Try SpotterCreate IPA client NSS database
Authors: Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Create IPA NSS database
- name: Create IPA client NSS database
freeipa.ansible_freeipa.ipaclient_setup_nss:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
basedn: dc=example,dc=com
hostname: client1.example.com
subject_base: O=EXAMPLE.COM
principal: admin
ca_enabled: yes
krb_name: /tmp/tmpkrb5.conf
dnsok:
default: false
description: The installer dnsok setting
required: false
type: bool
realm:
description: Kerberos realm name of the IPA deployment
required: true
type: str
subid:
description: Configure SSSD as data source for subid
required: false
type: bool
basedn:
description: The basedn of the IPA server (of the form dc=example,dc=com)
required: true
type: str
domain:
description: Primary DNS domain of the IPA deployment
required: true
type: str
no_ssh:
description: Do not configure OpenSSH client
required: false
type: bool
permit:
description: Disable access rules by default, permit all access
required: false
type: bool
no_sshd:
description: Do not configure OpenSSH server
required: false
type: bool
no_sudo:
description: Do not configure SSSD as data source for sudo
required: false
type: bool
servers:
description: Fully qualified name of IPA servers to enroll to
elements: str
required: true
type: list
hostname:
description: Fully qualified name of this host
required: true
type: str
krb_name:
description: The krb5 config file name
required: true
type: str
mkhomedir:
description: Create home directories for users on their first login
required: false
type: bool
on_master:
description: Whether the configuration is done on the master or not
required: false
type: bool
principal:
description: User Principal allowed to promote replicas and join IPA realm
required: false
type: str
ca_enabled:
description: Whether the Certificate Authority is enabled or not
required: true
type: bool
ip_addresses:
description: List of Master Server IP Addresses
elements: str
required: false
type: list
no_dns_sshfp:
default: false
description: Do not automatically create DNS SSHFP records
required: false
type: bool
nosssd_files:
description: 'The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
'
required: true
type: dict
request_cert:
default: false
description: Request certificate for the machine
required: false
type: bool
subject_base:
description: 'The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
'
required: true
type: str
fixed_primary:
description: Configure sssd to use fixed server as primary IPA server
required: false
type: bool
preserve_sssd:
description: Preserve old SSSD configuration if possible
required: false
type: bool
all_ip_addresses:
default: false
description: 'All routable IP addresses configured on any interface will be added
to DNS
'
required: false
type: bool
enable_dns_updates:
description: 'Configures the machine to attempt dns updates when the ip address
changes
'
required: false
type: bool
no_krb5_offline_passwords:
description: Configure SSSD not to store user password when the server is offline
required: false
type: bool