ipareplica_prepare: Fix module DOCUMENTATION

The documentation contains the pramaters several times. Reducing the list to one. Also fixed a typo in options key.

ipareplica_prepare: Fix module DOCUMENTATION
75767325 · Thomas Woerner · e70944c3 · 75767325
Commit 75767325 authored 5 years ago by Thomas Woerner
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -38,1234 +38,7 @@ description:
  Prepare ipa replica installation: Create IPA configuration file, run install
  checks again and also update the host name and the hosts file if needed.
  The tests and also the results from ipareplica_test are needed.
-ptions:
+options:
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: no
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  external_ca:
-    description: External ca setting
-    required: yes
-  external_cert_files:
-    description:
-      File containing the IPA CA certificate and the external CA certificate
-      chain
-    required: yes
-  subject_base:
-    description:
-      The certificate subject base (default O=<realm-name>).
-      RDNs are in LDAP order (most specific RDN first).
-    required: yes
-  ca_subject:
-    description: The installer ca_subject setting
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  _hostname_overridden:
-    description: The installer _hostname_overridden setting
-    required: yes
-  dm_password:
-    description: Directory Manager password
-    required: False
-  password:
-    description: Admin user kerberos password
-    required: False
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: False
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: False
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: False
-  hostname:
-    description: Fully qualified name of this host
-    required: False
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: True
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: False
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: False
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: False
-  setup_ca:
-    description: Configure a dogtag CA
-    required: False
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: False
-  setup_dns:
-    description: Configure bind with our zone
-    required: False
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: False
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: False
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: False
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: False
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: False
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: False
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: False
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: False
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: False
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: False
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: False
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: False
-  no_ntp:
-    description: Do not configure ntp
-    required: False
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: False
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: False
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: False
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: False
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: False
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: False
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: False
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: False
-  forwarders:
-    description: Add DNS forwarders
-    required: False
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: False
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: False
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: False
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: False
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: False
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: False
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: False
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: False
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: True
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: False
-  dm_password:
-    description: Directory Manager password
-    required: True
-  password:
-    description: Admin user kerberos password
-    required: True
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: True
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: True
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: True
-  hostname:
-    description: Fully qualified name of this host
-    required: True
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: False
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: True
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: True
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: True
-  setup_ca:
-    description: Configure a dogtag CA
-    required: True
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: True
-  setup_dns:
-    description: Configure bind with our zone
-    required: True
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: True
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: True
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: True
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: True
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: True
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: True
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: True
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: True
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: True
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: True
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: True
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: True
-  no_ntp:
-    description: Do not configure ntp
-    required: True
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: True
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: True
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: True
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: True
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: True
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: True
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: True
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: True
-  forwarders:
-    description: Add DNS forwarders
-    required: True
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: True
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: True
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: True
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: True
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: True
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: True
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: True
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: True
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: False
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: True
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: yes
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: no
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: yes
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: yes
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: yes
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: yes
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: yes
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: yes
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: yes
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: yes
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: yes
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: yes
-  no_ntp:
-    description: Do not configure ntp
-    required: yes
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: yes
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: yes
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: yes
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: no
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: yes
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: yes
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: no
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: yes
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: yes
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: yes
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: yes
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: yes
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: yes
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: yes
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: yes
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: yes
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: yes
-  no_ntp:
-    description: Do not configure ntp
-    required: yes
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: yes
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: yes
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: yes
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: no
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: yes
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: yes
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: no
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: yes
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: yes
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: yes
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: yes
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: yes
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: yes
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: yes
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: yes
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: yes
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: yes
-  no_ntp:
-    description: Do not configure ntp
-    required: yes
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: yes
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: yes
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: yes
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: no
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: yes
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: yes
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: no
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: yes
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: yes
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: yes
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: yes
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: yes
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: yes
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: yes
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: yes
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: yes
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: yes
-  no_ntp:
-    description: Do not configure ntp
-    required: yes
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: yes
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: yes
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: yes
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: no
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: yes
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: yes
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: no
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: yes
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: yes
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: yes
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: yes
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: yes
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: yes
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: yes
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: yes
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: yes
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: yes
-  no_ntp:
-    description: Do not configure ntp
-    required: yes
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: yes
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: yes
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: yes
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: no
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: yes
-  dm_password:
-    description: Directory Manager password
-    required: yes
-  password:
-    description: Admin user kerberos password
-    required: yes
-  ip_addresses:
-    description: List of Master Server IP Addresses
-    required: yes
-  domain:
-    description: Primary DNS domain of the IPA deployment
-    required: yes
-  realm:
-    description: Kerberos realm name of the IPA deployment
-    required: yes
-  hostname:
-    description: Fully qualified name of this host
-    required: yes
-  principal:
-    description:
-      User Principal allowed to promote replicas and join IPA realm
-    required: no
-  ca_cert_files:
-    description:
-      List of files containing CA certificates for the service certificate
-      files
-    required: yes
-  no_host_dns:
-    description: Do not use DNS for hostname lookup during installation
-    required: yes
-  setup_adtrust:
-    description: Configure AD trust capability
-    required: yes
-  setup_ca:
-    description: Configure a dogtag CA
-    required: yes
-  setup_kra:
-    description: Configure a dogtag KRA
-    required: yes
-  setup_dns:
-    description: Configure bind with our zone
-    required: yes
-  dirsrv_cert_files:
-    description:
-      Files containing the Directory Server SSL certificate and private key
-    required: yes
-  dirsrv_cert_name:
-    description: Name of the Directory Server SSL certificate to install
-    required: yes
-  dirsrv_pin:
-    description: The password to unlock the Directory Server private key
-    required: yes
-  http_cert_files:
-    description:
-      File containing the Apache Server SSL certificate and private key
-    required: yes
-  http_cert_name:
-    description: Name of the Apache Server SSL certificate to install
-    required: yes
-  http_pin:
-    description: The password to unlock the Apache Server private key
-    required: yes
-  pkinit_cert_files:
-    description:
-      File containing the Kerberos KDC SSL certificate and private key
-    required: yes
-  pkinit_cert_name:
-    description: Name of the Kerberos KDC SSL certificate to install
-    required: yes
-  pkinit_pin:
-    description: The password to unlock the Kerberos KDC private key
-    required: yes
-  keytab:
-    description: Path to backed up keytab from previous enrollment
-    required: yes
-  mkhomedir:
-    description: Create home directories for users on their first login
-    required: yes
-  force_join:
-    description: Force client enrollment even if already enrolled
-    required: yes
-  no_ntp:
-    description: Do not configure ntp
-    required: yes
-  ssh_trust_dns:
-    description: Configure OpenSSH client to trust DNS SSHFP records
-    required: yes
-  no_ssh:
-    description: Do not configure OpenSSH client
-    required: yes
-  no_sshd:
-    description: Do not configure OpenSSH server
-    required: yes
-  no_dns_sshfp:
-    description: Do not automatically create DNS SSHFP records
-    required: yes
-  allow_zone_overlap:
-    description: Create DNS zone even if it already exists
-    required: yes
-  reverse_zones:
-    description: The reverse DNS zones to use
-    required: yes
-  no_reverse:
-    description: Do not create new reverse DNS zone
-    required: yes
-  auto_reverse:
-    description: Create necessary reverse zones
-    required: yes
-  forwarders:
-    description: Add DNS forwarders
-    required: yes
-  no_forwarders:
-    description: Do not add any DNS forwarders, use root servers instead
-    required: yes
-  auto_forwarders:
-    description: Use DNS forwarders configured in /etc/resolv.conf
-    required: yes
-  forward_policy:
-    description: DNS forwarding policy for global forwarders
-    required: yes
-  no_dnssec_validation:
-    description: Disable DNSSEC validation
-    required: yes
-  enable_compat:
-    description: Enable support for trusted domains for old clients
-    required: yes
-  netbios_name:
-    description: NetBIOS name of the IPA domain
-    required: yes
-  rid_base:
-    description: Start value for mapping UIDs and GIDs to RIDs
-    required: yes
-  secondary_rid_base:
-    description:
-      Start value of the secondary range for mapping UIDs and GIDs to RIDs
-    required: yes
-  server:
-    description: Fully qualified name of IPA server to enroll to
-    required: no
-  skip_conncheck:
-    description: Skip connection check to remote master
-    required: yes
  dm_password:
    description: Directory Manager password
    required: yes