freeipa.ansible_freeipa.ipaservice (1.11.1) — module

Manage FreeIPA service

Authors: Rafael Guterres Jeffman (@rjeffman), Thomas Woerner (@t-woerner)

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.11.1


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.11.1

Description

Manage FreeIPA service

Usage examples

1
  • Hint
    Tasks should always be named using the name parameter.
  # Ensure service is present
  - freeipa.ansible_freeipa.ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/www.example.com
      pac_type:
        - MS-PAC
        - PAD
      auth_ind: otp
      skip_host_check: true
      force: false
      requires_pre_auth: true
      ok_as_delegate: false
      ok_to_auth_as_delegate: false
1
  • Hint
    Tasks should always be named using the name parameter.
  # Ensure service is absent
  - freeipa.ansible_freeipa.ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/www.example.com
      state: absent
1
  • Hint
    Tasks should always be named using the name parameter.
  # Ensure service member certificate is present.
  - freeipa.ansible_freeipa.ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/www.example.com
      certificate:
        - >
          MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAw
          DzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8x
          DTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVG
          FYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEr
          aELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmj
          fMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQI
          Nt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJ
          EkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMB
          AAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV
          0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA
          A4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJP
          rp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfw
          Q5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHo
          VOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+s
          KC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA
          5yqV7MVq
      action: member
      state: present
1
  • Hint
    Tasks should always be named using the name parameter.
  # Ensure principal host/test.example.com present in service.
  - freeipa.ansible_freeipa.ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/www.example.com
      principal:
        - host/test.example.com
      action: member
1
  • Hint
    Tasks should always be named using the name parameter.
  # Ensure host can manage service.
  - freeipa.ansible_freeipa.ipaservice:
      ipaadmin_password: SomeADMINpassword
      name: HTTP/www.example.com
      host:
      - host1.example.com
      - host2.example.com
      action: member
1
  • Hint
    Tasks should always be named using the name parameter.
  # Ensure multiple services are present.
  - freeipa.ansible_freeipa.ipaservice:
      ipaadmin_password: SomeADMINpassword
      services:
      - name: HTTP/www.example.com
        host:
        - host1.example.com
      - name: HTTP/www.service.com

Inputs

    
smb:
    description: Add a SMB service.
    required: false
    type: bool

host:
    aliases:
    - managedby_host
    description: Host that can manage the service.
    elements: str
    required: false
    type: list

name:
    aliases:
    - service
    description: The service to manage
    elements: str
    required: true
    type: list

force:
    description: Force principal name even if host is not in DNS.
    required: false
    type: bool

state:
    choices:
    - present
    - absent
    - disabled
    default: present
    description: State to ensure
    type: str

action:
    choices:
    - member
    - service
    default: service
    description: Work on service or member level
    type: str

auth_ind:
    aliases:
    - krbprincipalauthind
    choices:
    - otp
    - radius
    - pkinit
    - hardened
    - idp
    - ''
    description: Defines an allow list for Authentication Indicators.
    elements: str
    required: false
    type: list

pac_type:
    aliases:
    - pac_type
    - ipakrbauthzdata
    choices:
    - MS-PAC
    - PAD
    - NONE
    - ''
    description: Supported PAC type.
    elements: str
    required: false
    type: list

services:
    description: The list of service dicts.
    elements: dict
    suboptions:
      allow_create_keytab_group:
        aliases:
        - ipaallowedtoperform_write_keys_group
        description: Groups allowed to create a keytab of this host.
        elements: str
        required: false
        type: list
      allow_create_keytab_host:
        aliases:
        - ipaallowedtoperform_write_keys_host
        description: Hosts allowed to create a keytab of this host.
        elements: str
        required: false
        type: list
      allow_create_keytab_hostgroup:
        aliases:
        - ipaallowedtoperform_write_keys_hostgroup
        description: Host group allowed to create a keytab of this host.
        elements: str
        required: false
        type: list
      allow_create_keytab_user:
        aliases:
        - ipaallowedtoperform_write_keys_user
        description: Users allowed to create a keytab of this host.
        elements: str
        required: false
        type: list
      allow_retrieve_keytab_group:
        aliases:
        - ipaallowedtoperform_read_keys_group
        description: Groups allowed to retrieve a keytab of this host.
        elements: str
        required: false
        type: list
      allow_retrieve_keytab_host:
        aliases:
        - ipaallowedtoperform_read_keys_host
        description: Hosts allowed to retrieve a keytab of this host.
        elements: str
        required: false
        type: list
      allow_retrieve_keytab_hostgroup:
        aliases:
        - ipaallowedtoperform_read_keys_hostgroup
        description: Host groups allowed to retrieve a keytab of this host.
        elements: str
        required: false
        type: list
      allow_retrieve_keytab_user:
        aliases:
        - ipaallowedtoperform_read_keys_user
        description: User allowed to retrieve a keytab of this host.
        elements: str
        required: false
        type: list
      auth_ind:
        aliases:
        - krbprincipalauthind
        choices:
        - otp
        - radius
        - pkinit
        - hardened
        - idp
        - ''
        description: Defines an allow list for Authentication Indicators.
        elements: str
        required: false
        type: list
      certificate:
        aliases:
        - usercertificate
        description: Base-64 encoded service certificate.
        elements: str
        required: false
        type: list
      force:
        description: Force principal name even if host is not in DNS.
        required: false
        type: bool
      host:
        aliases:
        - managedby_host
        description: Host that can manage the service.
        elements: str
        required: false
        type: list
      name:
        aliases:
        - service
        description: The service to manage
        required: true
        type: str
      netbiosname:
        description: NETBIOS name for the SMB service.
        required: false
        type: str
      ok_as_delegate:
        aliases:
        - ipakrbokasdelegate
        description: Client credentials may be delegated to the service.
        required: false
        type: bool
      ok_to_auth_as_delegate:
        aliases:
        - ipakrboktoauthasdelegate
        description: Allow service to authenticate on behalf of a client.
        required: false
        type: bool
      pac_type:
        aliases:
        - pac_type
        - ipakrbauthzdata
        choices:
        - MS-PAC
        - PAD
        - NONE
        - ''
        description: Supported PAC type.
        elements: str
        required: false
        type: list
      principal:
        aliases:
        - krbprincipalname
        description: List of principal aliases for the service.
        elements: str
        required: false
        type: list
      requires_pre_auth:
        aliases:
        - ipakrbrequirespreauth
        description: Pre-authentication is required for the service.
        required: false
        type: bool
      skip_host_check:
        description: Skip checking if host object exists.
        required: false
        type: bool
      smb:
        description: Add a SMB service.
        required: false
        type: bool
    type: list

principal:
    aliases:
    - krbprincipalname
    description: List of principal aliases for the service.
    elements: str
    required: false
    type: list

certificate:
    aliases:
    - usercertificate
    description: Base-64 encoded service certificate.
    elements: str
    required: false
    type: list

netbiosname:
    description: NETBIOS name for the SMB service.
    required: false
    type: str

ipaapi_context:
    choices:
    - server
    - client
    description: 'The context in which the module will execute. Executing in a

      server context is preferred. If not provided context will be

      determined by the execution environment.

      '
    required: false
    type: str

ok_as_delegate:
    aliases:
    - ipakrbokasdelegate
    description: Client credentials may be delegated to the service.
    required: false
    type: bool

delete_continue:
    aliases:
    - continue
    description: Continuous mode. Don't stop on errors. Valid only if `state` is `absent`.
    required: false
    type: bool

skip_host_check:
    description: Skip checking if host object exists.
    required: false
    type: bool

ipaadmin_password:
    description: The admin password.
    required: false
    type: str

ipaapi_ldap_cache:
    default: true
    description: Use LDAP cache for IPA connection.
    type: bool

requires_pre_auth:
    aliases:
    - ipakrbrequirespreauth
    description: Pre-authentication is required for the service.
    required: false
    type: bool

ipaadmin_principal:
    default: admin
    description: The admin principal.
    type: str

ok_to_auth_as_delegate:
    aliases:
    - ipakrboktoauthasdelegate
    description: Allow service to authenticate on behalf of a client.
    required: false
    type: bool

allow_create_keytab_host:
    aliases:
    - ipaallowedtoperform_write_keys_host
    description: Hosts allowed to create a keytab of this host.
    elements: str
    required: false
    type: list

allow_create_keytab_user:
    aliases:
    - ipaallowedtoperform_write_keys_user
    description: Users allowed to create a keytab of this host.
    elements: str
    required: false
    type: list

allow_create_keytab_group:
    aliases:
    - ipaallowedtoperform_write_keys_group
    description: Groups allowed to create a keytab of this host.
    elements: str
    required: false
    type: list

allow_retrieve_keytab_host:
    aliases:
    - ipaallowedtoperform_read_keys_host
    description: Hosts allowed to retrieve a keytab of this host.
    elements: str
    required: false
    type: list

allow_retrieve_keytab_user:
    aliases:
    - ipaallowedtoperform_read_keys_user
    description: User allowed to retrieve a keytab of this host.
    elements: str
    required: false
    type: list

allow_retrieve_keytab_group:
    aliases:
    - ipaallowedtoperform_read_keys_group
    description: Groups allowed to retrieve a keytab of this host.
    elements: str
    required: false
    type: list

allow_create_keytab_hostgroup:
    aliases:
    - ipaallowedtoperform_write_keys_hostgroup
    description: Host group allowed to create a keytab of this host.
    elements: str
    required: false
    type: list

allow_retrieve_keytab_hostgroup:
    aliases:
    - ipaallowedtoperform_read_keys_hostgroup
    description: Host groups allowed to retrieve a keytab of this host.
    elements: str
    required: false
    type: list