Open aph3rson opened 10 months ago
The ipaserver role is not able to update an existing server deployment.
The admin password can be set with the user
module ipa user-mod
. For the dm password there is more to do. Here is a (outdated) guide from freeipa.org: https://www.freeipa.org/page/Howto/Change_Directory_Manager_Password and a guide from 389ds: https://www.port389.org/docs/389ds/howto/howto-resetdirmgrpassword.html
The admin password change will be replicated to the whole domain, the change of the dm password needs to be done on all servers/replicas.
I intend on running Ansible in a CD pipeline. I deploy my FreeIPA server accordingly in my playbook's tasks:
In this case, both
ipaadmin_password
andipadm_password
may change on deployment, as the underlying password files would not be present. If this happens, I was hoping the passwords would be updated to whatever value Ansible had generated.However, what I see in the Ansible output instead is a lot of skipped tasks:
Is there a better way to be doing this? I expect the node that I'm deploying FreeIPA to to be able to handle these parameters changing.