Try SpotterSetup CA
Authors: Thomas Woerner (@t-woerner)
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1
collections:
- name: freeipa.ansible_freeipa
version: 1.11.1Setup CA
idmax:
description: The max value for the IDs range (default idstart+199999)
required: true
type: int
realm:
description: Kerberos realm name of the IPA deployment
required: true
type: str
domain:
description: Primary DNS domain of the IPA deployment
required: true
type: str
idstart:
description: The starting value for the IDs range (default random)
required: true
type: int
hostname:
description: Fully qualified name of this host
required: false
type: str
password:
description: Admin user kerberos password
required: true
type: str
setup_ca:
default: false
description: Configure a dogtag CA
required: false
type: bool
no_pkinit:
default: false
description: Disable pkinit setup steps
required: false
type: bool
setup_dns:
default: false
description: Configure bind with our zone
required: false
type: bool
setup_kra:
default: false
description: Configure a dogtag KRA
required: false
type: bool
ca_subject:
description: The installer ca_subject setting
required: false
type: str
no_reverse:
default: false
description: Do not create new reverse DNS zone
required: false
type: bool
_ca_subject:
description: The installer _ca_subject setting
required: false
type: str
dm_password:
description: Directory Manager password
required: true
type: str
domainlevel:
description: The domain level
required: false
type: int
external_ca:
default: false
description: External ca setting
required: false
type: bool
no_host_dns:
default: false
description: Do not use DNS for hostname lookup during installation
required: false
type: bool
ip_addresses:
description: List of Master Server IP Addresses
elements: str
required: false
type: list
subject_base:
description: The certificate subject base (default O=<realm-name>). RDNs are in LDAP
order (most specific RDN first).
required: false
type: str
_http_ca_cert:
description: The installer _http_ca_cert setting
required: false
type: str
_subject_base:
description: The installer _subject_base setting
required: false
type: str
no_hbac_allow:
default: false
description: Don't install allow_all HBAC rule
required: false
type: bool
reverse_zones:
description: The reverse DNS zones to use
elements: str
required: false
type: list
setup_adtrust:
default: false
description: Configure AD trust capability
required: false
type: bool
auto_forwarders:
default: false
description: Use DNS forwarders configured in /etc/resolv.conf
required: false
type: bool
master_password:
description: kerberos master password (normally autogenerated)
required: true
type: str
external_ca_type:
description: Type of the external CA
required: false
type: str
dirsrv_cert_files:
description: Files containing the Directory Server SSL certificate and private key
elements: str
required: false
type: list
dirsrv_config_file:
description: The path to LDIF file that will be used to modify configuration of dse.ldif
during installation of the directory server instance
required: false
type: str
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
elements: str
required: false
type: list
external_ca_profile:
description: Specify the certificate profile/template to use at the external CA
required: false
type: str
external_cert_files:
description: File containing the IPA CA certificate and the external CA certificate
chain
elements: str
required: false
type: list
pki_config_override:
description: Path to ini file with config overrides
required: false
type: str
ca_signing_algorithm:
description: Signing algorithm of the IPA CA certificate
required: false
type: str
_random_serial_numbers:
description: The installer _random_serial_numbers setting
required: true
type: bool