internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-15 14:02:02 +00:00
Code Issues Projects Releases Wiki Activity

ipa[server,replica,client]: Update module documentation

Browse Source 
The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.
This commit is contained in:
Thomas Woerner
2019-07-22 17:12:48 +02:00
parent 5d2736b144
commit 830da6367e
56 changed files with 2327 additions and 743 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/ipaclient/library/ipaclient_api.py
View File

@@ -29,21 +29,23 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaclient_api module: ipaclient_api
short description: Create temporary NSS database, call IPA API for remaining enrollment parts short description:
Create temporary NSS database, call IPA API for remaining enrollment parts
description: description:
Create temporary NSS database, call IPA API for remaining enrollment parts Create temporary NSS database, call IPA API for remaining enrollment parts
options: options:
servers:
description: Fully qualified name of IPA servers to enroll to
required: no
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: true required: no
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
debug: debug:
description: Turn on extra debugging description: Turn on extra debugging
required: false required: yes
type: bool
default: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

21
roles/ipaclient/library/ipaclient_fix_ca.py
View File

@@ -34,20 +34,19 @@ description:
Repair Fix IPA ca certificate Repair Fix IPA ca certificate
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: true required: no
basedn: basedn:
description: The basedn of the IPA server (of the form dc=example,dc=com). description: The basedn of the IPA server (of the form dc=example,dc=com)
required: true required: no
allow_repair: allow_repair:
description: Allow repair of already joined hosts. Contrary to ipaclient_force_join the host entry will not be changed on the server. description:
required: true Allow repair of already joined hosts. Contrary to ipaclient_force_join
type: bool the host entry will not be changed on the server
default: no required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

2
roles/ipaclient/library/ipaclient_fstore.py
View File

@@ -37,7 +37,7 @@ Backup files using IPA client sysrestore
options: options:
backup: backup:
description: File to backup description: File to backup
required: true required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

56
roles/ipaclient/library/ipaclient_get_otp.py
View File

@@ -35,45 +35,31 @@ description:
host operations. host operations.
options: options:
principal: principal:
description: Kerberos principal used to manage the host description:
required: true User Principal allowed to promote replicas and join IPA realm
default: admin required: yes
password: ccache:
description: Password for the kerberos principal description: The local ccache
required: false required: yes
keytab:
description: Keytab file containing the Kerberos principal and encrypted key
required: false
lifetime:
description: Sets the default lifetime for initial ticket requests
required: false
default: 1h
fqdn: fqdn:
description: the fully-qualified hostname of the host to add/modify/remove description:
required: true The fully-qualified hostname of the host to add/modify/remove
random: required: no
description: generate a random password to be used in bulk enrollment
required: false
type: bool
default: no
state:
description: the host state
required: false
default: present
choices: [ "present", "absent" ]
certificates: certificates:
description: a list of host certificates description: A list of host certificates
required: false required: yes
type: list
sshpubkey: sshpubkey:
description: the SSH public key for the host description: The SSH public key for the host
required: false required: yes
ipaddress: ipaddress:
description: the IP address for the host description: The IP address for the host
required: false required: yes
random:
requirements: description: Generate a random password to be used in bulk enrollment
- gssapi on the Ansible controller required: yes
state:
description: The desired host state
required: yes
author: author:
- "Florence Blanc-Renaud" - "Florence Blanc-Renaud"
''' '''

25
roles/ipaclient/library/ipaclient_ipa_conf.py
View File

@@ -35,24 +35,21 @@ short description: Configure ipa.conf
description: description:
Configure ipa.conf Configure ipa.conf
options: options:
servers:
description: The FQDN of the IPA servers to connect to.
required: true
type: list
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: false required: no
servers:
description: Fully qualified name of IPA servers to enroll to
required: no
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: false required: no
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
basedn: basedn:
description: The basedn of the detected IPA server. description: The basedn of the IPA server (of the form dc=example,dc=com)
returned: always required: no
type: string
sample: dc=example,dc=com
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

75
roles/ipaclient/library/ipaclient_join.py
View File

@@ -31,59 +31,58 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaclient_join module: ipaclient_join
short description: Join a machine to an IPA realm and get a keytab for the host service principal short description:
Join a machine to an IPA realm and get a keytab for the host service
principal
description: description:
Join a machine to an IPA realm and get a keytab for the host service principal Join a machine to an IPA realm and get a keytab for the host service
principal
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: true required: no
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: true required: no
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
kdc: kdc:
description: The name or address of the host running the KDC. description: The name or address of the host running the KDC
required: true required: no
basedn: basedn:
description: The basedn of the IPA server (of the form dc=example,dc=com). description: The basedn of the IPA server (of the form dc=example,dc=com)
required: true required: no
principal: principal:
description: The authorized kerberos principal used to join the IPA realm. description:
required: false User Principal allowed to promote replicas and join IPA realm
required: yes
password: password:
description: The password to use if not using Kerberos to authenticate. description: Admin user kerberos password
required: false required: yes
admin_keytab:
description: The path to a local admin keytab.
required: false
keytab: keytab:
description: The path to a backed-up host keytab from previous enrollment. description: Path to backed up keytab from previous enrollment
required: false required: yes
admin_keytab:
description: The path to a local admin keytab
required: yes
ca_cert_file: ca_cert_file:
description: A CA certificate to use. Do not acquire the IPA CA certificate via automated means. description:
required: false A CA certificate to use. Do not acquire the IPA CA certificate via
automated means
required: yes
force_join: force_join:
description: Force enrolling the host even if host entry exists. description: Force client enrollment even if already enrolled
required: false required: yes
type: bool
default: no
kinit_attempts: kinit_attempts:
description: Repeat the request for host Kerberos ticket X times. description: Repeat the request for host Kerberos ticket X times
required: false required: yes
type: int
default: 5
debug: debug:
description: Enable debug mode. description: Turn on extra debugging
required: false required: yes
type: bool
default: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

4
roles/ipaclient/library/ipaclient_set_hostname.py
View File

@@ -36,8 +36,8 @@ description:
Backup and set hostname Backup and set hostname
options: options:
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

12
roles/ipaclient/library/ipaclient_setup_automount.py
View File

@@ -36,12 +36,14 @@ description:
Setup automount for IPA client Setup automount for IPA client
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list sssd:
description: The installer sssd setting
required: yes
automount_location: automount_location:
description: Automount location description: The automount location
required: false required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

10
roles/ipaclient/library/ipaclient_setup_firefox.py
View File

@@ -36,11 +36,13 @@ description:
Setup firefox for IPA client Setup firefox for IPA client
options: options:
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: true required: no
firefox_dir: firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox') description:
required: false Specify directory where Firefox is installed (for example
'/usr/lib/firefox')
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

27
roles/ipaclient/library/ipaclient_setup_krb5.py
View File

@@ -35,12 +35,33 @@ short description: Setup krb5 for IPA client
description: description:
Setup krb5 for IPA client Setup krb5 for IPA client
options: options:
server:
domain: domain:
description: Primary DNS domain of the IPA deployment
required: yes
servers:
description: Fully qualified name of IPA servers to enroll to
required: yes
realm: realm:
description: Kerberos realm name of the IPA deployment
required: yes
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: yes
kdc:
description: The name or address of the host running the KDC
required: yes
dnsok:
description: The installer dnsok setting
required: yes
client_domain:
description: Primary DNS domain of the IPA deployment
required: yes
sssd:
description: The installer sssd setting
required: yes
force:
description: Installer force parameter
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

8
roles/ipaclient/library/ipaclient_setup_nis.py
View File

@@ -36,11 +36,11 @@ description:
Setup NIS for IPA client Setup NIS for IPA client
options: options:
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: true required: no
nisdomain: nisdomain:
description: NIS domain name description: The NIS domain name
required: false required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

119
roles/ipaclient/library/ipaclient_setup_nss.py
View File

@@ -36,103 +36,82 @@ description:
Create IPA NSS database Create IPA NSS database
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: true required: no
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: true required: no
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
basedn: basedn:
description: The basedn of the IPA server (of the form dc=example,dc=com). description: The basedn of the IPA server (of the form dc=example,dc=com)
required: true required: no
principal: principal:
description: The authorized kerberos principal used to join the IPA realm. description:
required: false User Principal allowed to promote replicas and join IPA realm
required: yes
subject_base: subject_base:
description: The subject base, needed for certmonger description:
required: true The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
ca_enabled: ca_enabled:
description: Whether the Certificate Authority is enabled or not. description: Whether the Certificate Authority is enabled or not
required: true required: no
type: bool
default: no
mkhomedir: mkhomedir:
description: Whether to create home directories for users on their first login. description: Create home directories for users on their first login
required: false required: yes
type: bool
default: no
on_master: on_master:
description: Whether the configuration is done on the master or not. description: Whether the configuration is done on the master or not
required: false required: yes
type: bool dnsok:
default: no description: The installer dnsok setting
required: yes
enable_dns_updates: enable_dns_updates:
description: Configures the machine to attempt dns updates when the ip address changes. description:
required: false Configures the machine to attempt dns updates when the ip address
type: bool changes
default: no required: yes
all_ip_addresses: all_ip_addresses:
description: All routable IP addresses configured on any interface will be added to DNS description:
required: false All routable IP addresses configured on any interface will be added
type: bool to DNS
default: no required: yes
ip_addresses: ip_addresses:
description: Specify IP addresses that should be added to DNS. description: List of Master Server IP Addresses
required: false required: yes
type: list
default: None
request_cert: request_cert:
description: request certificate for the machine description: Request certificate for the machine
required: false required: yes
type: bool
default: no
preserve_sssd: preserve_sssd:
description: Preserve old SSSD configuration if possible description: Preserve old SSSD configuration if possible
required: false required: yes
type: bool
default: no
no_ssh: no_ssh:
description: Do not configure OpenSSH client description: Do not configure OpenSSH client
required: false required: yes
type: bool
default: no
no_sshd: no_sshd:
description: Do not configure OpenSSH server description: Do not configure OpenSSH server
required: false required: yes
type: bool
default: no
no_sudo: no_sudo:
description: Do not configure SSSD as data source for sudo description: Do not configure SSSD as data source for sudo
required: false required: yes
type: bool
default: no
fixed_primary: fixed_primary:
description: Configure sssd to use fixed server as primary IPA server description: Configure sssd to use fixed server as primary IPA server
required: false required: yes
type: bool
default: no
permit: permit:
description: Disable access rules by default, permit all access. description: Disable access rules by default, permit all access
required: false required: yes
type: bool
default: no
no_krb5_offline_passwords: no_krb5_offline_passwords:
description: Configure SSSD not to store user password when the server is offline description:
required: false Configure SSSD not to store user password when the server is offline
type: bool required: yes
default: no
no_dns_sshfp: no_dns_sshfp:
description: Do not automatically create DNS SSHFP records description: Do not automatically create DNS SSHFP records
required: false required: yes
type: bool
default: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

48
roles/ipaclient/library/ipaclient_setup_ntp.py
View File

@@ -35,44 +35,24 @@ short description: Setup NTP for IPA client
description: description:
Setup NTP for IPA client Setup NTP for IPA client
options: options:
servers:
description: The FQDN of the IPA servers to connect to.
required: false
type: list
default: []
domain:
description: The primary DNS domain of an existing IPA deployment.
required: false
realm:
description: The Kerberos realm of an existing IPA deployment.
required: false
hostname:
description: The hostname of the machine to join (FQDN).
required: false
ca_cert_file:
description: A CA certificate to use.
required: false
on_master:
description: IPA client installation on IPA server
required: false
default: false
type: bool
default: no
ntp_servers: ntp_servers:
description: List of NTP servers to use description: ntp servers to use
required: false required: yes
type: list
default: []
ntp_pool: ntp_pool:
description: ntp server pool to use description: ntp server pool to use
required: false required: yes
no_ntp: no_ntp:
description: Do not sync time and do not detect time servers description: Do not configure ntp
required: false required: yes
default: false on_master:
type: bool description: Whether the configuration is done on the master or not
default: no required: yes
servers:
description: Fully qualified name of IPA servers to enroll to
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

33
roles/ipaclient/library/ipaclient_setup_ssh.py
View File

@@ -36,29 +36,20 @@ description:
Configure ssh and sshd for IPA client Configure ssh and sshd for IPA client
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list no_ssh:
ssh: description: Do not configure OpenSSH client
description: Configure OpenSSH client required: yes
required: false ssh_trust_dns:
type: bool
default: no
trust_sshfp:
description: Configure OpenSSH client to trust DNS SSHFP records description: Configure OpenSSH client to trust DNS SSHFP records
required: false required: yes
type: bool no_sshd:
default: no description: Do not configure OpenSSH server
sshd: required: yes
description: Configure OpenSSH server
required: false
type: bool
default: no
sssd: sssd:
description: Configure SSSD server description: The installer sssd setting
required: false required: yes
type: bool
default: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

76
roles/ipaclient/library/ipaclient_setup_sssd.py
View File

@@ -36,68 +36,52 @@ description:
Setup sssd for IPA client Setup sssd for IPA client
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: true required: no
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: true required: no
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
on_master: on_master:
description: Whether the configuration is done on the master or not. description: Whether the configuration is done on the master or not
required: false required: yes
type: bool
default: no
no_ssh: no_ssh:
description: Do not configure OpenSSH client description: Do not configure OpenSSH client
required: false required: yes
type: bool
default: no
no_sshd: no_sshd:
description: Do not configure OpenSSH server description: Do not configure OpenSSH server
required: false required: yes
type: bool
default: no
no_sudo: no_sudo:
description: Do not configure SSSD as data source for sudo description: Do not configure SSSD as data source for sudo
required: false required: yes
type: bool
default: no
all_ip_addresses: all_ip_addresses:
description: All routable IP addresses configured on any interface will be added to DNS. description:
required: false All routable IP addresses configured on any interface will be added
type: bool to DNS
default: no required: yes
fixed_primary: fixed_primary:
description: Whether to use fixed server as primary IPA server. description: Configure sssd to use fixed server as primary IPA server
required: false required: yes
type: bool
default: no
permit: permit:
description: Disable access rules by default, permit all access. description: Disable access rules by default, permit all access
required: false required: yes
type: bool
default: no
enable_dns_updates: enable_dns_updates:
description: Configures the machine to attempt dns updates when the ip address changes. description:
required: false Configures the machine to attempt dns updates when the ip address
type: bool changes
default: no required: yes
preserve_sssd: preserve_sssd:
description: Preserve old SSSD configuration if possible. description: Preserve old SSSD configuration if possible
required: false required: yes
type: bool
default: no
no_krb5_offline_passwords: no_krb5_offline_passwords:
description: Whether user passwords are stored when the server is offline. description:
required: false Configure SSSD not to store user password when the server is offline
type: bool required: yes
default: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

106
roles/ipaclient/library/ipaclient_test.py
View File

@@ -35,84 +35,70 @@ short description: Tries to discover IPA server
description: description:
Tries to discover IPA server using DNS or host name Tries to discover IPA server using DNS or host name
options: options:
servers:
description: The FQDN of the IPA servers to connect to.
required: false
type: list
default: []
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: false required: yes
servers:
description: Fully qualified name of IPA servers to enroll to
required: yes
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: false required: yes
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: false required: yes
ntp_servers: ntp_servers:
description: List of NTP servers to use description: ntp servers to use
required: false required: yes
type: list
default: []
ntp_pool: ntp_pool:
description: ntp server pool to use description: ntp server pool to use
required: false required: yes
no_ntp: no_ntp:
description: Do not sync time and do not detect time servers description: Do not configure ntp
required: false required: yes
default: false
type: bool
default: no
force_ntpd: force_ntpd:
description: Stop and disable any time&date synchronization services besides ntpd. Deprecated since 4.7. description:
requried: false Stop and disable any time&date synchronization services besides ntpd
type: bool Deprecated since 4.7
default: no required: yes
nisdomain: nisdomain:
description: NIS domain name description: The NIS domain name
required: false required: yes
no_nisdomain: no_nisdomain:
description: Do not configure NIS domain name description: Do not configure NIS domain name
required: false required: yes
type: bool
default: no
kinit_attempts: kinit_attempts:
description: Repeat the request for host Kerberos ticket X times. description: Repeat the request for host Kerberos ticket X times
required: false required: yes
type: int
default: 5
ca_cert_files: ca_cert_files:
description: CA certificates to use. description:
required: false List of files containing CA certificates for the service certificate
files
required: yes
configure_firefox: configure_firefox:
description: Configure Firefox to use IPA domain credentials description: Configure Firefox to use IPA domain credentials
required: false required: yes
type: bool
default: no
firefox_dir: firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox') description:
required: false Specify directory where Firefox is installed (for example
'/usr/lib/firefox')
required: yes
ip_addresses: ip_addresses:
description: All routable IP addresses configured on any interface will be added to DNS. description: List of Master Server IP Addresses
required: false required: yes
type: bool
default: no
all_ip_addresses: all_ip_addresses:
description: All routable IP addresses configured on any interface will be added to DNS. description:
required: false All routable IP addresses configured on any interface will be added
type: bool to DNS
default: no required: yes
on_master: on_master:
description: IPA client installation on IPA server description: Whether the configuration is done on the master or not
required: false required: yes
default: false
type: bool
default: no
enable_dns_updates: enable_dns_updates:
description: Configures the machine to attempt dns updates when the ip address changes. description:
required: false Configures the machine to attempt dns updates when the ip address
type: bool changes
default: no required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''
@@ -194,7 +180,9 @@ ntp_servers:
type: list type: list
sample: ["ntp.example.com"] sample: ["ntp.example.com"]
ipa_python_version: ipa_python_version:
description: The IPA python version as a number: <major version>*10000+<minor version>*100+<release> description:
- The IPA python version as a number:
- <major version>*10000+<minor version>*100+<release>
returned: always returned: always
type: int type: int
sample: 040400 sample: 040400

30
roles/ipaclient/library/ipaclient_test_keytab.py
View File

@@ -31,32 +31,30 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaclient_test_keytab module: ipaclient_test_keytab
short description: Test if the krb5.keytab on the machine is valid and can be used. short description:
Test if the krb5.keytab on the machine is valid and can be used.
description: description:
Test if the krb5.keytab on the machine is valid and can be used. Test if the krb5.keytab on the machine is valid and can be used.
A temporary krb5.conf file will be generated to not fail on an invalid one. A temporary krb5.conf file will be generated to not fail on an invalid one.
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: Fully qualified name of IPA servers to enroll to
required: true required: no
type: list
domain: domain:
description: The primary DNS domain of an existing IPA deployment. description: Primary DNS domain of the IPA deployment
required: true required: no
realm: realm:
description: The Kerberos realm of an existing IPA deployment. description: Kerberos realm name of the IPA deployment
required: true required: no
hostname: hostname:
description: The hostname of the machine to join (FQDN). description: Fully qualified name of this host
required: true required: no
kdc: kdc:
description: The name or address of the host running the KDC. description: The name or address of the host running the KDC
required: true required: no
kinit_attempts: kinit_attempts:
description: Repeat the request for host Kerberos ticket X times. description: Repeat the request for host Kerberos ticket X times
required: false required: yes
type: int
default: 5
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

20
roles/ipareplica/library/ipareplica_add_to_ipaservers.py
View File

@@ -38,20 +38,20 @@ description:
Add to ipaservers Add to ipaservers
options: options:
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
installer_ccache: installer_ccache:
description: description: The installer ccache setting
required: yes required: no
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

76
roles/ipareplica/library/ipareplica_create_ipa_conf.py
View File

@@ -45,7 +45,7 @@ options:
required: yes required: yes
ip_addresses: ip_addresses:
description: List of Master Server IP Addresses description: List of Master Server IP Addresses
required: no required: yes
domain: domain:
description: Primary DNS domain of the IPA deployment description: Primary DNS domain of the IPA deployment
required: yes required: yes
@@ -56,71 +56,73 @@ options:
description: Fully qualified name of this host description: Fully qualified name of this host
required: yes required: yes
ca_cert_files: ca_cert_files:
description: List of iles containing CA certificates for the service certificate files description:
List of files containing CA certificates for the service certificate
files
required: yes required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation description: Do not use DNS for hostname lookup during installation
required: yes required: yes
setup_adtrust: setup_adtrust:
description: description: Configure AD trust capability
required: yes required: yes
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
setup_dns: setup_dns:
description: description: Configure bind with our zone
required: yes required: yes
dirserv_cert_files: dirsrv_cert_files:
description: description:
Files containing the Directory Server SSL certificate and private key
required: yes required: yes
force_join: force_join:
description: description: Force client enrollment even if already enrolled
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
server: server:
description: description: Fully qualified name of IPA server to enroll to
required: yes required: no
config_master_host_name:
description: The config master_host_name setting
required: no
config_ca_host_name:
description: The config ca_host_name setting
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
installer_ccache: installer_ccache:
description: description: The installer ccache setting
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
_add_to_ipaservers: _add_to_ipaservers:
description: description: The installer _add_to_ipaservers setting
required: yes required: no
_ca_subject: _ca_subject:
description: description: The installer _ca_subject setting
required: yes required: no
_subject_base: _subject_base:
description: description: The installer _subject_base setting
required: no
master:
description: Master host name
required: yes required: yes
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
config_setup_ca:
description:
required: yes
config_master_host_name:
description:
required: yes
config_ca_host_name:
description:
required: yes
config_ips:
description:
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

44
roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
View File

@@ -38,44 +38,52 @@ description:
Import dm password into custodia Import dm password into custodia
options: options:
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: description: Disable pkinit setup steps
required: yes required: yes
no_ui_redirect: no_ui_redirect:
description: description: Do not automatically redirect to the Web UI
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
config_master_host_name: RDNs are in LDAP order (most specific RDN first).
description: required: no
required: yes
ccache: ccache:
description: description: The local ccache
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_ca_file: _ca_file:
description: description: The installer _ca_file setting
required: yes required: yes
_kra_enabled: _kra_enabled:
description: description: The installer _kra_enabled setting
required: yes required: yes
_kra_host_name: _kra_host_name:
description: description: The installer _kra_host_name setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
config_setup_ca:
description: The config setup_ca setting
required: no
config_master_host_name:
description: The config master_host_name setting
required: no
config_ca_host_name:
description: The config ca_host_name setting
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

49
roles/ipareplica/library/ipareplica_ds_apply_updates.py
View File

@@ -37,6 +37,55 @@ short description: DS apply updates
description: description:
DS apply updates DS apply updates
options: options:
setup_ca:
description: Configure a dogtag CA
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
no_ui_redirect:
description: Do not automatically redirect to the Web UI
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name:
description: The config master_host_name setting
required: no
ccache:
description: The local ccache
required: no
_ca_enabled:
description: The installer _ca_enabled setting
required: yes
_ca_file:
description: The installer _ca_file setting
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
description: The installer _top_dir setting
required: no
dirman_password:
description: Directory Manager (master) password
required: no
ds_ca_subject:
description: The ds.ca_subject setting
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

41
roles/ipareplica/library/ipareplica_ds_enable_ssl.py
View File

@@ -38,44 +38,51 @@ description:
DS enable SSL DS enable SSL
options: options:
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description: description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_ca_file: _ca_file:
description: description: The installer _ca_file setting
required: yes required: yes
_dirsrv_pkcs12_info: _dirsrv_pkcs12_info:
description: description: The installer _dirsrv_pkcs12_info setting
required: yes required: yes
_pkinit_pkcs12_info: _pkinit_pkcs12_info:
description: description: The installer _pkinit_pkcs12_info setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
ds_ca_subject: ds_ca_subject:
description: description: The ds.ca_subject setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

32
roles/ipareplica/library/ipareplica_enable_ipa.py
View File

@@ -33,28 +33,36 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipareplica_enable_ipa module: ipareplica_enable_ipa
short description: short description: Enable IPA
description: Enable IPA description: Enable IPA
Enable IPA Enable IPA
options: options:
hostname:
description: Fully qualified name of this host
required: yes
hidden_replica:
description: Install a hidden replica
required: yes
subject_base: subject_base:
description: The certificate subject base (default O=<realm-name>). description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
ccache: ccache:
description: The installation specific ccache file. description: The local ccache
required: yes required: no
_top_dir: _top_dir:
description: The temporary top directory used for the installation. description: The installer _top_dir setting
required: yes required: no
setup_ca: setup_ca:
description: Configure a dogtag CA description: Configure a dogtag CA
required: yes required: no
setup_kra: setup_kra:
description: Configure KRA description: Configure a dogtag KRA
required: yes required: no
config_master_host_name: config_master_host_name:
description: The master host name description: The config master_host_name setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

69
roles/ipareplica/library/ipareplica_install_ca_certs.py
View File

@@ -45,7 +45,7 @@ options:
required: yes required: yes
ip_addresses: ip_addresses:
description: List of Master Server IP Addresses description: List of Master Server IP Addresses
required: no required: yes
domain: domain:
description: Primary DNS domain of the IPA deployment description: Primary DNS domain of the IPA deployment
required: yes required: yes
@@ -56,37 +56,72 @@ options:
description: Fully qualified name of this host description: Fully qualified name of this host
required: yes required: yes
ca_cert_files: ca_cert_files:
description: List of iles containing CA certificates for the service certificate files description:
List of files containing CA certificates for the service certificate
files
required: yes required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation description: Do not use DNS for hostname lookup during installation
required: yes required: yes
setup_adtrust: setup_adtrust:
description: description: Configure AD trust capability
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
setup_dns: setup_dns:
description: description: Configure bind with our zone
required: yes required: yes
external_ca: dirsrv_cert_files:
description: description:
Files containing the Directory Server SSL certificate and private key
required: yes required: yes
external_cert_files: force_join:
description: description: Force client enrollment even if already enrolled
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
ca_subject: RDNs are in LDAP order (most specific RDN first).
description: required: no
required: yes server:
setup_ca: description: Fully qualified name of IPA server to enroll to
description: required: no
required: yes ccache:
_hostname_overridden: description: The local ccache
description: required: no
installer_ccache:
description: The installer ccache setting
required: no
_top_dir:
description: The installer _top_dir setting
required: no
_add_to_ipaservers:
description: The installer _add_to_ipaservers setting
required: no
_ca_subject:
description: The installer _ca_subject setting
required: no
_subject_base:
description: The installer _subject_base setting
required: no
dirman_password:
description: Directory Manager (master) password
required: no
config_setup_ca:
description: The config setup_ca setting
required: no
config_master_host_name:
description: The config master_host_name setting
required: no
config_ca_host_name:
description: The config ca_host_name setting
required: no
config_ips:
description: The config ips setting
required: yes required: yes
author: author:
- Thomas Woerner - Thomas Woerner

35
roles/ipareplica/library/ipareplica_krb_enable_ssl.py
View File

@@ -37,6 +37,41 @@ short description: KRB enable SSL
description: description:
KRB enable SSL KRB enable SSL
options: options:
setup_ca:
description: Configure a dogtag CA
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name:
description: The config master_host_name setting
required: no
ccache:
description: The local ccache
required: no
_ca_enabled:
description: The installer _ca_enabled setting
required: yes
_ca_file:
description: The installer _ca_file setting
required: yes
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
description: The installer _top_dir setting
required: no
dirman_password:
description: Directory Manager (master) password
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

2
roles/ipareplica/library/ipareplica_master_password.py
View File

@@ -37,7 +37,7 @@ description:
options: options:
master_password: master_password:
description: kerberos master password (normally autogenerated) description: kerberos master password (normally autogenerated)
required: false required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

609
roles/ipareplica/library/ipareplica_prepare.py
View File

@@ -58,70 +58,645 @@ ptions:
description: Fully qualified name of this host description: Fully qualified name of this host
required: yes required: yes
ca_cert_files: ca_cert_files:
description: List of iles containing CA certificates for the service certificate files description:
List of files containing CA certificates for the service certificate
files
required: yes required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation description: Do not use DNS for hostname lookup during installation
required: yes required: yes
setup_adtrust: setup_adtrust:
description: description: Configure AD trust capability
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
setup_dns: setup_dns:
description: description: Configure bind with our zone
required: yes required: yes
external_ca: external_ca:
description: description: External ca setting
required: yes required: yes
external_cert_files: external_cert_files:
description: description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes required: yes
subject_base: subject_base:
description: description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes required: yes
ca_subject: ca_subject:
description: description: The installer ca_subject setting
required: yes required: yes
reverse_zones: reverse_zones:
description: description: The reverse DNS zones to use
required: yes required: yes
no_reverse: no_reverse:
description: description: Do not create new reverse DNS zone
required: yes required: yes
auto_reverse: auto_reverse:
description: description: Create necessary reverse zones
required: yes required: yes
forwarders: forwarders:
description: description: Add DNS forwarders
required: yes required: yes
no_forwarders: no_forwarders:
description: description: Do not add any DNS forwarders, use root servers instead
required: yes required: yes
auto_forwarders: auto_forwarders:
description: description: Use DNS forwarders configured in /etc/resolv.conf
required: yes required: yes
forward_policy: forward_policy:
description: description: DNS forwarding policy for global forwarders
required: yes required: yes
enable_compat: enable_compat:
description: description: Enable support for trusted domains for old clients
required: yes required: yes
netbios_name: netbios_name:
description: description: NetBIOS name of the IPA domain
required: yes required: yes
rid_base: rid_base:
description: description: Start value for mapping UIDs and GIDs to RIDs
required: yes required: yes
secondary_rid_base: secondary_rid_base:
description: description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes required: yes
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
_hostname_overridden: _hostname_overridden:
description: The installer _hostname_overridden setting
required: yes
dm_password:
description: Directory Manager password
required: False
password:
description: Admin user kerberos password
required: False
ip_addresses:
description: List of Master Server IP Addresses
required: False
domain:
description: Primary DNS domain of the IPA deployment
required: False
realm:
description: Kerberos realm name of the IPA deployment
required: False
hostname:
description: Fully qualified name of this host
required: False
principal:
description: description:
User Principal allowed to promote replicas and join IPA realm
required: True
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: False
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: False
setup_adtrust:
description: Configure AD trust capability
required: False
setup_ca:
description: Configure a dogtag CA
required: False
setup_kra:
description: Configure a dogtag KRA
required: False
setup_dns:
description: Configure bind with our zone
required: False
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: False
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: False
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: False
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: False
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: False
http_pin:
description: The password to unlock the Apache Server private key
required: False
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: False
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: False
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: False
keytab:
description: Path to backed up keytab from previous enrollment
required: False
mkhomedir:
description: Create home directories for users on their first login
required: False
force_join:
description: Force client enrollment even if already enrolled
required: False
no_ntp:
description: Do not configure ntp
required: False
ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
required: False
no_ssh:
description: Do not configure OpenSSH client
required: False
no_sshd:
description: Do not configure OpenSSH server
required: False
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: False
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: False
reverse_zones:
description: The reverse DNS zones to use
required: False
no_reverse:
description: Do not create new reverse DNS zone
required: False
auto_reverse:
description: Create necessary reverse zones
required: False
forwarders:
description: Add DNS forwarders
required: False
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: False
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: False
forward_policy:
description: DNS forwarding policy for global forwarders
required: False
no_dnssec_validation:
description: Disable DNSSEC validation
required: False
enable_compat:
description: Enable support for trusted domains for old clients
required: False
netbios_name:
description: NetBIOS name of the IPA domain
required: False
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: False
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: False
server:
description: Fully qualified name of IPA server to enroll to
required: True
skip_conncheck:
description: Skip connection check to remote master
required: False
dm_password:
description: Directory Manager password
required: True
password:
description: Admin user kerberos password
required: True
ip_addresses:
description: List of Master Server IP Addresses
required: True
domain:
description: Primary DNS domain of the IPA deployment
required: True
realm:
description: Kerberos realm name of the IPA deployment
required: True
hostname:
description: Fully qualified name of this host
required: True
principal:
description:
User Principal allowed to promote replicas and join IPA realm
required: False
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: True
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: True
setup_adtrust:
description: Configure AD trust capability
required: True
setup_ca:
description: Configure a dogtag CA
required: True
setup_kra:
description: Configure a dogtag KRA
required: True
setup_dns:
description: Configure bind with our zone
required: True
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: True
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: True
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: True
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: True
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: True
http_pin:
description: The password to unlock the Apache Server private key
required: True
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: True
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: True
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: True
keytab:
description: Path to backed up keytab from previous enrollment
required: True
mkhomedir:
description: Create home directories for users on their first login
required: True
force_join:
description: Force client enrollment even if already enrolled
required: True
no_ntp:
description: Do not configure ntp
required: True
ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
required: True
no_ssh:
description: Do not configure OpenSSH client
required: True
no_sshd:
description: Do not configure OpenSSH server
required: True
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: True
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: True
reverse_zones:
description: The reverse DNS zones to use
required: True
no_reverse:
description: Do not create new reverse DNS zone
required: True
auto_reverse:
description: Create necessary reverse zones
required: True
forwarders:
description: Add DNS forwarders
required: True
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: True
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: True
forward_policy:
description: DNS forwarding policy for global forwarders
required: True
no_dnssec_validation:
description: Disable DNSSEC validation
required: True
enable_compat:
description: Enable support for trusted domains for old clients
required: True
netbios_name:
description: NetBIOS name of the IPA domain
required: True
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: True
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: True
server:
description: Fully qualified name of IPA server to enroll to
required: False
skip_conncheck:
description: Skip connection check to remote master
required: True
dm_password:
description: Directory Manager password
required: yes
password:
description: Admin user kerberos password
required: yes
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
realm:
description: Kerberos realm name of the IPA deployment
required: yes
hostname:
description: Fully qualified name of this host
required: yes
principal:
description:
User Principal allowed to promote replicas and join IPA realm
required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: yes
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: yes
http_pin:
description: The password to unlock the Apache Server private key
required: yes
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: yes
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: yes
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: yes
keytab:
description: Path to backed up keytab from previous enrollment
required: yes
mkhomedir:
description: Create home directories for users on their first login
required: yes
force_join:
description: Force client enrollment even if already enrolled
required: yes
no_ntp:
description: Do not configure ntp
required: yes
ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
required: yes
no_ssh:
description: Do not configure OpenSSH client
required: yes
no_sshd:
description: Do not configure OpenSSH server
required: yes
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: yes
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse:
description: Create necessary reverse zones
required: yes
forwarders:
description: Add DNS forwarders
required: yes
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
netbios_name:
description: NetBIOS name of the IPA domain
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
server:
description: Fully qualified name of IPA server to enroll to
required: no
skip_conncheck:
description: Skip connection check to remote master
required: yes
dm_password:
description: Directory Manager password
required: yes
password:
description: Admin user kerberos password
required: yes
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
realm:
description: Kerberos realm name of the IPA deployment
required: yes
hostname:
description: Fully qualified name of this host
required: yes
principal:
description:
User Principal allowed to promote replicas and join IPA realm
required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: yes
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: yes
http_pin:
description: The password to unlock the Apache Server private key
required: yes
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: yes
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: yes
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: yes
keytab:
description: Path to backed up keytab from previous enrollment
required: yes
mkhomedir:
description: Create home directories for users on their first login
required: yes
force_join:
description: Force client enrollment even if already enrolled
required: yes
no_ntp:
description: Do not configure ntp
required: yes
ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
required: yes
no_ssh:
description: Do not configure OpenSSH client
required: yes
no_sshd:
description: Do not configure OpenSSH server
required: yes
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: yes
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse:
description: Create necessary reverse zones
required: yes
forwarders:
description: Add DNS forwarders
required: yes
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
netbios_name:
description: NetBIOS name of the IPA domain
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
server:
description: Fully qualified name of IPA server to enroll to
required: no
skip_conncheck:
description: Skip connection check to remote master
required: yes required: yes
author: author:
- Thomas Woerner - Thomas Woerner

24
roles/ipareplica/library/ipareplica_promote_openldap_conf.py
View File

@@ -38,23 +38,25 @@ description:
Promote openldap.conf Promote openldap.conf
options: options:
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: no required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
config_setup_ca: config_setup_ca:
description: description: The config setup_ca setting
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

24
roles/ipareplica/library/ipareplica_promote_sssd.py
View File

@@ -38,23 +38,25 @@ description:
Promote sssd Promote sssd
options: options:
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: no required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
config_setup_ca: config_setup_ca:
description: description: The config setup_ca setting
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

32
roles/ipareplica/library/ipareplica_restart_kdc.py
View File

@@ -37,6 +37,38 @@ short description: Restart KDC
description: description:
Restart KDC Restart KDC
options: options:
setup_ca:
description: Configure a dogtag CA
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
no_ui_redirect:
description: Do not automatically redirect to the Web UI
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name:
description: The config master_host_name setting
required: no
ccache:
description: The local ccache
required: no
_ca_file:
description: The installer _ca_file setting
required: yes
_top_dir:
description: The installer _top_dir setting
required: no
dirman_password:
description: Directory Manager (master) password
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

36
roles/ipareplica/library/ipareplica_setup_adtrust.py
View File

@@ -38,23 +38,41 @@ description:
Setup adtrust Setup adtrust
options: options:
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
subject_base: subject_base:
description: description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
enable_compat:
description: Enable support for trusted domains for old clients
required: yes required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
adtrust_netbios_name:
description: The adtrust netbios_name setting
required: no
adtrust_reset_netbios_name:
description: The adtrust reset_netbios_name setting
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

62
roles/ipareplica/library/ipareplica_setup_ca.py
View File

@@ -37,65 +37,67 @@ short description: Setup CA
description: description:
Setup CA Setup CA
options: options:
pki_config_override:
description: Path to ini file with config overrides
required: yes
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: description: Disable pkinit setup steps
required: yes
pki_config_override:
description:
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_ca_file: _ca_file:
description: description: The installer _ca_file setting
required: yes required: yes
_kra_enabled: _kra_enabled:
description: description: The installer _kra_enabled setting
required: yes required: yes
_kra_host_name: _kra_host_name:
description: description: The installer _kra_host_name setting
required: yes required: yes
_dirsrv_pkcs12_info: _dirsrv_pkcs12_info:
description: description: The installer _dirsrv_pkcs12_info setting
required: yes required: yes
_pkinit_pkcs12_info: _pkinit_pkcs12_info:
description: description: The installer _pkinit_pkcs12_info setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
_ca_subject: _ca_subject:
description: description: The installer _ca_subject setting
required: yes required: no
_subject_base: _subject_base:
description: description: The installer _subject_base setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
config_setup_ca: config_setup_ca:
description: description: The config setup_ca setting
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
config_ca_host_name: config_ca_host_name:
description: description: The config ca_host_name setting
required: yes required: no
config_ips: config_ips:
description: description: The config ips setting
required: yes required: yes
author: author:
- Thomas Woerner - Thomas Woerner

39
roles/ipareplica/library/ipareplica_setup_custodia.py
View File

@@ -38,44 +38,49 @@ description:
Setup custodia Setup custodia
options: options:
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: description: Disable pkinit setup steps
required: yes required: yes
no_ui_redirect: no_ui_redirect:
description: description: Do not automatically redirect to the Web UI
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_ca_file: _ca_file:
description: description: The installer _ca_file setting
required: yes required: yes
_kra_enabled: _kra_enabled:
description: description: The installer _kra_enabled setting
required: yes required: yes
_kra_host_name: _kra_host_name:
description: description: The installer _kra_host_name setting
required: yes
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

40
roles/ipareplica/library/ipareplica_setup_dns.py
View File

@@ -38,26 +38,46 @@ description:
Setup DNS Setup DNS
options: options:
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
setup_dns: setup_dns:
description: description: Configure bind with our zone
required: yes required: yes
subject_base: subject_base:
description: description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes required: yes
forwarders:
description: Add DNS forwarders
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
dns_ip_addresses:
description: The dns ip_addresses setting
required: no
dns_reverse_zones:
description: The dns reverse_zones setting
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

81
roles/ipareplica/library/ipareplica_setup_ds.py
View File

@@ -45,7 +45,7 @@ options:
required: yes required: yes
ip_addresses: ip_addresses:
description: List of Master Server IP Addresses description: List of Master Server IP Addresses
required: no required: yes
domain: domain:
description: Primary DNS domain of the IPA deployment description: Primary DNS domain of the IPA deployment
required: yes required: yes
@@ -56,73 +56,86 @@ options:
description: Fully qualified name of this host description: Fully qualified name of this host
required: yes required: yes
ca_cert_files: ca_cert_files:
description: List of iles containing CA certificates for the service certificate files description:
List of files containing CA certificates for the service certificate
files
required: yes required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation description: Do not use DNS for hostname lookup during installation
required: yes required: yes
setup_adtrust: setup_adtrust:
description: description: Configure AD trust capability
required: yes required: yes
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
setup_dns: setup_dns:
description: description: Configure bind with our zone
required: yes required: yes
dirserv_cert_files: no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description: description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes required: yes
force_join: force_join:
description: description: Force client enrollment even if already enrolled
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
server: server:
description: description: Fully qualified name of IPA server to enroll to
required: yes required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
installer_ccache: installer_ccache:
description: description: The installer ccache setting
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_dirsrv_pkcs12_info: _dirsrv_pkcs12_info:
description: description: The installer _dirsrv_pkcs12_info setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
_add_to_ipaservers: _add_to_ipaservers:
description: description: The installer _add_to_ipaservers setting
required: yes required: no
_ca_subject: _ca_subject:
description: description: The installer _ca_subject setting
required: yes required: no
_subject_base: _subject_base:
description: description: The installer _subject_base setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
config_setup_ca: config_setup_ca:
description: description: The config setup_ca setting
required: yes required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
config_ca_host_name: config_ca_host_name:
description: description: The config ca_host_name setting
required: yes required: no
config_ips: config_ips:
description: description: The config ips setting
required: yes required: yes
author: author:
- Thomas Woerner - Thomas Woerner

37
roles/ipareplica/library/ipareplica_setup_http.py
View File

@@ -38,41 +38,46 @@ description:
Setup HTTP Setup HTTP
options: options:
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: description: Disable pkinit setup steps
required: yes required: yes
no_ui_redirect: no_ui_redirect:
description: description: Do not automatically redirect to the Web UI
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
config_ca_host_name:
description: The config ca_host_name setting
required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_ca_enabled: _ca_enabled:
description: description: The installer _ca_enabled setting
required: yes required: yes
_ca_file: _ca_file:
description: description: The installer _ca_file setting
required: yes required: yes
_http_pkcs12_info: _http_pkcs12_info:
description: description: The installer _http_pkcs12_info setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

63
roles/ipareplica/library/ipareplica_setup_kra.py
View File

@@ -45,7 +45,7 @@ options:
required: yes required: yes
ip_addresses: ip_addresses:
description: List of Master Server IP Addresses description: List of Master Server IP Addresses
required: no required: yes
domain: domain:
description: Primary DNS domain of the IPA deployment description: Primary DNS domain of the IPA deployment
required: yes required: yes
@@ -56,22 +56,73 @@ options:
description: Fully qualified name of this host description: Fully qualified name of this host
required: yes required: yes
ca_cert_files: ca_cert_files:
description: List of iles containing CA certificates for the service certificate files description:
List of files containing CA certificates for the service certificate
files
required: yes required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation description: Do not use DNS for hostname lookup during installation
required: yes required: yes
pki_config_override:
description: Path to ini file with config overrides
required: yes
setup_adtrust: setup_adtrust:
description: description: Configure AD trust capability
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
setup_dns: setup_dns:
description: description: Configure bind with our zone
required: yes required: yes
external_ca: dirsrv_cert_files:
description: description:
Files containing the Directory Server SSL certificate and private key
required: yes
force_join:
description: Force client enrollment even if already enrolled
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
server:
description: Fully qualified name of IPA server to enroll to
required: no
config_master_host_name:
description: The config master_host_name setting
required: no
ccache:
description: The local ccache
required: no
installer_ccache:
description: The installer ccache setting
required: no
_ca_enabled:
description: The installer _ca_enabled setting
required: yes
_kra_enabled:
description: The installer _kra_enabled setting
required: yes
_kra_host_name:
description: The installer _kra_host_name setting
required: yes
_top_dir:
description: The installer _top_dir setting
required: no
_add_to_ipaservers:
description: The installer _add_to_ipaservers setting
required: no
_ca_subject:
description: The installer _ca_subject setting
required: no
_subject_base:
description: The installer _subject_base setting
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

24
roles/ipareplica/library/ipareplica_setup_krb.py
View File

@@ -38,29 +38,31 @@ description:
Setup KRB Setup KRB
options: options:
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: description: Disable pkinit setup steps
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_pkinit_pkcs12_info: _pkinit_pkcs12_info:
description: description: The installer _pkinit_pkcs12_info setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

30
roles/ipareplica/library/ipareplica_setup_otpd.py
View File

@@ -38,35 +38,37 @@ description:
Setup OTPD Setup OTPD
options: options:
setup_ca: setup_ca:
description: description: Configure a dogtag CA
required: yes required: yes
setup_kra: setup_kra:
description: description: Configure a dogtag KRA
required: yes required: yes
no_pkinit: no_pkinit:
description: description: Disable pkinit setup steps
required: yes required: yes
no_ui_redirect: no_ui_redirect:
description: description: Do not automatically redirect to the Web UI
required: yes required: yes
subject_base: subject_base:
description: description:
required: yes The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: no
config_master_host_name: config_master_host_name:
description: description: The config master_host_name setting
required: yes required: no
ccache: ccache:
description: description: The local ccache
required: yes required: no
_ca_file: _ca_file:
description: description: The installer _ca_file setting
required: yes required: yes
_top_dir: _top_dir:
description: description: The installer _top_dir setting
required: yes required: no
dirman_password: dirman_password:
description: description: Directory Manager (master) password
required: yes required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

86
roles/ipareplica/library/ipareplica_test.py
View File

@@ -31,9 +31,91 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipareplica_test module: ipareplica_test
short description: short description: IPA replica deployment tests
description: description: IPA replica deployment tests
options: options:
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
servers:
description: Fully qualified name of IPA servers to enroll to
required: yes
realm:
description: Kerberos realm name of the IPA deployment
required: yes
hostname:
description: Fully qualified name of this host
required: yes
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
hidden_replica:
description: Install a hidden replica
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: yes
no_ntp:
description: Do not configure ntp
required: yes
ntp_servers:
description: ntp servers to use
required: yes
ntp_pool:
description: ntp server pool to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse:
description: Create necessary reverse zones
required: yes
forwarders:
description: Add DNS forwarders
required: yes
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

15
roles/ipaserver/library/ipaserver_enable_ipa.py
View File

@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: enable_ipa module: ipaserver_enable_ipa
short description: short description: Enable IPA
description: description: Enable IPA
options: options:
hostname:
description: Fully qualified name of this host
required: yes
setup_dns:
description: Configure bind with our zone
required: no
setup_ca:
description: Configure a dogtag CA
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

6
roles/ipaserver/library/ipaserver_load_cache.py
View File

@@ -33,10 +33,12 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaserver_load_cache module: ipaserver_load_cache
short description: short description: Load cache file
description: description: Load cache file
options: options:
dm_password: dm_password:
description: Directory Manager password
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

7
roles/ipaserver/library/ipaserver_master_password.py
View File

@@ -30,14 +30,17 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: master_password module: ipaserver_master_password
short description: Generate kerberos master password if not given short description: Generate kerberos master password if not given
description: description:
Generate kerberos master password if not given Generate kerberos master password if not given
options: options:
dm_password:
description: Directory Manager password
required: no
master_password: master_password:
description: kerberos master password (normally autogenerated) description: kerberos master password (normally autogenerated)
required: false required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

83
roles/ipaserver/library/ipaserver_prepare.py
View File

@@ -33,37 +33,116 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaserver_prepare module: ipaserver_prepare
short description: short description: Prepare IPA server deployment
description: description: Prepare IPA server deployment
options: options:
force:
description: Installer force parameter
required: yes
dm_password: dm_password:
description: Directory Manager password
required: no
password: password:
description: Admin user kerberos password
required: no
ip_addresses: ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain: domain:
description: Primary DNS domain of the IPA deployment
required: no
realm: realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname: hostname:
description: Fully qualified name of this host
required: yes
ca_cert_files: ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust: setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra: setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns: setup_dns:
description: Configure bind with our zone
required: yes
external_ca: external_ca:
description: External ca setting
required: yes
external_ca_type:
description: Type of the external CA
required: yes
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
required: yes
external_cert_files: external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base: subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject: ca_subject:
description: The installer ca_subject setting
required: yes
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: yes
reverse_zones: reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse: no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse: auto_reverse:
description: Create necessary reverse zones
required: yes
forwarders: forwarders:
description: Add DNS forwarders
required: yes
no_forwarders: no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders: auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy: forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
enable_compat: enable_compat:
description: Enable support for trusted domains for old clients
required: yes
netbios_name: netbios_name:
description: NetBIOS name of the IPA domain
required: yes
rid_base: rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base: secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
setup_ca: setup_ca:
description: Configure a dogtag CA
required: yes
_hostname_overridden: _hostname_overridden:
description: The installer _hostname_overridden setting
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

64
roles/ipaserver/library/ipaserver_set_ds_password.py
View File

@@ -32,10 +32,68 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: set_ds_password module: ipaserver_set_ds_password
short description: short description: Set DS password
description: description: Set DS password
options: options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: no
setup_ca:
description: Configure a dogtag CA
required: no
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
domainlevel:
description: The domain level
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

31
roles/ipaserver/library/ipaserver_setup_adtrust.py
View File

@@ -32,10 +32,35 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_adtrust module: ipaserver_setup_adtrust
short description: short description: Setup trust ad
description: description: Setup trust ad
options: options:
hostname:
description: Fully qualified name of this host
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
adtrust_netbios_name:
description: The adtrust netbios_name setting
required: no
adtrust_reset_netbios_name:
description: The adtrust reset_netbios_name setting
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

84
roles/ipaserver/library/ipaserver_setup_ca.py
View File

@@ -33,39 +33,119 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaserver_setup_ca module: ipaserver_setup_ca
short description: short description: Setup CA
description: description: Setup CA
options: options:
dm_password: dm_password:
description: Directory Manager password
required: no
password: password:
description: Admin user kerberos password
required: no
master_password: master_password:
description: kerberos master password (normally autogenerated)
required: no
ip_addresses: ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain: domain:
description: Primary DNS domain of the IPA deployment
required: no
realm: realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname: hostname:
description: Fully qualified name of this host
required: yes
no_host_dns: no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
pki_config_override:
description: Path to ini file with config overrides
required: yes
setup_adtrust: setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra: setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns: setup_dns:
description: Configure bind with our zone
required: yes
setup_ca: setup_ca:
description: Configure a dogtag CA
required: yes
idstart: idstart:
description: The starting value for the IDs range (default random)
required: no
idmax: idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_hbac_allow: no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_pkinit: no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file: dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files: dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
_dirsrv_pkcs12_info: _dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
external_ca: external_ca:
description: External ca setting
required: yes
external_ca_type:
description: Type of the external CA
required: yes
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base: subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
_subject_base: _subject_base:
description: The installer _subject_base setting
required: yes
ca_subject: ca_subject:
description: The installer ca_subject setting
required: yes
_ca_subject: _ca_subject:
description: The installer _ca_subject setting
required: yes
ca_signing_algorithm: ca_signing_algorithm:
description: Signing algorithm of the IPA CA certificate
required: yes
reverse_zones: reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse: no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_forwarders: auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
domainlevel: domainlevel:
description: The domain level
required: yes
_http_ca_cert: _http_ca_cert:
description: The installer _http_ca_cert setting
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

10
roles/ipaserver/library/ipaserver_setup_custodia.py
View File

@@ -33,12 +33,18 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaserver_setup_custodia module: ipaserver_setup_custodia
short description: short description: Setup custodia
description: description: Setup custodia
options: options:
realm: realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname: hostname:
description: Fully qualified name of this host
required: yes
setup_ca: setup_ca:
description: Configure a dogtag CA
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

35
roles/ipaserver/library/ipaserver_setup_dns.py
View File

@@ -32,17 +32,46 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_dns module: ipaserver_setup_dns
short description: short description: Setup DNS
description: description: Setup DNS
options: options:
ip_addresses:
description: List of Master Server IP Addresses
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname: hostname:
description: Fully qualified name of this host
required: no
setup_dns: setup_dns:
description: Configure bind with our zone
required: no
setup_ca: setup_ca:
description: Configure a dogtag CA
required: no
zonemgr: zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes
forwarders: forwarders:
description: Add DNS forwarders
required: no
forward_policy: forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation: no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
dns_ip_addresses:
description: The dns ip_addresses setting
required: no
dns_reverse_zones:
description: The dns reverse_zones setting
required: no
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

51
roles/ipaserver/library/ipaserver_setup_ds.py
View File

@@ -33,21 +33,64 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaserver_setup_ds module: ipaserver_setup_ds
short description: short description: Configure directory server
description: description: Configure directory server
options: options:
dm_password: dm_password:
description: Directory Manager password
required: no
password: password:
description: Admin user kerberos password
required: no
domain: domain:
description: Primary DNS domain of the IPA deployment
required: no
realm: realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname: hostname:
description: Fully qualified name of this host
required: yes
idstart: idstart:
description: The starting value for the IDs range (default random)
required: no
idmax: idmax:
no_pkinit: description: The max value for the IDs range (default: idstart+199999)
required: no
no_hbac_allow: no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base: subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject: ca_subject:
setup_ca description: The installer ca_subject setting
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

107
roles/ipaserver/library/ipaserver_setup_http.py
View File

@@ -32,10 +32,111 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_ds module: ipaserver_setup_http
short description: short description: Setup HTTP
description: description: Setup HTTP
options: options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
ip_addresses:
description: List of Master Server IP Addresses
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
no_ui_redirect:
description: Do not automatically redirect to the Web UI
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
_subject_base:
description: The installer _subject_base setting
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
_ca_subject:
description: The installer _ca_subject setting
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
domainlevel:
description: The domain level
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
required: yes
_http_pkcs12_info:
description: The installer _http_pkcs12_info setting
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

24
roles/ipaserver/library/ipaserver_setup_kra.py
View File

@@ -32,10 +32,28 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_kra module: ipaserver_setup_kra
short description: short description: Setup KRA
description: description: Setup KRA
options: options:
dm_password:
description: Directory Manager password
required: no
hostname:
description: Fully qualified name of this host
required: no
setup_ca:
description: Configure a dogtag CA
required: no
setup_kra:
description: Configure a dogtag KRA
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
pki_config_override:
description: Path to ini file with config overrides
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

79
roles/ipaserver/library/ipaserver_setup_krb.py
View File

@@ -32,10 +32,83 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_ds module: ipaserver_setup_krb
short description: short description: Setup KRB
description: description: Setup KRB
options: options:
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: no
domain:
description: Primary DNS domain of the IPA deployment
required: no
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
ip_addresses:
description: List of Master Server IP Addresses
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
no_hbac_allow:
description: Don't install allow_all HBAC rule
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: no
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: no
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

12
roles/ipaserver/library/ipaserver_setup_ntp.py
View File

@@ -32,10 +32,16 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_ntp module: ipaserver_setup_ntp
short description: short description: Setup NTP
description: description: Setup NTP
options: options:
ntp_servers:
description: ntp servers to use
required: yes
ntp_pool:
description: ntp server pool to use
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

15
roles/ipaserver/library/ipaserver_setup_otpd.py
View File

@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: setup_otpd module: ipaserver_setup_otpd
short description: short description: Setup OTPD
description: description: Setup OTPD
options: options:
realm:
description: Kerberos realm name of the IPA deployment
required: no
hostname:
description: Fully qualified name of this host
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''

164
roles/ipaserver/library/ipaserver_test.py
View File

@@ -31,9 +31,169 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaserver_test module: ipaserver_test
short description: short description: IPA server test
description: description: IPA server test
options: options:
force:
description: Installer force parameter
required: yes
dm_password:
description: Directory Manager password
required: no
password:
description: Admin user kerberos password
required: no
master_password:
description: kerberos master password (normally autogenerated)
required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
realm:
description: Kerberos realm name of the IPA deployment
required: yes
hostname:
description: Fully qualified name of this host
required: yes
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
pki_config_override:
description: Path to ini file with config overrides
required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
setup_dns:
description: Configure bind with our zone
required: yes
idstart:
description: The starting value for the IDs range (default random)
required: yes
idmax:
description: The max value for the IDs range (default: idstart+199999)
required: yes
no_pkinit:
description: Disable pkinit setup steps
required: yes
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
required: yes
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
required: yes
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
required: yes
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
required: yes
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: yes
http_pin:
description: The password to unlock the Apache Server private key
required: yes
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: yes
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: yes
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: yes
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: yes
ntp_servers:
description: ntp servers to use
required: yes
ntp_pool:
description: ntp server pool to use
required: yes
no_ntp:
description: Do not configure ntp
required: yes
external_ca:
description: External ca setting
required: yes
external_ca_type:
description: Type of the external CA
required: yes
external_ca_profile:
description:
Specify the certificate profile/template to use at the external CA
required: yes
external_cert_files:
description:
File containing the IPA CA certificate and the external CA certificate
chain
required: yes
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
description: The installer ca_subject setting
required: yes
allow_zone_overlap:
description: Create DNS zone even if it already exists
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
no_reverse:
description: Do not create new reverse DNS zone
required: yes
auto_reverse:
description: Create necessary reverse zones
required: yes
zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes
forwarders:
description: Add DNS forwarders
required: yes
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
description: DNS forwarding policy for global forwarders
required: yes
no_dnssec_validation:
description: Disable DNSSEC validation
required: yes
enable_compat:
description: Enable support for trusted domains for old clients
required: yes
netbios_name:
description: NetBIOS name of the IPA domain
required: yes
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
author: author:
- Thomas Woerner - Thomas Woerner
''' '''