Open Thulium-Drake opened 2 years ago
setup_adtrust
is not a valid parameter name for the ipareplica role. Are you using ipareplica_setup_adtrust
?
Sorry, yes, my bad, I didn't want to make the title too long... :)
I have the correct variable in my inventory
Which ansible-freeipa version are you using? Please add your inventory and playbook. The log file on the replica might also provide some information. Do you have firewalls enabled?
I'll prepare a lab setup in which I can reproduce it and share the logs (as I can't really export the logs from the environment the setup is running in). I'll get back to you :)
I have reinstalled a setup with the same components as where I ran into this issue
Collection version is 1.6.2
The packages required for adtrust are installed by Ansible, so that's working just fine.
Here's the -vv
output of the Ansible run for the adtrust task
TASK [freeipa.ansible_freeipa.ipareplica : Install - Setup adtrust] **************************************************
task path: /root/projects/rhlab/collections/ansible_collections/freeipa/ansible_freeipa/roles/ipareplica/tasks/install.yml:737
changed: [idm2.rh.lab] => changed=true
I have the ipareplica-install.log
but it's 12MB, is there anything specific I need to look for?
After running the role, I ran the following command to let IdM tell me what the roles of the servers are:
[ansible@idm2 log]$ ipa server-role-find
-----------------------
10 server roles matched
-----------------------
Server name: idm1.rh.lab
Role name: AD trust agent
Role status: enabled
Server name: idm2.rh.lab
Role name: AD trust agent
Role status: absent
Server name: idm1.rh.lab
Role name: AD trust controller
Role status: enabled
Server name: idm2.rh.lab
Role name: AD trust controller
Role status: absent
Server name: idm1.rh.lab
Role name: CA server
Role status: enabled
Server name: idm2.rh.lab
Role name: CA server
Role status: enabled
Server name: idm1.rh.lab
Role name: DNS server
Role status: absent
Server name: idm2.rh.lab
Role name: DNS server
Role status: absent
Finally, the playbook:
---
- name: 'Install IPA replicas'
hosts: 'rhidm_server_replica'
vars:
ipaserver_domain: "{{ ipaclient_domain }}"
ipaserver_realm: "{{ ipaclient_domain | upper }}"
tasks:
- name: 'Run hardening role'
ansible.builtin.include_role:
name: 'cis_hardening_el8'
when: not skip_cis | default(false)
- name: 'Install IPA replica servers'
ansible.builtin.import_role:
name: 'freeipa.ansible_freeipa.ipareplica'
vars:
ipaclient_force_join: true
And the relevant parts of the inventory:
# Active Directory Integration
# Enable AD trust module
ipaserver_setup_adtrust: true
ipareplica_setup_adtrust: true
For the primary server, it works just fine!
@t-woerner ping :-)
Hi there!
I'm deploying a IPA setup based on RH IdM 4.9.6 using the Ansible roles, this works just fine, except for 1 thing:
After running
ipareplica
role, when I check the Topology, it only mentions that the system configured withipaserver
has the AD trust agent and controller roles present.I've been able to manually fix it by 'just' running the
ipa-adtrust-install
command on the replica, as the packages required for the ad trust are present on the system.Did I miss anything in my configuration? Or is the role not doing something it's supposed to :-)
Thank you!