way would be to use Ansible directly since Ansible in itself can
provide all necessary details to IPA. IPA, at least in my environment, is
largely a mirror of the information available in Cobbler and Ansible.
Here is an example of a task where Ansible might be able help, the task
adds an entry to IPA, exports the server kerberos keytab, adds the new host
entry to the kerberos keytab, transfer the new keytab to the target host:
* kinit admin
* SERVER=server1 ; ipa host-add $SERVER-adm.domain.com ; ipa-getkeytab -s
ipa01.domain.com -p host/$SERVER.domain.com -k /tmp/$SERVER.keytab ;
ipa-getkeytab -s ipa01.domian.com -p host/$SERVER-adm.domain.com -k
/tmp/$SERVER.keytab
* transfer they new keytab to the target server, server1:/tmp/server1.keytab
* backup the existing keytab on the target server
* mv /etc/krb5.keytab /tmp/krb5.keytab.$(date +%Y%m%d)
* replace the existing keytab
* mv /tmp/fourier.keytab /etc/krb5.keytab
/Johan
Den lördagen den 8:e mars 2014 kl. 05:02:14 UTC+1 skrev Michael DeHaan:
>
> So would you mean a series of modules to configure things?
>
> I'd be open to it.
>
> I know a lot of the FreeIPA guys from Red Hat days and they are good folks.
>
> it's also a bit of an interesting story to use it to manage access to
> Ansible via sssd.
>
>
>
>
>
> On Fri, Mar 7, 2014 at 11:17 AM, Walid <walid....@gmail.com
> <javascript:>>wrote:
>
>> the IPA itself has a good cli abstraction, hiding the different
>> components behind it
>>
>>
>> On 7 March 2014 13:15, Johan Söderberg <joh...@gmail.com <javascript:>>wrote:
>>
>>> Hi,
>>>
>>> I'm wondering if there has been any thought of making a FreeIPA plugin
>>> for Ansible where one would be able to administrate IPA with Ansible? Add
>>> and remove servers, groups, users etc etc. Would such a plugin make sense?
>>>
>>> Regards,
>>>
>>> /Johan
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Ansible Project" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to ansible-proje...@googlegroups.com <javascript:>.
>>> To post to this group, send email to
>>> ansible...@googlegroups.com<javascript:>
>>> .
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/ansible-project/f716d283-3421-4b99-bcb0-113074fb4f30%40googlegroups.com<https://groups.google.com/d/msgid/ansible-project/f716d283-3421-4b99-bcb0-113074fb4f30%40googlegroups.com?utm_medium=email&utm_source=footer>
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Ansible Project" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to ansible-proje...@googlegroups.com <javascript:>.
>> To post to this group, send email to ansible...@googlegroups.com<javascript:>
>> .
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/ansible-project/CAN4dctofR8%3DGSo62OmRhBQn_0%3Dn9hFUwjnCZ68cRKvktKGuqAA%40mail.gmail.com<https://groups.google.com/d/msgid/ansible-project/CAN4dctofR8%3DGSo62OmRhBQn_0%3Dn9hFUwjnCZ68cRKvktKGuqAA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a2768d80-d422-40de-8647-3f9094dff407%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
