mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-14 13:32:10 +00:00
ipa[server,replica,client]: Update module documentation
The documentation of the module paramaters have been updated. The parameter list has been updated and all parameters are providing a description and the required argument has been updated to reflect current setting in the modules.
This commit is contained in:
Thomas Woerner
@@ -38,20 +38,20 @@ description:
|
||||
Add to ipaservers
|
||||
options:
|
||||
setup_kra:
|
||||
description:
|
||||
required: yes
|
||||
description: Configure a dogtag KRA
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
installer_ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer ccache setting
|
||||
required: no
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -45,7 +45,7 @@ options:
|
||||
required: yes
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: no
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
@@ -56,71 +56,73 @@ options:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
ca_cert_files:
|
||||
description: List of iles containing CA certificates for the service certificate files
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
dirserv_cert_files:
|
||||
description:
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
force_join:
|
||||
description:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
server:
|
||||
description:
|
||||
required: yes
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
config_ca_host_name:
|
||||
description: The config ca_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
installer_ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer ccache setting
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
_add_to_ipaservers:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _add_to_ipaservers setting
|
||||
required: no
|
||||
_ca_subject:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _ca_subject setting
|
||||
required: no
|
||||
_subject_base:
|
||||
description:
|
||||
description: The installer _subject_base setting
|
||||
required: no
|
||||
master:
|
||||
description: Master host name
|
||||
required: yes
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
config_setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
config_ca_host_name:
|
||||
description:
|
||||
required: yes
|
||||
config_ips:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,44 +38,52 @@ description:
|
||||
Import dm password into custodia
|
||||
options:
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
no_ui_redirect:
|
||||
description:
|
||||
description: Do not automatically redirect to the Web UI
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_kra_enabled:
|
||||
description:
|
||||
description: The installer _kra_enabled setting
|
||||
required: yes
|
||||
_kra_host_name:
|
||||
description:
|
||||
description: The installer _kra_host_name setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
config_setup_ca:
|
||||
description: The config setup_ca setting
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
config_ca_host_name:
|
||||
description: The config ca_host_name setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -37,6 +37,55 @@ short description: DS apply updates
|
||||
description:
|
||||
DS apply updates
|
||||
options:
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
no_ui_redirect:
|
||||
description: Do not automatically redirect to the Web UI
|
||||
required: yes
|
||||
dirsrv_config_file:
|
||||
description:
|
||||
The path to LDIF file that will be used to modify configuration of
|
||||
dse.ldif during installation of the directory server instance
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_dirsrv_pkcs12_info:
|
||||
description: The installer _dirsrv_pkcs12_info setting
|
||||
required: yes
|
||||
_pkinit_pkcs12_info:
|
||||
description: The installer _pkinit_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
ds_ca_subject:
|
||||
description: The ds.ca_subject setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,44 +38,51 @@ description:
|
||||
DS enable SSL
|
||||
options:
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
dirsrv_config_file:
|
||||
description:
|
||||
The path to LDIF file that will be used to modify configuration of
|
||||
dse.ldif during installation of the directory server instance
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_dirsrv_pkcs12_info:
|
||||
description:
|
||||
description: The installer _dirsrv_pkcs12_info setting
|
||||
required: yes
|
||||
_pkinit_pkcs12_info:
|
||||
description:
|
||||
description: The installer _pkinit_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
ds_ca_subject:
|
||||
description:
|
||||
required: yes
|
||||
description: The ds.ca_subject setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -33,28 +33,36 @@ ANSIBLE_METADATA = {
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: ipareplica_enable_ipa
|
||||
short description:
|
||||
short description: Enable IPA
|
||||
description: Enable IPA
|
||||
Enable IPA
|
||||
options:
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
hidden_replica:
|
||||
description: Install a hidden replica
|
||||
required: yes
|
||||
subject_base:
|
||||
description: The certificate subject base (default O=<realm-name>).
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
ccache:
|
||||
description: The installation specific ccache file.
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_top_dir:
|
||||
description: The temporary top directory used for the installation.
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
required: no
|
||||
setup_kra:
|
||||
description: Configure KRA
|
||||
required: yes
|
||||
description: Configure a dogtag KRA
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The master host name
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -45,7 +45,7 @@ options:
|
||||
required: yes
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: no
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
@@ -56,37 +56,72 @@ options:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
ca_cert_files:
|
||||
description: List of iles containing CA certificates for the service certificate files
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description:
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
required: yes
|
||||
setup_dns:
|
||||
description:
|
||||
required: yes
|
||||
external_ca:
|
||||
description:
|
||||
required: yes
|
||||
external_cert_files:
|
||||
description:
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
ca_subject:
|
||||
description:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
_hostname_overridden:
|
||||
description:
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
server:
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: no
|
||||
ccache:
|
||||
description: The local ccache
|
||||
required: no
|
||||
installer_ccache:
|
||||
description: The installer ccache setting
|
||||
required: no
|
||||
_top_dir:
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
_add_to_ipaservers:
|
||||
description: The installer _add_to_ipaservers setting
|
||||
required: no
|
||||
_ca_subject:
|
||||
description: The installer _ca_subject setting
|
||||
required: no
|
||||
_subject_base:
|
||||
description: The installer _subject_base setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
config_setup_ca:
|
||||
description: The config setup_ca setting
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
config_ca_host_name:
|
||||
description: The config ca_host_name setting
|
||||
required: no
|
||||
config_ips:
|
||||
description: The config ips setting
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
|
||||
@@ -37,6 +37,41 @@ short description: KRB enable SSL
|
||||
description:
|
||||
KRB enable SSL
|
||||
options:
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_pkinit_pkcs12_info:
|
||||
description: The installer _pkinit_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -37,7 +37,7 @@ description:
|
||||
options:
|
||||
master_password:
|
||||
description: kerberos master password (normally autogenerated)
|
||||
required: false
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -58,70 +58,645 @@ ptions:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
ca_cert_files:
|
||||
description: List of iles containing CA certificates for the service certificate files
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
external_ca:
|
||||
description:
|
||||
description: External ca setting
|
||||
required: yes
|
||||
external_cert_files:
|
||||
description:
|
||||
description:
|
||||
File containing the IPA CA certificate and the external CA certificate
|
||||
chain
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: yes
|
||||
ca_subject:
|
||||
description:
|
||||
description: The installer ca_subject setting
|
||||
required: yes
|
||||
reverse_zones:
|
||||
description:
|
||||
description: The reverse DNS zones to use
|
||||
required: yes
|
||||
no_reverse:
|
||||
description:
|
||||
description: Do not create new reverse DNS zone
|
||||
required: yes
|
||||
auto_reverse:
|
||||
description:
|
||||
description: Create necessary reverse zones
|
||||
required: yes
|
||||
forwarders:
|
||||
description:
|
||||
description: Add DNS forwarders
|
||||
required: yes
|
||||
no_forwarders:
|
||||
description:
|
||||
description: Do not add any DNS forwarders, use root servers instead
|
||||
required: yes
|
||||
auto_forwarders:
|
||||
description:
|
||||
description: Use DNS forwarders configured in /etc/resolv.conf
|
||||
required: yes
|
||||
forward_policy:
|
||||
description:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: yes
|
||||
enable_compat:
|
||||
description:
|
||||
description: Enable support for trusted domains for old clients
|
||||
required: yes
|
||||
netbios_name:
|
||||
description:
|
||||
description: NetBIOS name of the IPA domain
|
||||
required: yes
|
||||
rid_base:
|
||||
description:
|
||||
description: Start value for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
secondary_rid_base:
|
||||
description:
|
||||
description:
|
||||
Start value of the secondary range for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
_hostname_overridden:
|
||||
description:
|
||||
description: The installer _hostname_overridden setting
|
||||
required: yes
|
||||
dm_password:
|
||||
description: Directory Manager password
|
||||
required: False
|
||||
password:
|
||||
description: Admin user kerberos password
|
||||
required: False
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: False
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: False
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: False
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: False
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: True
|
||||
ca_cert_files:
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: False
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: False
|
||||
setup_adtrust:
|
||||
description: Configure AD trust capability
|
||||
required: False
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: False
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: False
|
||||
setup_dns:
|
||||
description: Configure bind with our zone
|
||||
required: False
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: False
|
||||
dirsrv_cert_name:
|
||||
description: Name of the Directory Server SSL certificate to install
|
||||
required: False
|
||||
dirsrv_pin:
|
||||
description: The password to unlock the Directory Server private key
|
||||
required: False
|
||||
http_cert_files:
|
||||
description:
|
||||
File containing the Apache Server SSL certificate and private key
|
||||
required: False
|
||||
http_cert_name:
|
||||
description: Name of the Apache Server SSL certificate to install
|
||||
required: False
|
||||
http_pin:
|
||||
description: The password to unlock the Apache Server private key
|
||||
required: False
|
||||
pkinit_cert_files:
|
||||
description:
|
||||
File containing the Kerberos KDC SSL certificate and private key
|
||||
required: False
|
||||
pkinit_cert_name:
|
||||
description: Name of the Kerberos KDC SSL certificate to install
|
||||
required: False
|
||||
pkinit_pin:
|
||||
description: The password to unlock the Kerberos KDC private key
|
||||
required: False
|
||||
keytab:
|
||||
description: Path to backed up keytab from previous enrollment
|
||||
required: False
|
||||
mkhomedir:
|
||||
description: Create home directories for users on their first login
|
||||
required: False
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: False
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: False
|
||||
ssh_trust_dns:
|
||||
description: Configure OpenSSH client to trust DNS SSHFP records
|
||||
required: False
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: False
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: False
|
||||
no_dns_sshfp:
|
||||
description: Do not automatically create DNS SSHFP records
|
||||
required: False
|
||||
allow_zone_overlap:
|
||||
description: Create DNS zone even if it already exists
|
||||
required: False
|
||||
reverse_zones:
|
||||
description: The reverse DNS zones to use
|
||||
required: False
|
||||
no_reverse:
|
||||
description: Do not create new reverse DNS zone
|
||||
required: False
|
||||
auto_reverse:
|
||||
description: Create necessary reverse zones
|
||||
required: False
|
||||
forwarders:
|
||||
description: Add DNS forwarders
|
||||
required: False
|
||||
no_forwarders:
|
||||
description: Do not add any DNS forwarders, use root servers instead
|
||||
required: False
|
||||
auto_forwarders:
|
||||
description: Use DNS forwarders configured in /etc/resolv.conf
|
||||
required: False
|
||||
forward_policy:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: False
|
||||
no_dnssec_validation:
|
||||
description: Disable DNSSEC validation
|
||||
required: False
|
||||
enable_compat:
|
||||
description: Enable support for trusted domains for old clients
|
||||
required: False
|
||||
netbios_name:
|
||||
description: NetBIOS name of the IPA domain
|
||||
required: False
|
||||
rid_base:
|
||||
description: Start value for mapping UIDs and GIDs to RIDs
|
||||
required: False
|
||||
secondary_rid_base:
|
||||
description:
|
||||
Start value of the secondary range for mapping UIDs and GIDs to RIDs
|
||||
required: False
|
||||
server:
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: True
|
||||
skip_conncheck:
|
||||
description: Skip connection check to remote master
|
||||
required: False
|
||||
dm_password:
|
||||
description: Directory Manager password
|
||||
required: True
|
||||
password:
|
||||
description: Admin user kerberos password
|
||||
required: True
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: True
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: True
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: True
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: True
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: False
|
||||
ca_cert_files:
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: True
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: True
|
||||
setup_adtrust:
|
||||
description: Configure AD trust capability
|
||||
required: True
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: True
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: True
|
||||
setup_dns:
|
||||
description: Configure bind with our zone
|
||||
required: True
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: True
|
||||
dirsrv_cert_name:
|
||||
description: Name of the Directory Server SSL certificate to install
|
||||
required: True
|
||||
dirsrv_pin:
|
||||
description: The password to unlock the Directory Server private key
|
||||
required: True
|
||||
http_cert_files:
|
||||
description:
|
||||
File containing the Apache Server SSL certificate and private key
|
||||
required: True
|
||||
http_cert_name:
|
||||
description: Name of the Apache Server SSL certificate to install
|
||||
required: True
|
||||
http_pin:
|
||||
description: The password to unlock the Apache Server private key
|
||||
required: True
|
||||
pkinit_cert_files:
|
||||
description:
|
||||
File containing the Kerberos KDC SSL certificate and private key
|
||||
required: True
|
||||
pkinit_cert_name:
|
||||
description: Name of the Kerberos KDC SSL certificate to install
|
||||
required: True
|
||||
pkinit_pin:
|
||||
description: The password to unlock the Kerberos KDC private key
|
||||
required: True
|
||||
keytab:
|
||||
description: Path to backed up keytab from previous enrollment
|
||||
required: True
|
||||
mkhomedir:
|
||||
description: Create home directories for users on their first login
|
||||
required: True
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: True
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: True
|
||||
ssh_trust_dns:
|
||||
description: Configure OpenSSH client to trust DNS SSHFP records
|
||||
required: True
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: True
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: True
|
||||
no_dns_sshfp:
|
||||
description: Do not automatically create DNS SSHFP records
|
||||
required: True
|
||||
allow_zone_overlap:
|
||||
description: Create DNS zone even if it already exists
|
||||
required: True
|
||||
reverse_zones:
|
||||
description: The reverse DNS zones to use
|
||||
required: True
|
||||
no_reverse:
|
||||
description: Do not create new reverse DNS zone
|
||||
required: True
|
||||
auto_reverse:
|
||||
description: Create necessary reverse zones
|
||||
required: True
|
||||
forwarders:
|
||||
description: Add DNS forwarders
|
||||
required: True
|
||||
no_forwarders:
|
||||
description: Do not add any DNS forwarders, use root servers instead
|
||||
required: True
|
||||
auto_forwarders:
|
||||
description: Use DNS forwarders configured in /etc/resolv.conf
|
||||
required: True
|
||||
forward_policy:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: True
|
||||
no_dnssec_validation:
|
||||
description: Disable DNSSEC validation
|
||||
required: True
|
||||
enable_compat:
|
||||
description: Enable support for trusted domains for old clients
|
||||
required: True
|
||||
netbios_name:
|
||||
description: NetBIOS name of the IPA domain
|
||||
required: True
|
||||
rid_base:
|
||||
description: Start value for mapping UIDs and GIDs to RIDs
|
||||
required: True
|
||||
secondary_rid_base:
|
||||
description:
|
||||
Start value of the secondary range for mapping UIDs and GIDs to RIDs
|
||||
required: True
|
||||
server:
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: False
|
||||
skip_conncheck:
|
||||
description: Skip connection check to remote master
|
||||
required: True
|
||||
dm_password:
|
||||
description: Directory Manager password
|
||||
required: yes
|
||||
password:
|
||||
description: Admin user kerberos password
|
||||
required: yes
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: no
|
||||
ca_cert_files:
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
dirsrv_cert_name:
|
||||
description: Name of the Directory Server SSL certificate to install
|
||||
required: yes
|
||||
dirsrv_pin:
|
||||
description: The password to unlock the Directory Server private key
|
||||
required: yes
|
||||
http_cert_files:
|
||||
description:
|
||||
File containing the Apache Server SSL certificate and private key
|
||||
required: yes
|
||||
http_cert_name:
|
||||
description: Name of the Apache Server SSL certificate to install
|
||||
required: yes
|
||||
http_pin:
|
||||
description: The password to unlock the Apache Server private key
|
||||
required: yes
|
||||
pkinit_cert_files:
|
||||
description:
|
||||
File containing the Kerberos KDC SSL certificate and private key
|
||||
required: yes
|
||||
pkinit_cert_name:
|
||||
description: Name of the Kerberos KDC SSL certificate to install
|
||||
required: yes
|
||||
pkinit_pin:
|
||||
description: The password to unlock the Kerberos KDC private key
|
||||
required: yes
|
||||
keytab:
|
||||
description: Path to backed up keytab from previous enrollment
|
||||
required: yes
|
||||
mkhomedir:
|
||||
description: Create home directories for users on their first login
|
||||
required: yes
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: yes
|
||||
ssh_trust_dns:
|
||||
description: Configure OpenSSH client to trust DNS SSHFP records
|
||||
required: yes
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: yes
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: yes
|
||||
no_dns_sshfp:
|
||||
description: Do not automatically create DNS SSHFP records
|
||||
required: yes
|
||||
allow_zone_overlap:
|
||||
description: Create DNS zone even if it already exists
|
||||
required: yes
|
||||
reverse_zones:
|
||||
description: The reverse DNS zones to use
|
||||
required: yes
|
||||
no_reverse:
|
||||
description: Do not create new reverse DNS zone
|
||||
required: yes
|
||||
auto_reverse:
|
||||
description: Create necessary reverse zones
|
||||
required: yes
|
||||
forwarders:
|
||||
description: Add DNS forwarders
|
||||
required: yes
|
||||
no_forwarders:
|
||||
description: Do not add any DNS forwarders, use root servers instead
|
||||
required: yes
|
||||
auto_forwarders:
|
||||
description: Use DNS forwarders configured in /etc/resolv.conf
|
||||
required: yes
|
||||
forward_policy:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: yes
|
||||
no_dnssec_validation:
|
||||
description: Disable DNSSEC validation
|
||||
required: yes
|
||||
enable_compat:
|
||||
description: Enable support for trusted domains for old clients
|
||||
required: yes
|
||||
netbios_name:
|
||||
description: NetBIOS name of the IPA domain
|
||||
required: yes
|
||||
rid_base:
|
||||
description: Start value for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
secondary_rid_base:
|
||||
description:
|
||||
Start value of the secondary range for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
server:
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: no
|
||||
skip_conncheck:
|
||||
description: Skip connection check to remote master
|
||||
required: yes
|
||||
dm_password:
|
||||
description: Directory Manager password
|
||||
required: yes
|
||||
password:
|
||||
description: Admin user kerberos password
|
||||
required: yes
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: no
|
||||
ca_cert_files:
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
dirsrv_cert_name:
|
||||
description: Name of the Directory Server SSL certificate to install
|
||||
required: yes
|
||||
dirsrv_pin:
|
||||
description: The password to unlock the Directory Server private key
|
||||
required: yes
|
||||
http_cert_files:
|
||||
description:
|
||||
File containing the Apache Server SSL certificate and private key
|
||||
required: yes
|
||||
http_cert_name:
|
||||
description: Name of the Apache Server SSL certificate to install
|
||||
required: yes
|
||||
http_pin:
|
||||
description: The password to unlock the Apache Server private key
|
||||
required: yes
|
||||
pkinit_cert_files:
|
||||
description:
|
||||
File containing the Kerberos KDC SSL certificate and private key
|
||||
required: yes
|
||||
pkinit_cert_name:
|
||||
description: Name of the Kerberos KDC SSL certificate to install
|
||||
required: yes
|
||||
pkinit_pin:
|
||||
description: The password to unlock the Kerberos KDC private key
|
||||
required: yes
|
||||
keytab:
|
||||
description: Path to backed up keytab from previous enrollment
|
||||
required: yes
|
||||
mkhomedir:
|
||||
description: Create home directories for users on their first login
|
||||
required: yes
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: yes
|
||||
ssh_trust_dns:
|
||||
description: Configure OpenSSH client to trust DNS SSHFP records
|
||||
required: yes
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: yes
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: yes
|
||||
no_dns_sshfp:
|
||||
description: Do not automatically create DNS SSHFP records
|
||||
required: yes
|
||||
allow_zone_overlap:
|
||||
description: Create DNS zone even if it already exists
|
||||
required: yes
|
||||
reverse_zones:
|
||||
description: The reverse DNS zones to use
|
||||
required: yes
|
||||
no_reverse:
|
||||
description: Do not create new reverse DNS zone
|
||||
required: yes
|
||||
auto_reverse:
|
||||
description: Create necessary reverse zones
|
||||
required: yes
|
||||
forwarders:
|
||||
description: Add DNS forwarders
|
||||
required: yes
|
||||
no_forwarders:
|
||||
description: Do not add any DNS forwarders, use root servers instead
|
||||
required: yes
|
||||
auto_forwarders:
|
||||
description: Use DNS forwarders configured in /etc/resolv.conf
|
||||
required: yes
|
||||
forward_policy:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: yes
|
||||
no_dnssec_validation:
|
||||
description: Disable DNSSEC validation
|
||||
required: yes
|
||||
enable_compat:
|
||||
description: Enable support for trusted domains for old clients
|
||||
required: yes
|
||||
netbios_name:
|
||||
description: NetBIOS name of the IPA domain
|
||||
required: yes
|
||||
rid_base:
|
||||
description: Start value for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
secondary_rid_base:
|
||||
description:
|
||||
Start value of the secondary range for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
server:
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: no
|
||||
skip_conncheck:
|
||||
description: Skip connection check to remote master
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
|
||||
@@ -38,23 +38,25 @@ description:
|
||||
Promote openldap.conf
|
||||
options:
|
||||
setup_kra:
|
||||
description:
|
||||
required: no
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
config_setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
description: The config setup_ca setting
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,23 +38,25 @@ description:
|
||||
Promote sssd
|
||||
options:
|
||||
setup_kra:
|
||||
description:
|
||||
required: no
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
config_setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
description: The config setup_ca setting
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -37,6 +37,38 @@ short description: Restart KDC
|
||||
description:
|
||||
Restart KDC
|
||||
options:
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
no_ui_redirect:
|
||||
description: Do not automatically redirect to the Web UI
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_file:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,23 +38,41 @@ description:
|
||||
Setup adtrust
|
||||
options:
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
enable_compat:
|
||||
description: Enable support for trusted domains for old clients
|
||||
required: yes
|
||||
rid_base:
|
||||
description: Start value for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
secondary_rid_base:
|
||||
description:
|
||||
Start value of the secondary range for mapping UIDs and GIDs to RIDs
|
||||
required: yes
|
||||
adtrust_netbios_name:
|
||||
description: The adtrust netbios_name setting
|
||||
required: no
|
||||
adtrust_reset_netbios_name:
|
||||
description: The adtrust reset_netbios_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
description: Configure a dogtag CA
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -37,65 +37,67 @@ short description: Setup CA
|
||||
description:
|
||||
Setup CA
|
||||
options:
|
||||
pki_config_override:
|
||||
description: Path to ini file with config overrides
|
||||
required: yes
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
required: yes
|
||||
pki_config_override:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_kra_enabled:
|
||||
description:
|
||||
description: The installer _kra_enabled setting
|
||||
required: yes
|
||||
_kra_host_name:
|
||||
description:
|
||||
description: The installer _kra_host_name setting
|
||||
required: yes
|
||||
_dirsrv_pkcs12_info:
|
||||
description:
|
||||
description: The installer _dirsrv_pkcs12_info setting
|
||||
required: yes
|
||||
_pkinit_pkcs12_info:
|
||||
description:
|
||||
description: The installer _pkinit_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
_ca_subject:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _ca_subject setting
|
||||
required: no
|
||||
_subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _subject_base setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
config_setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
description: The config setup_ca setting
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
config_ca_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config ca_host_name setting
|
||||
required: no
|
||||
config_ips:
|
||||
description:
|
||||
description: The config ips setting
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
|
||||
@@ -38,44 +38,49 @@ description:
|
||||
Setup custodia
|
||||
options:
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
no_ui_redirect:
|
||||
description:
|
||||
description: Do not automatically redirect to the Web UI
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_kra_enabled:
|
||||
description:
|
||||
description: The installer _kra_enabled setting
|
||||
required: yes
|
||||
_kra_host_name:
|
||||
description:
|
||||
description: The installer _kra_host_name setting
|
||||
required: yes
|
||||
_pkinit_pkcs12_info:
|
||||
description: The installer _pkinit_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,26 +38,46 @@ description:
|
||||
Setup DNS
|
||||
options:
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
zonemgr:
|
||||
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
|
||||
required: yes
|
||||
forwarders:
|
||||
description: Add DNS forwarders
|
||||
required: yes
|
||||
forward_policy:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: yes
|
||||
no_dnssec_validation:
|
||||
description: Disable DNSSEC validation
|
||||
required: yes
|
||||
dns_ip_addresses:
|
||||
description: The dns ip_addresses setting
|
||||
required: no
|
||||
dns_reverse_zones:
|
||||
description: The dns reverse_zones setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
description: Configure a dogtag CA
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -45,7 +45,7 @@ options:
|
||||
required: yes
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: no
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
@@ -56,73 +56,86 @@ options:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
ca_cert_files:
|
||||
description: List of iles containing CA certificates for the service certificate files
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
dirserv_cert_files:
|
||||
description:
|
||||
no_pkinit:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
dirsrv_config_file:
|
||||
description:
|
||||
The path to LDIF file that will be used to modify configuration of
|
||||
dse.ldif during installation of the directory server instance
|
||||
required: yes
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
force_join:
|
||||
description:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
server:
|
||||
description:
|
||||
required: yes
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
installer_ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer ccache setting
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_dirsrv_pkcs12_info:
|
||||
description:
|
||||
description: The installer _dirsrv_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
_add_to_ipaservers:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _add_to_ipaservers setting
|
||||
required: no
|
||||
_ca_subject:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _ca_subject setting
|
||||
required: no
|
||||
_subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _subject_base setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
config_setup_ca:
|
||||
description:
|
||||
required: yes
|
||||
description: The config setup_ca setting
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
config_ca_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config ca_host_name setting
|
||||
required: no
|
||||
config_ips:
|
||||
description:
|
||||
description: The config ips setting
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
|
||||
@@ -38,41 +38,46 @@ description:
|
||||
Setup HTTP
|
||||
options:
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
no_ui_redirect:
|
||||
description:
|
||||
description: Do not automatically redirect to the Web UI
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
config_ca_host_name:
|
||||
description: The config ca_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_ca_file:
|
||||
description:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_http_pkcs12_info:
|
||||
description:
|
||||
description: The installer _http_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -45,7 +45,7 @@ options:
|
||||
required: yes
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: no
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
@@ -56,22 +56,73 @@ options:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
ca_cert_files:
|
||||
description: List of iles containing CA certificates for the service certificate files
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
no_host_dns:
|
||||
description: Do not use DNS for hostname lookup during installation
|
||||
required: yes
|
||||
pki_config_override:
|
||||
description: Path to ini file with config overrides
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_ca:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
external_ca:
|
||||
description:
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
server:
|
||||
description: Fully qualified name of IPA server to enroll to
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description: The local ccache
|
||||
required: no
|
||||
installer_ccache:
|
||||
description: The installer ccache setting
|
||||
required: no
|
||||
_ca_enabled:
|
||||
description: The installer _ca_enabled setting
|
||||
required: yes
|
||||
_kra_enabled:
|
||||
description: The installer _kra_enabled setting
|
||||
required: yes
|
||||
_kra_host_name:
|
||||
description: The installer _kra_host_name setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
_add_to_ipaservers:
|
||||
description: The installer _add_to_ipaservers setting
|
||||
required: no
|
||||
_ca_subject:
|
||||
description: The installer _ca_subject setting
|
||||
required: no
|
||||
_subject_base:
|
||||
description: The installer _subject_base setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,29 +38,31 @@ description:
|
||||
Setup KRB
|
||||
options:
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_pkinit_pkcs12_info:
|
||||
description:
|
||||
description: The installer _pkinit_pkcs12_info setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -38,35 +38,37 @@ description:
|
||||
Setup OTPD
|
||||
options:
|
||||
setup_ca:
|
||||
description:
|
||||
description: Configure a dogtag CA
|
||||
required: yes
|
||||
setup_kra:
|
||||
description:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
no_ui_redirect:
|
||||
description:
|
||||
description: Do not automatically redirect to the Web UI
|
||||
required: yes
|
||||
subject_base:
|
||||
description:
|
||||
required: yes
|
||||
description:
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
config_master_host_name:
|
||||
description:
|
||||
required: yes
|
||||
description: The config master_host_name setting
|
||||
required: no
|
||||
ccache:
|
||||
description:
|
||||
required: yes
|
||||
description: The local ccache
|
||||
required: no
|
||||
_ca_file:
|
||||
description:
|
||||
description: The installer _ca_file setting
|
||||
required: yes
|
||||
_top_dir:
|
||||
description:
|
||||
required: yes
|
||||
description: The installer _top_dir setting
|
||||
required: no
|
||||
dirman_password:
|
||||
description:
|
||||
required: yes
|
||||
description: Directory Manager (master) password
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
@@ -31,9 +31,91 @@ ANSIBLE_METADATA = {
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: ipareplica_test
|
||||
short description:
|
||||
description:
|
||||
short description: IPA replica deployment tests
|
||||
description: IPA replica deployment tests
|
||||
options:
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
ca_cert_files:
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
hidden_replica:
|
||||
description: Install a hidden replica
|
||||
required: yes
|
||||
setup_adtrust:
|
||||
description: Configure AD trust capability
|
||||
required: yes
|
||||
setup_kra:
|
||||
description: Configure a dogtag KRA
|
||||
required: yes
|
||||
setup_dns:
|
||||
description: Configure bind with our zone
|
||||
required: yes
|
||||
no_pkinit:
|
||||
description: Disable pkinit setup steps
|
||||
required: yes
|
||||
dirsrv_config_file:
|
||||
description:
|
||||
The path to LDIF file that will be used to modify configuration of
|
||||
dse.ldif during installation of the directory server instance
|
||||
required: yes
|
||||
dirsrv_cert_files:
|
||||
description:
|
||||
Files containing the Directory Server SSL certificate and private key
|
||||
required: yes
|
||||
http_cert_files:
|
||||
description:
|
||||
File containing the Apache Server SSL certificate and private key
|
||||
required: yes
|
||||
pkinit_cert_files:
|
||||
description:
|
||||
File containing the Kerberos KDC SSL certificate and private key
|
||||
required: yes
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: yes
|
||||
ntp_servers:
|
||||
description: ntp servers to use
|
||||
required: yes
|
||||
ntp_pool:
|
||||
description: ntp server pool to use
|
||||
required: yes
|
||||
no_reverse:
|
||||
description: Do not create new reverse DNS zone
|
||||
required: yes
|
||||
auto_reverse:
|
||||
description: Create necessary reverse zones
|
||||
required: yes
|
||||
forwarders:
|
||||
description: Add DNS forwarders
|
||||
required: yes
|
||||
no_forwarders:
|
||||
description: Do not add any DNS forwarders, use root servers instead
|
||||
required: yes
|
||||
auto_forwarders:
|
||||
description: Use DNS forwarders configured in /etc/resolv.conf
|
||||
required: yes
|
||||
forward_policy:
|
||||
description: DNS forwarding policy for global forwarders
|
||||
required: yes
|
||||
no_dnssec_validation:
|
||||
description: Disable DNSSEC validation
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
'''
|
||||
|
||||
Reference in New Issue
Block a user