Chapter 26. Preparing your environment for managing IdM using Ansible playbooks
As a system administrator responsible for managing Identity Management (IdM), you can automate tasks by using Ansible playbooks.
This section describes how to create a
MyPlaybooks directory to store your Ansible configuration and playbooks. You can use this directory as a central location to store copies of sample playbooks you have adapted to your particular tasks, and you can run them without invoking
You only need
root privileges on the managed nodes to execute the
ansible-freeipa roles. These roles require privileged access to directories and the
dnf software package manager.
- You have configured DNS and networking so you can log in to the managed nodes, for example server.idm.example.com and replica.idm.example.com, directly from the control node.
- IdM is installed on the managed nodes.
You know the IdM
You know the
rootpasswords on the managed nodes.
Create a directory for your Ansible configuration and playbooks in your home directory:
$ mkdir ~/MyPlaybooks/
Change into the ~/MyPlaybooks/ directory:
$ cd ~/MyPlaybooks
Create the ~/MyPlaybooks/ansible.cfg file with the following content:
[defaults] inventory = /home/your_username/MyPlaybooks/inventory [privilege_escalation] become=True
Create the ~/MyPlaybooks/inventory file with the following content:
[eu] server.idm.example.com [us] replica.idm.example.com [ipaserver:children] eu us
This configuration defines two host groups, eu and us, for hosts in these locations. Additionally, this configuration defines the ipaserver host group, which contains all hosts from the eu and us groups.
[Optional] Create an SSH public and private key:
Copy the SSH public key to the IdM
adminaccount on each managed node:
$ ssh-copy-id email@example.com $ ssh-copy-id firstname.lastname@example.org
These commands require that you enter the IdM
Copy the SSH public key to the
rootaccount on each managed node:
$ ssh-copy-id email@example.com $ ssh-copy-id firstname.lastname@example.org
These commands require that you enter the respective