Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • v1.14.7
  • v1.14.6
  • v1.14.5
  • v1.14.4
  • v1.14.3
  • v1.14.2
  • v1.14.1
  • v1.14.0
  • v1.13.2
  • v1.13.1
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.1
  • v1.11.0
  • v1.10.0
  • v1.9.2
  • v1.9.1
  • v1.9.0
  • v1.8.4
21 results

README-config.md

Blame
  • Config module

    Description

    The config module allows the setting of global config parameters within IPA. If no parameters are specified it returns the list of all current parameters.

    The config module is as compatible as possible to the Ansible upstream ipa_config module, but adds many additional parameters

    Features

    • IPA server configuration management

    Supported FreeIPA Versions

    FreeIPA versions 4.4.0 and up are supported by the ipaconfig module.

    Some variables are only supported on newer versions of FreeIPA. Check Variables section for details.

    Requirements

    Controller

    • Ansible version: 2.8+

    Node

    • Supported FreeIPA version (see above)

    Usage

    Example inventory file

    [ipaserver]
    ipaserver.test.local

    Example playbook to read config options:

    ---
    - name: Playbook to handle global config options
      hosts: ipaserver
      become: true
      tasks:
        - name: return current values of the global configuration options
          ipaconfig:
            ipaadmin_password: password
          register: result
        - name: display default login shell
          debug:
            msg: '{{result.config.defaultlogin }}'
    
        - name: ensure defaultloginshell and maxusernamelength are set as required
          ipaconfig:
            ipaadmin_password: password
            defaultlogin: /bin/bash
            maxusername: 64
    ---
    - name: Playbook to ensure some config options are set
      hosts: ipaserver
      become: true
      tasks:
        - name: set defaultlogin and maxusername
          ipaconfig:
            ipaadmin_password: password
            defaultlogin: /bin/bash
            maxusername: 64

    Variables

    ipauser

    General Variables:

    Variable Description Required
    ipaadmin_principal The admin principal is a string and defaults to admin no
    ipaadmin_password The admin password is a string and is required if there is no admin ticket available on the node no
    maxusername | ipamaxusernamelength Set the maximum username length (1 to 255) no
    maxhostname | ipamaxhostnamelength Set the maximum hostname length between 64-255. Only usable with IPA versions 4.8.0 and up. no
    homedirectory | ipahomesrootdir Set the default location of home directories no
    defaultshell | ipadefaultloginshell Set the default shell for new users no
    defaultgroup | ipadefaultprimarygroup Set the default group for new users no
    emaildomain| ipadefaultemaildomain Set the default e-mail domain false
    searchtimelimit | ipasearchtimelimit Set maximum amount of time (seconds) for a search -1 to 2147483647 (-1 or 0 is unlimited) no
    searchrecordslimit | ipasearchrecordslimit Set maximum number of records to search -1 to 2147483647 (-1 or 0 is unlimited) no
    usersearch | ipausersearchfields Set list of fields to search when searching for users no
    groupsearch | ipagroupsearchfields Set list of fields to search in when searching for groups no
    enable_migration | ipamigrationenabled Enable migration mode (choices: True, False ) no
    groupobjectclasses | ipagroupobjectclasses Set default group objectclasses (list) no
    userobjectclasses | ipauserobjectclasses Set default user objectclasses (list) no
    pwdexpnotify | ipapwdexpadvnotify Set number of days's notice of impending password expiration (0 to 2147483647) no
    configstring | ipaconfigstring Set extra hashes to generate in password plug-in (choices:AllowNThash, KDC:Disable Last Success, KDC:Disable Lockout, KDC:Disable Default Preauth for SPNs). Use "" to clear this variable. no
    selinuxusermaporder | ipaselinuxusermaporder Set ordered list in increasing priority of SELinux users no
    selinuxusermapdefault| ipaselinuxusermapdefault Set default SELinux user when no match is found in SELinux map rule no
    pac_type | ipakrbauthzdata set default types of PAC supported for services (choices: MS-PAC, PAD, nfs:NONE). Use "" to clear this variable. no
    user_auth_type | ipauserauthtype set default types of supported user authentication (choices: password, radius, otp, disabled). Use "" to clear this variable. no
    domain_resolution_order | ipadomainresolutionorder Set list of domains used for short name qualification no
    ca_renewal_master_server | ipacarenewalmasterserver Renewal master for IPA certificate authority. no

    Return Values

    Variable Description Returned When
    config config dict
    Fields:
    No values to configure are specified
      maxusername  
      maxhostname  
      homedirectory  
      defaultshell  
      defaultgroup  
      emaildomain  
      searchtimelimit  
      searchrecordslimit  
      usersearch  
      groupsearch  
      enable_migration  
      groupobjectclasses  
      userobjectclasses  
      pwdexpnotify  
      configstring  
      selinuxusermapdefault  
      selinuxusermaporder  
      pac_type  
      user_auth_type  
      domain_resolution_order  
      ca_renewal_master_server  

    All returned fields take the same form as their namesake input parameters

    Authors

    Chris Procter