Try SpotterPrepare ipa replica installation
Authors: Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Prepare ipa replica installation: Create IPA configuration file, run install checks again and also update the host name and the hosts file if needed. The tests and also the results from ipareplica_test are needed.
realm:
description: Kerberos realm name of the IPA deployment
required: false
type: str
domain:
description: Primary DNS domain of the IPA deployment
required: false
type: str
keytab:
description: Path to backed up keytab from previous enrollment
required: false
type: str
no_ntp:
description: Do not configure ntp
required: false
type: bool
no_ssh:
description: Do not configure OpenSSH client
required: false
type: bool
server:
description: Fully qualified name of IPA server to enroll to
required: true
type: str
no_sshd:
description: Do not configure OpenSSH server
required: false
type: bool
hostname:
description: Fully qualified name of this host
required: false
type: str
http_pin:
description: The password to unlock the Apache Server private key
required: false
type: str
password:
description: Admin user kerberos password
required: false
type: str
rid_base:
default: 1000
description: Start value for mapping UIDs and GIDs to RIDs
required: false
type: int
setup_ca:
description: Configure a dogtag CA
required: false
type: bool
mkhomedir:
description: Create home directories for users on their first login
required: false
type: bool
principal:
description: User Principal allowed to promote replicas and join IPA realm
required: true
type: str
setup_dns:
description: Configure bind with our zone
required: false
type: bool
setup_kra:
description: Configure a dogtag KRA
required: false
type: bool
dirsrv_pin:
description: The password to unlock the Directory Server private key
required: false
type: str
force_join:
description: Force client enrollment even if already enrolled
required: false
type: bool
forwarders:
description: Add DNS forwarders
elements: str
required: false
type: list
no_reverse:
default: false
description: Do not create new reverse DNS zone
required: false
type: bool
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
required: false
type: str
dm_password:
description: Directory Manager password
required: false
type: str
no_host_dns:
default: false
description: Do not use DNS for hostname lookup during installation
required: false
type: bool
auto_reverse:
default: false
description: Create necessary reverse zones
required: false
type: bool
ip_addresses:
description: List of Master Server IP Addresses
elements: str
required: false
type: list
netbios_name:
description: NetBIOS name of the IPA domain
required: false
type: str
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: false
type: bool
ca_cert_files:
description: List of files containing CA certificates for the service certificate
files
elements: str
required: false
type: list
enable_compat:
default: false
description: Enable support for trusted domains for old clients
required: false
type: bool
no_forwarders:
default: false
description: Do not add any DNS forwarders, use root servers instead
required: false
type: bool
reverse_zones:
description: The reverse DNS zones to use
elements: str
required: false
type: list
setup_adtrust:
description: Configure AD trust capability
required: false
type: bool
ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
required: false
type: bool
forward_policy:
choices:
- first
- only
description: DNS forwarding policy for global forwarders
required: false
type: str
http_cert_name:
description: Name of the Apache Server SSL certificate to install
required: false
type: str
skip_conncheck:
description: Skip connection check to remote master
required: false
type: bool
auto_forwarders:
default: false
description: Use DNS forwarders configured in /etc/resolv.conf
required: false
type: bool
http_cert_files:
description: File containing the Apache Server SSL certificate and private key
elements: str
required: false
type: list
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
required: false
type: str
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
required: false
type: str
dirsrv_cert_files:
description: Files containing the Directory Server SSL certificate and private key
elements: str
required: false
type: list
pkinit_cert_files:
description: File containing the Kerberos KDC SSL certificate and private key
elements: str
required: false
type: list
allow_zone_overlap:
default: false
description: Create DNS zone even if it already exists
required: false
type: bool
secondary_rid_base:
default: 100000000
description: Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: false
type: int
no_dnssec_validation:
default: false
description: Disable DNSSEC validation
required: false
type: bool
sid_generation_always:
default: false
description: Enable SID generation always
required: false
type: bool