freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipahost Manage FreeIPA hosts Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipahost (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Manage FreeIPA hosts
# Ensure host is present - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com description: Example host ip_address: 192.168.0.123 locality: Lab ns_host_location: Lab ns_os_version: CentOS 7 ns_hardware_platform: Lenovo T61 mac_address: - "08:00:27:E3:B1:2D" - "52:54:00:BD:97:1E" state: present
# Ensure host is present without DNS - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host02.example.com description: Example host force: yes
# Ensure multiple hosts are present with random passwords - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword hosts: - name: host01.example.com random: yes - name: host02.example.com random: yes
# Initiate generation of a random password for the host - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com description: Example host ip_address: 192.168.0.123 random: yes
# Ensure multiple hosts are present with principals - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword hosts: - name: host01.example.com principal: - host/testhost01.example.com - name: host02.example.com principal: - host/myhost01.example.com action: member
# Ensure host is disabled - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com update_dns: yes state: disabled
# Ensure host is absent - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com state: absent
os: aliases: - ns_os_version description: Host operating system and version (e.g. "Fedora 9") required: false type: str name: aliases: - fqdn description: The full qualified domain name. elements: str required: false type: list force: description: Force host name even if not in DNS required: false type: bool hosts: description: The list of host dicts elements: dict required: false suboptions: allow_create_keytab_group: aliases: - ipaallowedtoperform_write_keys_group description: Groups allowed to create a keytab of this host elements: str required: false type: list allow_create_keytab_host: aliases: - ipaallowedtoperform_write_keys_host description: Hosts allowed to create a keytab of this host elements: str required: false type: list allow_create_keytab_hostgroup: aliases: - ipaallowedtoperform_write_keys_hostgroup description: Hostgroups allowed to create a keytab of this host elements: str required: false type: list allow_create_keytab_user: aliases: - ipaallowedtoperform_write_keys_user description: Users allowed to create a keytab of this host elements: str required: false type: list allow_retrieve_keytab_group: aliases: - ipaallowedtoperform_read_keys_group description: Groups allowed to retrieve a keytab of this host elements: str required: false type: list allow_retrieve_keytab_host: aliases: - ipaallowedtoperform_read_keys_host description: Hosts allowed to retrieve a keytab of this host elements: str required: false type: list allow_retrieve_keytab_hostgroup: aliases: - ipaallowedtoperform_read_keys_hostgroup description: Hostgroups allowed to retrieve a keytab of this host elements: str required: false type: list allow_retrieve_keytab_user: aliases: - ipaallowedtoperform_read_keys_user description: Users allowed to retrieve a keytab of this host elements: str required: false type: list auth_ind: aliases: - krbprincipalauthind choices: - radius - otp - pkinit - hardened - idp - '' description: Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA authentications. Other values may be used for custom configurations. Use empty string to reset auth_ind to the initial value. elements: str required: false type: list certificate: aliases: - usercertificate description: List of base-64 encoded host certificates elements: str required: false type: list description: description: The host description required: false type: str force: description: Force host name even if not in DNS required: false type: bool ip_address: aliases: - ipaddress description: The host IP address list (IPv4 and IPv6). No IP address conflict check will be done. elements: str required: false type: list locality: description: Host locality (e.g. "Baltimore, MD") required: false type: str location: aliases: - ns_host_location description: Host physical location hist (e.g. "Lab 2") required: false type: str mac_address: aliases: - macaddress description: List of hardware MAC addresses. elements: str required: false type: list managedby_host: description: List of hosts that can manage this host elements: str required: false type: list name: aliases: - fqdn description: The host (internally uid). required: true type: str ok_as_delegate: aliases: - ipakrbokasdelegate description: Client credentials may be delegated to the service required: false type: bool ok_to_auth_as_delegate: aliases: - ipakrboktoauthasdelegate description: The service is allowed to authenticate on behalf of a client required: false type: bool os: aliases: - ns_os_version description: Host operating system and version (e.g. "Fedora 9") required: false type: str password: aliases: - user_password - userpassword description: Password used in bulk enrollment required: false type: str platform: aliases: - ns_hardware_platform description: Host hardware platform (e.g. "Lenovo T61") required: false type: str principal: aliases: - principalname - krbprincipalname description: List of principal aliases for this host elements: str required: false type: list random: aliases: - random_password description: Initiate the generation of a random password to be used in bulk enrollment required: false type: bool requires_pre_auth: aliases: - ipakrbrequirespreauth description: Pre-authentication is required for the service required: false type: bool reverse: description: Reverse DNS detection required: false type: bool sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys elements: str required: false type: list update_dns: aliases: - updatedns description: Controls the update of the DNS SSHFP records for existing hosts and the removal of all DNS entries if a host gets removed with state absent. required: false type: bool userclass: aliases: - class description: Host category (semantics placed on this attribute are for local interpretation) elements: str required: false type: list type: list state: choices: - present - absent - disabled default: present description: State to ensure type: str action: choices: - member - host default: host description: Work on host or member level type: str random: aliases: - random_password description: Initiate the generation of a random password to be used in bulk enrollment required: false type: bool reverse: description: Reverse DNS detection required: false type: bool auth_ind: aliases: - krbprincipalauthind choices: - radius - otp - pkinit - hardened - idp - '' description: Defines an allow list for Authentication Indicators. Use 'otp' to allow OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA authentications. Other values may be used for custom configurations. Use empty string to reset auth_ind to the initial value. elements: str required: false type: list locality: description: Host locality (e.g. "Baltimore, MD") required: false type: str location: aliases: - ns_host_location description: Host location (e.g. "Lab 2") required: false type: str password: aliases: - user_password - userpassword description: Password used in bulk enrollment required: false type: str platform: aliases: - ns_hardware_platform description: Host hardware platform (e.g. "Lenovo T61") required: false type: str principal: aliases: - principalname - krbprincipalname description: List of principal aliases for this host elements: str required: false type: list sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys elements: str required: false type: list userclass: aliases: - class description: Host category (semantics placed on this attribute are for local interpretation) elements: str required: false type: list ip_address: aliases: - ipaddress description: The host IP address list (IPv4 and IPv6). No IP address conflict check will be done. elements: str required: false type: list update_dns: aliases: - updatedns description: Controls the update of the DNS SSHFP records for existing hosts and the removal of all DNS entries if a host gets removed with state absent. required: false type: bool certificate: aliases: - usercertificate description: List of base-64 encoded host certificates elements: str required: false type: list description: description: The host description required: false type: str mac_address: aliases: - macaddress description: List of hardware MAC addresses. elements: str required: false type: list ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false type: str managedby_host: description: List of hosts that can manage this host elements: str required: false type: list ok_as_delegate: aliases: - ipakrbokasdelegate description: Client credentials may be delegated to the service required: false type: bool update_password: choices: - always - on_create description: Set password for a host in present state only on creation or always type: str ipaadmin_password: description: The admin password. required: false type: str ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool requires_pre_auth: aliases: - ipakrbrequirespreauth description: Pre-authentication is required for the service required: false type: bool ipaadmin_principal: default: admin description: The admin principal. type: str ok_to_auth_as_delegate: aliases: - ipakrboktoauthasdelegate description: The service is allowed to authenticate on behalf of a client required: false type: bool allow_create_keytab_host: aliases: - ipaallowedtoperform_write_keys_host description: Hosts allowed to create a keytab of this host elements: str required: false type: list allow_create_keytab_user: aliases: - ipaallowedtoperform_write_keys_user description: Users allowed to create a keytab of this host elements: str required: false type: list allow_create_keytab_group: aliases: - ipaallowedtoperform_write_keys_group description: Groups allowed to create a keytab of this host elements: str required: false type: list allow_retrieve_keytab_host: aliases: - ipaallowedtoperform_read_keys_host description: Hosts allowed to retrieve a keytab of this host elements: str required: false type: list allow_retrieve_keytab_user: aliases: - ipaallowedtoperform_read_keys_user description: Users allowed to retrieve a keytab of this host elements: str required: false type: list allow_retrieve_keytab_group: aliases: - ipaallowedtoperform_read_keys_group description: Groups allowed to retrieve a keytab of this host elements: str required: false type: list allow_create_keytab_hostgroup: aliases: - ipaallowedtoperform_write_keys_hostgroup description: Hostgroups allowed to create a keytab of this host elements: str required: false type: list allow_retrieve_keytab_hostgroup: aliases: - ipaallowedtoperform_read_keys_hostgroup description: Hostgroups allowed to retrieve a keytab of this host elements: str required: false type: list
host: contains: name: contains: randompassword: description: The generated random password returned: always type: str description: The host name of the host that got a new random password returned: 'If several hosts are handled by the module with the hosts parameter ' type: dict randompassword: description: The generated random password returned: 'If only one host is handled by the module without using hosts parameter ' type: str description: Host dict with random password returned: If random is yes and host did not exist or update_password is yes type: dict