freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipaclient_test_keytab Test if the krb5.keytab on the machine is valid and can be used. Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipaclient_test_keytab (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Test if the krb5.keytab on the machine is valid and can be used. A temporary krb5.conf file will be generated to not fail on an invalid one.
# Test IPA with local keytab - name: Test IPA in force mode with maximum 5 kinit attempts freeipa.ansible_freeipa.ipaclient_test_keytab: servers: ["server1.example.com","server2.example.com"] domain: example.com realm: EXAMPLE.COM kdc: server1.example.com hostname: client1.example.com kinit_attempts: 5
# Test IPA with ipadiscovery return values - name: Join IPA freeipa.ansible_freeipa.ipaclient_test_keytab: servers: "{{ ipadiscovery.servers }}" domain: "{{ ipadiscovery.domain }}" realm: "{{ ipadiscovery.realm }}" kdc: "{{ ipadiscovery.kdc }}" hostname: "{{ ipadiscovery.hostname }}"
kdc: description: The name or address of the host running the KDC required: true type: str realm: description: Kerberos realm name of the IPA deployment required: true type: str domain: description: Primary DNS domain of the IPA deployment required: true type: str servers: description: Fully qualified name of IPA servers to enroll to elements: str required: true type: list hostname: description: Fully qualified name of this host required: true type: str kinit_attempts: default: 5 description: Repeat the request for host Kerberos ticket X times type: int
ca_crt_exists: description: The flag describes if ca.crt exists. returned: always type: str krb5_conf_ok: description: The flag describes if krb5.conf on the host is usable. returned: always type: bool krb5_keytab_ok: description: The flag describes if krb5.keytab on the host is usable. returned: always type: bool ping_test_ok: description: The flag describes if ipa ping test succeded. returned: always type: bool