ipa-tasks.txt

playbook: ansible/ipa-playbook.yml

  play #1 (all): install IPA base system	TAGS: []
    tasks:
      bootstrap : Check default route	TAGS: [bootstrap]
      bootstrap : Create some default route	TAGS: [bootstrap]
      bootstrap : Check for dnf command	TAGS: [bootstrap, package-install]
      bootstrap : Install python2 and deps for ansible modules	TAGS: [bootstrap, network, package-install]
      bootstrap : Auto select fastest DNF mirror	TAGS: [bootstrap, package-install]
      bootstrap : Refresh dnf cache	TAGS: [bootstrap, network, package-install]
      bootstrap : Gather facts	TAGS: [bootstrap, setup]
      bootstrap : Create directories in ipa_data_dir	TAGS: [bootstrap]
      bootstrap : Dummy (for ansible.skip_tags)	TAGS: [dummy]
      common : DNF or YUM?	TAGS: [common]
      common : Get nmcli device info	TAGS: [common]
      common : Set nmcli device info fact	TAGS: [common]
      common : Set SELinux state (aka make Dan happy or sad)	TAGS: [common]
      common : fix /etc/hosts	TAGS: [common]
      common : Set FQDN hostname	TAGS: [common]
      common : Get timedatectl information	TAGS: [common]
      common : Get timedatectl information	TAGS: [common]
      common : Set timezone to UTC	TAGS: [common]
      common : Disable dnf repos to prevent network access	TAGS: [common]
      common : Enable dnf repos	TAGS: [common]
      common : Auto select fastest DNF mirror	TAGS: [common, package-install]
      common : Enable yum for Fedora	TAGS: [common, network, package-install]
      common : Disable yum repos to prevent network access	TAGS: [common]
      common : Enable yum repos	TAGS: [common]
      common : Auto-select fastest yum mirror	TAGS: [common, network, package-install]
      common : Install gpg command for COPR / rpm_key	TAGS: [common, network, package-copr, package-install]
      common : Add GPG RPM keys for copr	TAGS: [common, network, package-copr, package-install]
      common : Enable extra COPRs	TAGS: [common, network, package-copr, package-install]
      common : upgrade all packages	TAGS: [common, network, package-install, package-upgrade]
      common : Create directory for custom RPMS	TAGS: [common, custom-rpms]
      common : Install rsync	TAGS: [common, custom-rpms, network, package-install]
      common : Synchronize RPMs	TAGS: [common, custom-rpms]
      common : find custom RPMs	TAGS: [common, custom-rpms]
      common : install custom RPMs	TAGS: [common, custom-rpms]
      common : install selinux tools	TAGS: [common, network, package-install]
      common : install firewalld	TAGS: [firewall, network, package-install, pki]
      common : check for firewalld	TAGS: [common, firewall]
      common : Enable and start firewalld	TAGS: [common, firewall]
      common : Open firewall ports elemental services	TAGS: [common, firewall]
      common : Install rng tools	TAGS: [common, network, package-install]
      common : Start the rngd service	TAGS: [common]
      common : tty-less sudo	TAGS: [common]
      ipa : make a copy of original resolv.conf	TAGS: [ipa]
      ipa : Get default DNS	TAGS: [ipa]
      ipa : Get reverse zone	TAGS: [ipa, setup]
      ipa : Remove chrony (FreeIPA uses ntpd)	TAGS: [ipa, package-install]
      ipa : install FreeIPA client package	TAGS: [ipa, network, package-install]
      ipa : Copy workaround tmpfiles.d for /var/run/ipa	TAGS: [ipa]
      ipa : Gather IPA facts	TAGS: [ipa, setup]
      ipa : Set install facts	TAGS: [ipa, setup]

  play #2 (ipaserver_master,ipaserver_replica): install IPA server system	TAGS: []
    tasks:
      ipa-modnss : Install Apache HTTPD with mod_nss	TAGS: [ipa-modnss, network, package-install]
      ipa-modnss : Open Firewall for Apache	TAGS: [firewall, ipa-modnss]
      ipa-modnss : Check for mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Disable mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Enable rewrite engine for nss.conf	TAGS: [ipa-modnss]
      ipaserver : install FreeIPA server package (RHEL / CentOS)	TAGS: [ipaserver, network, package-install]
      ipaserver : Open Firewall for services	TAGS: [firewall, ipaserver]

  play #3 (ipaserver_master): install FreeIPA server master	TAGS: []
    tasks:
      ipaserver-master : Stop Apache HTTPD to free port 8443 for installation	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Install FreeIPA master (5-7 minutes)	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Install KRA on FreeIPA master (2-3 minutes)	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Update IPA facts	TAGS: [ipaserver-master]
      ipaserver-master : Make sure named-pkcs11 DNS is restarted	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : wait for services to come up	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Set ipv4_dns fact	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Add replica to ipv4_dns fact	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Use FreeIPA DNS, nmcli conn modify ipv4.dns	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Use FreeIPA DNS, nmcli conn modify ipv4.dns-search	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Use FreeIPA DNS, nmcli conn modify ipv4.ignore-auto-dns	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Restart NetworkManager to make DNS changes effective	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Set sensible defaults	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Set home directory to /export/home	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Set admin's home directory to /export/home/admin	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Enable password and OTP loging	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Enable global DNS sync ptr	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Enable DNS sync ptr	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Enable reverse DNS sync ptr	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Ensure that ipa-ca points to master	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : signal FreeIPA master has been deployed	TAGS: [ipa-install, ipaserver-master]
      ipaserver-master : Fetch IPA ca.crt	TAGS: [fetch, ipa-install, ipaserver-master]
      ipaserver-master : Copy IPA ca.crt to all machines	TAGS: [ipa-install, ipaserver-master]

  play #4 (ipaserver_master): create local inventory files	TAGS: []
    tasks:
      ipa-inventory : Create Firefox prefs	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Create Firefox bookmarks	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Fetch Firefox files	TAGS: [fetch, ipa-install, ipa-inventory]
      ipa-inventory : Copy local Firefox files	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Write custom krb5.conf	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Write custom krb5.conf for MS-KKDCP	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Fetch resolv.conf	TAGS: [fetch, ipa-install, ipa-inventory]
      ipa-inventory : Fetch IPA ca.crt	TAGS: [fetch, ipa-install, ipa-inventory]
      ipa-inventory : Fetch ipa default.conf	TAGS: [fetch, ipa-install, ipa-inventory]
      ipa-inventory : Fetch kra agent pem file	TAGS: [fetch, ipa-install, ipa-inventory]
      ipa-inventory : Template local scripts	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Template local inventory files	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Check for NSSDB	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Create NSSDB directory	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Create NSSDB	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Remove old CA.crt from NSSDB	TAGS: [ipa-install, ipa-inventory]
      ipa-inventory : Populate NSSDB with CA.crt	TAGS: [ipa-install, ipa-inventory]

  play #5 (ipaserver_replica): install FreeIPA server replica	TAGS: []
    tasks:
      ipaserver-replica : Create /export home directory with correct context	TAGS: [ipa-client, ipa-install]
      ipaserver-replica : join FreeIPA	TAGS: [ipa-client, ipa-install]
      ipaserver-replica : Update IPA facts	TAGS: [ipa-client]
      ipaserver-replica : Stop Apache HTTPD to free port 8443 for installation	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : install replica	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : Prepare replication	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : Fetch replication file	TAGS: [fetch, ipa-install, ipaserver-replica]
      ipaserver-replica : Copy replication file	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : install replica	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : Update IPA facts	TAGS: [ipaserver-replica]
      ipaserver-replica : Install CA on FreeIPA replica (3-4 minutes)	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : Install KRA on FreeIPA replica (2-3 minutes)	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : Make sure named-pkcs11 DNS is restarted	TAGS: [ipa-install, ipaserver-replica]
      ipaserver-replica : Update IPA facts	TAGS: [ipaserver-replica]

  play #6 (ipa_client,ipa_nfsserver,ipa_smbserver,ipa_vpnserver,ipa_httpexample,ipa_ipsilon_idp,ipa_wwwdemo): install FreeIPA client	TAGS: []
    tasks:
      ipa-client : Create /export home directory with correct context	TAGS: [ipa-client, ipa-install]
      ipa-client : join FreeIPA	TAGS: [ipa-client, ipa-install]
      ipa-client : Update IPA facts	TAGS: [ipa-client]

  play #7 (ipa_vpnserver): install OpenConnect VPN server for FreeIPA	TAGS: []
    tasks:
      ipa-vpnserver : install ocserv VPN server	TAGS: [ipa-vpnserver, network, package-install]
      ipa-vpnserver : Open Firewall services for ocserv VPN server	TAGS: [firewall, ipa-vpnserver]
      ipa-vpnserver : Open Firewall DTLS UDP port for ocserv VPN server	TAGS: [firewall, ipa-vpnserver]
      ipa-vpnserver : Enable IPv4 proxy_arp	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Enable masquerading	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Get keytab /etc/ocserv/key.tab content	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Check for principal in keytab	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Create VPN service	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Add VPN service to keytab /etc/ocserv/key.tab	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Look for /etc/pki/ocserv/public/server.crt	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Request certificate /etc/pki/ocserv/public/server.crt with ipa-getcert	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Wait for certmonger	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Create a link from /etc/pki/ocserv/cacerts/ca.crt to /etc/ipa/ca.crt	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Write ocserv.conf	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Enable ocserv	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Template local scripts	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Template local inventory files	TAGS: [ipa-install, ipa-vpnserver]
      ipa-vpnserver : Write custom krb5.conf	TAGS: [fetch, ipa-install, ipa-vpnserver]

  play #8 (ipa_nfsserver): install FreeIPA NFS server	TAGS: []
    tasks:
      ipa-nfsserver : install nfs-utils	TAGS: [ipa-nfsserver, network, package-install]
      ipa-nfsserver : Open Firewall for NFS	TAGS: [firewall, ipa-nfsserver]
      ipa-nfsserver : Get keytab content	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Check for principal in keytab	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Create NFS service	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Add NFS service to keytab	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Create /exports/home	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Add NFS export	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Enable NFS server	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : look for auto.home in default location	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Set has_auto_home fact	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : add automount default location	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : add auto.home map	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : add auto.home to auto.master	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : automountkey-add default auto.home	TAGS: [ipa-install, ipa-nfsserver]
      ipa-nfsserver : Get FreeIPA users	TAGS: [ipa-install, ipa-nfs-homedirs, ipa-nfsserver]
      ipa-nfsserver : Create home directory for FreeIPA users	TAGS: [ipa-install, ipa-nfs-homedirs, ipa-nfsserver]
      ipa-nfsserver : Run ipa-client-automount on master, replicas and clients	TAGS: [ipa-install, ipa-nfsserver]

  play #9 (ipa_smbserver): install FreeIPA Samba server	TAGS: []
    tasks:
      ipa-smbserver : install Samba dependencies	TAGS: [ipa-smbserver, network, package-install]
      ipa-smbserver : Open Firewall for Samba	TAGS: [firewall, ipa-smbserver]
      ipa-smbserver : setsebool samba_enable_home_dirs on	TAGS: [ipa-install, ipa-smbserver]
      ipa-smbserver : Get keytab content	TAGS: [ipa-install, ipa-smbserver]
      ipa-smbserver : Check for principal in keytab	TAGS: [ipa-install, ipa-smbserver]
      ipa-smbserver : Create CIFS service	TAGS: [ipa-install, ipa-smbserver]
      ipa-smbserver : Add CIFS service to keytab	TAGS: [ipa-install, ipa-smbserver]
      ipa-smbserver : Write smb.conf	TAGS: [ipa-install, ipa-smbserver]
      ipa-smbserver : Enable Samba services	TAGS: [ipa-install, ipa-smbserver]

  play #10 (ipa_httpexample): install FreeIPA HTTP example app	TAGS: []
    tasks:
      ipa-modnss : Install Apache HTTPD with mod_nss	TAGS: [ipa-modnss, network, package-install]
      ipa-modnss : Open Firewall for Apache	TAGS: [firewall, ipa-modnss]
      ipa-modnss : Check for mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Disable mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Enable rewrite engine for nss.conf	TAGS: [ipa-modnss]
      ipa-httpd : Replace nss.conf port 8443 with 443	TAGS: [ipa-modnss]
      ipa-httpd : Get keytab content	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Check for principal in keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Create HTTP service	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Add HTTP service to keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : chown http.keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Get ipa-getcert list	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Set has_server_cert and CA unreachable facts	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Restart certmonger when in state CA_UNREACHABLE	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Remove example certs from /etc/httpd/alias NSSDB	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Request certificate with ipa-getcert	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Wait for certmonger	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Remove welcome.conf	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Enable Apache HTTPD service	TAGS: [ipa-http, ipa-install]
      ipa-httpexample : install Apache modules	TAGS: [ipa-httpexample, network, package-install]
      ipa-httpexample : setsebool allow_httpd_mod_auth_pam on	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : setsebool httpd_dbus_sssd on	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Add rewrite rule for / to nss.conf	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Add ldap_user_extra_attrs to sssd.conf	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Add [ifp]allowed_uids to sssd.conf	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Add [ifp]user_attributes to sssd.conf	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Add [ifp]user_attributes to sssd.conf	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Create Apache config for example	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Copy Apache example app files	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Create Apache example app	TAGS: [ipa-httpexample, ipa-install]
      ipa-httpexample : Create PAM service for Apache example app	TAGS: [ipa-httpexample, ipa-install]

  play #11 (ipa_ipsilon_idp): install Ipsilon Identity Provider	TAGS: []
    tasks:
      ipa-modnss : Install Apache HTTPD with mod_nss	TAGS: [ipa-modnss, network, package-install]
      ipa-modnss : Open Firewall for Apache	TAGS: [firewall, ipa-modnss]
      ipa-modnss : Check for mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Disable mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Enable rewrite engine for nss.conf	TAGS: [ipa-modnss]
      ipa-httpd : Replace nss.conf port 8443 with 443	TAGS: [ipa-modnss]
      ipa-httpd : Get keytab content	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Check for principal in keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Create HTTP service	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Add HTTP service to keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : chown http.keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Get ipa-getcert list	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Set has_server_cert and CA unreachable facts	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Restart certmonger when in state CA_UNREACHABLE	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Remove example certs from /etc/httpd/alias NSSDB	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Request certificate with ipa-getcert	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Wait for certmonger	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Remove welcome.conf	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Enable Apache HTTPD service	TAGS: [ipa-http, ipa-install]
      ipa-ipsilon-idp : Install Ipsilon server packages	TAGS: [ipa-ipsilon-idp, network, package-install]
      ipa-ipsilon-idp : Install Ipsilon IdP	TAGS: [ipa-install, ipa-ipsilon-idp]
      ipa-ipsilon-idp : Use NSS instead of mod_ssl	TAGS: [ipa-install, ipa-ipsilon-idp]

  play #12 (ipa_sp_example): install Ipsilon SP example	TAGS: []
    tasks:
      ipa-modnss : Install Apache HTTPD with mod_nss	TAGS: [ipa-modnss, network, package-install]
      ipa-modnss : Open Firewall for Apache	TAGS: [firewall, ipa-modnss]
      ipa-modnss : Check for mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Disable mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Enable rewrite engine for nss.conf	TAGS: [ipa-modnss]
      ipa-modnss : Install Apache HTTPD with mod_nss	TAGS: [ipa-modnss, network, package-install]
      ipa-modnss : Open Firewall for Apache	TAGS: [firewall, ipa-modnss]
      ipa-modnss : Check for mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Disable mod_ssl configuration	TAGS: [ipa-modnss]
      ipa-modnss : Enable rewrite engine for nss.conf	TAGS: [ipa-modnss]
      ipa-httpd : Replace nss.conf port 8443 with 443	TAGS: [ipa-modnss]
      ipa-httpd : Get keytab content	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Check for principal in keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Create HTTP service	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Add HTTP service to keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : chown http.keytab	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Get ipa-getcert list	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Set has_server_cert and CA unreachable facts	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Restart certmonger when in state CA_UNREACHABLE	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Remove example certs from /etc/httpd/alias NSSDB	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Request certificate with ipa-getcert	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Wait for certmonger	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Remove welcome.conf	TAGS: [ipa-httpd, ipa-install]
      ipa-httpd : Enable Apache HTTPD service	TAGS: [ipa-http, ipa-install]
      ipa-sp-example : Install Ipsilon client package	TAGS: [ipa-sp-example, network, package-install]
      ipa-sp-example : Set IdP url fact	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Check for /etc/httpd/conf.d/ipsilon-saml.conf	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Write password to file	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Install Ipsilon client	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Remove password file	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Create /srv/www/sp_example	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Create Apache SP example app	TAGS: [ipa-install, ipa-sp-example]
      ipa-sp-example : Overwrite ipsilon-saml.conf with custom config	TAGS: [ipa-install, ipa-sp-example]

  play #13 (ipa_wwwdemo): install WWW demo	TAGS: []
    tasks:
      ipa-modssl : Install Apache HTTPD with mod_ssl	TAGS: [ipa-modssl, network, package-install]
      ipa-modssl : Open Firewall for Apache	TAGS: [firewall, ipa-modssl]
      ipa-modssl : Check for mod_nss configuration	TAGS: [ipa-modssl]
      ipa-modssl : Disable mod_nss configuration	TAGS: [ipa-modssk]
      ipa-wwwdemo : install Apache HTTPD and modules	TAGS: [ipa-wwwdemo, network, package-install]
      ipa-wwwdemo : Remove welcome.conf	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Enable Apache HTTPD service	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create PAM service file for Apache example app	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : setsebool allow_httpd_mod_auth_pam on	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Template local scripts	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Get keytab content	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Check for principal in keytab	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create HTTP service	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add HTTP service to keytab	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : chown http.keytab	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Get ipa-getcert list	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Set has_server_cert and CA unreachable facts	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Restart certmonger when in state CA_UNREACHABLE	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Request certificate with ipa-getcert	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Wait for certmonger	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Undeploy, remove IPA services/groups/...	TAGS: [ipa-wwwdemo, ipa-wwwdemo-undeploy]
      ipa-wwwdemo : Untrack certificate	TAGS: [ipa-wwwdemo, ipa-wwwdemo-undeploy]
      ipa-wwwdemo : Remove keytab and certs	TAGS: [ipa-wwwdemo, ipa-wwwdemo-undeploy]
      ipa-wwwdemo : setsebool httpd_dbus_sssd on	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add ldap_user_extra_attrs to sssd.conf	TAGS: [ipa-install, ipa-wwwdemo]
      ipa-wwwdemo : Add [ifp]allowed_uids to sssd.conf	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add [ifp]user_attributes to sssd.conf	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add [ifp]user_attributes to sssd.conf	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add www demo groups	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add HBAC allow_admin	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add HABC rule for webadmins	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add HABC rule for webusers	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Disable allow_all HABC	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add SUDO role for wwwdemo	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add privilege for wwwdemo	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add demo user cheimes (webadmins, webusers)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add demo user bob (webusers)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create script to set passwords	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Set passwords	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Add usermachine (GUI)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create Apache config for demo app (default)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Set default facts for config	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create Apache config for demo app (1)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : With lookup_identity	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create Apache config for demo app (2)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : With authnz_pam	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create Apache config for demo app (3)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : With intercept form	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create Apache config for demo app (4)	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create directory for demo app	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Copy Apache demo app files	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Copy Apache demo app files	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Copy WSGI app for demo app	TAGS: [ipa-wwwdemo]
      ipa-wwwdemo : Create helper scripts	TAGS: [ipa-wwwdemo]

  play #14 (ipa_tests): Create integration test files	TAGS: []
    tasks:
      ipa-tests : Create dot_ipa directories	TAGS: [ipa-tests]
      ipa-tests : Create default.conf	TAGS: [ipa-tests]
      ipa-tests : Create .dmpw	TAGS: [ipa-tests]
      ipa-tests : copy alias /etc/httpd/alias databases	TAGS: [ipa-tests]
      ipa-tests : copy /etc/httpd/alias/pwdfile.txt	TAGS: [ipa-tests]
      ipa-tests : copy /etc/ipa/ca.crt	TAGS: [ipa-tests]
      ipa-tests : create krb5.conf	TAGS: [ipa-tests]
      ipa-tests : Fetch dot_ipa	TAGS: [ipa-tests]

  play #15 (all): Tidy up	TAGS: []
    tasks:
      ipa-tidy : Run kdestroy	TAGS: [ipa-install, ipa-tidy]