Chapter 30. Preparing your environment for managing IdM using Ansible playbooks
As a system administrator managing Identity Management (IdM), when working with Red Hat Ansible Engine, it is good practice to do the following:
- Create a subdirectory dedicated to Ansible playbooks in your home directory, for example ~/MyPlaybooks.
Copy and adapt sample Ansible playbooks from the
/usr/share/doc/rhel-system-roles/*directories and subdirectories into your ~/MyPlaybooks directory.
- Include your inventory file in your ~/MyPlaybooks directory.
Using this practice, you can find all your playbooks in one place and you can run your playbooks without invoking root privileges.
You only need
root privileges on the managed nodes to execute the
ansible-freeipa roles. These roles require privileged access to directories and the
dnf software package manager.
This section describes how to create the ~/MyPlaybooks directory and configure it so that you can use it to store and run Ansible playbooks.
- You have installed an IdM server on your managed nodes, server.idm.example.com and replica.idm.example.com.
- You have configured DNS and networking so you can log in to the managed nodes, server.idm.example.com and replica.idm.example.com, directly from the control node.
You know the IdM
Create a directory for your Ansible configuration and playbooks in your home directory:
$ mkdir ~/MyPlaybooks/
Change into the ~/MyPlaybooks/ directory:
$ cd ~/MyPlaybooks
Create the ~/MyPlaybooks/ansible.cfg file with the following content:
[defaults] inventory = /home/your_username/MyPlaybooks/inventory [privilege_escalation] become=True
Create the ~/MyPlaybooks/inventory file with the following content:
[eu] server.idm.example.com [us] replica.idm.example.com [ipaserver:children] eu us
This configuration defines two host groups, eu and us, for hosts in these locations. Additionally, this configuration defines the ipaserver host group, which contains all hosts from the eu and us groups.
[Optional] Create an SSH public and private key. To simplify access in your test environment, do not set a password on the private key:
Copy the SSH public key to the IdM
adminaccount on each managed node:
$ ssh-copy-id email@example.com $ ssh-copy-id firstname.lastname@example.org
These commands require that you enter the IdM