internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity
Files
2939b260fc8744d959872c8084f8f7ab41856e2a
ansible-freeipa/README-sudocmd.md
Rafael Guterres Jeffman 198e2152f5 ipasudocmd: Allow execution of plugin in client host. 
Update sudocmd README file and add tests for executing plugin with
`ipaapi_context` set to `client`.

A new test playbook can be found at:

    tests/sudocmd/test_sudocmd_client_context.yml

The new test file can be executed in a FreeIPA client host that is
not a server. In this case, it should be defined in the `ipaclients`
group, in the inventory file.
2021-09-28 10:19:43 -03:00

2.0 KiB
Raw Blame History

Sudocmd module

Description

The sudocmd module allows to ensure presence and absence of sudo command.

The sudocmd module is as compatible as possible to the Ansible upstream ipa_sudocmd module.

Features

  • Sudo command management

Supported FreeIPA Versions

FreeIPA versions 4.4.0 and up are supported by the ipa_sudocmd module.

Requirements

Controller

  • Ansible version: 2.8+

Node

  • Supported FreeIPA version (see above)

Usage

Example inventory file

[ipaserver]
ipaserver.test.local

Example playbook to make sure sudocmd exists:

---
- name: Playbook to handle sudocmd
  hosts: ipaserver
  become: true

  tasks:
  # Ensure sudocmd is present
  - ipasudocmd:
      ipaadmin_password: SomeADMINpassword
      name: /usr/bin/su
      state: present

Example playbook to make sure sudocmd is absent:

---
- name: Playbook to handle sudocmd
  hosts: ipaserver
  become: true

  tasks:
  # Ensure sudocmd are absent
  - ipasudocmd:
      ipaadmin_password: SomeADMINpassword
      name: /usr/bin/su
      state: absent

Variables

ipasudocmd

Variable Description Required
ipaadmin_principal The admin principal is a string and defaults to admin no
ipaadmin_password The admin password is a string and is required if there is no admin ticket available on the node no
ipaapi_context The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. Valid values are server and client. no
name | sudocmd The sudo command strings. yes
description The command description string. no
nomembers Suppress processing of membership attributes. (bool) no
state The state to ensure. It can be one of present or absent, default: present. no

Authors

Rafael Guterres Jeffman