freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipaclient_test_keytab Test if the krb5.keytab on the machine is valid and can be used. Authors: Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipaclient_test_keytab (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Test if the krb5.keytab on the machine is valid and can be used. A temporary krb5.conf file will be generated to not fail on an invalid one.
# Test IPA with local keytab - name: Test IPA in force mode with maximum 5 kinit attempts freeipa.ansible_freeipa.ipaclient_test_keytab: servers: ["server1.example.com","server2.example.com"] domain: example.com realm: EXAMPLE.COM kdc: server1.example.com hostname: client1.example.com kinit_attempts: 5
# Test IPA with ipadiscovery return values - name: Join IPA freeipa.ansible_freeipa.ipaclient_test_keytab: servers: "{{ ipadiscovery.servers }}" domain: "{{ ipadiscovery.domain }}" realm: "{{ ipadiscovery.realm }}" kdc: "{{ ipadiscovery.kdc }}" hostname: "{{ ipadiscovery.hostname }}"
kdc: description: The name or address of the host running the KDC required: false realm: description: Kerberos realm name of the IPA deployment required: false domain: description: Primary DNS domain of the IPA deployment required: false servers: description: Fully qualified name of IPA servers to enroll to required: false hostname: description: Fully qualified name of this host required: false kinit_attempts: description: Repeat the request for host Kerberos ticket X times required: true
ca_crt_exists: description: The flag describes if ca.crt exists. returned: always krb5_conf_ok: description: The flag describes if krb5.conf on the host is usable. returned: always type: bool krb5_keytab_ok: description: The flag describes if krb5.keytab on the host is usable. returned: always type: bool ping_test_ok: description: The flag describes if ipa ping test succeded. returned: always type: bool