ansible / ansible.builtin / v2.4.4.0-1 / module / ipa_sudorule Manage FreeIPA sudo rule | "added in version" 2.3 of ansible.builtin" Authors: Thomas Krahn (@Nosmoht) preview | supported by communityansible.builtin.ipa_sudorule (v2.4.4.0-1) — module
pip
Install with pip install ansible==2.4.4.0.post1
Add, modify or delete sudo rule within IPA server using IPA API.
# Ensure sudo rule is present that's allows all every body to execute any command on any host without being asked for a password. - ipa_sudorule: name: sudo_all_nopasswd cmdcategory: all description: Allow to run every command with sudo without password hostcategory: all sudoopt: - '!authenticate' usercategory: all ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
# Ensure user group developers can run every command on host group db-server as well as on host db01.example.com. - ipa_sudorule: name: sudo_dev_dbserver description: Allow developers to run every command with sudo on all database server cmdcategory: all host: - db01.example.com hostgroup: - db-server sudoopt: - '!authenticate' usergroup: - developers ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
cn: aliases: - name description: - Canonical name. - Can not be changed as it is the unique identifier. required: true cmd: description: - List of commands assigned to the rule. - If an empty list is passed all commands will be removed from the rule. - If option is omitted commands will not be checked or changed. required: false host: description: - List of hosts assigned to the rule. - If an empty list is passed all hosts will be removed from the rule. - If option is omitted hosts will not be checked or changed. - Option C(hostcategory) must be omitted to assign hosts. required: false user: description: - List of users assigned to the rule. - If an empty list is passed all users will be removed from the rule. - If option is omitted users will not be checked or changed. required: false state: choices: - present - absent - enabled - disabled default: present description: State to ensure required: false ipa_host: default: ipa.example.com description: IP or hostname of IPA server required: false ipa_pass: description: Password of administrative user required: true ipa_port: default: 443 description: Port of IPA server required: false ipa_prot: choices: - http - https default: https description: Protocol used by IPA server required: false ipa_user: default: admin description: Administrative account used on IPA server required: false hostgroup: description: - List of host groups assigned to the rule. - If an empty list is passed all host groups will be removed from the rule. - If option is omitted host groups will not be checked or changed. - Option C(hostcategory) must be omitted to assign host groups. required: false usergroup: description: - List of user groups assigned to the rule. - If an empty list is passed all user groups will be removed from the rule. - If option is omitted user groups will not be checked or changed. required: false cmdcategory: choices: - all description: - Command category the rule applies to. required: false hostcategory: choices: - all description: - Host category the rule applies to. - If 'all' is passed one must omit C(host) and C(hostgroup). - Option C(host) and C(hostgroup) must be omitted to assign 'all'. required: false usercategory: choices: - all description: - User category the rule applies to. required: false validate_certs: default: true description: - This only applies if C(ipa_prot) is I(https). - If set to C(no), the SSL certificates will not be validated. - This should only set to C(no) used on personally controlled sites using self-signed certificates. required: false
sudorule: description: Sudorule as returned by IPA returned: always type: dict