freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipahost Manage FreeIPA hosts Authors: Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipahost (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Manage FreeIPA hosts
# Ensure host is present - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com description: Example host ip_address: 192.168.0.123 locality: Lab ns_host_location: Lab ns_os_version: CentOS 7 ns_hardware_platform: Lenovo T61 mac_address: - "08:00:27:E3:B1:2D" - "52:54:00:BD:97:1E" state: present
# Ensure host is present without DNS - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host02.example.com description: Example host force: yes
# Initiate generation of a random password for the host - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com description: Example host ip_address: 192.168.0.123 random: yes
# Ensure host is disabled - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com update_dns: yes state: disabled
# Ensure host is absent - freeipa.ansible_freeipa.ipahost: ipaadmin_password: SomeADMINpassword name: host01.example.com state: absent
os: aliases: - ns_os_version description: Host operating system and version (e.g. "Fedora 9") required: false name: aliases: - fqdn description: The full qualified domain name. required: true force: description: Force host name even if not in DNS required: false hosts: description: The list of user host dicts required: false suboptions: allow_create_keytab_group: aliases: - ipaallowedtoperform_write_keys_group description: Groups allowed to create a keytab of this host required: false allow_create_keytab_host: aliases: - ipaallowedtoperform_write_keys_host description: Hosts allowed to create a keytab of this host required: false allow_create_keytab_hostgroup: aliases: - ipaallowedtoperform_write_keys_hostgroup description: Hostgroups allowed to create a keytab of this host required: false allow_create_keytab_user: aliases: - ipaallowedtoperform_write_keys_user description: Users allowed to create a keytab of this host required: false allow_retrieve_keytab_group: aliases: - ipaallowedtoperform_read_keys_group description: Groups allowed to retrieve a keytab of this host required: false allow_retrieve_keytab_host: aliases: - ipaallowedtoperform_read_keys_host description: Hosts allowed to retrieve a keytab of this host required: false allow_retrieve_keytab_hostgroup: aliases: - ipaallowedtoperform_read_keys_hostgroup description: Hostgroups allowed to retrieve a keytab of this host required: false allow_retrieve_keytab_user: aliases: - ipaallowedtoperform_read_keys_user description: Users allowed to retrieve a keytab of this host required: false auth_ind: aliases: - krbprincipalauthind choices: - radius - otp - pkinit - hardened - '' description: Defines a whitelist for Authentication Indicators. Use 'otp' to allow OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA authentications. Other values may be used for custom configurations. Use empty string to reset auth_ind to the initial value. required: false type: list certificate: aliases: - usercertificate description: List of base-64 encoded host certificates required: false type: list description: description: The host description required: false force: description: Force host name even if not in DNS required: false ip_address: aliases: - ipaddress description: The host IP address list (IPv4 and IPv6). No IP address conflict check will be done. required: false locality: description: Host locality (e.g. "Baltimore, MD") required: false location: aliases: - ns_host_location description: Host location (e.g. "Lab 2") required: false mac_address: aliases: - macaddress description: List of hardware MAC addresses. required: false type: list managedby_host: aliases: - principalname - krbprincipalname description: List of hosts that can manage this host required: false type: list name: aliases: - fqdn description: The host (internally uid). required: true ok_as_delegate: aliases: - ipakrbokasdelegate description: Client credentials may be delegated to the service required: false type: bool ok_to_auth_as_delegate: aliases: - ipakrboktoauthasdelegate description: The service is allowed to authenticate on behalf of a client required: false type: bool os: aliases: - ns_os_version description: Host operating system and version (e.g. "Fedora 9") required: false password: aliases: - user_password - userpassword description: Password used in bulk enrollment required: false platform: aliases: - ns_hardware_platform description: Host hardware platform (e.g. "Lenovo T61") required: false principal: aliases: - principalname - krbprincipalname description: List of principal aliases for this host required: false type: list random: aliases: - random_password description: Initiate the generation of a random password to be used in bulk enrollment required: false requires_pre_auth: aliases: - ipakrbrequirespreauth description: Pre-authentication is required for the service required: false type: bool reverse: default: true description: Reverse DNS detection required: false sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys required: false type: list update_dns: description: Controls the update of the DNS SSHFP records for existing hosts and the removal of all DNS entries if a host gets removed with state absent. required: false userclass: aliases: - class description: Host category (semantics placed on this attribute are for local interpretation) required: false state: choices: - present - absent - disabled default: present description: State to ensure action: choices: - member - host default: host description: Work on host or member level random: aliases: - random_password description: Initiate the generation of a random password to be used in bulk enrollment required: false reverse: default: true description: Reverse DNS detection required: false auth_ind: aliases: - krbprincipalauthind choices: - radius - otp - pkinit - hardened - '' description: Defines a whitelist for Authentication Indicators. Use 'otp' to allow OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA authentications. Other values may be used for custom configurations. Use empty string to reset auth_ind to the initial value. required: false type: list locality: description: Host locality (e.g. "Baltimore, MD") required: false location: aliases: - ns_host_location description: Host location (e.g. "Lab 2") required: false password: aliases: - user_password - userpassword description: Password used in bulk enrollment required: false platform: aliases: - ns_hardware_platform description: Host hardware platform (e.g. "Lenovo T61") required: false principal: aliases: - principalname - krbprincipalname description: List of principal aliases for this host required: false type: list sshpubkey: aliases: - ipasshpubkey description: List of SSH public keys required: false type: list userclass: aliases: - class description: Host category (semantics placed on this attribute are for local interpretation) required: false ip_address: aliases: - ipaddress description: The host IP address list (IPv4 and IPv6). No IP address conflict check will be done. required: false update_dns: description: Controls the update of the DNS SSHFP records for existing hosts and the removal of all DNS entries if a host gets removed with state absent. required: false certificate: aliases: - usercertificate description: List of base-64 encoded host certificates required: false type: list description: description: The host description required: false mac_address: aliases: - macaddress description: List of hardware MAC addresses. required: false type: list ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false managedby_host: aliases: - principalname - krbprincipalname description: List of hosts that can manage this host required: false type: list ok_as_delegate: aliases: - ipakrbokasdelegate description: Client credentials may be delegated to the service required: false type: bool update_password: choices: - always - on_create default: always description: Set password for a host in present state only on creation or always ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool requires_pre_auth: aliases: - ipakrbrequirespreauth description: Pre-authentication is required for the service required: false type: bool ipaadmin_principal: default: admin description: The admin principal. ok_to_auth_as_delegate: aliases: - ipakrboktoauthasdelegate description: The service is allowed to authenticate on behalf of a client required: false type: bool allow_create_keytab_host: aliases: - ipaallowedtoperform_write_keys_host description: Hosts allowed to create a keytab of this host required: false allow_create_keytab_user: aliases: - ipaallowedtoperform_write_keys_user description: Users allowed to create a keytab of this host required: false allow_create_keytab_group: aliases: - ipaallowedtoperform_write_keys_group description: Groups allowed to create a keytab of this host required: false allow_retrieve_keytab_host: aliases: - ipaallowedtoperform_read_keys_host description: Hosts allowed to retrieve a keytab of this host required: false allow_retrieve_keytab_user: aliases: - ipaallowedtoperform_read_keys_user description: Users allowed to retrieve a keytab of this host required: false allow_retrieve_keytab_group: aliases: - ipaallowedtoperform_read_keys_group description: Groups allowed to retrieve a keytab of this host required: false allow_create_keytab_hostgroup: aliases: - ipaallowedtoperform_write_keys_hostgroup description: Hostgroups allowed to create a keytab of this host required: false allow_retrieve_keytab_hostgroup: aliases: - ipaallowedtoperform_read_keys_hostgroup description: Hostgroups allowed to retrieve a keytab of this host required: false
host: description: Host dict with random password options: name: description: The user name of the user that got a new random password options: randompassword: description: The generated random password returned: always returned: If several users are handled by the module type: dict randompassword: description: The generated random password returned: If only one user is handled by the module returned: If random is yes and user did not exist or update_password is yes type: dict