freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipaautomember Add and delete FreeIPA Auto Membership Rules. Authors: Mark Hahl, Jake Reynolds, Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipaautomember (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Add, modify and delete an IPA Auto Membership Rules.
# Ensure an automember rule exists - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword name: admins description: "example description" automember_type: group state: present inclusive: - key: "mail" expression: "example.com"
# Delete an automember rule - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword name: admins description: "my automember rule" automember_type: group state: absent
# Add an inclusive condition to an existing rule - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword name: "My domain hosts" automember_type: hostgroup action: member inclusive: - key: fqdn expression: ".*.mydomain.com"
# Ensure group membership for all users has been rebuilt - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: group state: rebuilt
# Ensure group membership for given users has been rebuilt - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword users: - user1 - user2 state: rebuilt
# Ensure hostgroup membership for all hosts has been rebuilt - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: hostgroup state: rebuilt
# Ensure hostgroup membership for given hosts has been rebuilt - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword hosts: - host1.mydomain.com - host2.mydomain.com state: rebuilt
# Ensure default group fallback_group for all unmatched group entries is set - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: group default_group: fallback_group
# Ensure default group for all unmatched group entries is not set - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword default_group: "" automember_type: group state: absent
# Ensure default hostgroup fallback_hostgroup for all unmatched group entries # is set - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: hostgroup default_group: fallback_hostgroup
# Ensure default hostgroup for all unmatched group entries is not set - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: hostgroup default_group: "" state: absent
# Example playbook to ensure all orphan automember group rules are removed: - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: group state: orphans_removed
# Example playbook to ensure all orphan automember hostgroup rules are removed: - freeipa.ansible_freeipa.ipaautomember: ipaadmin_password: SomeADMINpassword automember_type: hostgroup state: orphans_removed
name: aliases: - cn description: The automember rule required: true hosts: description: Hosts to rebuild membership for. required: false type: list state: choices: - present - absent - rebuilt - orphans_removed default: present description: State to ensure users: description: Users to rebuild membership for. required: false type: list action: choices: - member - automember default: automember description: Work on automember or member level no_wait: description: Don't wait for rebuilding membership. type: bool exclusive: aliases: - automemberexclusiveregex description: List of dictionaries containing the attribute and expression. elements: dict suboptions: expression: description: The expression of the regex required: true type: str key: description: The attribute of the regex required: true type: str type: list inclusive: aliases: - automemberinclusiveregex description: List of dictionaries containing the attribute and expression. elements: dict suboptions: expression: description: The expression of the regex required: true type: str key: description: The attribute of the regex required: true type: str type: list description: description: A description of this auto member rule required: false default_group: description: Default (fallback) group for all unmatched entries. type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false automember_type: choices: - group - hostgroup description: Grouping to which the rule applies required: true type: str ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool ipaadmin_principal: default: admin description: The admin principal.