New service management module.

There is a new service management module placed in the pluginsfolder: plugins/modules/ipaservice.py The service module allows to ensure presence and absence of services, and manage members and certificates of the service. Here is the documentation for the module: README-service.md New example playbooks have been added: playbooks/service/service-host-is-absent.yml playbooks/service/service-host-is-present.yml playbooks/service/service-is-absent.yml playbooks/service/service-is-disabled.yml playbooks/service/service-is-present-with-all-attributes.yml playbooks/service/service-is-present-without-host-object.yml playbooks/service/service-is-present.yml playbooks/service/service-member-allow_create_keytab-absent.yml playbooks/service/service-member-allow_create_keytab-present.yml playbooks/service/service-member-allow_retrieve_keytab-absent.yml playbooks/service/service-member-allow_retrieve_keytab-present.yml playbooks/service/service-member-certificate-absent.yml playbooks/service/service-member-certificate-present.yml playbooks/service/service-member-principal-absent.yml playbooks/service/service-member-principal-present.yml New tests added for the module: tests/service/test-service.yml
2026-05-14 21:42:17 +00:00 · 2020-01-25 00:10:55 -03:00
parent 8f91c209c7
commit 5a83c08f4c
28 changed files with 2725 additions and 0 deletions
--- a/playbooks/service/service-host-is-absent.yml
+++ b/playbooks/service/service-host-is-absent.yml
@@ -0,0 +1,14 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure management host is absent.
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      host: "{{ groups.ipaserver[0] }}"
+      action: member
+      state: absent
--- a/playbooks/service/service-host-is-present.yml
+++ b/playbooks/service/service-host-is-present.yml
@@ -0,0 +1,13 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure management host is present.
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      host: "{{ groups.ipaserver[0] }}"
+      action: member
--- a/playbooks/service/service-is-absent.yml
+++ b/playbooks/service/service-is-absent.yml
@@ -0,0 +1,12 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service is absent
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      state: absent
--- a/playbooks/service/service-is-disabled.yml
+++ b/playbooks/service/service-is-disabled.yml
@@ -0,0 +1,12 @@
+---
+- name: Playbook to disable IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service is disabled
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      state: disabled
--- a/playbooks/service/service-is-present-with-all-attributes.yml
+++ b/playbooks/service/service-is-present-with-all-attributes.yml
@@ -0,0 +1,23 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service is present
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      certificate:
+        - MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+
+      pac_type:
+        - MS-PAC
+        - PAD
+      auth_ind: otp
+      force: no
+      requires_pre_auth: yes
+      ok_as_delegate: no
+      ok_to_auth_as_delegate: no
+      action: service
+      state: present
--- a/playbooks/service/service-is-present-with-host-force.yml
+++ b/playbooks/service/service-is-present-with-host-force.yml
@@ -0,0 +1,13 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service is present
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/ihavenodns.info
+      force: yes
+      # state: absent
--- a/playbooks/service/service-is-present-without-host-object.yml
+++ b/playbooks/service/service-is-present-without-host-object.yml
@@ -0,0 +1,12 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service is present
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.ansible.com
+      skip_host_check: yes
--- a/playbooks/service/service-is-present.yml
+++ b/playbooks/service/service-is-present.yml
@@ -0,0 +1,11 @@
+---
+- name: Playbook to manage IPA service.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service is present
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
--- a/playbooks/service/service-member-allow_create_keytab-absent.yml
+++ b/playbooks/service/service-member-allow_create_keytab-absent.yml
@@ -0,0 +1,24 @@
+---
+- name: Service member allow_create_keytab absent
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Service HTTP/www.example.com members allow_create_keytab absent for users, groups, hosts and hostgroups
+    ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      allow_create_keytab_user:
+      - user01
+      - user02
+      allow_create_keytab_group:
+      - group01
+      - group02
+      allow_create_keytab_host:
+      - host01.example.com
+      - host02.example.com
+      allow_create_keytab_hostgroup:
+      - hostgroup01
+      - hostgroup02
+      action: member
+      state: absent
--- a/playbooks/service/service-member-allow_create_keytab-present.yml
+++ b/playbooks/service/service-member-allow_create_keytab-present.yml
@@ -0,0 +1,23 @@
+---
+- name: Service member allow_create_keytab present
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Service HTTP/www.example.com members allow_create_keytab present for users, groups, hosts and hostgroups
+    ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      allow_create_keytab_user:
+      - user01
+      - user02
+      allow_create_keytab_group:
+      - group01
+      - group02
+      allow_create_keytab_host:
+      - host01.example.com
+      - host02.example.com
+      allow_create_keytab_hostgroup:
+      - hostgroup01
+      - hostgroup02
+      action: member
--- a/playbooks/service/service-member-allow_retrieve_keytab-absent.yml
+++ b/playbooks/service/service-member-allow_retrieve_keytab-absent.yml
@@ -0,0 +1,24 @@
+---
+- name: Service member allow_retrieve_keytab absent
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Service HTTP/www.example.com members allow_retrieve_keytab absent for users, groups, hosts and hostgroups
+    ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      allow_retrieve_keytab_user:
+      - user01
+      - user02
+      allow_retrieve_keytab_group:
+      - group01
+      - group02
+      allow_retrieve_keytab_host:
+      - host01.example.com
+      - host02.example.com
+      allow_retrieve_keytab_hostgroup:
+      - hostgroup01
+      - hostgroup02
+      action: member
+      state: absent
--- a/playbooks/service/service-member-allow_retrieve_keytab-present.yml
+++ b/playbooks/service/service-member-allow_retrieve_keytab-present.yml
@@ -0,0 +1,23 @@
+---
+- name: Service member allow_retrieve_keytab present
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Service HTTP/www.example.com members allow_retrieve_keytab present for users, groups, hosts and hostgroups
+    ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      allow_retrieve_keytab_user:
+      - user01
+      - user02
+      allow_retrieve_keytab_group:
+      - group01
+      - group02
+      allow_retrieve_keytab_host:
+      - host01.example.com
+      - host02.example.com
+      allow_retrieve_keytab_hostgroup:
+      - hostgroup01
+      - hostgroup02
+      action: member
--- a/playbooks/service/service-member-certificate-absent.yml
+++ b/playbooks/service/service-member-certificate-absent.yml
@@ -0,0 +1,16 @@
+---
+- name: Service certificate absent.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service certificate is absent
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+
+      certificate:
+        - MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+
+      action: member
+      state: absent
--- a/playbooks/service/service-member-certificate-present.yml
+++ b/playbooks/service/service-member-certificate-present.yml
@@ -0,0 +1,15 @@
+---
+- name: Service certificate present.
+  hosts: ipaserver
+  become: true
+  gather_facts: false
+
+  tasks:
+  # Ensure service certificate is present
+  - ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      certificate:
+        - MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+
+      action: member
+      state: present
--- a/playbooks/service/service-member-principal-absent.yml
+++ b/playbooks/service/service-member-principal-absent.yml
@@ -0,0 +1,14 @@
+---
+- name: Service member principal absent
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com absent
+    ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      principal:
+        - host/test.exmaple.com
+      action: member
+      state: absent
--- a/playbooks/service/service-member-principal-present.yml
+++ b/playbooks/service/service-member-principal-present.yml
@@ -0,0 +1,13 @@
+---
+- name: Service member principal present
+  hosts: ipaserver
+  become: true
+
+  tasks:
+  - name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com present
+    ipaservice:
+      ipaadmin_password: MyPassword123
+      name: HTTP/www.example.com
+      principal:
+        - host/test.exmaple.com
+      action: member