mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-08 06:13:21 +00:00
b2fd94e702
There is a new trust management module placed in the plugins folder: plugins/modules/trust.py The trust module allows to ensure presence and absence of trusts. Here is the documentation for the module: README-trust.md New example playbooks have been added: playbooks/trust/add-trust.yml playbooks/trust/del-trust.yml New tests added for the module: tests/hbacrule/test_trust.yml
51 lines
1.3 KiB
YAML
51 lines
1.3 KiB
YAML
---
|
|
- name: find trust
|
|
hosts: ipaserver
|
|
become: true
|
|
gather_facts: false
|
|
|
|
tasks:
|
|
|
|
- block:
|
|
|
|
- name: delete trust
|
|
ipatrust:
|
|
realm: windows.local
|
|
state: absent
|
|
register: del_trust
|
|
|
|
- name: check for trust
|
|
shell: |
|
|
echo 'SomeADMINpassword' | kinit admin
|
|
ipa trust-find windows.local
|
|
register: check_find_trust
|
|
failed_when: "'0 trusts matched' not in check_find_trust.stdout"
|
|
|
|
- name: delete id range
|
|
shell: |
|
|
echo 'SomeADMINpassword' | kinit admin
|
|
ipa idrange-del WINDOWS.LOCAL_id_range
|
|
when: del_trust['changed'] | bool
|
|
|
|
- name: check for range
|
|
shell: |
|
|
echo 'SomeADMINpassword' | kinit admin
|
|
ipa idrange-find WINDOWS.LOCAL_id_range
|
|
register: check_del_idrange
|
|
failed_when: "'0 ranges matched' not in check_del_idrange.stdout"
|
|
|
|
- name: add trust
|
|
ipatrust:
|
|
realm: windows.local
|
|
admin: Administrator
|
|
password: secret_ad_pw
|
|
state: present
|
|
|
|
- name: check for trust
|
|
shell: |
|
|
echo 'SomeADMINpassword' | kinit admin
|
|
ipa trust-find windows.local
|
|
register: check_add_trust
|
|
failed_when: "'1 trust matched' not in check_add_trust.stdout"
|
|
|
|
when: trust_test_is_supported | default(false) |