freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipareplica_prepare Prepare ipa replica installation Authors: Thomas Woerner preview | supported by communityfreeipa.ansible_freeipa.ipareplica_prepare (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Prepare ipa replica installation: Create IPA configuration file, run install checks again and also update the host name and the hosts file if needed. The tests and also the results from ipareplica_test are needed.
realm: description: Kerberos realm name of the IPA deployment required: true domain: description: Primary DNS domain of the IPA deployment required: true keytab: description: Path to backed up keytab from previous enrollment required: true no_ntp: description: Do not configure ntp required: true no_ssh: description: Do not configure OpenSSH client required: true server: description: Fully qualified name of IPA server to enroll to required: false no_sshd: description: Do not configure OpenSSH server required: true hostname: description: Fully qualified name of this host required: true http_pin: description: The password to unlock the Apache Server private key required: true password: description: Admin user kerberos password required: true rid_base: description: Start value for mapping UIDs and GIDs to RIDs required: true setup_ca: description: Configure a dogtag CA required: true mkhomedir: description: Create home directories for users on their first login required: true principal: description: User Principal allowed to promote replicas and join IPA realm required: false setup_dns: description: Configure bind with our zone required: true setup_kra: description: Configure a dogtag KRA required: true dirsrv_pin: description: The password to unlock the Directory Server private key required: true force_join: description: Force client enrollment even if already enrolled required: true forwarders: description: Add DNS forwarders required: true no_reverse: description: Do not create new reverse DNS zone required: true pkinit_pin: description: The password to unlock the Kerberos KDC private key required: true dm_password: description: Directory Manager password required: true no_host_dns: description: Do not use DNS for hostname lookup during installation required: true auto_reverse: description: Create necessary reverse zones required: true ip_addresses: description: List of Master Server IP Addresses required: true netbios_name: description: NetBIOS name of the IPA domain required: true no_dns_sshfp: description: Do not automatically create DNS SSHFP records required: true ca_cert_files: description: List of files containing CA certificates for the service certificate files required: true enable_compat: description: Enable support for trusted domains for old clients required: true no_forwarders: description: Do not add any DNS forwarders, use root servers instead required: true reverse_zones: description: The reverse DNS zones to use required: true setup_adtrust: description: Configure AD trust capability required: true ssh_trust_dns: description: Configure OpenSSH client to trust DNS SSHFP records required: true forward_policy: description: DNS forwarding policy for global forwarders required: true http_cert_name: description: Name of the Apache Server SSL certificate to install required: true skip_conncheck: description: Skip connection check to remote master required: true auto_forwarders: description: Use DNS forwarders configured in /etc/resolv.conf required: true http_cert_files: description: File containing the Apache Server SSL certificate and private key required: true dirsrv_cert_name: description: Name of the Directory Server SSL certificate to install required: true pkinit_cert_name: description: Name of the Kerberos KDC SSL certificate to install required: true dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key required: true pkinit_cert_files: description: File containing the Kerberos KDC SSL certificate and private key required: true allow_zone_overlap: description: Create DNS zone even if it already exists required: true secondary_rid_base: description: Start value of the secondary range for mapping UIDs and GIDs to RIDs required: true no_dnssec_validation: description: Disable DNSSEC validation required: true sid_generation_always: description: Enable SID generation always required: true