internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-30 23:33:06 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: internet:fix_image_build
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0
..
compare: internet:fix-role-readme-title
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0

1 Commits
fix_image_ ... fix-role-r

Author SHA1 Message Date
Thomas Woerner
d01848d820 Fix README-role.md title 
Change title of README-role to "Role module"
 2020-07-29 10:16:05 +02:00
323 changed files with 10778 additions and 13508 deletions
Expand all files Collapse all files

23
.ansible-lint
View File

@@ -1,23 +0,0 @@
exclude_paths:
- roles
- .tox
- .venv
parseable: true
quiet: false
skip_list:
- '201' # Trailing whitespace
- '204' # Lines should be no longer than 160 chars
- '206' # Variables should have spaces before and after: {{ var_name }}'
- '208' # File permissions not mentioned
- '301' # Commands should not change things if nothing needs doing'
- '305' # Use shell only when shell functionality is required'
- '306' # Shells that use pipes should set the pipefail option'
- '502' # All tasks should be named
- '505' # Referenced missing file
use_default_rules: true
verbosity: 1

9
.copr/Makefile
View File

@@ -1,9 +0,0 @@
srpm:
# Setup development environment
echo "Installing base development environment"
dnf install -y dnf-plugins-core git-all
echo "Call SRPM build Script"
./utils/build-srpm.sh
if [[ "${outdir}" != "" ]]; then \
mv /builddir/build/SRPMS/* ${outdir}; \
fi

16
.github/workflows/docs.yml vendored
View File

@@ -1,16 +0,0 @@
---
name: Verify Ansible documentation.
on:
- push
- pull_request
jobs:
check_docs:
name: Check Ansible Documentation.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Run ansible-doc-test
run: ANSIBLE_LIBRARY="." python utils/ansible-doc-test roles plugins

33
.github/workflows/lint.yml vendored
View File

@@ -1,33 +0,0 @@
---
name: Run Linters
on:
- push
- pull_request
jobs:
linters:
name: Run Linters
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: "3.6"
- name: Run ansible-lint
uses: ansible/ansible-lint-action@master
with:
targets: |
tests/*.yml
tests/*/*.yml
tests/*/*/*.yml
playbooks/*.yml
playbooks/*/*.yml
env:
ANSIBLE_MODULE_UTILS: plugins/module_utils
ANSIBLE_LIBRARY: plugins/modules
- name: Run yaml-lint
uses: ibiqlik/action-yamllint@v1
- name: Run Python linters
uses: rjeffman/python-lint-action@v2

6
.gitignore vendored
View File

@@ -1,8 +1,2 @@
*.pyc
*.retry
# ignore virtual environments
/.tox/
/.venv/
tests/logs/

31
.pre-commit-config.yaml
View File

@@ -1,31 +0,0 @@
---
repos:
- repo: https://github.com/ansible/ansible-lint.git
rev: v4.3.5
hooks:
- id: ansible-lint
always_run: false
pass_filenames: true
files: \.(yaml|yml)$
entry: env ANSIBLE_LIBRARY=./plugins/modules ANSIBLE_MODULE_UTILS=./plugins/module_utils ansible-lint --force-color
- repo: https://github.com/adrienverge/yamllint.git
rev: v1.25.0
hooks:
- id: yamllint
files: \.(yaml|yml)$
- repo: https://gitlab.com/pycqa/flake8
rev: 3.8.4
hooks:
- id: flake8
- repo: https://gitlab.com/pycqa/pydocstyle
rev: 5.1.1
hooks:
- id: pydocstyle
- repo: local
hooks:
- id: ansible-doc-test
name: Verify Ansible roles and module documentation.
language: script
entry: utils/ansible-doc-test
# args: ['-v', 'roles', 'plugins']
files: ^.*.py$

28
.yamllint
View File

@@ -1,28 +0,0 @@
---
ignore: |
/.tox/
/.venv/
/.github/
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
truthy:
allowed-values: ["yes", "no", "true", "false", "True", "False"]
level: error
# Disabled rules
document-start: disable
indentation: disable
line-length: disable
colons: disable
empty-lines: disable
comments: disable
comments-indentation: disable
trailing-spaces: disable
new-line-at-end-of-file: disable

121
CONTRIBUTING.md
View File

@@ -1,121 +0,0 @@
Contributing to ansible-freeipa
===============================
As part of the [FreeIPA] project, ansible-freeipa follows
[FreeIPA's Code of Conduct].
Reporting bugs or Features
--------------------------
ansible-freeipa uses [Github issues] for the upstream development, so all RFEs
and bug reports should be added there.
If you have questions about the usage of ansible-freeipa modules and roles,
you should also submit an issue, so that anyone that knows an answer can help.
Development
-----------
Contribute code by submitting a [pull request]. All pull requests should be
created against the `master` branch. If your PR fixes an open issue, please,
add this information to the commit message, like _"Fix issue #num"_.
Every PR will have to pass some automatic checks and be reviewed by another
developer(s). Once they are approved, they will be merged.
In your commits, use clear messages that include intent, summary of changes,
and expected result. Use a template commit message [for modules] and
[for roles].
Upon review, it is fine to `force push` the changes.
**Preparing the development environment**
There are some useful tools that will help you develop for ansible-freeipa,
and you should install, at least, the modules in `requirements.txt`. You
can install the modules with your distribution package manager, or use pip,
as in the example:
```
python3 -m pip install --user -r requirements-dev.txt
```
We recommend using [pre-commit] so that the basic checks that will be executed
for your PR are executed locally, on your commits. To setup the pre-commit
hooks, issue the command:
```
pre-commit install
```
**Developing new modules**
When developing new modules use the script `utils/new_module`. If the module
should have `action: member` support, use the flag `-m`.
This script will create the basic structure for the module, the required files
for tests, playbooks, documentation and source code, all at the appropriate
places.
**Other helpfull tools**
Under directory `utils`, you will find other useful tools, like
**lint-check.sh**, which will run the Python and YAML linters on your code,
and **ansible-doc-test** which will verify if the documentation added to the
roles and modules source code has the right format.
Testing
-------
When testing ansible-freeipa's roles and modules, we aim to check if they
do what they intend to do, report the results correctly, and if they are
idempotent (although, sometimes the operation performed is not, like when
renaming items). To achieve this, we use Ansible playbooks.
The Ansible playbooks test can be found under the [tests] directory. They
should test the behavior of the module or role, and, if possible, provide
test cases for all attributes.
There might be some limitation on the testing environment, as some attributes
or operations are only available in some circumstances, like specific FreeIPA
versions, or some more elaborate scenarios (for example, requiring a
configured trust to an AD domain). For these cases, there are some `facts`
available that will only enable the tests if the testing environment is
enabled.
The tests run automatically on every pull request, using Fedora, CentOS 7,
and CentOS 8 environments.
See the document [Running the tests] and also the section `Preparing the
development environment`, to prepare your environment.
Documentation
-------------
We do our best to provide a correct and complete documentation for the modules
and roles we provide, but we sometimes miss something that users find it
important to be documented.
If you think something could be made easier to understand, or found an error
or omission in the documentation, fixing it will help other users and make
the experience on using the project much better.
Also, the [playbooks] can be seen as part of the documentation, as they are
examples of commonly performed tasks.
---
[FreeIPA]: https://freeipa.org
[FreeIPA's Code of Conduct]: https://github.com/freeipa/freeipa/blob/master/CODE_OF_CONDUCT.md
[for modules]: https://github.com/freeipa/ansible-freeipa/pull/357
[for roles]: https://github.com/freeipa/ansible-freeipa/pull/430
[Github issues]: https://github.com/freeipa/ansible-freeipa/issues
[pull request]: https://github.com/freeipa/ansible-freeipa/pulls
[playbooks]: playbooks
[pre-commit]: https://pre-commit.com
[Running the tests]: tests/README.md
[tests]: tests/

3
README-config.md
View File

@@ -19,7 +19,6 @@ Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipaconfig module.
Some variables are only supported on newer versions of FreeIPA. Check `Variables` section for details.
Requirements
------------
@@ -92,7 +91,7 @@ Variable | Description | Required
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`maxusername` \| `ipamaxusernamelength` | Set the maximum username length (1 to 255) | no
`maxhostname` \| `ipamaxhostnamelength` | Set the maximum hostname length between 64-255. Only usable with IPA versions 4.8.0 and up. | no
`maxhostname` \| `ipamaxhostnamelength` | Set the maximum hostname length between 64-255 | no
`homedirectory` \| `ipahomesrootdir` | Set the default location of home directories | no
`defaultshell` \| `ipadefaultloginshell` | Set the default shell for new users | no
`defaultgroup` \| `ipadefaultprimarygroup` | Set the default group for new users | no

157
README-delegation.md
View File

@@ -1,157 +0,0 @@
Delegation module
=================
Description
-----------
The delegation module allows to ensure presence, absence of delegations and delegation attributes.
Features
--------
* Delegation management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipadelegation module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure delegation "basic manager attributes" is present:
```yaml
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
- employeetype
group: managers
membergroup: employees
```
Example playbook to make sure delegation "basic manager attributes" is absent:
```yaml
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent
```
Example playbook to make sure "basic manager attributes" member attributes employeetype and employeenumber are present:
```yaml
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
```
Example playbook to make sure "basic manager attributes" member attributes employeetype and employeenumber are absent:
```yaml
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
state: absent
```
Example playbook to make sure delegation "basic manager attributes" is absent:
```yaml
---
- name: Playbook to manage IPA delegation.
hosts: ipaserver
become: yes
tasks:
- ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent
```
Variables
---------
ipadelegation
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `aciname` | The list of delegation name strings. | yes
`permission` \| `permissions` | The permission to grant `read`, `read,write`, `write`]. Default is `write`. | no
`attribute` \| `attrs` | The attribute list to which the delegation applies. | no
`membergroup` \| `memberof` | The user group to apply delegation to. | no
`group` | User group ACI grants access to. | no
`action` | Work on delegation or member level. It can be on of `member` or `delegation` and defaults to `delegation`. | no
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. | no
Authors
=======
Thomas Woerner

23
README-dnsforwardzone.md
View File

@@ -47,13 +47,13 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
become: true
tasks:
- name: ensure presence of forwardzone with a single forwarder DNS server
- name: ensure presence of forwardzone for DNS requests for example.com to 8.8.8.8
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: present
name: example.com
forwarders:
- ip_address: 8.8.8.8
- 8.8.8.8
forwardpolicy: first
skip_overlap_check: true
@@ -63,14 +63,14 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
name: example.com
state: disabled
- name: ensure presence of forwardzone with multiple forwarder DNS server
- name: ensure presence of multiple upstream DNS servers for example.com
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: present
name: example.com
forwarders:
- ip_address: 8.8.8.8
- ip_address: 4.4.4.4
- 8.8.8.8
- 4.4.4.4
- name: ensure presence of another forwarder to any existing ones for example.com
ipadnsforwardzone:
@@ -78,19 +78,10 @@ Example playbook to ensure presence of a forwardzone to ipa DNS:
state: present
name: example.com
forwarders:
- ip_address: 1.1.1.1
- 1.1.1.1
action: member
- name: ensure presence of forwardzone with single forwarder DNS server on non-stardard port
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: present
name: example.com
forwarders:
- ip_address: 4.4.4.4
port: 8053
- name: ensure the forward zone is absent
- name: ensure the forwarder for example.com does not exists (delete it if needed)
ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
name: example.com

54
README-dnszone.md
View File

@@ -152,46 +152,6 @@ Example playbook to remove a zone:
```
Example playbook to create a zone for reverse DNS lookup, from an IP address:
```yaml
---
- name: dnszone present
hosts: ipaserver
become: true
tasks:
- name: Ensure zone for reverse DNS lookup is present.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name_from_ip: 192.168.1.2
state: present
```
Note that, on the previous example the zone created with `name_from_ip` might be "1.168.192.in-addr.arpa.", "168.192.in-addr.arpa.", or "192.in-addr.arpa.", depending on the DNS response the system get while querying for zones, and for this reason, when creating a zone using `name_from_ip`, the inferred zone name is returned to the controller, in the attribute `dnszone.name`. Since the zone inferred might not be what a user expects, `name_from_ip` can only be used with `state: present`. To have more control over the zone name, the prefix length for the IP address can be provided.
Example playbook to create a zone for reverse DNS lookup, from an IP address, given the prefix length and displaying the resulting zone name:
```yaml
---
- name: dnszone present
hosts: ipaserver
become: true
tasks:
- name: Ensure zone for reverse DNS lookup is present.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name_from_ip: 192.168.1.2/24
state: present
register: result
- name: Display inferred zone name.
debug:
msg: "Zone name: {{ result.dnszone.name }}"
```
Variables
=========
@@ -203,8 +163,7 @@ Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `zone_name` | The zone name string or list of strings. | no
`name_from_ip` | Derive zone name from reverse of IP (PTR). Can only be used with `state: present`. | no
`name` \| `zone_name` | The zone name string. | yes
`forwarders` | The list of forwarders dicts. Each `forwarders` dict entry has:| no
  | `ip_address` - The IPv4 or IPv6 address of the DNS server. | yes
  | `port` - The custom port that should be used on this server. | no
@@ -230,17 +189,6 @@ Variable | Description | Required
`skip_nameserver_check` | Force DNS zone creation even if nameserver is not resolvable | no
Return Values
=============
ipadnszone
----------
Variable | Description | Returned When
-------- | ----------- | -------------
`dnszone` | DNS Zone dict with zone name infered from `name_from_ip`. <br>Options: | If `state` is `present`, `name_from_ip` is used, and a zone was created.
&nbsp; | `name` - The name of the zone created, inferred from `name_from_ip`. | Always
Authors
=======

21
README-group.md
View File

@@ -19,8 +19,6 @@ Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipagroup module.
Some variables are only supported on newer versions of FreeIPA. Check `Variables` section for details.
Requirements
------------
@@ -109,24 +107,6 @@ Example playbook to add group members to a group:
- appops
```
Example playbook to add members from a trusted realm to an external group:
```yaml
--
- name: Playbook to handle groups.
hosts: ipaserver
became: true
- name: Create an external group and add members from a trust to it.
ipagroup:
ipaadmin_password: SomeADMINpassword
name: extgroup
external: yes
externalmember:
- WINIPA\\Web Users
- WINIPA\\Developers
```
Example playbook to remove groups:
```yaml
@@ -166,7 +146,6 @@ Variable | Description | Required
`service` | List of service name strings assigned to this group. Only usable with IPA versions 4.7 and up. | no
`membermanager_user` | List of member manager users assigned to this group. Only usable with IPA versions 4.8.4 and up. | no
`membermanager_group` | List of member manager groups assigned to this group. Only usable with IPA versions 4.8.4 and up. | no
`externalmember` \| `ipaexternalmember` \| `external_member`| List of members of a trusted domain in DOM\\name or name@domain form. | no
`action` | Work on group or member level. It can be on of `member` or `group` and defaults to `group`. | no
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes

23
README-hostgroup.md
View File

@@ -19,8 +19,6 @@ Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipahostgroup module.
Some variables are only supported on newer versions of FreeIPA. Check `Variables` section for details.
Requirements
------------
@@ -107,23 +105,6 @@ Example playbook to make sure hosts and hostgroups are absent in databases hostg
state: absent
```
Example playbook to rename an existing playbook:
```yaml
---
- name: Playbook to handle hostgroups
hosts: ipaserver
become: true
tasks:
# Ensure host-group databases is absent
- ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed
```
Example playbook to make sure host-group databases is absent:
```yaml
@@ -140,6 +121,7 @@ Example playbook to make sure host-group databases is absent:
state: absent
```
Variables
=========
@@ -157,9 +139,8 @@ Variable | Description | Required
`hostgroup` | List of hostgroup name strings assigned to this hostgroup. | no
`membermanager_user` | List of member manager users assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
`membermanager_group` | List of member manager groups assigned to this hostgroup. Only usable with IPA versions 4.8.4 and up. | no
`rename` \| `new_name` | Rename hostgroup to the provided name. Only usable with IPA versions 4.8.7 and up. | no
`action` | Work on hostgroup or member level. It can be on of `member` or `hostgroup` and defaults to `hostgroup`. | no
`state` | The state to ensure. It can be one of `present`, `absent` or `renamed`, default: `present`. | no
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no
Authors

92
README-location.md
View File

@@ -1,92 +0,0 @@
Location module
===============
Description
-----------
The location module allows to ensure presence and absence of locations.
Features
--------
* Location management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipalocation module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure location "my_location1" is present:
```yaml
---
- name: Playbook to manage IPA location.
hosts: ipaserver
become: yes
tasks:
- ipalocation:
ipaadmin_password: SomeADMINpassword
name: my_location1
description: My Location 1
```
Example playbook to make sure location "my_location1" is absent:
```yaml
---
- name: Playbook to manage IPA location.
hosts: ipaserver
become: yes
tasks:
- ipalocation:
ipaadmin_password: SomeADMINpassword
name: my_location1
state: absent
```
Variables
---------
ipalocation
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `idnsname` | The list of location name strings. | yes
`description` | The IPA location string | false
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. | no
Authors
=======
Thomas Woerner

188
README-permission.md
View File

@@ -1,188 +0,0 @@
Permission module
============
Description
-----------
The permission module allows to ensure presence and absence of permissions and permission members.
Features
--------
* Permission management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipapermission module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure permission "MyPermission" is present:
```yaml
---
- name: Playbook to handle IPA permissions
hosts: ipaserver
become: yes
tasks:
- name: Ensure permission MyPermission is present
ipapermission:
ipaadmin_password: SomeADMINpassword
name: MyPermission
object_type: host
right: all
```
Example playbook to ensure permission "MyPermission" is present with attr carlicense:
```yaml
---
- name: Playbook to handle IPA permissions
hosts: ipaserver
become: yes
tasks:
- name: Ensure permission "MyPermission" is present with attr carlicense
ipapermission:
ipaadmin_password: SomeADMINpassword
name: MyPermission
object_type: host
right: all
attrs:
- carlicense
```
Example playbook to ensure attr gecos is present in permission "MyPermission":
```yaml
---
- name: Playbook to handle IPA permissions
hosts: ipaserver
become: yes
tasks:
- name: Ensure attr gecos is present in permission "MyPermission"
ipapermission:
ipaadmin_password: SomeADMINpassword
name: MyPermission
attrs:
- gecos
action: member
```
Example playbook to ensure attr gecos is absent in permission "MyPermission":
```yaml
---
- name: Playbook to handle IPA permissions
hosts: ipaserver
become: yes
tasks:
- name: Ensure attr gecos is present in permission "MyPermission"
ipapermission:
ipaadmin_password: SomeADMINpassword
name: MyPermission
attrs:
- gecos
action: member
state: absent
```
Example playbook to make sure permission "MyPermission" is absent:
```yaml
---
- name: Playbook to handle IPA permissions
hosts: ipaserver
become: yes
tasks:
- name: Ensure permission "MyPermission" is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: MyPermission
state: absent
```
Example playbook to make sure permission "MyPermission" is renamed to "MyNewPermission":
```yaml
---
- name: Playbook to handle IPA permissions
hosts: ipaserver
become: yes
tasks:
- name: Ensure permission "MyPermission" is renamed to "MyNewPermission
ipapermission:
ipaadmin_password: SomeADMINpassword
name: MyPermission
rename: MyNewPermission
state: renamed
```
Variables
---------
ipapermission
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `cn` | The permission name string. | yes
`right` \| `ipapermright` | Rights to grant. It can be a list of one or more of `read`, `search`, `compare`, `write`, `add`, `delete`, and `all` default: `all` | no
`attrs` | All attributes to which the permission applies. | no
`bindtype` \| `ipapermbindruletype` | Bind rule type. It can be one of `permission`, `all`, `self`, or `anonymous` defaults to `permission` for new permissions. Bind rule type `self` can only be used on IPA versions 4.8.7 or up.| no
`subtree` \| `ipapermlocation` | Subtree to apply permissions to | no
`filter` \| `extratargetfilter` | Extra target filter | no
`rawfilter` \| `ipapermtargetfilter` | All target filters | no
`target` \| `ipapermtarget` | Optional DN to apply the permission to | no
`targetto` \| `ipapermtargetto` | Optional DN subtree where an entry can be moved to | no
`targetfrom` \| `ipapermtargetfrom` | Optional DN subtree from where an entry can be moved | no
`memberof` | Target members of a group (sets memberOf targetfilter) | no
`targetgroup` | User group to apply permissions to (sets target) | no
`object_type` | Type of IPA object (sets subtree and objectClass targetfilter) | no
`no_members` | Suppress processing of membership | no
`rename` | Rename the permission object | no
`action` | Work on permission or member level. It can be on of `member` or `permission` and defaults to `permission`. | no
`state` | The state to ensure. It can be one of `present`, `absent`, or `renamed` default: `present`. | no
The `includedattrs` and `excludedattrs` variables are only usable for managed permisions and are not exposed by the module. Using `attrs` for managed permissions will result in the automatic generation of `includedattrs` and `excludedattrs` in the IPA server.
Authors
=======
Seth Kress

147
README-privilege.md
View File

@@ -1,147 +0,0 @@
Privilege module
================
Description
-----------
The privilege module allows to ensure presence and absence of privileges and privilege members.
Features
--------
* Privilege management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipaprivilege module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure privilege "Broad Privilege" is present:
```yaml
---
- name: Playbook to manage IPA privilege.
hosts: ipaserver
become: yes
tasks:
- ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
description: Broad Privilege
```
Example playbook to make sure privilege "Broad Privilege" member permission has multiple values:
```yaml
---
- name: Playbook to manage IPA privilege permission member.
hosts: ipaserver
become: yes
tasks:
- ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
permission:
- "Write IPA Configuration"
- "System: Write DNS Configuration"
- "System: Update DNS Entries"
action: member
```
Example playbook to make sure privilege "Broad Privilege" member permission 'Write IPA Configuration' is absent:
```yaml
---
- name: Playbook to manage IPA privilege permission member.
hosts: ipaserver
become: yes
tasks:
- ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
permission:
- "Write IPA Configuration"
action: member
state: absent
```
Example playbook to rename privilege "Broad Privilege" to "DNS Special Privilege":
```yaml
---
- name: Playbook to manage IPA privilege.
hosts: ipaserver
become: yes
tasks:
- ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
rename: DNS Special Privilege
state: renamed
```
Example playbook to make sure privilege "DNS Special Privilege" is absent:
```yaml
---
- name: Playbook to manage IPA privilege.
hosts: ipaserver
become: yes
- name: Ensure privilege Broad Privilege is absent
ipaadmin_password: SomeADMINpassword
name: DNS Special Privilege
state: absent
```
Variables
---------
ipaprivilege
------------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin`. | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node. | no
`name` \| `cn` | The list of privilege name strings. | yes
`description` | Privilege description. | no
`rename` \| `new_name` | Rename the privilege object. | no
`permission` | Permissions to be added to the privilege. | no
`action` | Work on privilege or member level. It can be one of `member` or `privilege` and defaults to `privilege`. | no
`state` | The state to ensure. It can be one of `present`, `absent` or `renamed`, default: `present`. | no
Authors
=======
Rafael Guterres Jeffman

4
README-role.md
View File

@@ -1,4 +1,4 @@
Role module
"
===========
Description
@@ -248,7 +248,7 @@ Variable | Description | Required
`name` \| `cn` | The list of role name strings. | yes
`description` | A description for the role. | no
`rename` | Rename the role object. | no
`privilege` | Privileges associated to this role. | no
`privileges` | Privileges associated to this role. | no
`user` | List of users to be assigned or not assigned to the role. | no
`group` | List of groups to be assigned or not assigned to the role. | no
`host` | List of hosts to be assigned or not assigned to the role. | no

151
README-selfservice.md
View File

@@ -1,151 +0,0 @@
Selfservice module
=================
Description
-----------
The selfservice module allows to ensure presence, absence of selfservices and selfservice attributes.
Features
--------
* Selfservice management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipaselfservice module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to make sure selfservice "Users can manage their own name details" is present:
```yaml
---
- name: Playbook to manage IPA selfservice.
hosts: ipaserver
become: yes
tasks:
- ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "Users can manage their own name details"
permission: read
attribute:
- title
- initials
```
Example playbook to make sure selfservice "Users can manage their own name details" is absent:
```yaml
---
- name: Playbook to manage IPA selfservice.
hosts: ipaserver
become: yes
tasks:
- ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "Users can manage their own name details"
state: absent
```
Example playbook to make sure "Users can manage their own name details" member attribute initials is present:
```yaml
---
- name: Playbook to manage IPA selfservice.
hosts: ipaserver
become: yes
tasks:
- ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "Users can manage their own name details"
attribute:
- initials
action: member
```
Example playbook to make sure "Users can manage their own name details" member attribute initials is absent:
```yaml
---
- name: Playbook to manage IPA selfservice.
hosts: ipaserver
become: yes
tasks:
- ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "Users can manage their own name details"
attribute:
- initials
action: member
state: absent
```
Example playbook to make sure selfservice "Users can manage their own name details" is absent:
```yaml
---
- name: Playbook to manage IPA selfservice.
hosts: ipaserver
become: yes
tasks:
- ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "Users can manage their own name details"
state: absent
```
Variables
---------
ipaselfservice
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`name` \| `aciname` | The list of selfservice name strings. | yes
`permission` \| `permissions` | The permission to grant `read`, `read,write`, `write`]. Default is `write`. | no
`attribute` \| `attrs` | The attribute list to which the selfservice applies. | no
`action` | Work on selfservice or member level. It can be on of `member` or `selfservice` and defaults to `selfservice`. | no
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. | no
Authors
=======
Thomas Woerner

10
README-service.md
View File

@@ -18,7 +18,7 @@ Supported FreeIPA Versions
FreeIPA versions 4.4.0 and up are supported by the ipaservice module.
Some variables are only supported on newer versions of FreeIPA. Check `Variables` section for details.
Option `skip_host_check` requires FreeIPA version 4.7.0 or later.
Requirements
@@ -56,7 +56,7 @@ Example playbook to make sure service is present:
- ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
certificate: |
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAw
DzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDT
ALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpH
@@ -77,7 +77,7 @@ Example playbook to make sure service is present:
requires_pre_auth: false
ok_as_delegate: false
ok_to_auth_as_delegate: false
skip_host_check: true
skip-host-check: true
force: true
```
@@ -167,7 +167,7 @@ Example playbook to ensure service has a certificate:
- ipaservice:
ipaadmin_password: SomeADMINpassword
name: HTTP/www.example.com
certificate: |
certificate:
- MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAw
DzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8xDT
ALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVGFYpH
@@ -298,7 +298,7 @@ Variable | Description | Required
`requires_pre_auth` \| `ipakrbrequirespreauth` | Pre-authentication is required for the service. Default to true. (bool) | no
`ok_as_delegate` \| `ipakrbokasdelegate` | Client credentials may be delegated to the service. Default to false. (bool) | no
`ok_to_auth_as_delegate` \| `ipakrboktoauthasdelegate` | The service is allowed to authenticate on behalf of a client. Default to false. (bool) | no
`skip_host_check` | Force service to be created even when host object does not exist to manage it. Only usable with IPA versions 4.7.0 and up. Default to false. (bool)| no
`skip_host_check` | Force service to be created even when host object does not exist to manage it. Default to false. (bool)| no
`force` | Force principal name even if host not in DNS. Default to false. (bool) | no
`host` \| `managedby_host`| Hosts that can manage the service. | no
`principal` \| `krbprincipalname` | List of principal aliases for the service. | no

119
README-trust.md
View File

@@ -1,119 +0,0 @@
Trust module
============
Description
-----------
The trust module allows to ensure presence and absence of a domain trust.
Features
--------
* Trust management
Supported FreeIPA Versions
--------------------------
FreeIPA versions 4.4.0 and up are supported by the ipatrust module.
Requirements
------------
**Controller**
* Ansible version: 2.8+
**Node**
* Supported FreeIPA version (see above)
* samba-4
* ipa-server-trust-ad
Usage
=====
Example inventory file
```ini
[ipaserver]
ipaserver.test.local
```
Example playbook to ensure a one-way trust is present:
Omitting the two_way option implies the default of one-way
```yaml
---
- name: Playbook to ensure a one-way trust is present
hosts: ipaserver
become: true
tasks:
- name: ensure the one-way trust present
ipatrust:
realm: ad.example.test
admin: Administrator
password: secret_password
state: present
```
Example playbook to ensure a two-way trust is present using a shared-secret:
```yaml
---
- name: Playbook to ensure a two-way trust is present
hosts: ipaserver
become: true
tasks:
- name: ensure the two-way trust is present
ipatrust:
realm: ad.example.test
trust_secret: my_share_Secret
two_way: True
state: present
```
Example playbook to ensure a trust is absent:
```yaml
---
- name: Playbook to ensure a trust is absent
hosts: ipaserver
become: true
tasks:
- name: ensure the trust is absent
ipatrust:
realm: ad.example.test
state: absent
```
This will only delete the ipa-side of the trust and it does NOT delete the id-range that matches the trust,
Variables
=========
ipatrust
-------
Variable | Description | Required
-------- | ----------- | --------
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
`realm` | The realm name string. | yes
`admin` | Active Directory domain administrator string. | no
`password` | Active Directory domain administrator's password string. | no
`server` | Domain controller for the Active Directory domain string. | no
`trust_secret` | Shared secret for the trust string. | no
`base_id` | First posix id for the trusted domain integer. | no
`range_size` | Size of the ID range reserved for the trusted domain integer. | no
`range_type` | Type of trusted domain ID range, It can be one of `ipa-ad-trust` or `ipa-ad-trust-posix`and defaults to `ipa-ad-trust`. | no
`two_way` | Establish bi-directional trust. By default trust is inbound one-way only. (bool) | no
`external` | Establish external trust to a domain in another forest. The trust is not transitive beyond the domain. (bool) | no
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
Authors
=======
Rob Verduijn

2
README-user.md
View File

@@ -437,7 +437,7 @@ There are only return values if one or more random passwords have been generated
Variable | Description | Returned When
-------- | ----------- | -------------
`user` | User dict with random password. (dict) <br>Options: | If random is yes and user did not exist or update_password is yes
`host` | Host dict with random password. (dict) <br>Options: | If random is yes and user did not exist or update_password is yes
&nbsp; | `randompassword` - The generated random password | If only one user is handled by the module
&nbsp; | `name` - The user name of the user that got a new random password. (dict) <br> Options: <br> &nbsp; `randompassword` - The generated random password | If several users are handled by the module

16
README-vault.md
View File

@@ -130,7 +130,7 @@ Example playbook to make sure vault data is present in a symmetric vault:
action: member
```
When retrieving data from a vault, it is recommended that `no_log: yes` is used, so that sensitive data stored in a vault is not logged by Ansible. The data is returned in a dict `vault`, in the field `data` (e.g. `result.vault.data`). An example playbook to retrieve data from a symmetric vault:
Example playbook to retrieve vault data from a symmetric vault:
```yaml
---
@@ -139,19 +139,12 @@ When retrieving data from a vault, it is recommended that `no_log: yes` is used,
become: true
tasks:
- name: Retrieve data from vault and register it in 'ipavault'
ipavault:
- ipavault:
ipaadmin_password: SomeADMINpassword
name: symvault
username: admin
password: SomeVAULTpassword
state: retrieved
no_log: yes
register: ipavault
- name: Print retrieved data from vault
debug:
var: ipavault.vault.data
```
Example playbook to make sure vault data is absent in a symmetric vault:
@@ -204,7 +197,7 @@ Example playbook to make sure vault is absent:
state: absent
register: result
- debug:
msg: "{{ result.vault.data }}"
msg: "{{ result.data }}"
```
Variables
@@ -253,8 +246,7 @@ There is only a return value if `state` is `retrieved`.
Variable | Description | Returned When
-------- | ----------- | -------------
`vault` | Vault dict with archived data. (dict) <br>Options: | If `state` is `retrieved` and `out` is not defined.
&nbsp; | `data` - The vault data. | Always
`data` | The data stored in the vault. | If `state` is `retrieved`.
Notes

19
README.md
View File

@@ -11,10 +11,6 @@ Features
* Cluster deployments: Server, replicas and clients in one playbook
* One-time-password (OTP) support for client installation
* Repair mode for clients
* Backup and restore, also to and from controller
* Modules for config management
* Modules for delegation management
* Modules for dns config management
* Modules for dns forwarder management
* Modules for dns record management
* Modules for dns zone management
@@ -24,18 +20,13 @@ Features
* Modules for hbacsvcgroup management
* Modules for host management
* Modules for hostgroup management
* Modules for location management
* Modules for permission management
* Modules for privilege management
* Modules for pwpolicy management
* Modules for role management
* Modules for self service management
* Modules for service management
* Modules for sudocmd management
* Modules for sudocmdgroup management
* Modules for sudorule management
* Modules for topology management
* Modules fot trust management
* Modules for user management
* Modules for vault management
@@ -154,7 +145,7 @@ ipaserver_domain=test.local
ipaserver_realm=TEST.LOCAL
```
The admin principal is ```admin``` by default. Please set ```ipaadmin_principal``` if you need to change it.
The admin principle is ```admin``` by default. Please set ```ipaadmin_principal``` if you need to change it.
You can also add more setting here, like for example to enable the DNS server or to set auto-forwarders:
```yaml
@@ -416,13 +407,10 @@ Roles
* [Server](roles/ipaserver/README.md)
* [Replica](roles/ipareplica/README.md)
* [Client](roles/ipaclient/README.md)
* [Backup](roles/ipabackup/README.md)
Modules in plugin/modules
=========================
* [ipaconfig](README-config.md)
* [ipadelegation](README-delegation.md)
* [ipadnsconfig](README-dnsconfig.md)
* [ipadnsforwardzone](README-dnsforwardzone.md)
* [ipadnsrecord](README-dnsrecord.md)
@@ -433,19 +421,14 @@ Modules in plugin/modules
* [ipahbacsvcgroup](README-hbacsvc.md)
* [ipahost](README-host.md)
* [ipahostgroup](README-hostgroup.md)
* [ipalocation](README-ipalocation.md)
* [ipapermission](README-ipapermission.md)
* [ipaprivilege](README-ipaprivilege.md)
* [ipapwpolicy](README-pwpolicy.md)
* [iparole](README-role.md)
* [ipaselfservice](README-ipaselfservice.md)
* [ipaservice](README-service.md)
* [ipasudocmd](README-sudocmd.md)
* [ipasudocmdgroup](README-sudocmdgroup.md)
* [ipasudorule](README-sudorule.md)
* [ipatopologysegment](README-topology.md)
* [ipatopologysuffix](README-topology.md)
* [ipatrust](README-trust.md)
* [ipauser](README-user.md)
* [ipavault](README-vault.md)

22
azure-pipelines.yml Normal file
View File

@@ -0,0 +1,22 @@
trigger:
- master
pool:
vmImage: 'ubuntu-18.04'
steps:
- task: UsePythonVersion@0
inputs:
versionSpec: '3.6'
- script: python -m pip install --upgrade pip setuptools wheel
displayName: Install tools
- script: pip install pydocstyle flake8
displayName: Install dependencies
- script: flake8 .
displayName: Run flake8 checks
- script: pydocstyle .
displayName: Verify docstings

18
molecule/centos-7-build/molecule.yml
View File

@@ -1,18 +0,0 @@
---
driver:
name: docker
platforms:
- name: centos-7-build
image: centos/systemd
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 8.8.8.8
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare-build.yml

18
molecule/centos-7/molecule.yml
View File

@@ -1,18 +0,0 @@
---
driver:
name: docker
platforms:
- name: centos-7
image: quay.io/ansible-freeipa/upstream-tests:centos-7
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 127.0.0.1
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare.yml

18
molecule/centos-8-build/molecule.yml
View File

@@ -1,18 +0,0 @@
---
driver:
name: docker
platforms:
- name: centos-8-build
image: "centos:centos8"
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 8.8.8.8
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare-build.yml

18
molecule/centos-8/molecule.yml
View File

@@ -1,18 +0,0 @@
---
driver:
name: docker
platforms:
- name: centos-8
image: quay.io/ansible-freeipa/upstream-tests:centos-8
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 127.0.0.1
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare.yml

1
molecule/default
View File

@@ -1 +0,0 @@
centos-8

30
molecule/fedora-latest-build/Dockerfile
View File

@@ -1,30 +0,0 @@
FROM fedora:latest
ENV container=docker
RUN rm -fv /var/cache/dnf/metadata_lock.pid; \
dnf makecache; \
dnf --assumeyes install \
/usr/bin/python3 \
/usr/bin/python3-config \
/usr/bin/dnf-3 \
sudo \
bash \
systemd \
procps-ng \
iproute && \
dnf clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*;\
rm -f /etc/systemd/system/*.wants/*;\
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*;\
rm -f /lib/systemd/system/anaconda.target.wants/*; \
rm -rf /var/cache/dnf/;
STOPSIGNAL RTMIN+3
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]

18
molecule/fedora-latest-build/molecule.yml
View File

@@ -1,18 +0,0 @@
---
driver:
name: docker
platforms:
- name: fedora-latest-build
image: "fedora:latest"
dockerfile: Dockerfile
hostname: ipaserver.test.local
dns_servers:
- 8.8.8.8
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare-build.yml

18
molecule/fedora-latest/molecule.yml
View File

@@ -1,18 +0,0 @@
---
driver:
name: docker
platforms:
- name: fedora-latest
image: quay.io/ansible-freeipa/upstream-tests:fedora-latest
pre_build_image: true
hostname: ipaserver.test.local
dns_servers:
- 127.0.0.1
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
command: /usr/sbin/init
privileged: true
provisioner:
name: ansible
playbooks:
prepare: ../resources/playbooks/prepare.yml

1
molecule/resources/playbooks/library
View File

@@ -1 +0,0 @@
../../../plugins/modules/

1
molecule/resources/playbooks/module_utils
View File

@@ -1 +0,0 @@
../../../plugins/module_utils/

28
molecule/resources/playbooks/prepare-build.yml
View File

@@ -1,28 +0,0 @@
---
- name: Converge
hosts: all
tasks:
- include_tasks: prepare-common.yml
- name: Ensure sudo package is installed
package:
name: sudo
- name: Ensure nss package is updated
package:
name: nss
state: latest # noqa 403
- include_role:
name: ipaserver
vars:
ipaserver_setup_dns: yes
ipaserver_setup_kra: yes
ipaserver_auto_forwarders: yes
ipaserver_no_dnssec_validation: yes
ipaserver_auto_reverse: yes
ipaadmin_password: SomeADMINpassword
ipadm_password: SomeDMpassword
ipaserver_domain: test.local
ipaserver_realm: TEST.LOCAL
ipaclient_no_ntp: yes

33
molecule/resources/playbooks/prepare-common.yml
View File

@@ -1,33 +0,0 @@
# IPA depends on IPv6 and without it dirsrv service won't start.
- name: Ensure IPv6 is ENABLED
sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_set: yes
state: present
reload: yes
with_items :
- name: net.ipv6.conf.all.disable_ipv6
value: 0
- name: net.ipv6.conf.lo.disable_ipv6
value: 0
- name: net.ipv6.conf.eth0.disable_ipv6
value: 1
# Set fs.protected_regular to 0
# This is needed in some IPA versions in order to get KRA enabled.
# See https://pagure.io/freeipa/issue/7906 for more information.
- name: stat protected_regular
stat:
path: /proc/sys/fs/protected_regular
register: result
- name: Ensure fs.protected_regular is disabled
sysctl:
name: fs.protected_regular
value: 0
sysctl_set: yes
state: present
reload: yes
when: result.stat.exists

26
molecule/resources/playbooks/prepare.yml
View File

@@ -1,26 +0,0 @@
---
- name: Converge
hosts: all
tasks:
- include_tasks: prepare-common.yml
# In some distros DS won't start up after reboot
# This is due to a problem in 389-ds. See tickets:
# * https://pagure.io/389-ds-base/issue/47429
# * https://pagure.io/389-ds-base/issue/51039
#
# To avoid this problem we create the directories before starting IPA.
- name: Ensure lock dirs for DS exists
file:
state: directory
owner: dirsrv
group: dirsrv
path: "{{ item }}"
loop:
- /var/lock/dirsrv/
- /var/lock/dirsrv/slapd-TEST-LOCAL/
- name: Ensure IPA server is up an running
service:
name: ipa
state: started

1
molecule/resources/playbooks/roles
View File

@@ -1 +0,0 @@
../../../roles/

12
playbooks/backup-server-to-controller.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to backup IPA server to controller
hosts: ipaserver
become: true
vars:
ipabackup_to_controller: yes
# ipabackup_keep_on_server: yes
roles:
- role: ipabackup
state: present

8
playbooks/backup-server.yml
View File

@@ -1,8 +0,0 @@
---
- name: Playbook to backup IPA server
hosts: ipaserver
become: true
roles:
- role: ipabackup
state: present

12
playbooks/copy-all-backups-from-server.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to copy all backups from IPA server
hosts: ipaserver
become: true
vars:
ipabackup_name: all
ipabackup_to_controller: yes
roles:
- role: ipabackup
state: copied

12
playbooks/copy-backup-from-controller.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to copy a backup from controller to the IPA server
hosts: ipaserver
become: true
vars:
ipabackup_name: ipaserver.test.local_ipa-full-2020-10-22-11-11-44
ipabackup_from_controller: yes
roles:
- role: ipabackup
state: copied

12
playbooks/copy-backup-from-server.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to copy backup from IPA server
hosts: ipaserver
become: true
vars:
ipabackup_name: ipa-full-2020-10-22-11-11-44
ipabackup_to_controller: yes
roles:
- role: ipabackup
state: copied

11
playbooks/delegation/delegation-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Delegation absent
hosts: ipaserver
become: true
tasks:
- name: Ensure delegation "basic manager attributes" is absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent

15
playbooks/delegation/delegation-member-absent.yml
View File

@@ -1,15 +0,0 @@
---
- name: Delegation member absent
hosts: ipaserver
become: true
tasks:
- name: Ensure delegation "basic manager attributes" member attributes employeenumber and employeetype are absent
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- employeenumber
- employeetype
action: member
state: absent

13
playbooks/delegation/delegation-member-present.yml
View File

@@ -1,13 +0,0 @@
---
- name: Delegation member present
hosts: ipaserver
become: true
tasks:
- name: Ensure delegation "basic manager attributes" member attribute departmentnumber is present
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- departmentnumber
action: member

15
playbooks/delegation/delegation-present.yml
View File

@@ -1,15 +0,0 @@
---
- name: Delegation present
hosts: ipaserver
become: true
tasks:
- name: Ensure delegation "basic manager attributes" is present
ipadelegation:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- businesscategory
group: managers
membergroup: employees

11
playbooks/dnsforwardzone/ensure-dnsforwardzone-is-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Playbook to manage DNS forward zone
hosts: ipaserver
become: true
gather_facts: false
tasks:
# Ensure DNS zone is present
- ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
state: absent

16
playbooks/dnsforwardzone/ensure-dnsforwardzone-is-present.yml
View File

@@ -1,16 +0,0 @@
---
- name: Playbook to manage DNS forward zone
hosts: ipaserver
become: true
gather_facts: false
tasks:
# Ensure DNS zone is present
- ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
name: example.com
forwarders:
- ip_address: 8.8.8.8
forwardpolicy: first
skip_overlap_check: true
permission: yes

14
playbooks/dnsforwardzone/ensure-dnsforwardzone-with-forwarder-port.yml
View File

@@ -1,14 +0,0 @@
---
- name: Playbook to manage DNS forward zone
hosts: ipaserver
become: true
gather_facts: false
tasks:
# Ensure DNS zone is present
- ipadnsforwardzone:
ipaadmin_password: SomeADMINpassword
name: example.com
forwarders:
- ip_address: 192.168.100.123
port: 8063

15
playbooks/dnszone/dnszone-reverse-from-ip.yml
View File

@@ -1,15 +0,0 @@
---
- name: Playbook to ensure DNS zone exist
hosts: ipaserver
become: true
tasks:
- name: Ensure zone exist, finding zone name from IP address.
ipadnszone:
ipaadmin_password: SomeADMINpassword
name_from_ip: 10.1.2.3/24
register: result
- name: Zone name inferred from `name_from_ip`
debug:
msg: "Zone created: {{ result.dnszone.name }}"

2
playbooks/host/host-member-managedby_host-absent.yml
View File

@@ -4,7 +4,7 @@
become: true
tasks:
- ipahost:
ipahost:
ipaadmin_password: SomeADMINpassword
name: host01.exmaple.com
managedby_host: server.exmaple.com

2
playbooks/host/host-member-managedby_host-present.yml
View File

@@ -4,7 +4,7 @@
become: true
tasks:
- ipahost:
ipahost:
ipaadmin_password: SomeADMINpassword
name: host01.exmaple.com
managedby_host: server.exmaple.com

2
playbooks/host/host-present-with-managedby_host.yml
View File

@@ -4,7 +4,7 @@
become: true
tasks:
- ipahost:
ipahost:
ipaadmin_password: SomeADMINpassword
name: host01.exmaple.com
managedby_host: server.exmaple.com

1
playbooks/host/hosts-member-managedby_host-absent.yml
View File

@@ -4,7 +4,6 @@
become: true
tasks:
- name: Ensure hosts manadegby_host is absent.
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:

1
playbooks/host/hosts-member-managedby_host-present.yml
View File

@@ -4,7 +4,6 @@
become: true
tasks:
- name: Ensure hosts manadegby_host is absent.
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:

2
playbooks/host/hosts-present-with-managedby_host.yml
View File

@@ -4,7 +4,7 @@
become: true
tasks:
- ipahost:
ipahost:
ipaadmin_password: SomeADMINpassword
hosts:
- name: host01.exmaple.com

1
playbooks/host/hosts-present-with-randompasswords.yml
View File

@@ -23,3 +23,4 @@
- name: Print generated random password for host02.example.com
debug:
var: ipahost.host["host02.example.com"].randompassword

12
playbooks/hostgroup/rename-hostgroup.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to handle hostgroups
hosts: ipaserver
become: yes
tasks:
- name : Rename host-group from `databases` to `datalake`
ipahostgroup:
ipaadmin_password: SomeADMINpassword
name: databases
rename: datalake
state: renamed

11
playbooks/location/location-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Location absent test
hosts: ipaserver
become: true
tasks:
- name: Ensure location my_location1 is absent
ipalocation:
ipaadmin_password: SomeADMINpassword
name: my_location1
state: absent

10
playbooks/location/location-present.yml
View File

@@ -1,10 +0,0 @@
---
- name: Location present test
hosts: ipaserver
become: true
tasks:
- name: Ensure location my_location1 is present
ipalocation:
ipaadmin_password: SomeADMINpassword
name: my_location1

11
playbooks/permission/permission-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Permission absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure permission is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: TestPerm1
state: absent

16
playbooks/permission/permission-allow-read-employeenum.yml
View File

@@ -1,16 +0,0 @@
---
- name: Permission Allow Read Employee Number Example
hosts: ipaserver
become: true
tasks:
- name: Ensure permission is present with set of rights to attribute employeenumber
ipapermission:
ipaadmin_password: SomeADMINpassword
name: TestPerm1
object_type: user
right:
- read
- search
- compare
attrs: employeenumber

13
playbooks/permission/permission-member-absent.yml
View File

@@ -1,13 +0,0 @@
---
- name: Permission absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure permission privilege, "User Administrators", is absent
ipapermission:
ipaadmin_password: SomeADMINpassword
name: TestPerm1
privilege: "User Administrators"
action: member
state: absent

12
playbooks/permission/permission-member-present.yml
View File

@@ -1,12 +0,0 @@
---
- name: Permission member present example
hosts: ipaserver
become: true
tasks:
- name: Ensure permission is present with "User Administrators" privilege
ipapermission:
ipaadmin_password: SomeADMINpassword
name: TestPerm1
privilege: "User Administrators"
action: member

12
playbooks/permission/permission-present.yml
View File

@@ -1,12 +0,0 @@
---
- name: Permission present example
hosts: ipaserver
become: true
tasks:
- name: Ensure permission is present
ipapermission:
ipaadmin_password: SomeADMINpassword
name: TestPerm1
object_type: host
right: all

12
playbooks/permission/permission-renamed.yml
View File

@@ -1,12 +0,0 @@
---
- name: Permission present example
hosts: ipaserver
become: true
tasks:
- name: Ensure permission TestPerm1 is renamed to TestPermRenamed
ipapermission:
ipaadmin_password: SomeADMINpassword
name: TestPerm1
rename: TestPermRenamed
state: renamed

10
playbooks/privilege/privilege-absent.yml
View File

@@ -1,10 +0,0 @@
---
- name: Privilege absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure privilege "Broad Privilege" is absent
ipaprivilege:
name: Broad Privilege
state: absent

14
playbooks/privilege/privilege-member-absent.yml
View File

@@ -1,14 +0,0 @@
---
- name: Privilege absent example
hosts: ipaserver
become: true
tasks:
- name: Ensure privilege "Broad Privilege" permission is absent
ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
permission:
- "System: Write IPA Configuration"
action: member
state: absent

15
playbooks/privilege/privilege-member-present.yml
View File

@@ -1,15 +0,0 @@
---
- name: Privilege member present example
hosts: ipaserver
become: true
tasks:
- name: Ensure privilege "Broad Privilege" permissions are present
ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
permission:
- "System: Write IPA Configuration"
- "System: Write DNS Configuration"
- "System: Update DNS Entries"
action: member

11
playbooks/privilege/privilege-present.yml
View File

@@ -1,11 +0,0 @@
---
- name: Privilege present example
hosts: ipaserver
become: true
tasks:
- name: Ensure privilege Broad Privilege is present
ipaprivilege:
ipaadmin_password: SomeADMINpassword
name: Broad Privilege
description: Broad Privilege

11
playbooks/remove-all-backups-from-server.yml
View File

@@ -1,11 +0,0 @@
---
- name: Playbook to remove all backups from IPA server
hosts: ipaserver
become: true
vars:
ipabackup_name: all
roles:
- role: ipabackup
state: absent

11
playbooks/remove-backup-from-server.yml
View File

@@ -1,11 +0,0 @@
---
- name: Playbook to remove backup from IPA server
hosts: ipaserver
become: true
vars:
ipabackup_name: ipa-full-2020-10-22-11-11-44
roles:
- role: ipabackup
state: absent

13
playbooks/restore-server-from-controller.yml
View File

@@ -1,13 +0,0 @@
---
- name: Playbook to restore IPA server from controller
hosts: ipaserver
become: true
vars:
ipabackup_name: ipaserver.el83.local_ipa-full-2020-10-22-11-11-44
ipabackup_password: SomeDMpassword
ipabackup_from_controller: yes
roles:
- role: ipabackup
state: restored

12
playbooks/restore-server.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to restore an IPA server
hosts: ipaserver
become: true
vars:
ipabackup_name: ipa-full-2020-10-22-11-11-44
ipabackup_password: SomeDMpassword
roles:
- role: ipabackup
state: restored

11
playbooks/selfservice/selfservice-absent.yml
View File

@@ -1,11 +0,0 @@
---
- name: Selfservice absent
hosts: ipaserver
become: true
tasks:
- name: Ensure selfservice "basic manager attributes" is absent
ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
state: absent

15
playbooks/selfservice/selfservice-member-absent.yml
View File

@@ -1,15 +0,0 @@
---
- name: Selfservice member absent
hosts: ipaserver
become: true
tasks:
- name: Ensure selfservice "basic manager attributes" member attributes employeenumber and employeetype are absent
ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- businesscategory
- departmentnumber
action: member
state: absent

13
playbooks/selfservice/selfservice-member-present.yml
View File

@@ -1,13 +0,0 @@
---
- name: Selfservice member present
hosts: ipaserver
become: true
tasks:
- name: Ensure selfservice "basic manager attributes" member attribute departmentnumber is present
ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
attribute:
- departmentnumber
action: member

13
playbooks/selfservice/selfservice-present.yml
View File

@@ -1,13 +0,0 @@
---
- name: Selfservice present
hosts: ipaserver
become: true
tasks:
- name: Ensure selfservice "basic manager attributes" is present
ipaselfservice:
ipaadmin_password: SomeADMINpassword
name: "basic manager attributes"
permission: read
attribute:
- businesscategory

2
playbooks/service/service-host-is-absent.yml
View File

@@ -7,7 +7,7 @@
tasks:
# Ensure management host is absent.
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
host: "{{ groups.ipaserver[0] }}"
action: member

2
playbooks/service/service-host-is-present.yml
View File

@@ -7,7 +7,7 @@
tasks:
# Ensure management host is present.
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
host: "{{ groups.ipaserver[0] }}"
action: member

2
playbooks/service/service-is-absent.yml
View File

@@ -7,6 +7,6 @@
tasks:
# Ensure service is absent
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
state: absent

2
playbooks/service/service-is-disabled.yml
View File

@@ -7,6 +7,6 @@
tasks:
# Ensure service is disabled
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
state: disabled

2
playbooks/service/service-is-present-with-all-attributes.yml
View File

@@ -7,7 +7,7 @@
tasks:
# Ensure service is present
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
certificate:
- MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+

2
playbooks/service/service-is-present-with-host-force.yml
View File

@@ -7,7 +7,7 @@
tasks:
# Ensure service is present
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/ihavenodns.info
force: yes
# state: absent

2
playbooks/service/service-is-present-without-host-object.yml
View File

@@ -7,6 +7,6 @@
tasks:
# Ensure service is present
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.ansible.com
skip_host_check: yes

2
playbooks/service/service-is-present.yml
View File

@@ -7,5 +7,5 @@
tasks:
# Ensure service is present
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com

2
playbooks/service/service-member-allow_create_keytab-absent.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_create_keytab absent for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
allow_create_keytab_user:
- user01

2
playbooks/service/service-member-allow_create_keytab-present.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_create_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
allow_create_keytab_user:
- user01

2
playbooks/service/service-member-allow_retrieve_keytab-absent.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_retrieve_keytab absent for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
allow_retrieve_keytab_user:
- user01

2
playbooks/service/service-member-allow_retrieve_keytab-present.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.example.com members allow_retrieve_keytab present for users, groups, hosts and hostgroups
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
allow_retrieve_keytab_user:
- user01

2
playbooks/service/service-member-certificate-absent.yml
View File

@@ -7,7 +7,7 @@
tasks:
# Ensure service certificate is absent
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
certificate:

2
playbooks/service/service-member-certificate-present.yml
View File

@@ -7,7 +7,7 @@
tasks:
# Ensure service certificate is present
- ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
certificate:
- MIICBjCCAW8CFHnm32VcXaUDGfEGdDL/erPSijUAMA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwHhcNMjAwMTIzMDA1NjQ2WhcNMjEwMTIyMDA1NjQ2WjBCMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYrdVmsr7iT3f67DM5bb1osSEe5/c91UUMEIcFq5wrgBhzVfs8iIMDVC1yiUGTsDLJNJc4nb1tUxeR9K5fh25E6n/eWDBP75NStotjAXRU4Ahi3FNRhWFOKesds5xNqgDk5/dY8UekJv2yUblQuZzeF8b2XFrmHuCaYuFctzPfWwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACF+5RS8Ce0HRixGPu4Xd51i+Kzblg++lx8fDJ8GW5G16/Z1AsB72Hc7etJL2PksHlue/xCq6SA9fIfHc4TBNCiWjPSP1NhHJeYyoPiSkcYsqXuxWyoyRLbnAhBVvhoiqZbUt3u3tGB0uMMA0yJvj07mP7Nea2KdBYVH8X1pM0V+

2
playbooks/service/service-member-principal-absent.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com absent
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
principal:
- host/test.exmaple.com

2
playbooks/service/service-member-principal-present.yml
View File

@@ -6,7 +6,7 @@
tasks:
- name: Service HTTP/www.exmaple.com member principals host/test.exmaple.com present
ipaservice:
ipaadmin_password: SomeADMINpassword
ipaadmin_password: MyPassword123
name: HTTP/www.example.com
principal:
- host/test.exmaple.com

12
playbooks/trust/add-trust.yml
View File

@@ -1,12 +0,0 @@
---
- name: Playbook to create a trust
hosts: ipaserver
become: true
tasks:
- name: ensure the trust is present
ipatrust:
realm: windows.local
admin: Administrator
password: secret_password
state: present

10
playbooks/trust/del-trust.yml
View File

@@ -1,10 +0,0 @@
---
- name: Playbook to delete trust
hosts: ipaserver
become: true
tasks:
- name: ensure the trust is absent
ipatrust:
realm: windows.local
state: absent

3
playbooks/vault/retrive-data-asymmetric-vault.yml
View File

@@ -13,6 +13,5 @@
private_key_file: private.pem
state: retrieved
register: result
no_log: true
- debug:
msg: "Data: {{ result.vault.data }}"
msg: "Data: {{ result.data }}"

3
playbooks/vault/retrive-data-symmetric-vault.yml
View File

@@ -13,6 +13,5 @@
password: SomeVAULTpassword
state: retrieved
register: result
no_log: true
- debug:
msg: "{{ result.vault.data }}"
msg: "{{ result.data | b64decode }}"

Some files were not shown because too many files have changed in this diff Show More