internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
26ac5a284ac3eefb61b931c222055e022ab50717
ansible-freeipa/README-hbacsvc.md
Rafael Guterres Jeffman ec777dab8f ipahbacsvc: Allow execution of plugin in client host. 
Update hbacsvc README file and add tests for executing plugin with
`ipaapi_context` set to `client`.

A new test playbook can be found at:

    tests/hbacsvc/test_hbacsvc_client_context.yml

The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
2021-09-28 10:19:43 -03:00

2.2 KiB
Raw Blame History

HBACsvc module

Description

The hbacsvc (HBAC Service) module allows to ensure presence and absence of HBAC Services.

Features

  • HBACsvc management

Supported FreeIPA Versions

FreeIPA versions 4.4.0 and up are supported by the ipahbacsvc module.

Requirements

Controller

  • Ansible version: 2.8+

Node

  • Supported FreeIPA version (see above)

Usage

Example inventory file

[ipaserver]
ipaserver.test.local

Example playbook to make sure HBAC Service for http is present

---
- name: Playbook to handle HBAC Services
  hosts: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service for http is present
  - ipahbacsvc:
      ipaadmin_password: SomeADMINpassword
      name: http
      description: Web service

Example playbook to make sure HBAC Service for tftp is present

---
- name: Playbook to handle HBAC Services
  hosts: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service for tftp is present
  - ipahbacsvc:
      ipaadmin_password: SomeADMINpassword
      name: tftp
      description: TFTPWeb service

Example playbook to make sure HBAC Services for http and tftp are absent

---
- name: Playbook to handle HBAC Services
  hosts: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service for http and tftp are absent
  - ipahbacsvc:
      ipaadmin_password: SomeADMINpassword
      name: http,tftp
      state: absent

Variables

ipahbacsvc

Variable Description Required
ipaadmin_principal The admin principal is a string and defaults to admin no
ipaadmin_password The admin password is a string and is required if there is no admin ticket available on the node no
ipaapi_context The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client. no
name | cn | service The list of hbacsvc name strings. no
description The hbacsvc description string. no
state The state to ensure. It can be one of present or absent, default: present. no

Authors

Thomas Woerner