Try SpotterManage FreeIPA sudo command group
| "added in version" 2.3 of ansible.builtin"
Authors: Thomas Krahn (@Nosmoht)
preview | supported by community
pipInstall with pip install ansible==2.3.3.0.post1
Add, modify or delete sudo command group within IPA server using IPA API.
- name: Ensure sudo command group exists
ipa_sudocmdgroup:
name: group01
description: Group of important commands
sudocmd:
- su
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Ensure sudo command group does not exists
ipa_sudocmdgroup:
name: group01
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
cn:
aliases:
- name
description:
- Sudo Command Group.
required: true
state:
choices:
- present
- absent
default: present
description: State to ensure
required: false
sudocmd:
description:
- List of sudo commands to assign to the group.
- If an empty list is passed all assigned commands will be removed from the group.
- If option is omitted sudo commands will not be checked or changed.
required: false
ipa_host:
default: ipa.example.com
description: IP or hostname of IPA server
required: false
ipa_pass:
description: Password of administrative user
required: true
ipa_port:
default: 443
description: Port of IPA server
required: false
ipa_prot:
choices:
- http
- https
default: https
description: Protocol used by IPA server
required: false
ipa_user:
default: admin
description: Administrative account used on IPA server
required: false
description:
description:
- Group description.
validate_certs:
default: true
description:
- This only applies if C(ipa_prot) is I(https).
- If set to C(no), the SSL certificates will not be validated.
- This should only set to C(no) used on personally controlled sites using self-signed
certificates.
required: false
sudocmdgroup: description: Sudo command group as returned by IPA API returned: always type: dict