freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipareplica_prepare Prepare ipa replica installation Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipareplica_prepare (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Prepare ipa replica installation: Create IPA configuration file, run install checks again and also update the host name and the hosts file if needed. The tests and also the results from ipareplica_test are needed.
realm: description: Kerberos realm name of the IPA deployment required: false type: str domain: description: Primary DNS domain of the IPA deployment required: false type: str keytab: description: Path to backed up keytab from previous enrollment required: false type: str no_ntp: description: Do not configure ntp required: false type: bool no_ssh: description: Do not configure OpenSSH client required: false type: bool server: description: Fully qualified name of IPA server to enroll to required: true type: str no_sshd: description: Do not configure OpenSSH server required: false type: bool hostname: description: Fully qualified name of this host required: false type: str http_pin: description: The password to unlock the Apache Server private key required: false type: str password: description: Admin user kerberos password required: false type: str rid_base: default: 1000 description: Start value for mapping UIDs and GIDs to RIDs required: false type: int setup_ca: description: Configure a dogtag CA required: false type: bool mkhomedir: description: Create home directories for users on their first login required: false type: bool principal: description: User Principal allowed to promote replicas and join IPA realm required: true type: str setup_dns: description: Configure bind with our zone required: false type: bool setup_kra: description: Configure a dogtag KRA required: false type: bool dirsrv_pin: description: The password to unlock the Directory Server private key required: false type: str force_join: description: Force client enrollment even if already enrolled required: false type: bool forwarders: description: Add DNS forwarders elements: str required: false type: list no_reverse: default: false description: Do not create new reverse DNS zone required: false type: bool pkinit_pin: description: The password to unlock the Kerberos KDC private key required: false type: str dm_password: description: Directory Manager password required: false type: str no_host_dns: default: false description: Do not use DNS for hostname lookup during installation required: false type: bool auto_reverse: default: false description: Create necessary reverse zones required: false type: bool ip_addresses: description: List of Master Server IP Addresses elements: str required: false type: list netbios_name: description: NetBIOS name of the IPA domain required: false type: str no_dns_sshfp: description: Do not automatically create DNS SSHFP records required: false type: bool ca_cert_files: description: List of files containing CA certificates for the service certificate files elements: str required: false type: list enable_compat: default: false description: Enable support for trusted domains for old clients required: false type: bool no_forwarders: default: false description: Do not add any DNS forwarders, use root servers instead required: false type: bool reverse_zones: description: The reverse DNS zones to use elements: str required: false type: list setup_adtrust: description: Configure AD trust capability required: false type: bool ssh_trust_dns: description: Configure OpenSSH client to trust DNS SSHFP records required: false type: bool forward_policy: choices: - first - only description: DNS forwarding policy for global forwarders required: false type: str http_cert_name: description: Name of the Apache Server SSL certificate to install required: false type: str skip_conncheck: description: Skip connection check to remote master required: false type: bool auto_forwarders: default: false description: Use DNS forwarders configured in /etc/resolv.conf required: false type: bool http_cert_files: description: File containing the Apache Server SSL certificate and private key elements: str required: false type: list dirsrv_cert_name: description: Name of the Directory Server SSL certificate to install required: false type: str pkinit_cert_name: description: Name of the Kerberos KDC SSL certificate to install required: false type: str dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key elements: str required: false type: list pkinit_cert_files: description: File containing the Kerberos KDC SSL certificate and private key elements: str required: false type: list allow_zone_overlap: default: false description: Create DNS zone even if it already exists required: false type: bool secondary_rid_base: default: 100000000 description: Start value of the secondary range for mapping UIDs and GIDs to RIDs required: false type: int no_dnssec_validation: default: false description: Disable DNSSEC validation required: false type: bool sid_generation_always: default: false description: Enable SID generation always required: false type: bool