freeipa / freeipa.ansible_freeipa / 1.8.4 / module / ipaservice Manage FreeIPA service Authors: Rafael Jeffman preview | supported by communityfreeipa.ansible_freeipa.ipaservice (1.8.4) — module
Install with ansible-galaxy collection install freeipa.ansible_freeipa:==1.8.4
collections: - name: freeipa.ansible_freeipa version: 1.8.4
Manage FreeIPA service
# Ensure service is present - freeipa.ansible_freeipa.ipaservice: ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com pac_type: - MS-PAC - PAD auth_ind: otp skip_host_check: true force: false requires_pre_auth: true ok_as_delegate: false ok_to_auth_as_delegate: false
# Ensure service is absent - freeipa.ansible_freeipa.ipaservice: ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com state: absent
# Ensure service member certificate is present. - freeipa.ansible_freeipa.ipaservice: ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com certificate: - > MIIC/zCCAeegAwIBAgIUMNHIbn+hhrOVew/2WbkteisV29QwDQYJKoZIhvcNAQELBQAw DzENMAsGA1UEAwwEdGVzdDAeFw0yMDAyMDQxNDQxMDhaFw0zMDAyMDExNDQxMDhaMA8x DTALBgNVBAMMBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+XVVG FYpHVkcDfVnNInE1Y/pFciegdzqTjMwUWlRL4Zt3u96GhaMLRbtk+OfEkzLUAhWBOwEr aELJzMLJOMvjYF3C+TiGO7dStFLikZmccuSsSIXjnzIPwBXa8KvgRVRyGLoVvGbLJvmj fMXp0nIToTx/i74KF9S++WEes9H5ErJ99CDhLKFgq0amnvsgparYXhypHaRLnikn0vQI Nt55YoEd1s4KrvEcD2VdZkIMPbLRu2zFvMprF3cjQQG4LT9ggfEXNIPZ1nQWAnAsu7OJ EkNF+E4Mkmpcxj9aGUVt5bsq1D+Tzj3GsidSX0nSNcZ2JltXRnL/5v63g5cZyE+nAgMB AAGjUzBRMB0GA1UdDgQWBBRV0j7JYukuH/r/t9+QeNlRLXDlEDAfBgNVHSMEGDAWgBRV 0j7JYukuH/r/t9+QeNlRLXDlEDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUA A4IBAQCgVy1+1kNwHs5y1Zp0WjMWGCJC6/zw7FDG4OW5r2GJiCXZYdJ0UonY9ZtoVLJP rp2/DAv1m5DtnDhBYqicuPgLzEkOS1KdTi20Otm/J4yxLLrZC5W4x0XOeSVPXOJuQWfw Q5pPvKkn6WxYUYkGwIt1OH2nSMngkbami3CbSmKZOCpgQIiSlQeDJ8oGjWFMLDymYSHo VOIXHwNoooyEiaio3693l6noobyGv49zyCVLVR1DC7i6RJ186ql0av+D4vPoiF5mX7+s KC2E8xEj9uKQ5GTWRh59VnRBVC/SiMJ/H78tJnBAvoBwXxSEvj8Z3Kjm/BQqZfv4IBsA 5yqV7MVq action: member state: present
# Ensure principal host/test.example.com present in service. - freeipa.ansible_freeipa.ipaservice: ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com principal: - host/test.example.com action: member
# Ensure host can manage service. - freeipa.ansible_freeipa.ipaservice: ipaadmin_password: SomeADMINpassword name: HTTP/www.example.com host: - host1.example.com - host2.example.com action: member
smb: description: Add a SMB service. required: false type: bool host: aliases: - managedby_host description: Host that can manage the service. required: false type: list name: aliases: - service description: The service to manage required: true force: description: Force principal name even if host is not in DNS. required: false type: bool state: choices: - present - absent - disabled default: present description: State to ensure action: choices: - member - service default: service description: Work on service or member level auth_ind: aliases: - krbprincipalauthind choices: - otp - radius - pkinit - hardened - '' description: Defines a whitelist for Authentication Indicators. required: false continue: default: true description: Continuous mode. Don't stop on errors. Valid only if `state` is `absent`. required: false type: bool pac_type: aliases: - pac_type - ipakrbauthzdata choices: - MS-PAC - PAD - NONE - '' description: Supported PAC type. required: false type: list principal: aliases: - krbprincipalname description: List of principal aliases for the service. required: false type: list certificate: aliases: - usercertificate description: Base-64 encoded service certificate. required: false type: list netbiosname: description: NETBIOS name for the SMB service. required: false type: str ipaapi_context: choices: - server - client description: 'The context in which the module will execute. Executing in a server context is preferred. If not provided context will be determined by the execution environment. ' required: false ok_as_delegate: aliases: - ipakrbokasdelegate default: false description: Client credentials may be delegated to the service. required: false type: bool skip_host_check: description: Skip checking if host object exists. required: false type: bool ipaadmin_password: description: The admin password. required: false ipaapi_ldap_cache: default: true description: Use LDAP cache for IPA connection. type: bool requires_pre_auth: aliases: - ipakrbrequirespreauth default: false description: Pre-authentication is required for the service. required: false type: bool ipaadmin_principal: default: admin description: The admin principal. ok_to_auth_as_delegate: aliases: - ipakrboktoauthasdelegate default: false description: Allow service to authenticate on behalf of a client. required: false type: bool allow_create_keytab_host: aliases: - ipaallowedtoperform_write_keys_host description: Hosts allowed to create a keytab of this host. required: false type: list allow_create_keytab_user: aliases: - ipaallowedtoperform_write_keys_user description: Users allowed to create a keytab of this host. required: false type: list allow_create_keytab_group: aliases: - ipaallowedtoperform_write_keys_group description: Groups allowed to create a keytab of this host. required: false type: list allow_retrieve_keytab_host: aliases: - ipaallowedtoperform_read_keys_host description: Hosts allowed to retrieve a keytab of this host. required: false type: list allow_retrieve_keytab_user: aliases: - ipaallowedtoperform_read_keys_user description: User allowed to retrieve a keytab of this host. required: false type: list allow_retrieve_keytab_group: aliases: - ipaallowedtoperform_read_keys_group description: Groups allowed to retrieve a keytab of this host. required: false type: list allow_create_keytab_hostgroup: aliases: - ipaallowedtoperform_write_keys_hostgroup description: Host group allowed to create a keytab of this host. required: false type: list allow_retrieve_keytab_hostgroup: aliases: - ipaallowedtoperform_read_keys_hostgroup description: Host groups allowed to retrieve a keytab of this host. required: false type: list