mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
7a23c668fc
This change adds support for DNS over TLS to the ipaclient role.
New variables
ipaclient_dns_over_tls
Configure DNS over TLS. Requires FreeIPA version 4.12.5 or later.
(bool, default: false)
required: false
ipaclient_no_dnssec_validation
Disable DNSSEC validation for DNS over TLS. This turns off DNSSEC
validation for unbound. Only usable if `ipaserver_dns_over_tls` is
enabled. (bool, default: false)
reqiured: false
New distribution specific variable
ipaclient_packages_dot
List of IPA packages needed for DNS over TLS.
The resolver configuratoin for DNS over TLS is not part of this change
and will be added later on. Therefore it is needed to configure the
resolver for DNS over TLS before starting the deployment with ipaclient
role. This is essential for using an IPA DNS server with DoT and enforced
DNS policy so that only DoT is usable.
6 lines
136 B
YAML
6 lines
136 B
YAML
# defaults file for ipaclient
|
|
# vars/RedHat-7
|
|
---
|
|
ipaclient_packages: [ "ipa-client", "libselinux-python" ]
|
|
ipaclient_packages_dot: [ ]
|