community / community.general / 8.5.0 / module / ipa_dnszone Manage FreeIPA DNS Zones Authors: Fran Fitzpatrick (@fxfitz)community.general.ipa_dnszone (8.5.0) — module
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
Add and delete an IPA DNS Zones using IPA API
- name: Ensure dns zone is present community.general.ipa_dnszone: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present zone_name: example.com
- name: Ensure dns zone is present and is dynamic update community.general.ipa_dnszone: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present zone_name: example.com dynamicupdate: true
- name: Ensure that dns zone is removed community.general.ipa_dnszone: zone_name: example.com ipa_host: localhost ipa_user: admin ipa_pass: topsecret state: absent
- name: Ensure dns zone is present and is allowing sync community.general.ipa_dnszone: ipa_host: spider.example.com ipa_pass: Passw0rd! state: present zone_name: example.com allowsyncptr: true
state: choices: - absent - present default: present description: State to ensure required: false type: str ipa_host: default: ipa.example.com description: - IP or hostname of IPA server. - If the value is not specified in the task, the value of environment variable E(IPA_HOST) will be used instead. - If both the environment variable E(IPA_HOST) and the value are not specified in the task, then DNS will be used to try to discover the FreeIPA server. - The relevant entry needed in FreeIPA is the C(ipa-ca) entry. - If neither the DNS entry, nor the environment E(IPA_HOST), nor the value are available in the task, then the default value will be used. type: str ipa_pass: description: - Password of administrative user. - If the value is not specified in the task, the value of environment variable E(IPA_PASS) will be used instead. - Note that if the C(urllib_gssapi) library is available, it is possible to use GSSAPI to authenticate to FreeIPA. - If the environment variable E(KRB5CCNAME) is available, the module will use this kerberos credentials cache to authenticate to the FreeIPA server. - If the environment variable E(KRB5_CLIENT_KTNAME) is available, and E(KRB5CCNAME) is not; the module will use this kerberos keytab to authenticate. - If GSSAPI is not available, the usage of O(ipa_pass) is required. type: str ipa_port: default: 443 description: - Port of FreeIPA / IPA server. - If the value is not specified in the task, the value of environment variable E(IPA_PORT) will be used instead. - If both the environment variable E(IPA_PORT) and the value are not specified in the task, then default value is set. type: int ipa_prot: choices: - http - https default: https description: - Protocol used by IPA server. - If the value is not specified in the task, the value of environment variable E(IPA_PROT) will be used instead. - If both the environment variable E(IPA_PROT) and the value are not specified in the task, then default value is set. type: str ipa_user: default: admin description: - Administrative account used on IPA server. - If the value is not specified in the task, the value of environment variable E(IPA_USER) will be used instead. - If both the environment variable E(IPA_USER) and the value are not specified in the task, then default value is set. type: str zone_name: description: - The DNS zone name to which needs to be managed. required: true type: str ipa_timeout: default: 10 description: - Specifies idle timeout (in seconds) for the connection. - For bulk operations, you may want to increase this in order to avoid timeout from IPA server. - If the value is not specified in the task, the value of environment variable E(IPA_TIMEOUT) will be used instead. - If both the environment variable E(IPA_TIMEOUT) and the value are not specified in the task, then default value is set. type: int allowsyncptr: default: false description: Allow synchronization of forward and reverse records in the zone. type: bool version_added: 4.3.0 version_added_collection: community.general dynamicupdate: default: false description: Apply dynamic update to zone. type: bool validate_certs: default: true description: - This only applies if O(ipa_prot) is V(https). - If set to V(false), the SSL certificates will not be validated. - This should only set to V(false) used on personally controlled sites using self-signed certificates. type: bool
zone: description: DNS zone as returned by IPA API. returned: always type: dict