freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipaclient_setup_nss Create IPA client NSS database Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipaclient_setup_nss (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Create IPA NSS database
- name: Create IPA client NSS database freeipa.ansible_freeipa.ipaclient_setup_nss: servers: ["server1.example.com","server2.example.com"] domain: example.com realm: EXAMPLE.COM basedn: dc=example,dc=com hostname: client1.example.com subject_base: O=EXAMPLE.COM principal: admin ca_enabled: yes krb_name: /tmp/tmpkrb5.conf
dnsok: default: false description: The installer dnsok setting required: false type: bool realm: description: Kerberos realm name of the IPA deployment required: true type: str subid: description: Configure SSSD as data source for subid required: false type: bool basedn: description: The basedn of the IPA server (of the form dc=example,dc=com) required: true type: str domain: description: Primary DNS domain of the IPA deployment required: true type: str no_ssh: description: Do not configure OpenSSH client required: false type: bool permit: description: Disable access rules by default, permit all access required: false type: bool no_sshd: description: Do not configure OpenSSH server required: false type: bool no_sudo: description: Do not configure SSSD as data source for sudo required: false type: bool servers: description: Fully qualified name of IPA servers to enroll to elements: str required: true type: list hostname: description: Fully qualified name of this host required: true type: str krb_name: description: The krb5 config file name required: true type: str mkhomedir: description: Create home directories for users on their first login required: false type: bool on_master: description: Whether the configuration is done on the master or not required: false type: bool principal: description: User Principal allowed to promote replicas and join IPA realm required: false type: str ca_enabled: description: Whether the Certificate Authority is enabled or not required: true type: bool ip_addresses: description: List of Master Server IP Addresses elements: str required: false type: list no_dns_sshfp: default: false description: Do not automatically create DNS SSHFP records required: false type: bool nosssd_files: description: 'The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled ' required: true type: dict request_cert: default: false description: Request certificate for the machine required: false type: bool subject_base: description: 'The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (most specific RDN first). ' required: true type: str fixed_primary: description: Configure sssd to use fixed server as primary IPA server required: false type: bool preserve_sssd: description: Preserve old SSSD configuration if possible required: false type: bool all_ip_addresses: default: false description: 'All routable IP addresses configured on any interface will be added to DNS ' required: false type: bool enable_dns_updates: description: 'Configures the machine to attempt dns updates when the ip address changes ' required: false type: bool no_krb5_offline_passwords: description: Configure SSSD not to store user password when the server is offline required: false type: bool