XLAB Steampunk logo Try Spotter
 / home / freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipaclient_join

freeipa.ansible_freeipa.ipaclient_join (1.11.1) — module

Join a machine to an IPA realm and get a keytab for the host service principal

Authors: Thomas Woerner (@t-woerner)

preview | supported by community

Install collection | Add to requirements.yml | Description | Usage examples | Inputs | Outputs

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Join a machine to an IPA realm and get a keytab for the host service principal

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
# Join IPA to get the keytab
- name: Join IPA in force mode with maximum 5 kinit attempts
  freeipa.ansible_freeipa.ipaclient_join:
    servers: ["server1.example.com","server2.example.com"]
    realm: EXAMPLE.COM
    basedn: dc=example,dc=com
    hostname: client1.example.com
    principal: admin
    password: MySecretPassword
    force_join: yes
    kinit_attempts: 5
    krb_name: /tmp/tmpkrb5.conf
Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
# Join IPA to get the keytab using ipadiscovery return values
- name: Join IPA
  freeipa.ansible_freeipa.ipaclient_join:
    servers: "{{ ipadiscovery.servers }}"
    realm: "{{ ipadiscovery.realm }}"
    basedn: "{{ ipadiscovery.basedn }}"
    hostname: "{{ ipadiscovery.hostname }}"
    principal: admin
    password: MySecretPassword
    krb_name: /tmp/tmpkrb5.conf

Inputs

    
debug:
    description: Turn on extra debugging
    required: false
    type: bool

realm:
    description: Kerberos realm name of the IPA deployment
    required: true
    type: str

basedn:
    description: The basedn of the IPA server (of the form dc=example,dc=com)
    required: true
    type: str

keytab:
    description: Path to backed up keytab from previous enrollment
    required: false
    type: str

servers:
    description: Fully qualified name of IPA servers to enroll to
    elements: str
    required: true
    type: list

hostname:
    description: Fully qualified name of this host
    required: true
    type: str

krb_name:
    description: The krb5 config file name
    required: true
    type: str

password:
    description: Admin user kerberos password
    required: false
    type: str

principal:
    description: User Principal allowed to promote replicas and join IPA realm
    required: false
    type: str

force_join:
    description: Force client enrollment even if already enrolled
    required: false
    type: bool

admin_keytab:
    description: The path to a local admin keytab
    required: false
    type: str

ca_cert_file:
    description: A CA certificate to use. Do not acquire the IPA CA certificate via automated
      means
    required: false
    type: str

kinit_attempts:
    default: 5
    description: Repeat the request for host Kerberos ticket X times
    required: false
    type: int

Outputs

already_joined:
  description: The flag describes if the host is arelady joined.
  returned: always
  type: bool
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy