Try SpotterPrepare IPA server deployment
Authors: Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Prepare IPA server deployment
force:
default: false
description: Installer force parameter
required: false
type: bool
realm:
description: Kerberos realm name of the IPA deployment
required: true
type: str
domain:
description: Primary DNS domain of the IPA deployment
required: true
type: str
hostname:
description: Fully qualified name of this host
required: false
type: str
password:
description: Admin user kerberos password
required: true
type: str
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
required: false
type: int
setup_ca:
default: false
description: Configure a dogtag CA
required: false
type: bool
setup_dns:
default: false
description: Configure bind with our zone
required: false
type: bool
setup_kra:
default: false
description: Configure a dogtag KRA
required: false
type: bool
ca_subject:
description: The installer ca_subject setting
required: false
type: str
forwarders:
description: Add DNS forwarders
elements: str
required: false
type: list
no_reverse:
default: false
description: Do not create new reverse DNS zone
required: false
type: bool
dm_password:
description: Directory Manager password
required: true
type: str
external_ca:
description: External ca setting
required: false
type: bool
no_host_dns:
default: false
description: Do not use DNS for hostname lookup during installation
required: false
type: bool
auto_reverse:
default: false
description: Create necessary reverse zones
required: false
type: bool
ip_addresses:
description: List of Master Server IP Addresses
elements: str
required: false
type: list
netbios_name:
description: NetBIOS name of the IPA domain
required: false
type: str
subject_base:
description: The certificate subject base (default O=<realm-name>). RDNs are in LDAP
order (most specific RDN first).
required: false
type: str
ca_cert_files:
description: List of files containing CA certificates for the service certificate
files
elements: str
required: false
type: list
enable_compat:
default: false
description: Enable support for trusted domains for old clients
required: false
type: bool
no_forwarders:
default: false
description: Do not add any DNS forwarders, use root servers instead
required: false
type: bool
reverse_zones:
description: The reverse DNS zones to use
elements: str
required: false
type: list
setup_adtrust:
default: false
description: Configure AD trust capability
required: false
type: bool
forward_policy:
choices:
- first
- only
description: DNS forwarding policy for global forwarders
required: false
type: str
auto_forwarders:
default: false
description: Use DNS forwarders configured in /etc/resolv.conf
required: false
type: bool
external_ca_type:
description: Type of the external CA
required: false
type: str
allow_zone_overlap:
default: false
description: Create DNS zone even if it already exists
required: false
type: bool
secondary_rid_base:
description: Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: false
type: int
external_ca_profile:
description: Specify the certificate profile/template to use at the external CA
required: false
type: str
external_cert_files:
description: File containing the IPA CA certificate and the external CA certificate
chain
elements: str
required: false
type: list
_hostname_overridden:
default: false
description: The installer _hostname_overridden setting
required: false
type: bool
no_dnssec_validation:
default: false
description: Disable DNSSEC validation
required: false
type: bool
random_serial_numbers:
default: false
description: Enable random serial numbers
required: false
type: bool
sid_generation_always:
default: false
description: Enable SID generation always
required: false
type: bool