freeipa.ansible_freeipa.ipagroup (1.11.1) — module

Manage FreeIPA groups

Authors: Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Manage FreeIPA groups

Usage examples

2
  • Hint
    Parameter 'gidnumber' is an alias for parameter 'gid' in module 'freeipa.ansible_freeipa.ipagroup'.
  • Hint
    Tasks should always be named using the name parameter.
# Create group ops with gid 1234
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: ops
    gidnumber: 1234
1
  • Hint
    Tasks should always be named using the name parameter.
# Create group sysops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops
1
  • Hint
    Tasks should always be named using the name parameter.
# Create group appops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: appops
2
  • Hint
    Parameter 'groups[0].gidnumber' is an alias for parameter 'gid' in module 'freeipa.ansible_freeipa.ipagroup'.
  • Hint
    Tasks should always be named using the name parameter.
# Create multiple groups ops, sysops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    groups:
    - name: ops
      gidnumber: 1234
    - name: sysops
1
  • Hint
    Tasks should always be named using the name parameter.
# Add user member pinky to group sysops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops
    action: member
    user:
    - pinky
1
  • Hint
    Tasks should always be named using the name parameter.
# Add user member brain to group sysops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops
    action: member
    user:
    - brain
1
  • Hint
    Tasks should always be named using the name parameter.
# Add group members sysops and appops to group ops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: ops
    group:
    - sysops
    - appops
1
  • Hint
    Tasks should always be named using the name parameter.
# Add user and group members to groups sysops and appops
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    groups:
    - name: sysops
      user:
        - user1
    - name: appops
      group:
        - group2
1
  • Hint
    Tasks should always be named using the name parameter.
# Create a non-POSIX group
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: nongroup
    nonposix: yes
1
  • Hint
    Tasks should always be named using the name parameter.
# Turn a non-POSIX group into a POSIX group.
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: nonposix
    posix: yes
1
  • Hint
    Tasks should always be named using the name parameter.
# Create an external group and add members from a trust to it.
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: extgroup
    external: yes
    externalmember:
    - WINIPA\Web Users
    - WINIPA\Developers
1
  • Hint
    Tasks should always be named using the name parameter.
# Create multiple non-POSIX and external groups
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    groups:
    - name: nongroup
      nonposix: true
    - name: extgroup
      external: true
1
  • Hint
    Tasks should always be named using the name parameter.
# Remove groups sysops, appops, ops and nongroup
- freeipa.ansible_freeipa.ipagroup:
    ipaadmin_password: SomeADMINpassword
    name: sysops,appops,ops, nongroup
    state: absent

Inputs

    
gid:
    aliases:
    - gidnumber
    description: The GID
    required: false
    type: int

name:
    aliases:
    - cn
    description: The group name
    elements: str
    required: false
    type: list

user:
    description: List of user names assigned to this group.
    elements: str
    required: false
    type: list

group:
    description: List of group names assigned to this group.
    elements: str
    required: false
    type: list

posix:
    description: Create a non-POSIX group or change a non-POSIX to a posix group.
    required: false
    type: bool

state:
    choices:
    - present
    - absent
    default: present
    description: State to ensure
    type: str

action:
    choices:
    - member
    - group
    default: group
    description: Work on group or member level
    type: str

groups:
    description: The list of group dicts (internally gid).
    elements: dict
    suboptions:
      description:
        description: The group description
        required: false
        type: str
      external:
        description: Allow adding external non-IPA members from trusted domains
        required: false
        type: bool
      externalmember:
        aliases:
        - ipaexternalmember
        - external_member
        description:
        - List of members of a trusted domain in DOM\name or name@domain form.
        elements: str
        required: false
        type: list
      gid:
        aliases:
        - gidnumber
        description: The GID
        required: false
        type: int
      group:
        description: List of group names assigned to this group.
        elements: str
        required: false
        type: list
      idoverrideuser:
        description:
        - User ID overrides to add
        elements: str
        required: false
        type: list
      membermanager_group:
        description:
        - List of member manager groups assigned to this group.
        - Only usable with IPA versions 4.8.4 and up.
        elements: str
        required: false
        type: list
      membermanager_user:
        description:
        - List of member manager users assigned to this group.
        - Only usable with IPA versions 4.8.4 and up.
        elements: str
        required: false
        type: list
      name:
        aliases:
        - cn
        description: The group (internally gid).
        required: true
        type: str
      nomembers:
        description: Suppress processing of membership attributes
        required: false
        type: bool
      nonposix:
        description: Create as a non-POSIX group
        required: false
        type: bool
      posix:
        description: Create a non-POSIX group or change a non-POSIX to a posix group.
        required: false
        type: bool
      service:
        description:
        - List of service names assigned to this group.
        - Only usable with IPA versions 4.7 and up.
        elements: str
        required: false
        type: list
      user:
        description: List of user names assigned to this group.
        elements: str
        required: false
        type: list
    type: list

service:
    description:
    - List of service names assigned to this group.
    - Only usable with IPA versions 4.7 and up.
    elements: str
    required: false
    type: list

external:
    description: Allow adding external non-IPA members from trusted domains
    required: false
    type: bool

nonposix:
    description: Create as a non-POSIX group
    required: false
    type: bool

nomembers:
    description: Suppress processing of membership attributes
    required: false
    type: bool

description:
    description: The group description
    required: false
    type: str

externalmember:
    aliases:
    - ipaexternalmember
    - external_member
    description:
    - List of members of a trusted domain in DOM\name or name@domain form.
    elements: str
    required: false
    type: list

idoverrideuser:
    description:
    - User ID overrides to add
    elements: str
    required: false
    type: list

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str

membermanager_user:
    description:
    - List of member manager users assigned to this group.
    - Only usable with IPA versions 4.8.4 and up.
    elements: str
    required: false
    type: list

membermanager_group:
    description:
    - List of member manager groups assigned to this group.
    - Only usable with IPA versions 4.8.4 and up.
    elements: str
    required: false
    type: list