freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipaclient_join Join a machine to an IPA realm and get a keytab for the host service principal Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipaclient_join (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Join a machine to an IPA realm and get a keytab for the host service principal
# Join IPA to get the keytab - name: Join IPA in force mode with maximum 5 kinit attempts freeipa.ansible_freeipa.ipaclient_join: servers: ["server1.example.com","server2.example.com"] realm: EXAMPLE.COM basedn: dc=example,dc=com hostname: client1.example.com principal: admin password: MySecretPassword force_join: yes kinit_attempts: 5 krb_name: /tmp/tmpkrb5.conf
# Join IPA to get the keytab using ipadiscovery return values - name: Join IPA freeipa.ansible_freeipa.ipaclient_join: servers: "{{ ipadiscovery.servers }}" realm: "{{ ipadiscovery.realm }}" basedn: "{{ ipadiscovery.basedn }}" hostname: "{{ ipadiscovery.hostname }}" principal: admin password: MySecretPassword krb_name: /tmp/tmpkrb5.conf
debug: description: Turn on extra debugging required: false type: bool realm: description: Kerberos realm name of the IPA deployment required: true type: str basedn: description: The basedn of the IPA server (of the form dc=example,dc=com) required: true type: str keytab: description: Path to backed up keytab from previous enrollment required: false type: str servers: description: Fully qualified name of IPA servers to enroll to elements: str required: true type: list hostname: description: Fully qualified name of this host required: true type: str krb_name: description: The krb5 config file name required: true type: str password: description: Admin user kerberos password required: false type: str principal: description: User Principal allowed to promote replicas and join IPA realm required: false type: str force_join: description: Force client enrollment even if already enrolled required: false type: bool admin_keytab: description: The path to a local admin keytab required: false type: str ca_cert_file: description: A CA certificate to use. Do not acquire the IPA CA certificate via automated means required: false type: str kinit_attempts: default: 5 description: Repeat the request for host Kerberos ticket X times required: false type: int
already_joined: description: The flag describes if the host is arelady joined. returned: always type: bool