freeipa.ansible_freeipa.ipareplica_prepare (1.8.4) — module

Prepare ipa replica installation

Authors: Thomas Woerner

preview | supported by community

Install collection

Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4


Add to requirements.yml

  collections:
    - name: freeipa.ansible_freeipa
      version: 1.8.4

Description

Prepare ipa replica installation: Create IPA configuration file, run install checks again and also update the host name and the hosts file if needed. The tests and also the results from ipareplica_test are needed.

Inputs

    
realm:
    description: Kerberos realm name of the IPA deployment
    required: true

domain:
    description: Primary DNS domain of the IPA deployment
    required: true

keytab:
    description: Path to backed up keytab from previous enrollment
    required: true

no_ntp:
    description: Do not configure ntp
    required: true

no_ssh:
    description: Do not configure OpenSSH client
    required: true

server:
    description: Fully qualified name of IPA server to enroll to
    required: false

no_sshd:
    description: Do not configure OpenSSH server
    required: true

hostname:
    description: Fully qualified name of this host
    required: true

http_pin:
    description: The password to unlock the Apache Server private key
    required: true

password:
    description: Admin user kerberos password
    required: true

rid_base:
    description: Start value for mapping UIDs and GIDs to RIDs
    required: true

setup_ca:
    description: Configure a dogtag CA
    required: true

mkhomedir:
    description: Create home directories for users on their first login
    required: true

principal:
    description: User Principal allowed to promote replicas and join IPA realm
    required: false

setup_dns:
    description: Configure bind with our zone
    required: true

setup_kra:
    description: Configure a dogtag KRA
    required: true

dirsrv_pin:
    description: The password to unlock the Directory Server private key
    required: true

force_join:
    description: Force client enrollment even if already enrolled
    required: true

forwarders:
    description: Add DNS forwarders
    required: true

no_reverse:
    description: Do not create new reverse DNS zone
    required: true

pkinit_pin:
    description: The password to unlock the Kerberos KDC private key
    required: true

dm_password:
    description: Directory Manager password
    required: true

no_host_dns:
    description: Do not use DNS for hostname lookup during installation
    required: true

auto_reverse:
    description: Create necessary reverse zones
    required: true

ip_addresses:
    description: List of Master Server IP Addresses
    required: true

netbios_name:
    description: NetBIOS name of the IPA domain
    required: true

no_dns_sshfp:
    description: Do not automatically create DNS SSHFP records
    required: true

ca_cert_files:
    description: List of files containing CA certificates for the service certificate
      files
    required: true

enable_compat:
    description: Enable support for trusted domains for old clients
    required: true

no_forwarders:
    description: Do not add any DNS forwarders, use root servers instead
    required: true

reverse_zones:
    description: The reverse DNS zones to use
    required: true

setup_adtrust:
    description: Configure AD trust capability
    required: true

ssh_trust_dns:
    description: Configure OpenSSH client to trust DNS SSHFP records
    required: true

forward_policy:
    description: DNS forwarding policy for global forwarders
    required: true

http_cert_name:
    description: Name of the Apache Server SSL certificate to install
    required: true

skip_conncheck:
    description: Skip connection check to remote master
    required: true

auto_forwarders:
    description: Use DNS forwarders configured in /etc/resolv.conf
    required: true

http_cert_files:
    description: File containing the Apache Server SSL certificate and private key
    required: true

dirsrv_cert_name:
    description: Name of the Directory Server SSL certificate to install
    required: true

pkinit_cert_name:
    description: Name of the Kerberos KDC SSL certificate to install
    required: true

dirsrv_cert_files:
    description: Files containing the Directory Server SSL certificate and private key
    required: true

pkinit_cert_files:
    description: File containing the Kerberos KDC SSL certificate and private key
    required: true

allow_zone_overlap:
    description: Create DNS zone even if it already exists
    required: true

secondary_rid_base:
    description: Start value of the secondary range for mapping UIDs and GIDs to RIDs
    required: true

no_dnssec_validation:
    description: Disable DNSSEC validation
    required: true

sid_generation_always:
    description: Enable SID generation always
    required: true