main.yml

---
freeipa_server_configure_firewalld: false
freeipa_server_firewalld_ports:
  - http
  - https
  - ldaps
  - kpasswd
  - dns
  - ntp
  - freeipa-ldap
  - freeipa-ldaps
  - freeipa-replication
  - freeipa-trust
  - kerberos
#  - 9100/tcp         # Prometheus
#  - 9128/tcp         # Prometheus
#  - 135/tcp          # AD trust
#  - 138/tcp          # AD trust
#  - 139/tcp          # AD trust
#  - 445/tcp          # AD trust
#  - 1024-1500/tcp    # AD trust
#  - 3268/tcp         # AD trust
#  - 138/udp          # AD trust
#  - 139/udp          # AD trust
#  - 389/udp          # AD trust
#  - 445/udp          # AD trust

freeipa_packages:
  - ipa-server
  - ipa-server-dns
  - ipa-server-trust-ad
  - patch
  - ipa-healthcheck
  - ipa-client-epn

freeipa_server_force_install: true
freeipa_server_hostname: "{{ ansible_fqdn }}"
freeipa_server_type: master # or replica
freeipa_server_admin_password: "strongpassword"
freeipa_server_ds_password: "strongpassword"
freeipa_server_domain: "example.com"
freeipa_server_realm: "{{ freeipa_server_domain | upper }}"

freeipa_server_install_options:
  - "--hostname={{ freeipa_server_hostname }}"
  - "--domain={{ freeipa_server_domain }}"
  - "--realm={{ freeipa_server_realm }}"
  - "--ds-password {{ freeipa_server_ds_password }}"
  - "--admin-password {{ freeipa_server_admin_password }}"
  - "--ip-address={{ ansible_default_ipv4.address }}"
  - "--mkhomedir"
  - "--no-host-dns"
  - "--no-ntp"

freeipa_client_install_options:
  - "--domain={{ freeipa_server_domain }}"
  - "--realm={{ freeipa_server_realm }}"
  - "--server={{ freeipa_server_master_fqdn }}"
  - "--mkhomedir"
  - "-p admin"
  - "-w {{ freeipa_server_admin_password }}"
  - "--no-ntp"
  - "--force-join"

freeipa_replica_install_options:
  - "--domain={{ freeipa_server_domain }}"
  - "--setup-ca"