From 7576732525bef86f0517350fc148fc76b1571811 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 20 Mar 2020 13:41:50 +0100
Subject: [PATCH] ipareplica_prepare: Fix module DOCUMENTATION
The documentation contains the pramaters several times. Reducing the list
to one. Also fixed a typo in options key.
---
.../ipareplica/library/ipareplica_prepare.py | 1229 +----------------
1 file changed, 1 insertion(+), 1228 deletions(-)
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 3d9230ba..85bc7ba9 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -38,1234 +38,7 @@ description:
Prepare ipa replica installation: Create IPA configuration file, run install
checks again and also update the host name and the hosts file if needed.
The tests and also the results from ipareplica_test are needed.
-ptions:
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: no
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- external_ca:
- description: External ca setting
- required: yes
- external_cert_files:
- description:
- File containing the IPA CA certificate and the external CA certificate
- chain
- required: yes
- subject_base:
- description:
- The certificate subject base (default O=<realm-name>).
- RDNs are in LDAP order (most specific RDN first).
- required: yes
- ca_subject:
- description: The installer ca_subject setting
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- _hostname_overridden:
- description: The installer _hostname_overridden setting
- required: yes
- dm_password:
- description: Directory Manager password
- required: False
- password:
- description: Admin user kerberos password
- required: False
- ip_addresses:
- description: List of Master Server IP Addresses
- required: False
- domain:
- description: Primary DNS domain of the IPA deployment
- required: False
- realm:
- description: Kerberos realm name of the IPA deployment
- required: False
- hostname:
- description: Fully qualified name of this host
- required: False
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: True
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: False
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: False
- setup_adtrust:
- description: Configure AD trust capability
- required: False
- setup_ca:
- description: Configure a dogtag CA
- required: False
- setup_kra:
- description: Configure a dogtag KRA
- required: False
- setup_dns:
- description: Configure bind with our zone
- required: False
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: False
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: False
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: False
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: False
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: False
- http_pin:
- description: The password to unlock the Apache Server private key
- required: False
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: False
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: False
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: False
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: False
- mkhomedir:
- description: Create home directories for users on their first login
- required: False
- force_join:
- description: Force client enrollment even if already enrolled
- required: False
- no_ntp:
- description: Do not configure ntp
- required: False
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: False
- no_ssh:
- description: Do not configure OpenSSH client
- required: False
- no_sshd:
- description: Do not configure OpenSSH server
- required: False
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: False
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: False
- reverse_zones:
- description: The reverse DNS zones to use
- required: False
- no_reverse:
- description: Do not create new reverse DNS zone
- required: False
- auto_reverse:
- description: Create necessary reverse zones
- required: False
- forwarders:
- description: Add DNS forwarders
- required: False
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: False
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: False
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: False
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: False
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: False
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: False
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: False
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: False
- server:
- description: Fully qualified name of IPA server to enroll to
- required: True
- skip_conncheck:
- description: Skip connection check to remote master
- required: False
- dm_password:
- description: Directory Manager password
- required: True
- password:
- description: Admin user kerberos password
- required: True
- ip_addresses:
- description: List of Master Server IP Addresses
- required: True
- domain:
- description: Primary DNS domain of the IPA deployment
- required: True
- realm:
- description: Kerberos realm name of the IPA deployment
- required: True
- hostname:
- description: Fully qualified name of this host
- required: True
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: False
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: True
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: True
- setup_adtrust:
- description: Configure AD trust capability
- required: True
- setup_ca:
- description: Configure a dogtag CA
- required: True
- setup_kra:
- description: Configure a dogtag KRA
- required: True
- setup_dns:
- description: Configure bind with our zone
- required: True
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: True
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: True
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: True
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: True
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: True
- http_pin:
- description: The password to unlock the Apache Server private key
- required: True
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: True
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: True
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: True
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: True
- mkhomedir:
- description: Create home directories for users on their first login
- required: True
- force_join:
- description: Force client enrollment even if already enrolled
- required: True
- no_ntp:
- description: Do not configure ntp
- required: True
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: True
- no_ssh:
- description: Do not configure OpenSSH client
- required: True
- no_sshd:
- description: Do not configure OpenSSH server
- required: True
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: True
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: True
- reverse_zones:
- description: The reverse DNS zones to use
- required: True
- no_reverse:
- description: Do not create new reverse DNS zone
- required: True
- auto_reverse:
- description: Create necessary reverse zones
- required: True
- forwarders:
- description: Add DNS forwarders
- required: True
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: True
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: True
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: True
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: True
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: True
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: True
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: True
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: True
- server:
- description: Fully qualified name of IPA server to enroll to
- required: False
- skip_conncheck:
- description: Skip connection check to remote master
- required: True
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: yes
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: no
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: yes
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: yes
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: yes
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: yes
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: yes
- http_pin:
- description: The password to unlock the Apache Server private key
- required: yes
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: yes
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: yes
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: yes
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: yes
- mkhomedir:
- description: Create home directories for users on their first login
- required: yes
- force_join:
- description: Force client enrollment even if already enrolled
- required: yes
- no_ntp:
- description: Do not configure ntp
- required: yes
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
- no_ssh:
- description: Do not configure OpenSSH client
- required: yes
- no_sshd:
- description: Do not configure OpenSSH server
- required: yes
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: yes
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- server:
- description: Fully qualified name of IPA server to enroll to
- required: no
- skip_conncheck:
- description: Skip connection check to remote master
- required: yes
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: yes
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: no
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: yes
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: yes
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: yes
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: yes
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: yes
- http_pin:
- description: The password to unlock the Apache Server private key
- required: yes
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: yes
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: yes
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: yes
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: yes
- mkhomedir:
- description: Create home directories for users on their first login
- required: yes
- force_join:
- description: Force client enrollment even if already enrolled
- required: yes
- no_ntp:
- description: Do not configure ntp
- required: yes
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
- no_ssh:
- description: Do not configure OpenSSH client
- required: yes
- no_sshd:
- description: Do not configure OpenSSH server
- required: yes
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: yes
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- server:
- description: Fully qualified name of IPA server to enroll to
- required: no
- skip_conncheck:
- description: Skip connection check to remote master
- required: yes
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: yes
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: no
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: yes
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: yes
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: yes
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: yes
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: yes
- http_pin:
- description: The password to unlock the Apache Server private key
- required: yes
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: yes
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: yes
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: yes
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: yes
- mkhomedir:
- description: Create home directories for users on their first login
- required: yes
- force_join:
- description: Force client enrollment even if already enrolled
- required: yes
- no_ntp:
- description: Do not configure ntp
- required: yes
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
- no_ssh:
- description: Do not configure OpenSSH client
- required: yes
- no_sshd:
- description: Do not configure OpenSSH server
- required: yes
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: yes
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- server:
- description: Fully qualified name of IPA server to enroll to
- required: no
- skip_conncheck:
- description: Skip connection check to remote master
- required: yes
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: yes
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: no
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: yes
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: yes
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: yes
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: yes
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: yes
- http_pin:
- description: The password to unlock the Apache Server private key
- required: yes
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: yes
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: yes
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: yes
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: yes
- mkhomedir:
- description: Create home directories for users on their first login
- required: yes
- force_join:
- description: Force client enrollment even if already enrolled
- required: yes
- no_ntp:
- description: Do not configure ntp
- required: yes
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
- no_ssh:
- description: Do not configure OpenSSH client
- required: yes
- no_sshd:
- description: Do not configure OpenSSH server
- required: yes
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: yes
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- server:
- description: Fully qualified name of IPA server to enroll to
- required: no
- skip_conncheck:
- description: Skip connection check to remote master
- required: yes
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: yes
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: no
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: yes
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: yes
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: yes
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: yes
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: yes
- http_pin:
- description: The password to unlock the Apache Server private key
- required: yes
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: yes
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: yes
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: yes
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: yes
- mkhomedir:
- description: Create home directories for users on their first login
- required: yes
- force_join:
- description: Force client enrollment even if already enrolled
- required: yes
- no_ntp:
- description: Do not configure ntp
- required: yes
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
- no_ssh:
- description: Do not configure OpenSSH client
- required: yes
- no_sshd:
- description: Do not configure OpenSSH server
- required: yes
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: yes
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- server:
- description: Fully qualified name of IPA server to enroll to
- required: no
- skip_conncheck:
- description: Skip connection check to remote master
- required: yes
- dm_password:
- description: Directory Manager password
- required: yes
- password:
- description: Admin user kerberos password
- required: yes
- ip_addresses:
- description: List of Master Server IP Addresses
- required: yes
- domain:
- description: Primary DNS domain of the IPA deployment
- required: yes
- realm:
- description: Kerberos realm name of the IPA deployment
- required: yes
- hostname:
- description: Fully qualified name of this host
- required: yes
- principal:
- description:
- User Principal allowed to promote replicas and join IPA realm
- required: no
- ca_cert_files:
- description:
- List of files containing CA certificates for the service certificate
- files
- required: yes
- no_host_dns:
- description: Do not use DNS for hostname lookup during installation
- required: yes
- setup_adtrust:
- description: Configure AD trust capability
- required: yes
- setup_ca:
- description: Configure a dogtag CA
- required: yes
- setup_kra:
- description: Configure a dogtag KRA
- required: yes
- setup_dns:
- description: Configure bind with our zone
- required: yes
- dirsrv_cert_files:
- description:
- Files containing the Directory Server SSL certificate and private key
- required: yes
- dirsrv_cert_name:
- description: Name of the Directory Server SSL certificate to install
- required: yes
- dirsrv_pin:
- description: The password to unlock the Directory Server private key
- required: yes
- http_cert_files:
- description:
- File containing the Apache Server SSL certificate and private key
- required: yes
- http_cert_name:
- description: Name of the Apache Server SSL certificate to install
- required: yes
- http_pin:
- description: The password to unlock the Apache Server private key
- required: yes
- pkinit_cert_files:
- description:
- File containing the Kerberos KDC SSL certificate and private key
- required: yes
- pkinit_cert_name:
- description: Name of the Kerberos KDC SSL certificate to install
- required: yes
- pkinit_pin:
- description: The password to unlock the Kerberos KDC private key
- required: yes
- keytab:
- description: Path to backed up keytab from previous enrollment
- required: yes
- mkhomedir:
- description: Create home directories for users on their first login
- required: yes
- force_join:
- description: Force client enrollment even if already enrolled
- required: yes
- no_ntp:
- description: Do not configure ntp
- required: yes
- ssh_trust_dns:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
- no_ssh:
- description: Do not configure OpenSSH client
- required: yes
- no_sshd:
- description: Do not configure OpenSSH server
- required: yes
- no_dns_sshfp:
- description: Do not automatically create DNS SSHFP records
- required: yes
- allow_zone_overlap:
- description: Create DNS zone even if it already exists
- required: yes
- reverse_zones:
- description: The reverse DNS zones to use
- required: yes
- no_reverse:
- description: Do not create new reverse DNS zone
- required: yes
- auto_reverse:
- description: Create necessary reverse zones
- required: yes
- forwarders:
- description: Add DNS forwarders
- required: yes
- no_forwarders:
- description: Do not add any DNS forwarders, use root servers instead
- required: yes
- auto_forwarders:
- description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
- forward_policy:
- description: DNS forwarding policy for global forwarders
- required: yes
- no_dnssec_validation:
- description: Disable DNSSEC validation
- required: yes
- enable_compat:
- description: Enable support for trusted domains for old clients
- required: yes
- netbios_name:
- description: NetBIOS name of the IPA domain
- required: yes
- rid_base:
- description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
- secondary_rid_base:
- description:
- Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
- server:
- description: Fully qualified name of IPA server to enroll to
- required: no
- skip_conncheck:
- description: Skip connection check to remote master
- required: yes
+options:
dm_password:
description: Directory Manager password
required: yes
--
GitLab