Try SpotterCreate IPA client NSS database
Authors: Thomas Woerner
preview | supported by community
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections:
- name: freeipa.ansible_freeipa
version: 1.8.4Create IPA NSS database
- name: Create IPA client NSS database
freeipa.ansible_freeipa.ipaclient_setup_nss:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
basedn: dc=example,dc=com
hostname: client1.example.com
subject_base: O=EXAMPLE.COM
principal: admin
ca_enabled: yes
dnsok:
description: The installer dnsok setting
required: true
realm:
description: Kerberos realm name of the IPA deployment
required: false
basedn:
description: The basedn of the IPA server (of the form dc=example,dc=com)
required: false
domain:
description: Primary DNS domain of the IPA deployment
required: false
no_ssh:
description: Do not configure OpenSSH client
required: true
permit:
description: Disable access rules by default, permit all access
required: true
no_sshd:
description: Do not configure OpenSSH server
required: true
no_sudo:
description: Do not configure SSSD as data source for sudo
required: true
servers:
description: Fully qualified name of IPA servers to enroll to
required: false
hostname:
description: Fully qualified name of this host
required: false
mkhomedir:
description: Create home directories for users on their first login
required: true
on_master:
description: Whether the configuration is done on the master or not
required: true
principal:
description: User Principal allowed to promote replicas and join IPA realm
required: true
ca_enabled:
description: Whether the Certificate Authority is enabled or not
required: false
ip_addresses:
description: List of Master Server IP Addresses
required: true
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: true
nosssd_files:
description: 'The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
'
required: true
type: dict
request_cert:
description: Request certificate for the machine
required: true
subject_base:
description: 'The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
'
required: false
fixed_primary:
description: Configure sssd to use fixed server as primary IPA server
required: true
preserve_sssd:
description: Preserve old SSSD configuration if possible
required: true
all_ip_addresses:
description: 'All routable IP addresses configured on any interface will be added
to DNS
'
required: true
enable_dns_updates:
description: 'Configures the machine to attempt dns updates when the ip address
changes
'
required: true
no_krb5_offline_passwords:
description: Configure SSSD not to store user password when the server is offline
required: true