Skip to content

Commit 014c70d

Browse files
committed
add check for virtual servers in freeipa_server
1 parent 89d282d commit 014c70d

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

ansible/roles/freeipa/tasks/server.yml

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,22 @@
1111
that: _freeipa_validate_hostname.stdout | split('.') | length >= 3
1212
fail_msg: "freeipa_server hostname '{{ _freeipa_validate_hostname.stdout }}' is not fully-qualified (a.b.c)"
1313

14+
- name: Check for virtual servers in httpd configuration of freeipa_server
15+
# e.g. fatimage with OOD config; community.general.ipa_host fails with "401 Unauthorized: No session cookie found"
16+
# https://lists.fedoraproject.org/archives/list/[email protected]/message/7RH7XDFR35KDPYJ7AQCQI2H2EOWIZCWA/
17+
find:
18+
path: /etc/httpd/conf.d/
19+
contains: '<VirtualHost'
20+
read_whole_file: false
21+
pattern: '*.conf'
22+
register: _find_httpd_conf
23+
24+
- name: Assert no other name-based virtual servers on freeipa_server
25+
assert:
26+
that: item.path == '/etc/httpd/conf.d/ssl.conf' # this one is OK
27+
fail_msg: "freeipa_server host must not have other virtual servers defined: see {{ item.path }}"
28+
loop: "{{ _find_httpd_conf.files }}"
29+
1430
- name: Install freeipa server packages
1531
dnf:
1632
name: '@idm:DL1/dns'
@@ -34,6 +50,7 @@
3450
--no-ntp
3551
--unattended
3652
--no-ui-redirect
53+
# TODO: add no_log here as password exposed
3754

3855
register: _ipa_server_install
3956
changed_when: _ipa_server_install.rc == 0

0 commit comments

Comments
 (0)