freeipa / freeipa.ansible_freeipa / 1.11.1 / module / ipaserver_setup_ca Setup CA Authors: Thomas Woerner (@t-woerner) preview | supported by communityfreeipa.ansible_freeipa.ipaserver_setup_ca (1.11.1) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections: - name: freeipa.ansible_freeipa version: 1.11.1
Setup CA
idmax: description: The max value for the IDs range (default idstart+199999) required: true type: int realm: description: Kerberos realm name of the IPA deployment required: true type: str domain: description: Primary DNS domain of the IPA deployment required: true type: str idstart: description: The starting value for the IDs range (default random) required: true type: int hostname: description: Fully qualified name of this host required: false type: str password: description: Admin user kerberos password required: true type: str setup_ca: default: false description: Configure a dogtag CA required: false type: bool no_pkinit: default: false description: Disable pkinit setup steps required: false type: bool setup_dns: default: false description: Configure bind with our zone required: false type: bool setup_kra: default: false description: Configure a dogtag KRA required: false type: bool ca_subject: description: The installer ca_subject setting required: false type: str no_reverse: default: false description: Do not create new reverse DNS zone required: false type: bool _ca_subject: description: The installer _ca_subject setting required: false type: str dm_password: description: Directory Manager password required: true type: str domainlevel: description: The domain level required: false type: int external_ca: default: false description: External ca setting required: false type: bool no_host_dns: default: false description: Do not use DNS for hostname lookup during installation required: false type: bool ip_addresses: description: List of Master Server IP Addresses elements: str required: false type: list subject_base: description: The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (most specific RDN first). required: false type: str _http_ca_cert: description: The installer _http_ca_cert setting required: false type: str _subject_base: description: The installer _subject_base setting required: false type: str no_hbac_allow: default: false description: Don't install allow_all HBAC rule required: false type: bool reverse_zones: description: The reverse DNS zones to use elements: str required: false type: list setup_adtrust: default: false description: Configure AD trust capability required: false type: bool auto_forwarders: default: false description: Use DNS forwarders configured in /etc/resolv.conf required: false type: bool master_password: description: kerberos master password (normally autogenerated) required: true type: str external_ca_type: description: Type of the external CA required: false type: str dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key elements: str required: false type: list dirsrv_config_file: description: The path to LDIF file that will be used to modify configuration of dse.ldif during installation of the directory server instance required: false type: str _dirsrv_pkcs12_info: description: The installer _dirsrv_pkcs12_info setting elements: str required: false type: list external_ca_profile: description: Specify the certificate profile/template to use at the external CA required: false type: str external_cert_files: description: File containing the IPA CA certificate and the external CA certificate chain elements: str required: false type: list pki_config_override: description: Path to ini file with config overrides required: false type: str ca_signing_algorithm: description: Signing algorithm of the IPA CA certificate required: false type: str _random_serial_numbers: description: The installer _random_serial_numbers setting required: true type: bool