ansible/playbooks/freeipa.yaml

---
- name: FreeIPA Server Setup
  hosts: freeipadcs
  tasks:
    - name: Verifying dependencies
      ansible.builtin.package:
        name:
          - freeipa-server
          - freeipa-server-dns
          - freeipa-server-trust-ad
          - mlocate
          - vim
        state: present

    - name: Checking chronyd.service for lxc compatibility
      ansible.builtin.replace:
        regexp: '^ExecStart=\/usr\/sbin\/chronyd \$OPTIONS'
        replace: 'ExecStart=/usr/sbin/chronyd -x $OPTIONS'
        path: /etc/systemd/system/multi-user.target.wants/chronyd.service
      register: updated_systemd

    - name: Reloading systemd daemon if necessary
      ansible.builtin.shell:
        cmd: systemctl daemon-reload
      when: updated_systemd.changed

    - name: Checking for configured FreeIPA install
      ansible.builtin.stat:
        path: /etc/ipa/default.conf
      register: freeipa_defaultconf
    - name: Checking for configured ADTrust module
      ansible.builtin.stat:
        path: /var/lib/samba/smbprofile.tdb
      register: freeipa_smbconf

    - name: Check for FreeIPA config
      ansible.builtin.debug:
        msg: 'FreeIPA installation ready. Run ipa-server-install on the server to perform an interactive configuration.'
      when: not freeipa_defaultconf.stat.exists

    - name: Check for FreeIPA AD Trust config
      ansible.builtin.debug:
        msg: 'FreeIPA AD Trust module installation ready. Run ipa-adtrust-install on the server to perform an interactive configuration.'
      when: not freeipa_smbconf.stat.exists