diff --git a/roles/ipaclient/library/ipaclient_api.py b/roles/ipaclient/library/ipaclient_api.py
index a82fb3454832dade1375fd48c46879cebc982e2c..910c744ef493c2366b11028648cc01a3b833b0e3 100644
--- a/roles/ipaclient/library/ipaclient_api.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -29,21 +29,23 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
module: ipaclient_api
-short description: Create temporary NSS database, call IPA API for remaining enrollment parts
+short description:
+ Create temporary NSS database, call IPA API for remaining enrollment parts
description:
-Create temporary NSS database, call IPA API for remaining enrollment parts
+ Create temporary NSS database, call IPA API for remaining enrollment parts
options:
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
debug:
description: Turn on extra debugging
- required: false
- type: bool
- default: no
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_fix_ca.py b/roles/ipaclient/library/ipaclient_fix_ca.py
index f4d2fbe4700ddfe57f4b135285d393e78b4b8c40..283269986fa7887eb11a6b2ad3c122e1869231c8 100644
--- a/roles/ipaclient/library/ipaclient_fix_ca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -34,20 +34,19 @@ description:
Repair Fix IPA ca certificate
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
basedn:
- description: The basedn of the IPA server (of the form dc=example,dc=com).
- required: true
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
allow_repair:
- description: Allow repair of already joined hosts. Contrary to ipaclient_force_join the host entry will not be changed on the server.
- required: true
- type: bool
- default: no
+ description:
+ Allow repair of already joined hosts. Contrary to ipaclient_force_join
+ the host entry will not be changed on the server
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_fstore.py b/roles/ipaclient/library/ipaclient_fstore.py
index efefee961ebce9166297c31f74d2f7ba562ebf5c..33cef7bb9129b8cad068d825f925dc4a94b27f4e 100644
--- a/roles/ipaclient/library/ipaclient_fstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -37,7 +37,7 @@ Backup files using IPA client sysrestore
options:
backup:
description: File to backup
- required: true
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_get_otp.py b/roles/ipaclient/library/ipaclient_get_otp.py
index da65e32c3eba3c12046467259fe40767209142aa..7ec67dda2d4bd91d6e5d931cbb359ff3a4411830 100644
--- a/roles/ipaclient/library/ipaclient_get_otp.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -35,45 +35,31 @@ description:
host operations.
options:
principal:
- description: Kerberos principal used to manage the host
- required: true
- default: admin
- password:
- description: Password for the kerberos principal
- required: false
- keytab:
- description: Keytab file containing the Kerberos principal and encrypted key
- required: false
- lifetime:
- description: Sets the default lifetime for initial ticket requests
- required: false
- default: 1h
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: yes
+ ccache:
+ description: The local ccache
+ required: yes
fqdn:
- description: the fully-qualified hostname of the host to add/modify/remove
- required: true
- random:
- description: generate a random password to be used in bulk enrollment
- required: false
- type: bool
- default: no
- state:
- description: the host state
- required: false
- default: present
- choices: [ "present", "absent" ]
+ description:
+ The fully-qualified hostname of the host to add/modify/remove
+ required: no
certificates:
- description: a list of host certificates
- required: false
- type: list
+ description: A list of host certificates
+ required: yes
sshpubkey:
- description: the SSH public key for the host
- required: false
+ description: The SSH public key for the host
+ required: yes
ipaddress:
- description: the IP address for the host
- required: false
-
-requirements:
- - gssapi on the Ansible controller
+ description: The IP address for the host
+ required: yes
+ random:
+ description: Generate a random password to be used in bulk enrollment
+ required: yes
+ state:
+ description: The desired host state
+ required: yes
author:
- "Florence Blanc-Renaud"
'''
diff --git a/roles/ipaclient/library/ipaclient_ipa_conf.py b/roles/ipaclient/library/ipaclient_ipa_conf.py
index a96aa32a55df3a2923951fcaef44eb9be085346b..4865772376434df8459a243aa406567a7fce47c4 100644
--- a/roles/ipaclient/library/ipaclient_ipa_conf.py
+++ b/roles/ipaclient/library/ipaclient_ipa_conf.py
@@ -35,24 +35,21 @@ short description: Configure ipa.conf
description:
Configure ipa.conf
options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: false
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: false
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
basedn:
- description: The basedn of the detected IPA server.
- returned: always
- type: string
- sample: dc=example,dc=com
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_join.py b/roles/ipaclient/library/ipaclient_join.py
index e103c37ea5a441c295f17b23fe79d25a20284222..d0eca2bbe394dbf4a39293a64c1d25dfd0ce4bf3 100644
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -31,59 +31,58 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_join
-short description: Join a machine to an IPA realm and get a keytab for the host service principal
+short description:
+ Join a machine to an IPA realm and get a keytab for the host service
+ principal
description:
- Join a machine to an IPA realm and get a keytab for the host service principal
+ Join a machine to an IPA realm and get a keytab for the host service
+ principal
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
kdc:
- description: The name or address of the host running the KDC.
- required: true
+ description: The name or address of the host running the KDC
+ required: no
basedn:
- description: The basedn of the IPA server (of the form dc=example,dc=com).
- required: true
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
principal:
- description: The authorized kerberos principal used to join the IPA realm.
- required: false
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: yes
password:
- description: The password to use if not using Kerberos to authenticate.
- required: false
- admin_keytab:
- description: The path to a local admin keytab.
- required: false
+ description: Admin user kerberos password
+ required: yes
keytab:
- description: The path to a backed-up host keytab from previous enrollment.
- required: false
+ description: Path to backed up keytab from previous enrollment
+ required: yes
+ admin_keytab:
+ description: The path to a local admin keytab
+ required: yes
ca_cert_file:
- description: A CA certificate to use. Do not acquire the IPA CA certificate via automated means.
- required: false
+ description:
+ A CA certificate to use. Do not acquire the IPA CA certificate via
+ automated means
+ required: yes
force_join:
- description: Force enrolling the host even if host entry exists.
- required: false
- type: bool
- default: no
+ description: Force client enrollment even if already enrolled
+ required: yes
kinit_attempts:
- description: Repeat the request for host Kerberos ticket X times.
- required: false
- type: int
- default: 5
+ description: Repeat the request for host Kerberos ticket X times
+ required: yes
debug:
- description: Enable debug mode.
- required: false
- type: bool
- default: no
+ description: Turn on extra debugging
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_set_hostname.py b/roles/ipaclient/library/ipaclient_set_hostname.py
index c7a7acb17f83d8c97d0dc33032a3ead33cbe7cd1..be5576ebeeee0aeb0b07ab806a59b8505aefd076 100644
--- a/roles/ipaclient/library/ipaclient_set_hostname.py
+++ b/roles/ipaclient/library/ipaclient_set_hostname.py
@@ -36,8 +36,8 @@ description:
Backup and set hostname
options:
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_automount.py b/roles/ipaclient/library/ipaclient_setup_automount.py
index 7320a9b5fa73bfc428cd817da8d28dd52f049667..e2bc340d4093ff45cbcfae4258368c8a96ad39d6 100644
--- a/roles/ipaclient/library/ipaclient_setup_automount.py
+++ b/roles/ipaclient/library/ipaclient_setup_automount.py
@@ -36,12 +36,14 @@ description:
Setup automount for IPA client
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
+ sssd:
+ description: The installer sssd setting
+ required: yes
automount_location:
- description: Automount location
- required: false
+ description: The automount location
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_firefox.py b/roles/ipaclient/library/ipaclient_setup_firefox.py
index e480116f985ec3c0fc83a02f2f713e489b92fd25..71db33e57a0eae2234b8d8f7beb972ea8a80c87d 100644
--- a/roles/ipaclient/library/ipaclient_setup_firefox.py
+++ b/roles/ipaclient/library/ipaclient_setup_firefox.py
@@ -36,11 +36,13 @@ description:
Setup firefox for IPA client
options:
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
firefox_dir:
- description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
- required: false
+ description:
+ Specify directory where Firefox is installed (for example
+ '/usr/lib/firefox')
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_krb5.py b/roles/ipaclient/library/ipaclient_setup_krb5.py
index fc8b83f76584666e0d55eb5259057cf0202f7b0a..367539b56c6203b62dd27daeebd7de28b052ea7c 100644
--- a/roles/ipaclient/library/ipaclient_setup_krb5.py
+++ b/roles/ipaclient/library/ipaclient_setup_krb5.py
@@ -35,12 +35,33 @@ short description: Setup krb5 for IPA client
description:
Setup krb5 for IPA client
options:
- server:
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: yes
+ kdc:
+ description: The name or address of the host running the KDC
+ required: yes
+ dnsok:
+ description: The installer dnsok setting
+ required: yes
+ client_domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ sssd:
+ description: The installer sssd setting
+ required: yes
+ force:
+ description: Installer force parameter
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_nis.py b/roles/ipaclient/library/ipaclient_setup_nis.py
index 121b266ec1ca56fc82b054e2fbaf84e31803de04..1f1ba000502cb3d0503b6112956e1f59d4abd983 100644
--- a/roles/ipaclient/library/ipaclient_setup_nis.py
+++ b/roles/ipaclient/library/ipaclient_setup_nis.py
@@ -36,11 +36,11 @@ description:
Setup NIS for IPA client
options:
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
nisdomain:
- description: NIS domain name
- required: false
+ description: The NIS domain name
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
index 6f40a96c663cae325be719d19e5b36fc8643cf5d..ec6009f15895ff2de713f0b58c775a80aa8874bb 100644
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -36,103 +36,82 @@ description:
Create IPA NSS database
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
basedn:
- description: The basedn of the IPA server (of the form dc=example,dc=com).
- required: true
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
principal:
- description: The authorized kerberos principal used to join the IPA realm.
- required: false
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: yes
subject_base:
- description: The subject base, needed for certmonger
- required: true
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ca_enabled:
- description: Whether the Certificate Authority is enabled or not.
- required: true
- type: bool
- default: no
+ description: Whether the Certificate Authority is enabled or not
+ required: no
mkhomedir:
- description: Whether to create home directories for users on their first login.
- required: false
- type: bool
- default: no
+ description: Create home directories for users on their first login
+ required: yes
on_master:
- description: Whether the configuration is done on the master or not.
- required: false
- type: bool
- default: no
-
+ description: Whether the configuration is done on the master or not
+ required: yes
+ dnsok:
+ description: The installer dnsok setting
+ required: yes
enable_dns_updates:
- description: Configures the machine to attempt dns updates when the ip address changes.
- required: false
- type: bool
- default: no
+ description:
+ Configures the machine to attempt dns updates when the ip address
+ changes
+ required: yes
all_ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS
- required: false
- type: bool
- default: no
+ description:
+ All routable IP addresses configured on any interface will be added
+ to DNS
+ required: yes
ip_addresses:
- description: Specify IP addresses that should be added to DNS.
- required: false
- type: list
- default: None
+ description: List of Master Server IP Addresses
+ required: yes
request_cert:
- description: request certificate for the machine
- required: false
- type: bool
- default: no
+ description: Request certificate for the machine
+ required: yes
preserve_sssd:
description: Preserve old SSSD configuration if possible
- required: false
- type: bool
- default: no
+ required: yes
no_ssh:
description: Do not configure OpenSSH client
- required: false
- type: bool
- default: no
+ required: yes
no_sshd:
description: Do not configure OpenSSH server
- required: false
- type: bool
- default: no
+ required: yes
no_sudo:
description: Do not configure SSSD as data source for sudo
- required: false
- type: bool
- default: no
+ required: yes
fixed_primary:
description: Configure sssd to use fixed server as primary IPA server
- required: false
- type: bool
- default: no
+ required: yes
permit:
- description: Disable access rules by default, permit all access.
- required: false
- type: bool
- default: no
+ description: Disable access rules by default, permit all access
+ required: yes
no_krb5_offline_passwords:
- description: Configure SSSD not to store user password when the server is offline
- required: false
- type: bool
- default: no
+ description:
+ Configure SSSD not to store user password when the server is offline
+ required: yes
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
- required: false
- type: bool
- default: no
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_ntp.py b/roles/ipaclient/library/ipaclient_setup_ntp.py
index 83197b1ad2a284c9fcaa7fce296d92b53df42438..acc48550d0415309228ec8499dc9d99acd7b85bf 100644
--- a/roles/ipaclient/library/ipaclient_setup_ntp.py
+++ b/roles/ipaclient/library/ipaclient_setup_ntp.py
@@ -35,44 +35,24 @@ short description: Setup NTP for IPA client
description:
Setup NTP for IPA client
options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: false
- type: list
- default: []
- domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: false
- realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: false
- hostname:
- description: The hostname of the machine to join (FQDN).
- required: false
- ca_cert_file:
- description: A CA certificate to use.
- required: false
- on_master:
- description: IPA client installation on IPA server
- required: false
- default: false
- type: bool
- default: no
ntp_servers:
- description: List of NTP servers to use
- required: false
- type: list
- default: []
+ description: ntp servers to use
+ required: yes
ntp_pool:
description: ntp server pool to use
- required: false
+ required: yes
no_ntp:
- description: Do not sync time and do not detect time servers
- required: false
- default: false
- type: bool
- default: no
-
+ description: Do not configure ntp
+ required: yes
+ on_master:
+ description: Whether the configuration is done on the master or not
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_ssh.py b/roles/ipaclient/library/ipaclient_setup_ssh.py
index 214968a8bb30db99db7d2901eacad3e4b09152c5..2347c854da0a1d5598a516d42f22456a83eec1c8 100644
--- a/roles/ipaclient/library/ipaclient_setup_ssh.py
+++ b/roles/ipaclient/library/ipaclient_setup_ssh.py
@@ -36,29 +36,20 @@ description:
Configure ssh and sshd for IPA client
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
- ssh:
- description: Configure OpenSSH client
- required: false
- type: bool
- default: no
- trust_sshfp:
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: yes
+ ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
- required: false
- type: bool
- default: no
- sshd:
- description: Configure OpenSSH server
- required: false
- type: bool
- default: no
+ required: yes
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: yes
sssd:
- description: Configure SSSD server
- required: false
- type: bool
- default: no
+ description: The installer sssd setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_sssd.py b/roles/ipaclient/library/ipaclient_setup_sssd.py
index 87d5f03ddb7a37c1e2b134f529bb3683d3cfc359..2afbdfb4945920532d53b9eca8fb32f09ac7a0e5 100644
--- a/roles/ipaclient/library/ipaclient_setup_sssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -36,68 +36,52 @@ description:
Setup sssd for IPA client
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
on_master:
- description: Whether the configuration is done on the master or not.
- required: false
- type: bool
- default: no
+ description: Whether the configuration is done on the master or not
+ required: yes
no_ssh:
description: Do not configure OpenSSH client
- required: false
- type: bool
- default: no
+ required: yes
no_sshd:
description: Do not configure OpenSSH server
- required: false
- type: bool
- default: no
+ required: yes
no_sudo:
description: Do not configure SSSD as data source for sudo
- required: false
- type: bool
- default: no
+ required: yes
all_ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS.
- required: false
- type: bool
- default: no
+ description:
+ All routable IP addresses configured on any interface will be added
+ to DNS
+ required: yes
fixed_primary:
- description: Whether to use fixed server as primary IPA server.
- required: false
- type: bool
- default: no
+ description: Configure sssd to use fixed server as primary IPA server
+ required: yes
permit:
- description: Disable access rules by default, permit all access.
- required: false
- type: bool
- default: no
+ description: Disable access rules by default, permit all access
+ required: yes
enable_dns_updates:
- description: Configures the machine to attempt dns updates when the ip address changes.
- required: false
- type: bool
- default: no
+ description:
+ Configures the machine to attempt dns updates when the ip address
+ changes
+ required: yes
preserve_sssd:
- description: Preserve old SSSD configuration if possible.
- required: false
- type: bool
- default: no
+ description: Preserve old SSSD configuration if possible
+ required: yes
no_krb5_offline_passwords:
- description: Whether user passwords are stored when the server is offline.
- required: false
- type: bool
- default: no
+ description:
+ Configure SSSD not to store user password when the server is offline
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py
index 9e5db938f6868139621cad2343ad01bc2660bc5f..7e303586ec2e37e3fec96443376162b32c62e3e9 100644
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -35,84 +35,70 @@ short description: Tries to discover IPA server
description:
Tries to discover IPA server using DNS or host name
options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: false
- type: list
- default: []
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: false
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: false
+ description: Kerberos realm name of the IPA deployment
+ required: yes
hostname:
- description: The hostname of the machine to join (FQDN).
- required: false
+ description: Fully qualified name of this host
+ required: yes
ntp_servers:
- description: List of NTP servers to use
- required: false
- type: list
- default: []
+ description: ntp servers to use
+ required: yes
ntp_pool:
description: ntp server pool to use
- required: false
+ required: yes
no_ntp:
- description: Do not sync time and do not detect time servers
- required: false
- default: false
- type: bool
- default: no
+ description: Do not configure ntp
+ required: yes
force_ntpd:
- description: Stop and disable any time&date synchronization services besides ntpd. Deprecated since 4.7.
- requried: false
- type: bool
- default: no
+ description:
+ Stop and disable any time&date synchronization services besides ntpd
+ Deprecated since 4.7
+ required: yes
nisdomain:
- description: NIS domain name
- required: false
+ description: The NIS domain name
+ required: yes
no_nisdomain:
description: Do not configure NIS domain name
- required: false
- type: bool
- default: no
+ required: yes
kinit_attempts:
- description: Repeat the request for host Kerberos ticket X times.
- required: false
- type: int
- default: 5
+ description: Repeat the request for host Kerberos ticket X times
+ required: yes
ca_cert_files:
- description: CA certificates to use.
- required: false
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
configure_firefox:
description: Configure Firefox to use IPA domain credentials
- required: false
- type: bool
- default: no
+ required: yes
firefox_dir:
- description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
- required: false
+ description:
+ Specify directory where Firefox is installed (for example
+ '/usr/lib/firefox')
+ required: yes
ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS.
- required: false
- type: bool
- default: no
+ description: List of Master Server IP Addresses
+ required: yes
all_ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS.
- required: false
- type: bool
- default: no
+ description:
+ All routable IP addresses configured on any interface will be added
+ to DNS
+ required: yes
on_master:
- description: IPA client installation on IPA server
- required: false
- default: false
- type: bool
- default: no
+ description: Whether the configuration is done on the master or not
+ required: yes
enable_dns_updates:
- description: Configures the machine to attempt dns updates when the ip address changes.
- required: false
- type: bool
- default: no
+ description:
+ Configures the machine to attempt dns updates when the ip address
+ changes
+ required: yes
author:
- Thomas Woerner
'''
@@ -194,7 +180,9 @@ ntp_servers:
type: list
sample: ["ntp.example.com"]
ipa_python_version:
- description: The IPA python version as a number: <major version>*10000+<minor version>*100+<release>
+ description:
+ - The IPA python version as a number:
+ - <major version>*10000+<minor version>*100+<release>
returned: always
type: int
sample: 040400
diff --git a/roles/ipaclient/library/ipaclient_test_keytab.py b/roles/ipaclient/library/ipaclient_test_keytab.py
index 0b6a565be1963b38a8577ea74b22487a78a05174..d4a9f9f49c6a3ac54babc06a632532d766b94eb7 100644
--- a/roles/ipaclient/library/ipaclient_test_keytab.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -31,32 +31,30 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_test_keytab
-short description: Test if the krb5.keytab on the machine is valid and can be used.
+short description:
+ Test if the krb5.keytab on the machine is valid and can be used.
description:
Test if the krb5.keytab on the machine is valid and can be used.
A temporary krb5.conf file will be generated to not fail on an invalid one.
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
kdc:
- description: The name or address of the host running the KDC.
- required: true
+ description: The name or address of the host running the KDC
+ required: no
kinit_attempts:
- description: Repeat the request for host Kerberos ticket X times.
- required: false
- type: int
- default: 5
+ description: Repeat the request for host Kerberos ticket X times
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
index a11ce415d86b93fc6bc40f3d2112ce16d602b367..6a85dc1567e2da43a4249363e9fcda08ed73e8c2 100644
--- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
+++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
@@ -38,20 +38,20 @@ description:
Add to ipaservers
options:
setup_kra:
- description:
- required: yes
+ description: Configure a dogtag KRA
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
installer_ccache:
- description:
- required: yes
+ description: The installer ccache setting
+ required: no
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
index 684691cb3375230346b31399da22b3a47e4ccd4d..8a258f2ef56f7dec19b2b1ca12aa93efbf2d14df 100644
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,71 +56,73 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
- dirserv_cert_files:
- description:
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
required: yes
force_join:
- description:
+ description: Force client enrollment even if already enrolled
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
server:
- description:
- required: yes
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
installer_ccache:
- description:
- required: yes
+ description: The installer ccache setting
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
_add_to_ipaservers:
- description:
- required: yes
+ description: The installer _add_to_ipaservers setting
+ required: no
_ca_subject:
- description:
- required: yes
+ description: The installer _ca_subject setting
+ required: no
_subject_base:
- description:
+ description: The installer _subject_base setting
+ required: no
+ master:
+ description: Master host name
required: yes
dirman_password:
- description:
- required: yes
- config_setup_ca:
- description:
- required: yes
- config_master_host_name:
- description:
- required: yes
- config_ca_host_name:
- description:
- required: yes
- config_ips:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
index 1902a74c950479df6bc46469771412bb8b75115c..5b95a611d8c6311f2b3de9e1959807f1773ea422 100644
--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -38,44 +38,52 @@ description:
Import dm password into custodia
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
- config_master_host_name:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_kra_enabled:
- description:
+ description: The installer _kra_enabled setting
required: yes
_kra_host_name:
- description:
+ description: The installer _kra_host_name setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
+ config_setup_ca:
+ description: The config setup_ca setting
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 8f3fc759173efced7677fb497d55830f810cc0f3..e40717629a09aeef5aabab157f9b630069490c48 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -37,6 +37,55 @@ short description: DS apply updates
description:
DS apply updates
options:
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_ui_redirect:
+ description: Do not automatically redirect to the Web UI
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _ca_enabled:
+ description: The installer _ca_enabled setting
+ required: yes
+ _ca_file:
+ description: The installer _ca_file setting
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
+ required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
+ ds_ca_subject:
+ description: The ds.ca_subject setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index 44b28563c18ec411e62b8d0cf91756adb32214ef..ead7376b5202ac301d8c410598376eb974b7fc62 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -38,44 +38,51 @@ description:
DS enable SSL
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
- subject_base:
- description:
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_dirsrv_pkcs12_info:
- description:
+ description: The installer _dirsrv_pkcs12_info setting
required: yes
_pkinit_pkcs12_info:
- description:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
ds_ca_subject:
- description:
- required: yes
+ description: The ds.ca_subject setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py
index 846880e011dfa4df133aab108c419e7accd7cf6b..27ae28558756cce6807223da659dbf6ee4f8b67c 100644
--- a/roles/ipareplica/library/ipareplica_enable_ipa.py
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -33,28 +33,36 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_enable_ipa
-short description:
+short description: Enable IPA
description: Enable IPA
Enable IPA
options:
- subject_base:
- description: The certificate subject base (default O=<realm-name>).
+ hostname:
+ description: Fully qualified name of this host
required: yes
- ccache:
- description: The installation specific ccache file.
+ hidden_replica:
+ description: Install a hidden replica
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
_top_dir:
- description: The temporary top directory used for the installation.
- required: yes
+ description: The installer _top_dir setting
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ required: no
setup_kra:
- description: Configure KRA
- required: yes
+ description: Configure a dogtag KRA
+ required: no
config_master_host_name:
- description: The master host name
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py
index 7ea3228eb745bf5c1a3919e0cac48dd5b1e8e313..84466e6cc439f54502e4892afea6e2c0f25d727c 100644
--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,37 +56,72 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
- external_ca:
- description:
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
required: yes
- external_cert_files:
- description:
+ force_join:
+ description: Force client enrollment even if already enrolled
required: yes
subject_base:
- description:
- required: yes
- ca_subject:
- description:
- required: yes
- setup_ca:
- description:
- required: yes
- _hostname_overridden:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ installer_ccache:
+ description: The installer ccache setting
+ required: no
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ _add_to_ipaservers:
+ description: The installer _add_to_ipaservers setting
+ required: no
+ _ca_subject:
+ description: The installer _ca_subject setting
+ required: no
+ _subject_base:
+ description: The installer _subject_base setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
+ config_setup_ca:
+ description: The config setup_ca setting
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
+ config_ips:
+ description: The config ips setting
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 2217bb0f1837fcbfb6f96e173ca971b709edf69e..6d09b6b287937c598a93b0f7b6444ebc9b45d1a0 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -37,6 +37,41 @@ short description: KRB enable SSL
description:
KRB enable SSL
options:
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _ca_enabled:
+ description: The installer _ca_enabled setting
+ required: yes
+ _ca_file:
+ description: The installer _ca_file setting
+ required: yes
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
+ required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py
index 657385745f1b320491aa7bc9aa109f6762d3eca8..875a23d2cfc46370378830ee4bf2c24a6a3cd58b 100644
--- a/roles/ipareplica/library/ipareplica_master_password.py
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -37,7 +37,7 @@ description:
options:
master_password:
description: kerberos master password (normally autogenerated)
- required: false
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 9ef4279a17072f6f3a0f8fe3d9041ba7f326f948..88cd4fe6d87cfc8daf2737c9eaae06671f0da601 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -58,70 +58,645 @@ ptions:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
external_ca:
- description:
+ description: External ca setting
required: yes
external_cert_files:
- description:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
required: yes
subject_base:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
- description:
+ description: The installer ca_subject setting
required: yes
reverse_zones:
- description:
+ description: The reverse DNS zones to use
required: yes
no_reverse:
- description:
+ description: Do not create new reverse DNS zone
required: yes
auto_reverse:
- description:
+ description: Create necessary reverse zones
required: yes
forwarders:
- description:
+ description: Add DNS forwarders
required: yes
no_forwarders:
- description:
+ description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
- description:
+ description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
- description:
+ description: DNS forwarding policy for global forwarders
required: yes
enable_compat:
- description:
+ description: Enable support for trusted domains for old clients
required: yes
netbios_name:
- description:
+ description: NetBIOS name of the IPA domain
required: yes
rid_base:
- description:
+ description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
- description:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
_hostname_overridden:
- description:
+ description: The installer _hostname_overridden setting
+ required: yes
+ dm_password:
+ description: Directory Manager password
+ required: False
+ password:
+ description: Admin user kerberos password
+ required: False
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: False
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: False
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: False
+ hostname:
+ description: Fully qualified name of this host
+ required: False
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: True
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: False
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: False
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: False
+ setup_ca:
+ description: Configure a dogtag CA
+ required: False
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: False
+ setup_dns:
+ description: Configure bind with our zone
+ required: False
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: False
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: False
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: False
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: False
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: False
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: False
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: False
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: False
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: False
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: False
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: False
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: False
+ no_ntp:
+ description: Do not configure ntp
+ required: False
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: False
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: False
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: False
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: False
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: False
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: False
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: False
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: False
+ forwarders:
+ description: Add DNS forwarders
+ required: False
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: False
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: False
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: False
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: False
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: False
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: False
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: False
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: False
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: True
+ skip_conncheck:
+ description: Skip connection check to remote master
+ required: False
+ dm_password:
+ description: Directory Manager password
+ required: True
+ password:
+ description: Admin user kerberos password
+ required: True
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: True
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: True
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: True
+ hostname:
+ description: Fully qualified name of this host
+ required: True
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: False
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: True
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: True
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: True
+ setup_ca:
+ description: Configure a dogtag CA
+ required: True
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: True
+ setup_dns:
+ description: Configure bind with our zone
+ required: True
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: True
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: True
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: True
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: True
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: True
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: True
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: True
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: True
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: True
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: True
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: True
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: True
+ no_ntp:
+ description: Do not configure ntp
+ required: True
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: True
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: True
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: True
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: True
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: True
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: True
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: True
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: True
+ forwarders:
+ description: Add DNS forwarders
+ required: True
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: True
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: True
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: True
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: True
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: True
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: True
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: True
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: True
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: False
+ skip_conncheck:
+ description: Skip connection check to remote master
+ required: True
+ dm_password:
+ description: Directory Manager password
+ required: yes
+ password:
+ description: Admin user kerberos password
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: no
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: yes
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: yes
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: yes
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: yes
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: yes
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: yes
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: yes
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: yes
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: yes
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ skip_conncheck:
+ description: Skip connection check to remote master
+ required: yes
+ dm_password:
+ description: Directory Manager password
+ required: yes
+ password:
+ description: Admin user kerberos password
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: no
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: yes
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: yes
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: yes
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: yes
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: yes
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: yes
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: yes
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: yes
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: yes
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ skip_conncheck:
+ description: Skip connection check to remote master
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
index b16dacecac9993b9a299e03e9693647b78e82ff3..b68a5ecaf36622c79274166508f7212ee0f26a37 100644
--- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
+++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
@@ -38,23 +38,25 @@ description:
Promote openldap.conf
options:
setup_kra:
- description:
- required: no
- subject_base:
- description:
+ description: Configure a dogtag KRA
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_promote_sssd.py b/roles/ipareplica/library/ipareplica_promote_sssd.py
index f8be21d650be8a11e04d2f213950099a641f0206..a63f2e1bba56fe93a9263b64935d522131a56309 100644
--- a/roles/ipareplica/library/ipareplica_promote_sssd.py
+++ b/roles/ipareplica/library/ipareplica_promote_sssd.py
@@ -38,23 +38,25 @@ description:
Promote sssd
options:
setup_kra:
- description:
- required: no
- subject_base:
- description:
+ description: Configure a dogtag KRA
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_restart_kdc.py b/roles/ipareplica/library/ipareplica_restart_kdc.py
index 67070985540733ac37e060f24ebe73a5ca29cccc..3eff24b537df621ff3b3901b91ce7b73ee993c6c 100644
--- a/roles/ipareplica/library/ipareplica_restart_kdc.py
+++ b/roles/ipareplica/library/ipareplica_restart_kdc.py
@@ -37,6 +37,38 @@ short description: Restart KDC
description:
Restart KDC
options:
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_ui_redirect:
+ description: Do not automatically redirect to the Web UI
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _ca_file:
+ description: The installer _ca_file setting
+ required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
index 8380bc8165b3bb5e900142c9c410cb7c8ff7b29a..d269a40f77b877c02d6043f63385f150a9eab312 100644
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -38,23 +38,41 @@ description:
Setup adtrust
options:
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
subject_base:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ enable_compat:
+ description: Enable support for trusted domains for old clients
required: yes
- ccache:
- description:
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
required: yes
- _top_dir:
- description:
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
+ adtrust_netbios_name:
+ description: The adtrust netbios_name setting
+ required: no
+ adtrust_reset_netbios_name:
+ description: The adtrust reset_netbios_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
setup_ca:
- description:
- required: yes
+ description: Configure a dogtag CA
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index 8d34b7bc757846609990eb476d46b1f77ca688d6..a07c9e4a57c44866b712870a62e8e24e199e24a6 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -37,65 +37,67 @@ short description: Setup CA
description:
Setup CA
options:
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
- required: yes
- pki_config_override:
- description:
+ description: Disable pkinit setup steps
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_kra_enabled:
- description:
+ description: The installer _kra_enabled setting
required: yes
_kra_host_name:
- description:
+ description: The installer _kra_host_name setting
required: yes
_dirsrv_pkcs12_info:
- description:
+ description: The installer _dirsrv_pkcs12_info setting
required: yes
_pkinit_pkcs12_info:
- description:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
_ca_subject:
- description:
- required: yes
+ description: The installer _ca_subject setting
+ required: no
_subject_base:
- description:
- required: yes
+ description: The installer _subject_base setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
config_ca_host_name:
- description:
- required: yes
+ description: The config ca_host_name setting
+ required: no
config_ips:
- description:
+ description: The config ips setting
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index 55921092392d1fcdcde91d9205d053ff8b70a8f2..75930464e9c4de036e5ac379e7765da722ad8c14 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -38,44 +38,49 @@ description:
Setup custodia
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_kra_enabled:
- description:
+ description: The installer _kra_enabled setting
required: yes
_kra_host_name:
- description:
+ description: The installer _kra_host_name setting
required: yes
- _top_dir:
- description:
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 9d77e97f890eb7fbed2fd6de9c158cfe08b8edfd..34e52364dbb099055013b49685debd65efc7c9a3 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -38,26 +38,46 @@ description:
Setup DNS
options:
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
subject_base:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ zonemgr:
+ description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes
- ccache:
- description:
+ forwarders:
+ description: Add DNS forwarders
required: yes
- _top_dir:
- description:
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
required: yes
- setup_ca:
- description:
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
required: yes
+ dns_ip_addresses:
+ description: The dns ip_addresses setting
+ required: no
+ dns_reverse_zones:
+ description: The dns reverse_zones setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index 4f766f5b76a11232d639ffbf3970dd6dd4064d4a..c0e156517ba9068786c87109e7f326f600863845 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,73 +56,86 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
required: yes
- dirserv_cert_files:
- description:
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
required: yes
force_join:
- description:
+ description: Force client enrollment even if already enrolled
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
server:
- description:
- required: yes
+ description: Fully qualified name of IPA server to enroll to
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
installer_ccache:
- description:
- required: yes
+ description: The installer ccache setting
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_dirsrv_pkcs12_info:
- description:
+ description: The installer _dirsrv_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
_add_to_ipaservers:
- description:
- required: yes
+ description: The installer _add_to_ipaservers setting
+ required: no
_ca_subject:
- description:
- required: yes
+ description: The installer _ca_subject setting
+ required: no
_subject_base:
- description:
- required: yes
+ description: The installer _subject_base setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
config_ca_host_name:
- description:
- required: yes
+ description: The config ca_host_name setting
+ required: no
config_ips:
- description:
+ description: The config ips setting
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index c5738e251c141f20905642bc45800f52ce2937aa..7b645f7be138cde162442adeb52752324c564f9e 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -38,41 +38,46 @@ description:
Setup HTTP
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_http_pkcs12_info:
- description:
+ description: The installer _http_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index ebeb6f916ef9c58f86e1ebc2bd479e5b84d0db57..86b077a576e35f5c4128e40fe590fb4c36ad2c33 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,22 +56,73 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ installer_ccache:
+ description: The installer ccache setting
+ required: no
+ _ca_enabled:
+ description: The installer _ca_enabled setting
+ required: yes
+ _kra_enabled:
+ description: The installer _kra_enabled setting
+ required: yes
+ _kra_host_name:
+ description: The installer _kra_host_name setting
required: yes
- external_ca:
- description:
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ _add_to_ipaservers:
+ description: The installer _add_to_ipaservers setting
+ required: no
+ _ca_subject:
+ description: The installer _ca_subject setting
+ required: no
+ _subject_base:
+ description: The installer _subject_base setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 01604738d4216968d120113c0ca3b0904f8ac662..2d0180ed71bbc72f13b152b792d7fd8bbef83d66 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -38,29 +38,31 @@ description:
Setup KRB
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_pkinit_pkcs12_info:
- description:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_otpd.py b/roles/ipareplica/library/ipareplica_setup_otpd.py
index d7a2212a00455d0d942a0f13fd127180e5af77a7..4c5092d7b3f8c9b06d3de13543687c2ee7d490f3 100644
--- a/roles/ipareplica/library/ipareplica_setup_otpd.py
+++ b/roles/ipareplica/library/ipareplica_setup_otpd.py
@@ -38,35 +38,37 @@ description:
Setup OTPD
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index c747002bfed964e65a317964c738279ac5680bba..ec33caef18b3bc25fa0b5e55bd2249b7220b6608 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -31,9 +31,91 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_test
-short description:
-description:
+short description: IPA replica deployment tests
+description: IPA replica deployment tests
options:
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ hidden_replica:
+ description: Install a hidden replica
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ ntp_servers:
+ description: ntp servers to use
+ required: yes
+ ntp_pool:
+ description: ntp server pool to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_enable_ipa.py b/roles/ipaserver/library/ipaserver_enable_ipa.py
index 13f1b280b63a8c47c4cd5bc66dbebb726cea1ee1..5f50213ad529cb542bbdb5d0ca25696b9db4318a 100644
--- a/roles/ipaserver/library/ipaserver_enable_ipa.py
+++ b/roles/ipaserver/library/ipaserver_enable_ipa.py
@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: enable_ipa
-short description:
-description:
+module: ipaserver_enable_ipa
+short description: Enable IPA
+description: Enable IPA
options:
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_load_cache.py b/roles/ipaserver/library/ipaserver_load_cache.py
index c231e5f455cea6a9e35798a3f5466384f0519f20..20d335ca8403b50b241ce87cfb0e3271f92ca979 100644
--- a/roles/ipaserver/library/ipaserver_load_cache.py
+++ b/roles/ipaserver/library/ipaserver_load_cache.py
@@ -33,10 +33,12 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_load_cache
-short description:
-description:
+short description: Load cache file
+description: Load cache file
options:
dm_password:
+ description: Directory Manager password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_master_password.py b/roles/ipaserver/library/ipaserver_master_password.py
index 5a0f3c27836089f2f7ceb1f2de35d8ff43f76717..0bb444e17582b97f4072866f5cdd35b2d37ee2fc 100644
--- a/roles/ipaserver/library/ipaserver_master_password.py
+++ b/roles/ipaserver/library/ipaserver_master_password.py
@@ -30,14 +30,17 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: master_password
+module: ipaserver_master_password
short description: Generate kerberos master password if not given
description:
Generate kerberos master password if not given
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
master_password:
description: kerberos master password (normally autogenerated)
- required: false
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py
index acabcd5ddf2f2a0db3e63918639f9b8d34e67bf8..68dadc5e83c6ebd1c7d7112b87dee735186c7bb2 100644
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -33,37 +33,116 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_prepare
-short description:
-description:
+short description: Prepare IPA server deployment
+description: Prepare IPA server deployment
options:
+ force:
+ description: Installer force parameter
+ required: yes
dm_password:
+ description: Directory Manager password
+ required: no
password:
+ description: Admin user kerberos password
+ required: no
ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
setup_dns:
+ description: Configure bind with our zone
+ required: yes
external_ca:
+ description: External ca setting
+ required: yes
+ external_ca_type:
+ description: Type of the external CA
+ required: yes
+ external_ca_profile:
+ description:
+ Specify the certificate profile/template to use at the external CA
+ required: yes
external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
forwarders:
+ description: Add DNS forwarders
+ required: yes
no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
setup_ca:
+ description: Configure a dogtag CA
+ required: yes
_hostname_overridden:
+ description: The installer _hostname_overridden setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py
index c2e6285bacf970f7e93f44c7e593e962da1d2153..da6ef68151388adb4589f1dbefbe32a38f6c4a14 100644
--- a/roles/ipaserver/library/ipaserver_set_ds_password.py
+++ b/roles/ipaserver/library/ipaserver_set_ds_password.py
@@ -32,10 +32,68 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: set_ds_password
-short description:
-description:
+module: ipaserver_set_ds_password
+short description: Set DS password
+description: Set DS password
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
+ no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ domainlevel:
+ description: The domain level
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_adtrust.py b/roles/ipaserver/library/ipaserver_setup_adtrust.py
index 914e4f33a97389a3a45bf9d8e2f1387a85473f1e..4838f2baef0e6c5af6f5aaf038a938470bbf5b3d 100644
--- a/roles/ipaserver/library/ipaserver_setup_adtrust.py
+++ b/roles/ipaserver/library/ipaserver_setup_adtrust.py
@@ -32,10 +32,35 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_adtrust
-short description:
-description:
+module: ipaserver_setup_adtrust
+short description: Setup trust ad
+description: Setup trust ad
options:
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
+ adtrust_netbios_name:
+ description: The adtrust netbios_name setting
+ required: no
+ adtrust_reset_netbios_name:
+ description: The adtrust reset_netbios_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index 42f01d878d071d0e7735b9399d0b8e9138a13dd0..374b20b7dac2fe9ef31ce69dc169bc826fe2209c 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -33,39 +33,119 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ca
-short description:
-description:
+short description: Setup CA
+description: Setup CA
options:
dm_password:
+ description: Directory Manager password
+ required: no
password:
+ description: Admin user kerberos password
+ required: no
master_password:
+ description: kerberos master password (normally autogenerated)
+ required: no
ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
setup_dns:
+ description: Configure bind with our zone
+ required: yes
setup_ca:
+ description: Configure a dogtag CA
+ required: yes
idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
_dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
external_ca:
+ description: External ca setting
+ required: yes
+ external_ca_type:
+ description: Type of the external CA
+ required: yes
+ external_ca_profile:
+ description:
+ Specify the certificate profile/template to use at the external CA
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
_subject_base:
+ description: The installer _subject_base setting
+ required: yes
ca_subject:
+ description: The installer ca_subject setting
+ required: yes
_ca_subject:
+ description: The installer _ca_subject setting
+ required: yes
ca_signing_algorithm:
+ description: Signing algorithm of the IPA CA certificate
+ required: yes
reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
domainlevel:
+ description: The domain level
+ required: yes
_http_ca_cert:
+ description: The installer _http_ca_cert setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_custodia.py b/roles/ipaserver/library/ipaserver_setup_custodia.py
index 48074ccfb9cb6b19a3bdf5c77db7f09b6a8526c1..2514e06fc6eefdbc1025ec8aa7610422d6427e40 100644
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -33,12 +33,18 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_custodia
-short description:
-description:
+short description: Setup custodia
+description: Setup custodia
options:
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
setup_ca:
+ description: Configure a dogtag CA
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_dns.py b/roles/ipaserver/library/ipaserver_setup_dns.py
index d61f3b7841216d8e2bf4040b63e88c3b3269d42c..ae1429a62cd5cbf09fcc303fb43adb3fc9eb2d10 100644
--- a/roles/ipaserver/library/ipaserver_setup_dns.py
+++ b/roles/ipaserver/library/ipaserver_setup_dns.py
@@ -32,17 +32,46 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_dns
-short description:
-description:
+module: ipaserver_setup_dns
+short description: Setup DNS
+description: Setup DNS
options:
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: no
setup_dns:
+ description: Configure bind with our zone
+ required: no
setup_ca:
+ description: Configure a dogtag CA
+ required: no
zonemgr:
+ description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
+ required: yes
forwarders:
+ description: Add DNS forwarders
+ required: no
forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ dns_ip_addresses:
+ description: The dns ip_addresses setting
+ required: no
+ dns_reverse_zones:
+ description: The dns reverse_zones setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py
index 8d3b2442546dfd01699b579f6700d049bb4a3872..5ce35f4133f957ef83a60272a8e6e1e9b18d0227 100644
--- a/roles/ipaserver/library/ipaserver_setup_ds.py
+++ b/roles/ipaserver/library/ipaserver_setup_ds.py
@@ -33,21 +33,64 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ds
-short description:
-description:
+short description: Configure directory server
+description: Configure directory server
options:
dm_password:
+ description: Directory Manager password
+ required: no
password:
+ description: Admin user kerberos password
+ required: no
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
idmax:
- no_pkinit:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
ca_subject:
- setup_ca
+ description: The installer ca_subject setting
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py
index 781aa9af0261ed2da4270a9242f595e77142469f..a29a0447e18ff3479e7a2ff7220330d5e3217edd 100644
--- a/roles/ipaserver/library/ipaserver_setup_http.py
+++ b/roles/ipaserver/library/ipaserver_setup_http.py
@@ -32,10 +32,111 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_ds
-short description:
-description:
+module: ipaserver_setup_http
+short description: Setup HTTP
+description: Setup HTTP
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: no
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ no_ui_redirect:
+ description: Do not automatically redirect to the Web UI
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ _subject_base:
+ description: The installer _subject_base setting
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ _ca_subject:
+ description: The installer _ca_subject setting
+ required: yes
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
+ domainlevel:
+ description: The domain level
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ _http_pkcs12_info:
+ description: The installer _http_pkcs12_info setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_kra.py b/roles/ipaserver/library/ipaserver_setup_kra.py
index 08cf6f44d110cc0ba9c006fac6e36ca35d372527..ebf03b09860da5d0fe61baa98adc9fd626ad9e3d 100644
--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -32,10 +32,28 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_kra
-short description:
-description:
+module: ipaserver_setup_kra
+short description: Setup KRA
+description: Setup KRA
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py
index 0b217dfc84e8cbefa81f0da083cbf68fbcfa1a19..8690edd7cb6bf5f7b52767c7d875ab4bfeb48fc0 100644
--- a/roles/ipaserver/library/ipaserver_setup_krb.py
+++ b/roles/ipaserver/library/ipaserver_setup_krb.py
@@ -32,10 +32,83 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_ds
-short description:
-description:
+module: ipaserver_setup_krb
+short description: Setup KRB
+description: Setup KRB
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: no
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_ntp.py b/roles/ipaserver/library/ipaserver_setup_ntp.py
index 7ebf7fc57920e6c26e24db54b4136ba7d71814b1..2e635ab6c56453c1ac65bf3074214d0ba5fd3df3 100644
--- a/roles/ipaserver/library/ipaserver_setup_ntp.py
+++ b/roles/ipaserver/library/ipaserver_setup_ntp.py
@@ -32,10 +32,16 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_ntp
-short description:
-description:
+module: ipaserver_setup_ntp
+short description: Setup NTP
+description: Setup NTP
options:
+ ntp_servers:
+ description: ntp servers to use
+ required: yes
+ ntp_pool:
+ description: ntp server pool to use
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_otpd.py b/roles/ipaserver/library/ipaserver_setup_otpd.py
index c05c3f9a231ee573deea6e9e4fb0f1a2e5a25b2b..12a87567ef3bacc263ab7670fd7f71f442274e12 100644
--- a/roles/ipaserver/library/ipaserver_setup_otpd.py
+++ b/roles/ipaserver/library/ipaserver_setup_otpd.py
@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_otpd
-short description:
-description:
+module: ipaserver_setup_otpd
+short description: Setup OTPD
+description: Setup OTPD
options:
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index 1d30ccde9ae3454e4340990d29dcf89e93f4ff8e..c1163aedef9e8bd83acda31727d3a556abdab2d3 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -31,9 +31,169 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_test
-short description:
-description:
+short description: IPA server test
+description: IPA server test
options:
+ force:
+ description: Installer force parameter
+ required: yes
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: yes
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: yes
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: yes
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: yes
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: yes
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: yes
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: yes
+ ntp_servers:
+ description: ntp servers to use
+ required: yes
+ ntp_pool:
+ description: ntp server pool to use
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ external_ca:
+ description: External ca setting
+ required: yes
+ external_ca_type:
+ description: Type of the external CA
+ required: yes
+ external_ca_profile:
+ description:
+ Specify the certificate profile/template to use at the external CA
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ zonemgr:
+ description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
author:
- Thomas Woerner
'''