freeipa.ansible_freeipa.ipaclient_setup_nss (1.11.1) — module

Create IPA client NSS database

Authors: Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Create IPA NSS database

Usage examples

1
  • Error
    'nosssd_files' is a required parameter in module 'freeipa.ansible_freeipa.ipaclient_setup_nss'.
- name: Create IPA client NSS database
  freeipa.ansible_freeipa.ipaclient_setup_nss:
    servers: ["server1.example.com","server2.example.com"]
    domain: example.com
    realm: EXAMPLE.COM
    basedn: dc=example,dc=com
    hostname: client1.example.com
    subject_base: O=EXAMPLE.COM
    principal: admin
    ca_enabled: yes
    krb_name: /tmp/tmpkrb5.conf

Inputs

    
dnsok:
    default: false
    description: The installer dnsok setting
    required: false
    type: bool

realm:
    description: Kerberos realm name of the IPA deployment
    required: true
    type: str

subid:
    description: Configure SSSD as data source for subid
    required: false
    type: bool

basedn:
    description: The basedn of the IPA server (of the form dc=example,dc=com)
    required: true
    type: str

domain:
    description: Primary DNS domain of the IPA deployment
    required: true
    type: str

no_ssh:
    description: Do not configure OpenSSH client
    required: false
    type: bool

permit:
    description: Disable access rules by default, permit all access
    required: false
    type: bool

no_sshd:
    description: Do not configure OpenSSH server
    required: false
    type: bool

no_sudo:
    description: Do not configure SSSD as data source for sudo
    required: false
    type: bool

servers:
    description: Fully qualified name of IPA servers to enroll to
    elements: str
    required: true
    type: list

hostname:
    description: Fully qualified name of this host
    required: true
    type: str

krb_name:
    description: The krb5 config file name
    required: true
    type: str

mkhomedir:
    description: Create home directories for users on their first login
    required: false
    type: bool

on_master:
    description: Whether the configuration is done on the master or not
    required: false
    type: bool

principal:
    description: User Principal allowed to promote replicas and join IPA realm
    required: false
    type: str

ca_enabled:
    description: Whether the Certificate Authority is enabled or not
    required: true
    type: bool

ip_addresses:
    description: List of Master Server IP Addresses
    elements: str
    required: false
    type: list

no_dns_sshfp:
    default: false
    description: Do not automatically create DNS SSHFP records
    required: false
    type: bool

nosssd_files:
    description: 'The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled

      '
    required: true
    type: dict

request_cert:
    default: false
    description: Request certificate for the machine
    required: false
    type: bool

subject_base:
    description: 'The certificate subject base (default O=<realm-name>).

      RDNs are in LDAP order (most specific RDN first).

      '
    required: true
    type: str

fixed_primary:
    description: Configure sssd to use fixed server as primary IPA server
    required: false
    type: bool

preserve_sssd:
    description: Preserve old SSSD configuration if possible
    required: false
    type: bool

all_ip_addresses:
    default: false
    description: 'All routable IP addresses configured on any interface will be added

      to DNS

      '
    required: false
    type: bool

enable_dns_updates:
    description: 'Configures the machine to attempt dns updates when the ip address

      changes

      '
    required: false
    type: bool

no_krb5_offline_passwords:
    description: Configure SSSD not to store user password when the server is offline
    required: false
    type: bool