internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-14 13:32:10 +00:00
Code Issues Projects Releases Wiki Activity

ipa[server,replica,client]: Update module documentation

Browse Source 
The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.
This commit is contained in:
Thomas Woerner
2019-07-22 17:12:48 +02:00
parent 5d2736b144
commit 830da6367e
56 changed files with 2327 additions and 743 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/ipaserver/library/ipaserver_enable_ipa.py
View File

@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: enable_ipa
short description:
description:
module: ipaserver_enable_ipa
short description: Enable IPA
description: Enable IPA
options:
hostname:
description: Fully qualified name of this host
required: yes
setup_dns:
description: Configure bind with our zone
required: no
setup_ca:
description: Configure a dogtag CA
required: no
author:
- Thomas Woerner
'''

6
roles/ipaserver/library/ipaserver_load_cache.py
View File

@@ -33,10 +33,12 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_load_cache
short description:
description:
short description: Load cache file
description: Load cache file
options:
dm_password:
description: Directory Manager password
required: no
author:
- Thomas Woerner
'''

7
roles/ipaserver/library/ipaserver_master_password.py
View File

@@ -30,14 +30,17 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: master_password
module: ipaserver_master_password
short description: Generate kerberos master password if not given
description:
Generate kerberos master password if not given
options:
dm_password:
description: Directory Manager password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: false
required: yes
author:
- Thomas Woerner
'''

83
roles/ipaserver/library/ipaserver_prepare.py
View File

@@ -33,37 +33,116 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_prepare
short description:
description:
short description: Prepare IPA server deployment
description: Prepare IPA server deployment
options:
force:
description: Installer force parameter
required: yes
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
external_ca:
description: External ca setting
required: yes
external_ca_type:
description: Type of the external CA
required: yes
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse:
description: Create necessary reverse zones
required: yes
forwarders:
description: Add DNS forwarders
required: yes
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
netbios_name:
description: NetBIOS name of the IPA domain
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
_hostname_overridden:
description: The installer _hostname_overridden setting
required: yes
author:
- Thomas Woerner
'''

64
roles/ipaserver/library/ipaserver_set_ds_password.py
View File

@@ -32,10 +32,68 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: set_ds_password
short description:
description:
module: ipaserver_set_ds_password
short description: Set DS password
description: Set DS password
options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: no
setup_ca:
description: Configure a dogtag CA
required: no
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
domainlevel:
description: The domain level
required: yes
author:
- Thomas Woerner
'''

31
roles/ipaserver/library/ipaserver_setup_adtrust.py
View File

@@ -32,10 +32,35 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_adtrust
short description:
description:
module: ipaserver_setup_adtrust
short description: Setup trust ad
description: Setup trust ad
options:
hostname:
description: Fully qualified name of this host
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
adtrust_netbios_name:
description: The adtrust netbios_name setting
required: no
adtrust_reset_netbios_name:
description: The adtrust reset_netbios_name setting
required: no
author:
- Thomas Woerner
'''

84
roles/ipaserver/library/ipaserver_setup_ca.py
View File

@@ -33,39 +33,119 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ca
short description:
description:
short description: Setup CA
description: Setup CA
options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: no
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
pki_config_override:
description: Path to ini file with config overrides
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
external_ca:
description: External ca setting
required: yes
external_ca_type:
description: Type of the external CA
required: yes
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
_subject_base:
description: The installer _subject_base setting
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
_ca_subject:
description: The installer _ca_subject setting
required: yes
ca_signing_algorithm:
description: Signing algorithm of the IPA CA certificate
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
domainlevel:
description: The domain level
required: yes
_http_ca_cert:
description: The installer _http_ca_cert setting
required: yes
author:
- Thomas Woerner
'''

10
roles/ipaserver/library/ipaserver_setup_custodia.py
View File

@@ -33,12 +33,18 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_custodia
short description:
description:
short description: Setup custodia
description: Setup custodia
options:
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
author:
- Thomas Woerner
'''

35
roles/ipaserver/library/ipaserver_setup_dns.py
View File

@@ -32,17 +32,46 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_dns
short description:
description:
module: ipaserver_setup_dns
short description: Setup DNS
description: Setup DNS
options:
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: no
setup_dns:
description: Configure bind with our zone
required: no
setup_ca:
description: Configure a dogtag CA
required: no
zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes
forwarders:
description: Add DNS forwarders
required: no
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
dns_ip_addresses:
description: The dns ip_addresses setting
required: no
dns_reverse_zones:
description: The dns reverse_zones setting
required: no
author:
- Thomas Woerner
'''

51
roles/ipaserver/library/ipaserver_setup_ds.py
View File

@@ -33,21 +33,64 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ds
short description:
description:
short description: Configure directory server
description: Configure directory server
options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
no_pkinit:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
setup_ca
description: The installer ca_subject setting
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
author:
- Thomas Woerner
'''

107
roles/ipaserver/library/ipaserver_setup_http.py
View File

@@ -32,10 +32,111 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_ds
short description:
description:
module: ipaserver_setup_http
short description: Setup HTTP
description: Setup HTTP
options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
ip_addresses:
description: List of Master Server IP Addresses
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_ui_redirect:
description: Do not automatically redirect to the Web UI
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
_subject_base:
description: The installer _subject_base setting
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
_ca_subject:
description: The installer _ca_subject setting
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
domainlevel:
description: The domain level
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
_http_pkcs12_info:
description: The installer _http_pkcs12_info setting
required: yes
author:
- Thomas Woerner
'''

24
roles/ipaserver/library/ipaserver_setup_kra.py
View File

@@ -32,10 +32,28 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_kra
short description:
description:
module: ipaserver_setup_kra
short description: Setup KRA
description: Setup KRA
options:
dm_password:
description: Directory Manager password
required: no
hostname:
description: Fully qualified name of this host
required: no
setup_ca:
description: Configure a dogtag CA
required: no
setup_kra:
description: Configure a dogtag KRA
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
pki_config_override:
description: Path to ini file with config overrides
required: yes
author:
- Thomas Woerner
'''

79
roles/ipaserver/library/ipaserver_setup_krb.py
View File

@@ -32,10 +32,83 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_ds
short description:
description:
module: ipaserver_setup_krb
short description: Setup KRB
description: Setup KRB
options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
ip_addresses:
description: List of Master Server IP Addresses
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
required: yes
author:
- Thomas Woerner
'''

12
roles/ipaserver/library/ipaserver_setup_ntp.py
View File

@@ -32,10 +32,16 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_ntp
short description:
description:
module: ipaserver_setup_ntp
short description: Setup NTP
description: Setup NTP
options:
ntp_servers:
description: ntp servers to use
required: yes
ntp_pool:
description: ntp server pool to use
required: yes
author:
- Thomas Woerner
'''

15
roles/ipaserver/library/ipaserver_setup_otpd.py
View File

@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: setup_otpd
short description:
description:
module: ipaserver_setup_otpd
short description: Setup OTPD
description: Setup OTPD
options:
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
author:
- Thomas Woerner
'''

164
roles/ipaserver/library/ipaserver_test.py
View File

@@ -31,9 +31,169 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_test
short description:
description:
short description: IPA server test
description: IPA server test
options:
force:
description: Installer force parameter
required: yes
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
realm:
description: Kerberos realm name of the IPA deployment
required: yes
hostname:
description: Fully qualified name of this host
required: yes
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
pki_config_override:
description: Path to ini file with config overrides
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: yes
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: yes
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: yes
http_pin:
description: The password to unlock the Apache Server private key
required: yes
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: yes
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: yes
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: yes
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: yes
ntp_servers:
description: ntp servers to use
required: yes
ntp_pool:
description: ntp server pool to use
required: yes
no_ntp:
description: Do not configure ntp
required: yes
external_ca:
description: External ca setting
required: yes
external_ca_type:
description: Type of the external CA
required: yes
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse:
description: Create necessary reverse zones
required: yes
zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes
forwarders:
description: Add DNS forwarders
required: yes
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
netbios_name:
description: NetBIOS name of the IPA domain
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
author:
- Thomas Woerner
'''