Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 26. Preparing your environment for managing IdM using Ansible playbooks

As a system administrator responsible for managing Identity Management (IdM), you can automate tasks by using Ansible playbooks.

This section describes how to create a MyPlaybooks directory to store your Ansible configuration and playbooks. You can use this directory as a central location to store copies of sample playbooks you have adapted to your particular tasks, and you can run them without invoking root privileges.

Note

You only need root privileges on the managed nodes to execute the ipaserver, ipareplica, ipaclient and ipabackup ansible-freeipa roles. These roles require privileged access to directories and the dnf software package manager.

Prerequisites

  • You have configured DNS and networking so you can log in to the managed nodes, for example server.idm.example.com and replica.idm.example.com, directly from the control node.
  • IdM is installed on the managed nodes.
  • You know the IdM admin password.
  • You know the root passwords on the managed nodes.

Procedure

  1. Create a directory for your Ansible configuration and playbooks in your home directory:

    $ mkdir ~/MyPlaybooks/
  2. Change into the ~/MyPlaybooks/ directory:

    $ cd ~/MyPlaybooks
  3. Create the ~/MyPlaybooks/ansible.cfg file with the following content:

    [defaults]
    inventory = /home/your_username/MyPlaybooks/inventory
    
    [privilege_escalation]
    become=True
  4. Create the ~/MyPlaybooks/inventory file with the following content:

    [eu]
    server.idm.example.com
    
    [us]
    replica.idm.example.com
    
    [ipaserver:children]
    eu
    us

    This configuration defines two host groups, eu and us, for hosts in these locations. Additionally, this configuration defines the ipaserver host group, which contains all hosts from the eu and us groups.

  5. [Optional] Create an SSH public and private key:

    $ ssh-keygen
  6. Copy the SSH public key to the IdM admin account on each managed node:

    $ ssh-copy-id admin@server.idm.example.com
    $ ssh-copy-id admin@replica.idm.example.com

    These commands require that you enter the IdM admin password.

  7. Copy the SSH public key to the root account on each managed node:

    $ ssh-copy-id root@server.idm.example.com
    $ ssh-copy-id root@replica.idm.example.com

    These commands require that you enter the respective root passwords.