freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipaclient_setup_nss Create IPA client NSS database Authors: Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipaclient_setup_nss (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Create IPA NSS database
- name: Create IPA client NSS database freeipa.ansible_freeipa.ipaclient_setup_nss: servers: ["server1.example.com","server2.example.com"] domain: example.com realm: EXAMPLE.COM basedn: dc=example,dc=com hostname: client1.example.com subject_base: O=EXAMPLE.COM principal: admin ca_enabled: yes
dnsok: description: The installer dnsok setting required: true realm: description: Kerberos realm name of the IPA deployment required: false basedn: description: The basedn of the IPA server (of the form dc=example,dc=com) required: false domain: description: Primary DNS domain of the IPA deployment required: false no_ssh: description: Do not configure OpenSSH client required: true permit: description: Disable access rules by default, permit all access required: true no_sshd: description: Do not configure OpenSSH server required: true no_sudo: description: Do not configure SSSD as data source for sudo required: true servers: description: Fully qualified name of IPA servers to enroll to required: false hostname: description: Fully qualified name of this host required: false mkhomedir: description: Create home directories for users on their first login required: true on_master: description: Whether the configuration is done on the master or not required: true principal: description: User Principal allowed to promote replicas and join IPA realm required: true ca_enabled: description: Whether the Certificate Authority is enabled or not required: false ip_addresses: description: List of Master Server IP Addresses required: true no_dns_sshfp: description: Do not automatically create DNS SSHFP records required: true nosssd_files: description: 'The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled ' required: true type: dict request_cert: description: Request certificate for the machine required: true subject_base: description: 'The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (most specific RDN first). ' required: false fixed_primary: description: Configure sssd to use fixed server as primary IPA server required: true preserve_sssd: description: Preserve old SSSD configuration if possible required: true all_ip_addresses: description: 'All routable IP addresses configured on any interface will be added to DNS ' required: true enable_dns_updates: description: 'Configures the machine to attempt dns updates when the ip address changes ' required: true no_krb5_offline_passwords: description: Configure SSSD not to store user password when the server is offline required: true