internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 13:53:23 +00:00
Code Issues Projects Releases Wiki Activity

New ipaclient options: force_join, kinit_attempts, ntp and mkhomedir

Browse Source
This commit is contained in:
Thomas Woerner
2017-08-18 10:02:01 +02:00
parent 9ad38c668d
commit 95c38d169d
3 changed files with 48 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
library/ipaclient.py
View File

@@ -63,12 +63,29 @@ options:
otp:
description: The One-Time-Password used to join the IPA realm.
required: false
force_join:
description: Set force_join to yes to join the host even if it is already enrolled.
required: false
choices: [ "yes", "force" ]
default: yes
kinit_attempts:
description: Repeat the request for host Kerberos ticket X times.
required: false
ntp:
description: Set to no to not configure and enable NTP
required: false
default: yes
mkhomedir:
description: Set to yes to configure PAM to create a users home directory if it does not exist.
required: false
default: no
extr_args:
description: The list of extra arguments to provide to ipa-client-install.
required: false
type: list
author:
- Florence Blanc-Renaud
- Thomas Woerner
'''
EXAMPLES = '''
@@ -81,7 +98,8 @@ EXAMPLES = '''
- ipaclient:
principal: admin
password: MySecretPassword
extraargs: [ '--no-ntp', '--kinit-attempts=5']
ntp: no
kinit_attempts: 5
# Enroll client using admin credentials, with specified domain and
# autodiscovery of the IPA server
@@ -89,7 +107,8 @@ EXAMPLES = '''
principal: admin
password: MySecretPassword
domain: ipa.domain.com
extraargs: [ '--no-ntp', '--kinit-attempts=5']
ntp: no
kinit_attempts: 5
# Enroll client using admin credentials, with specified server
- ipaclient:
@@ -97,7 +116,8 @@ EXAMPLES = '''
password: MySecretPassword
domain: ipa.domain.com
server: ipaserver.ipa.domain.com
extraargs: [ '--no-ntp', '--kinit-attempts=5']
ntp: no
kinit_attempts: 5
# Enroll client using One-Time-Password, with specified domain and realm
- ipaclient:
@@ -207,6 +227,10 @@ def ensure_ipa_client(module):
password = module.params.get('password')
keytab = module.params.get('keytab')
otp = module.params.get('otp')
force_join = module.params.get('force_join')
kinit_attempts = module.params.get('kinit_attempts')
ntp = module.params.get('ntp')
mkhomedir = module.params.get('mkhomedir')
extra_args = module.params.get('extra_args')
# Ensure that at least one auth method is specified
@@ -258,6 +282,15 @@ def ensure_ipa_client(module):
if otp:
cmd.append("--password")
cmd.append(otp)
if force_join:
cmd.append("--force-join")
if kinit_attempts:
cmd.append("--kinit-attempts")
cmd.append(str(kinit_attempts))
if not ntp:
cmd.append("--no-ntp")
if mkhomedir:
cmd.append("--mkhomedir")
if extra_args:
for extra_arg in extra_args:
cmd.append(extra_arg)
@@ -286,6 +319,10 @@ def main():
password=dict(required=False, no_log=True),
keytab=dict(required=False, type='path'),
otp=dict(required=False),
force_join=dict(required=False, type='bool', default=False),
kinit_attempts=dict(required=False, type='int'),
ntp=dict(required=False, type='bool', default=True),
mkhomedir=dict(required=False, type='bool', default=False),
extra_args=dict(default=None, type='list')
),
)

4
roles/ipaclient/defaults/main.yml
View File

@@ -9,4 +9,8 @@ ipaclient_principal:
ipaclient_password:
ipaclient_keytab:
ipaclient_otp:
ipaclient_force_join: no
ipaclient_kinit_attempts:
ipaclient_ntp: yes
ipaclient_mkhomedir: no
ipaclient_extraargs: []

4
roles/ipaclient/tasks/install.yml
View File

@@ -42,4 +42,8 @@
password: "{{ ipaclient_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
otp: "{{ ipaclient_otp | default(omit) }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
extra_args: "{{ ipaclient_extraargs | default(omit) }}"