freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipaclient_join Join a machine to an IPA realm and get a keytab for the host service principal Authors: Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipaclient_join (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Join a machine to an IPA realm and get a keytab for the host service principal
# Join IPA to get the keytab - name: Join IPA in force mode with maximum 5 kinit attempts freeipa.ansible_freeipa.ipaclient_join: servers: ["server1.example.com","server2.example.com"] domain: example.com realm: EXAMPLE.COM kdc: server1.example.com basedn: dc=example,dc=com hostname: client1.example.com principal: admin password: MySecretPassword force_join: yes kinit_attempts: 5
# Join IPA to get the keytab using ipadiscovery return values - name: Join IPA freeipa.ansible_freeipa.ipaclient_join: servers: "{{ ipadiscovery.servers }}" domain: "{{ ipadiscovery.domain }}" realm: "{{ ipadiscovery.realm }}" kdc: "{{ ipadiscovery.kdc }}" basedn: "{{ ipadiscovery.basedn }}" hostname: "{{ ipadiscovery.hostname }}" principal: admin password: MySecretPassword
kdc: description: The name or address of the host running the KDC required: false debug: description: Turn on extra debugging required: true realm: description: Kerberos realm name of the IPA deployment required: false basedn: description: The basedn of the IPA server (of the form dc=example,dc=com) required: false domain: description: Primary DNS domain of the IPA deployment required: false keytab: description: Path to backed up keytab from previous enrollment required: true servers: description: Fully qualified name of IPA servers to enroll to required: false hostname: description: Fully qualified name of this host required: false password: description: Admin user kerberos password required: true principal: description: User Principal allowed to promote replicas and join IPA realm required: true force_join: description: Force client enrollment even if already enrolled required: true admin_keytab: description: The path to a local admin keytab required: true ca_cert_file: description: A CA certificate to use. Do not acquire the IPA CA certificate via automated means required: true kinit_attempts: description: Repeat the request for host Kerberos ticket X times required: true
already_joined: description: The flag describes if the host is arelady joined. returned: always type: bool