Red Hat Summit26.4. Authorization options for IdM client enrollment using an Ansible playbook
You can authorize IdM client enrollment by using any of the following methods:
- A random, one-time password (OTP) + administrator password
- A random, one-time password (OTP) + an admin keytab
- The client keytab from the previous enrollment
-
The password of a user authorized to enroll a client (
admin) stored in an inventory file -
The password of a user authorized to enroll a client (
admin) stored in an Ansible vault
It is possible to have the OTP generated by an IdM administrator before the IdM client installation. In that case, you do not need any credentials for the installation other than the OTP itself.
The following are sample inventory files for these methods:
| Authorization option | Inventory file |
|---|---|
| A random, one-time password (OTP) + administrator password |
|
| A random, one-time password (OTP) |
This scenario assumes that the OTP was already generated by an IdM |
| A random, one-time password (OTP) + an admin keytab |
|
| The client keytab from the previous enrollment |
|
|
Password of an |
|
|
Password of an |
|
If you are using the password of an admin user stored in an Ansible vault file, the corresponding playbook file must have an additional vars_files directive:
| Inventory file | Playbook file |
|---|---|
|
|
In all the other authorization scenarios described above, a basic playbook file could look as follows:
- name: Playbook to configure IPA clients
hosts: ipaclients
become: true
roles:
- role: freeipa.ansible_freeipa.ipaclient
state: true
In the two OTP authorization scenarios described above, the requesting of the administrator’s TGT by using the kinit command occurs on the first specified or discovered IdM server. Therefore, no additional modification of the Ansible control node is required.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}