From 830da6367e81fc731e439e810ecd17c738b91439 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 22 Jul 2019 17:12:48 +0200
Subject: [PATCH] ipa[server,replica,client]: Update module documentation
The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.
---
roles/ipaclient/library/ipaclient_api.py | 20 +-
roles/ipaclient/library/ipaclient_fix_ca.py | 21 +-
roles/ipaclient/library/ipaclient_fstore.py | 2 +-
roles/ipaclient/library/ipaclient_get_otp.py | 56 +-
roles/ipaclient/library/ipaclient_ipa_conf.py | 25 +-
roles/ipaclient/library/ipaclient_join.py | 75 ++-
.../library/ipaclient_set_hostname.py | 4 +-
.../library/ipaclient_setup_automount.py | 12 +-
.../library/ipaclient_setup_firefox.py | 10 +-
.../ipaclient/library/ipaclient_setup_krb5.py | 27 +-
.../ipaclient/library/ipaclient_setup_nis.py | 8 +-
.../ipaclient/library/ipaclient_setup_nss.py | 119 ++--
.../ipaclient/library/ipaclient_setup_ntp.py | 48 +-
.../ipaclient/library/ipaclient_setup_ssh.py | 33 +-
.../ipaclient/library/ipaclient_setup_sssd.py | 76 +--
roles/ipaclient/library/ipaclient_test.py | 106 ++-
.../library/ipaclient_test_keytab.py | 30 +-
.../library/ipareplica_add_to_ipaservers.py | 20 +-
.../library/ipareplica_create_ipa_conf.py | 80 +--
.../ipareplica_custodia_import_dm_password.py | 46 +-
.../library/ipareplica_ds_apply_updates.py | 49 ++
.../library/ipareplica_ds_enable_ssl.py | 45 +-
.../library/ipareplica_enable_ipa.py | 32 +-
.../library/ipareplica_install_ca_certs.py | 73 ++-
.../library/ipareplica_krb_enable_ssl.py | 35 +
.../library/ipareplica_master_password.py | 2 +-
.../ipareplica/library/ipareplica_prepare.py | 617 +++++++++++++++++-
.../ipareplica_promote_openldap_conf.py | 26 +-
.../library/ipareplica_promote_sssd.py | 26 +-
.../library/ipareplica_restart_kdc.py | 32 +
.../library/ipareplica_setup_adtrust.py | 38 +-
.../ipareplica/library/ipareplica_setup_ca.py | 64 +-
.../library/ipareplica_setup_custodia.py | 41 +-
.../library/ipareplica_setup_dns.py | 42 +-
.../ipareplica/library/ipareplica_setup_ds.py | 85 ++-
.../library/ipareplica_setup_http.py | 39 +-
.../library/ipareplica_setup_kra.py | 65 +-
.../library/ipareplica_setup_krb.py | 26 +-
.../library/ipareplica_setup_otpd.py | 32 +-
roles/ipareplica/library/ipareplica_test.py | 86 ++-
.../ipaserver/library/ipaserver_enable_ipa.py | 15 +-
.../ipaserver/library/ipaserver_load_cache.py | 6 +-
.../library/ipaserver_master_password.py | 7 +-
roles/ipaserver/library/ipaserver_prepare.py | 83 ++-
.../library/ipaserver_set_ds_password.py | 64 +-
.../library/ipaserver_setup_adtrust.py | 31 +-
roles/ipaserver/library/ipaserver_setup_ca.py | 84 ++-
.../library/ipaserver_setup_custodia.py | 10 +-
.../ipaserver/library/ipaserver_setup_dns.py | 35 +-
roles/ipaserver/library/ipaserver_setup_ds.py | 51 +-
.../ipaserver/library/ipaserver_setup_http.py | 107 ++-
.../ipaserver/library/ipaserver_setup_kra.py | 24 +-
.../ipaserver/library/ipaserver_setup_krb.py | 79 ++-
.../ipaserver/library/ipaserver_setup_ntp.py | 12 +-
.../ipaserver/library/ipaserver_setup_otpd.py | 15 +-
roles/ipaserver/library/ipaserver_test.py | 164 ++++-
56 files changed, 2322 insertions(+), 738 deletions(-)
diff --git a/roles/ipaclient/library/ipaclient_api.py b/roles/ipaclient/library/ipaclient_api.py
index a82fb345..910c744e 100644
--- a/roles/ipaclient/library/ipaclient_api.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -29,21 +29,23 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
module: ipaclient_api
-short description: Create temporary NSS database, call IPA API for remaining enrollment parts
+short description:
+ Create temporary NSS database, call IPA API for remaining enrollment parts
description:
-Create temporary NSS database, call IPA API for remaining enrollment parts
+ Create temporary NSS database, call IPA API for remaining enrollment parts
options:
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
debug:
description: Turn on extra debugging
- required: false
- type: bool
- default: no
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_fix_ca.py b/roles/ipaclient/library/ipaclient_fix_ca.py
index f4d2fbe4..28326998 100644
--- a/roles/ipaclient/library/ipaclient_fix_ca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -34,20 +34,19 @@ description:
Repair Fix IPA ca certificate
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
basedn:
- description: The basedn of the IPA server (of the form dc=example,dc=com).
- required: true
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
allow_repair:
- description: Allow repair of already joined hosts. Contrary to ipaclient_force_join the host entry will not be changed on the server.
- required: true
- type: bool
- default: no
+ description:
+ Allow repair of already joined hosts. Contrary to ipaclient_force_join
+ the host entry will not be changed on the server
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_fstore.py b/roles/ipaclient/library/ipaclient_fstore.py
index efefee96..33cef7bb 100644
--- a/roles/ipaclient/library/ipaclient_fstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -37,7 +37,7 @@ Backup files using IPA client sysrestore
options:
backup:
description: File to backup
- required: true
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_get_otp.py b/roles/ipaclient/library/ipaclient_get_otp.py
index da65e32c..7ec67dda 100644
--- a/roles/ipaclient/library/ipaclient_get_otp.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -35,45 +35,31 @@ description:
host operations.
options:
principal:
- description: Kerberos principal used to manage the host
- required: true
- default: admin
- password:
- description: Password for the kerberos principal
- required: false
- keytab:
- description: Keytab file containing the Kerberos principal and encrypted key
- required: false
- lifetime:
- description: Sets the default lifetime for initial ticket requests
- required: false
- default: 1h
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: yes
+ ccache:
+ description: The local ccache
+ required: yes
fqdn:
- description: the fully-qualified hostname of the host to add/modify/remove
- required: true
- random:
- description: generate a random password to be used in bulk enrollment
- required: false
- type: bool
- default: no
- state:
- description: the host state
- required: false
- default: present
- choices: [ "present", "absent" ]
+ description:
+ The fully-qualified hostname of the host to add/modify/remove
+ required: no
certificates:
- description: a list of host certificates
- required: false
- type: list
+ description: A list of host certificates
+ required: yes
sshpubkey:
- description: the SSH public key for the host
- required: false
+ description: The SSH public key for the host
+ required: yes
ipaddress:
- description: the IP address for the host
- required: false
-
-requirements:
- - gssapi on the Ansible controller
+ description: The IP address for the host
+ required: yes
+ random:
+ description: Generate a random password to be used in bulk enrollment
+ required: yes
+ state:
+ description: The desired host state
+ required: yes
author:
- "Florence Blanc-Renaud"
'''
diff --git a/roles/ipaclient/library/ipaclient_ipa_conf.py b/roles/ipaclient/library/ipaclient_ipa_conf.py
index a96aa32a..48657723 100644
--- a/roles/ipaclient/library/ipaclient_ipa_conf.py
+++ b/roles/ipaclient/library/ipaclient_ipa_conf.py
@@ -35,24 +35,21 @@ short description: Configure ipa.conf
description:
Configure ipa.conf
options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: false
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: false
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
basedn:
- description: The basedn of the detected IPA server.
- returned: always
- type: string
- sample: dc=example,dc=com
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_join.py b/roles/ipaclient/library/ipaclient_join.py
index e103c37e..d0eca2bb 100644
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -31,59 +31,58 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_join
-short description: Join a machine to an IPA realm and get a keytab for the host service principal
+short description:
+ Join a machine to an IPA realm and get a keytab for the host service
+ principal
description:
- Join a machine to an IPA realm and get a keytab for the host service principal
+ Join a machine to an IPA realm and get a keytab for the host service
+ principal
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
kdc:
- description: The name or address of the host running the KDC.
- required: true
+ description: The name or address of the host running the KDC
+ required: no
basedn:
- description: The basedn of the IPA server (of the form dc=example,dc=com).
- required: true
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
principal:
- description: The authorized kerberos principal used to join the IPA realm.
- required: false
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: yes
password:
- description: The password to use if not using Kerberos to authenticate.
- required: false
- admin_keytab:
- description: The path to a local admin keytab.
- required: false
+ description: Admin user kerberos password
+ required: yes
keytab:
- description: The path to a backed-up host keytab from previous enrollment.
- required: false
+ description: Path to backed up keytab from previous enrollment
+ required: yes
+ admin_keytab:
+ description: The path to a local admin keytab
+ required: yes
ca_cert_file:
- description: A CA certificate to use. Do not acquire the IPA CA certificate via automated means.
- required: false
+ description:
+ A CA certificate to use. Do not acquire the IPA CA certificate via
+ automated means
+ required: yes
force_join:
- description: Force enrolling the host even if host entry exists.
- required: false
- type: bool
- default: no
+ description: Force client enrollment even if already enrolled
+ required: yes
kinit_attempts:
- description: Repeat the request for host Kerberos ticket X times.
- required: false
- type: int
- default: 5
+ description: Repeat the request for host Kerberos ticket X times
+ required: yes
debug:
- description: Enable debug mode.
- required: false
- type: bool
- default: no
+ description: Turn on extra debugging
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_set_hostname.py b/roles/ipaclient/library/ipaclient_set_hostname.py
index c7a7acb1..be5576eb 100644
--- a/roles/ipaclient/library/ipaclient_set_hostname.py
+++ b/roles/ipaclient/library/ipaclient_set_hostname.py
@@ -36,8 +36,8 @@ description:
Backup and set hostname
options:
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_automount.py b/roles/ipaclient/library/ipaclient_setup_automount.py
index 7320a9b5..e2bc340d 100644
--- a/roles/ipaclient/library/ipaclient_setup_automount.py
+++ b/roles/ipaclient/library/ipaclient_setup_automount.py
@@ -36,12 +36,14 @@ description:
Setup automount for IPA client
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
+ sssd:
+ description: The installer sssd setting
+ required: yes
automount_location:
- description: Automount location
- required: false
+ description: The automount location
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_firefox.py b/roles/ipaclient/library/ipaclient_setup_firefox.py
index e480116f..71db33e5 100644
--- a/roles/ipaclient/library/ipaclient_setup_firefox.py
+++ b/roles/ipaclient/library/ipaclient_setup_firefox.py
@@ -36,11 +36,13 @@ description:
Setup firefox for IPA client
options:
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
firefox_dir:
- description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
- required: false
+ description:
+ Specify directory where Firefox is installed (for example
+ '/usr/lib/firefox')
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_krb5.py b/roles/ipaclient/library/ipaclient_setup_krb5.py
index fc8b83f7..367539b5 100644
--- a/roles/ipaclient/library/ipaclient_setup_krb5.py
+++ b/roles/ipaclient/library/ipaclient_setup_krb5.py
@@ -35,12 +35,33 @@ short description: Setup krb5 for IPA client
description:
Setup krb5 for IPA client
options:
- server:
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: yes
+ kdc:
+ description: The name or address of the host running the KDC
+ required: yes
+ dnsok:
+ description: The installer dnsok setting
+ required: yes
+ client_domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ sssd:
+ description: The installer sssd setting
+ required: yes
+ force:
+ description: Installer force parameter
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_nis.py b/roles/ipaclient/library/ipaclient_setup_nis.py
index 121b266e..1f1ba000 100644
--- a/roles/ipaclient/library/ipaclient_setup_nis.py
+++ b/roles/ipaclient/library/ipaclient_setup_nis.py
@@ -36,11 +36,11 @@ description:
Setup NIS for IPA client
options:
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
nisdomain:
- description: NIS domain name
- required: false
+ description: The NIS domain name
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
index 6f40a96c..ec6009f1 100644
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -36,103 +36,82 @@ description:
Create IPA NSS database
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
basedn:
- description: The basedn of the IPA server (of the form dc=example,dc=com).
- required: true
+ description: The basedn of the IPA server (of the form dc=example,dc=com)
+ required: no
principal:
- description: The authorized kerberos principal used to join the IPA realm.
- required: false
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: yes
subject_base:
- description: The subject base, needed for certmonger
- required: true
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ca_enabled:
- description: Whether the Certificate Authority is enabled or not.
- required: true
- type: bool
- default: no
+ description: Whether the Certificate Authority is enabled or not
+ required: no
mkhomedir:
- description: Whether to create home directories for users on their first login.
- required: false
- type: bool
- default: no
+ description: Create home directories for users on their first login
+ required: yes
on_master:
- description: Whether the configuration is done on the master or not.
- required: false
- type: bool
- default: no
-
+ description: Whether the configuration is done on the master or not
+ required: yes
+ dnsok:
+ description: The installer dnsok setting
+ required: yes
enable_dns_updates:
- description: Configures the machine to attempt dns updates when the ip address changes.
- required: false
- type: bool
- default: no
+ description:
+ Configures the machine to attempt dns updates when the ip address
+ changes
+ required: yes
all_ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS
- required: false
- type: bool
- default: no
+ description:
+ All routable IP addresses configured on any interface will be added
+ to DNS
+ required: yes
ip_addresses:
- description: Specify IP addresses that should be added to DNS.
- required: false
- type: list
- default: None
+ description: List of Master Server IP Addresses
+ required: yes
request_cert:
- description: request certificate for the machine
- required: false
- type: bool
- default: no
+ description: Request certificate for the machine
+ required: yes
preserve_sssd:
description: Preserve old SSSD configuration if possible
- required: false
- type: bool
- default: no
+ required: yes
no_ssh:
description: Do not configure OpenSSH client
- required: false
- type: bool
- default: no
+ required: yes
no_sshd:
description: Do not configure OpenSSH server
- required: false
- type: bool
- default: no
+ required: yes
no_sudo:
description: Do not configure SSSD as data source for sudo
- required: false
- type: bool
- default: no
+ required: yes
fixed_primary:
description: Configure sssd to use fixed server as primary IPA server
- required: false
- type: bool
- default: no
+ required: yes
permit:
- description: Disable access rules by default, permit all access.
- required: false
- type: bool
- default: no
+ description: Disable access rules by default, permit all access
+ required: yes
no_krb5_offline_passwords:
- description: Configure SSSD not to store user password when the server is offline
- required: false
- type: bool
- default: no
+ description:
+ Configure SSSD not to store user password when the server is offline
+ required: yes
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
- required: false
- type: bool
- default: no
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_ntp.py b/roles/ipaclient/library/ipaclient_setup_ntp.py
index 83197b1a..acc48550 100644
--- a/roles/ipaclient/library/ipaclient_setup_ntp.py
+++ b/roles/ipaclient/library/ipaclient_setup_ntp.py
@@ -35,44 +35,24 @@ short description: Setup NTP for IPA client
description:
Setup NTP for IPA client
options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: false
- type: list
- default: []
- domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: false
- realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: false
- hostname:
- description: The hostname of the machine to join (FQDN).
- required: false
- ca_cert_file:
- description: A CA certificate to use.
- required: false
- on_master:
- description: IPA client installation on IPA server
- required: false
- default: false
- type: bool
- default: no
ntp_servers:
- description: List of NTP servers to use
- required: false
- type: list
- default: []
+ description: ntp servers to use
+ required: yes
ntp_pool:
description: ntp server pool to use
- required: false
+ required: yes
no_ntp:
- description: Do not sync time and do not detect time servers
- required: false
- default: false
- type: bool
- default: no
-
+ description: Do not configure ntp
+ required: yes
+ on_master:
+ description: Whether the configuration is done on the master or not
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_ssh.py b/roles/ipaclient/library/ipaclient_setup_ssh.py
index 214968a8..2347c854 100644
--- a/roles/ipaclient/library/ipaclient_setup_ssh.py
+++ b/roles/ipaclient/library/ipaclient_setup_ssh.py
@@ -36,29 +36,20 @@ description:
Configure ssh and sshd for IPA client
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
- ssh:
- description: Configure OpenSSH client
- required: false
- type: bool
- default: no
- trust_sshfp:
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: yes
+ ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
- required: false
- type: bool
- default: no
- sshd:
- description: Configure OpenSSH server
- required: false
- type: bool
- default: no
+ required: yes
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: yes
sssd:
- description: Configure SSSD server
- required: false
- type: bool
- default: no
+ description: The installer sssd setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_setup_sssd.py b/roles/ipaclient/library/ipaclient_setup_sssd.py
index 87d5f03d..2afbdfb4 100644
--- a/roles/ipaclient/library/ipaclient_setup_sssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -36,68 +36,52 @@ description:
Setup sssd for IPA client
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
on_master:
- description: Whether the configuration is done on the master or not.
- required: false
- type: bool
- default: no
+ description: Whether the configuration is done on the master or not
+ required: yes
no_ssh:
description: Do not configure OpenSSH client
- required: false
- type: bool
- default: no
+ required: yes
no_sshd:
description: Do not configure OpenSSH server
- required: false
- type: bool
- default: no
+ required: yes
no_sudo:
description: Do not configure SSSD as data source for sudo
- required: false
- type: bool
- default: no
+ required: yes
all_ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS.
- required: false
- type: bool
- default: no
+ description:
+ All routable IP addresses configured on any interface will be added
+ to DNS
+ required: yes
fixed_primary:
- description: Whether to use fixed server as primary IPA server.
- required: false
- type: bool
- default: no
+ description: Configure sssd to use fixed server as primary IPA server
+ required: yes
permit:
- description: Disable access rules by default, permit all access.
- required: false
- type: bool
- default: no
+ description: Disable access rules by default, permit all access
+ required: yes
enable_dns_updates:
- description: Configures the machine to attempt dns updates when the ip address changes.
- required: false
- type: bool
- default: no
+ description:
+ Configures the machine to attempt dns updates when the ip address
+ changes
+ required: yes
preserve_sssd:
- description: Preserve old SSSD configuration if possible.
- required: false
- type: bool
- default: no
+ description: Preserve old SSSD configuration if possible
+ required: yes
no_krb5_offline_passwords:
- description: Whether user passwords are stored when the server is offline.
- required: false
- type: bool
- default: no
+ description:
+ Configure SSSD not to store user password when the server is offline
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py
index 9e5db938..7e303586 100644
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -35,84 +35,70 @@ short description: Tries to discover IPA server
description:
Tries to discover IPA server using DNS or host name
options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: false
- type: list
- default: []
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: false
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: false
+ description: Kerberos realm name of the IPA deployment
+ required: yes
hostname:
- description: The hostname of the machine to join (FQDN).
- required: false
+ description: Fully qualified name of this host
+ required: yes
ntp_servers:
- description: List of NTP servers to use
- required: false
- type: list
- default: []
+ description: ntp servers to use
+ required: yes
ntp_pool:
description: ntp server pool to use
- required: false
+ required: yes
no_ntp:
- description: Do not sync time and do not detect time servers
- required: false
- default: false
- type: bool
- default: no
+ description: Do not configure ntp
+ required: yes
force_ntpd:
- description: Stop and disable any time&date synchronization services besides ntpd. Deprecated since 4.7.
- requried: false
- type: bool
- default: no
+ description:
+ Stop and disable any time&date synchronization services besides ntpd
+ Deprecated since 4.7
+ required: yes
nisdomain:
- description: NIS domain name
- required: false
+ description: The NIS domain name
+ required: yes
no_nisdomain:
description: Do not configure NIS domain name
- required: false
- type: bool
- default: no
+ required: yes
kinit_attempts:
- description: Repeat the request for host Kerberos ticket X times.
- required: false
- type: int
- default: 5
+ description: Repeat the request for host Kerberos ticket X times
+ required: yes
ca_cert_files:
- description: CA certificates to use.
- required: false
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
configure_firefox:
description: Configure Firefox to use IPA domain credentials
- required: false
- type: bool
- default: no
+ required: yes
firefox_dir:
- description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
- required: false
+ description:
+ Specify directory where Firefox is installed (for example
+ '/usr/lib/firefox')
+ required: yes
ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS.
- required: false
- type: bool
- default: no
+ description: List of Master Server IP Addresses
+ required: yes
all_ip_addresses:
- description: All routable IP addresses configured on any interface will be added to DNS.
- required: false
- type: bool
- default: no
+ description:
+ All routable IP addresses configured on any interface will be added
+ to DNS
+ required: yes
on_master:
- description: IPA client installation on IPA server
- required: false
- default: false
- type: bool
- default: no
+ description: Whether the configuration is done on the master or not
+ required: yes
enable_dns_updates:
- description: Configures the machine to attempt dns updates when the ip address changes.
- required: false
- type: bool
- default: no
+ description:
+ Configures the machine to attempt dns updates when the ip address
+ changes
+ required: yes
author:
- Thomas Woerner
'''
@@ -194,7 +180,9 @@ ntp_servers:
type: list
sample: ["ntp.example.com"]
ipa_python_version:
- description: The IPA python version as a number: <major version>*10000+<minor version>*100+<release>
+ description:
+ - The IPA python version as a number:
+ - <major version>*10000+<minor version>*100+<release>
returned: always
type: int
sample: 040400
diff --git a/roles/ipaclient/library/ipaclient_test_keytab.py b/roles/ipaclient/library/ipaclient_test_keytab.py
index 0b6a565b..d4a9f9f4 100644
--- a/roles/ipaclient/library/ipaclient_test_keytab.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -31,32 +31,30 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_test_keytab
-short description: Test if the krb5.keytab on the machine is valid and can be used.
+short description:
+ Test if the krb5.keytab on the machine is valid and can be used.
description:
Test if the krb5.keytab on the machine is valid and can be used.
A temporary krb5.conf file will be generated to not fail on an invalid one.
options:
servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
+ description: Fully qualified name of IPA servers to enroll to
+ required: no
domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
- description: The Kerberos realm of an existing IPA deployment.
- required: true
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
- description: The hostname of the machine to join (FQDN).
- required: true
+ description: Fully qualified name of this host
+ required: no
kdc:
- description: The name or address of the host running the KDC.
- required: true
+ description: The name or address of the host running the KDC
+ required: no
kinit_attempts:
- description: Repeat the request for host Kerberos ticket X times.
- required: false
- type: int
- default: 5
+ description: Repeat the request for host Kerberos ticket X times
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
index a11ce415..6a85dc15 100644
--- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
+++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
@@ -38,20 +38,20 @@ description:
Add to ipaservers
options:
setup_kra:
- description:
- required: yes
+ description: Configure a dogtag KRA
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
installer_ccache:
- description:
- required: yes
+ description: The installer ccache setting
+ required: no
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
index 684691cb..8a258f2e 100644
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,71 +56,73 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
- dirserv_cert_files:
- description:
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
required: yes
force_join:
- description:
+ description: Force client enrollment even if already enrolled
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
server:
- description:
- required: yes
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
installer_ccache:
- description:
- required: yes
+ description: The installer ccache setting
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
_add_to_ipaservers:
- description:
- required: yes
+ description: The installer _add_to_ipaservers setting
+ required: no
_ca_subject:
- description:
- required: yes
+ description: The installer _ca_subject setting
+ required: no
_subject_base:
- description:
+ description: The installer _subject_base setting
+ required: no
+ master:
+ description: Master host name
required: yes
dirman_password:
- description:
- required: yes
- config_setup_ca:
- description:
- required: yes
- config_master_host_name:
- description:
- required: yes
- config_ca_host_name:
- description:
- required: yes
- config_ips:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
index 1902a74c..5b95a611 100644
--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -38,44 +38,52 @@ description:
Import dm password into custodia
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
- config_master_host_name:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_kra_enabled:
- description:
+ description: The installer _kra_enabled setting
required: yes
_kra_host_name:
- description:
+ description: The installer _kra_host_name setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
+ config_setup_ca:
+ description: The config setup_ca setting
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 8f3fc759..e4071762 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -37,6 +37,55 @@ short description: DS apply updates
description:
DS apply updates
options:
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_ui_redirect:
+ description: Do not automatically redirect to the Web UI
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _ca_enabled:
+ description: The installer _ca_enabled setting
+ required: yes
+ _ca_file:
+ description: The installer _ca_file setting
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
+ required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
+ ds_ca_subject:
+ description: The ds.ca_subject setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index 44b28563..ead7376b 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -38,44 +38,51 @@ description:
DS enable SSL
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
- subject_base:
- description:
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_dirsrv_pkcs12_info:
- description:
+ description: The installer _dirsrv_pkcs12_info setting
required: yes
_pkinit_pkcs12_info:
- description:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
ds_ca_subject:
- description:
- required: yes
+ description: The ds.ca_subject setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py
index 846880e0..27ae2855 100644
--- a/roles/ipareplica/library/ipareplica_enable_ipa.py
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -33,28 +33,36 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_enable_ipa
-short description:
+short description: Enable IPA
description: Enable IPA
Enable IPA
options:
- subject_base:
- description: The certificate subject base (default O=<realm-name>).
+ hostname:
+ description: Fully qualified name of this host
required: yes
- ccache:
- description: The installation specific ccache file.
+ hidden_replica:
+ description: Install a hidden replica
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
_top_dir:
- description: The temporary top directory used for the installation.
- required: yes
+ description: The installer _top_dir setting
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ required: no
setup_kra:
- description: Configure KRA
- required: yes
+ description: Configure a dogtag KRA
+ required: no
config_master_host_name:
- description: The master host name
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py
index 7ea3228e..84466e6c 100644
--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,37 +56,72 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
- external_ca:
- description:
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
required: yes
- external_cert_files:
- description:
+ force_join:
+ description: Force client enrollment even if already enrolled
required: yes
subject_base:
- description:
- required: yes
- ca_subject:
- description:
- required: yes
- setup_ca:
- description:
- required: yes
- _hostname_overridden:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ installer_ccache:
+ description: The installer ccache setting
+ required: no
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ _add_to_ipaservers:
+ description: The installer _add_to_ipaservers setting
+ required: no
+ _ca_subject:
+ description: The installer _ca_subject setting
+ required: no
+ _subject_base:
+ description: The installer _subject_base setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
+ config_setup_ca:
+ description: The config setup_ca setting
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
+ config_ips:
+ description: The config ips setting
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 2217bb0f..6d09b6b2 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -37,6 +37,41 @@ short description: KRB enable SSL
description:
KRB enable SSL
options:
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _ca_enabled:
+ description: The installer _ca_enabled setting
+ required: yes
+ _ca_file:
+ description: The installer _ca_file setting
+ required: yes
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
+ required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py
index 65738574..875a23d2 100644
--- a/roles/ipareplica/library/ipareplica_master_password.py
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -37,7 +37,7 @@ description:
options:
master_password:
description: kerberos master password (normally autogenerated)
- required: false
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 9ef4279a..88cd4fe6 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -58,70 +58,645 @@ ptions:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
external_ca:
- description:
+ description: External ca setting
required: yes
external_cert_files:
- description:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
required: yes
subject_base:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
required: yes
ca_subject:
- description:
+ description: The installer ca_subject setting
required: yes
reverse_zones:
- description:
+ description: The reverse DNS zones to use
required: yes
no_reverse:
- description:
+ description: Do not create new reverse DNS zone
required: yes
auto_reverse:
- description:
+ description: Create necessary reverse zones
required: yes
forwarders:
- description:
+ description: Add DNS forwarders
required: yes
no_forwarders:
- description:
+ description: Do not add any DNS forwarders, use root servers instead
required: yes
auto_forwarders:
- description:
+ description: Use DNS forwarders configured in /etc/resolv.conf
required: yes
forward_policy:
- description:
+ description: DNS forwarding policy for global forwarders
required: yes
enable_compat:
- description:
+ description: Enable support for trusted domains for old clients
required: yes
netbios_name:
- description:
+ description: NetBIOS name of the IPA domain
required: yes
rid_base:
- description:
+ description: Start value for mapping UIDs and GIDs to RIDs
required: yes
secondary_rid_base:
- description:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
_hostname_overridden:
- description:
+ description: The installer _hostname_overridden setting
+ required: yes
+ dm_password:
+ description: Directory Manager password
+ required: False
+ password:
+ description: Admin user kerberos password
+ required: False
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: False
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: False
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: False
+ hostname:
+ description: Fully qualified name of this host
+ required: False
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: True
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: False
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: False
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: False
+ setup_ca:
+ description: Configure a dogtag CA
+ required: False
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: False
+ setup_dns:
+ description: Configure bind with our zone
+ required: False
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: False
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: False
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: False
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: False
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: False
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: False
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: False
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: False
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: False
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: False
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: False
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: False
+ no_ntp:
+ description: Do not configure ntp
+ required: False
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: False
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: False
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: False
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: False
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: False
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: False
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: False
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: False
+ forwarders:
+ description: Add DNS forwarders
+ required: False
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: False
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: False
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: False
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: False
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: False
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: False
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: False
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: False
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: True
+ skip_conncheck:
+ description: Skip connection check to remote master
+ required: False
+ dm_password:
+ description: Directory Manager password
+ required: True
+ password:
+ description: Admin user kerberos password
+ required: True
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: True
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: True
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: True
+ hostname:
+ description: Fully qualified name of this host
+ required: True
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: False
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: True
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: True
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: True
+ setup_ca:
+ description: Configure a dogtag CA
+ required: True
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: True
+ setup_dns:
+ description: Configure bind with our zone
+ required: True
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: True
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: True
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: True
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: True
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: True
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: True
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: True
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: True
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: True
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: True
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: True
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: True
+ no_ntp:
+ description: Do not configure ntp
+ required: True
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: True
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: True
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: True
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: True
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: True
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: True
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: True
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: True
+ forwarders:
+ description: Add DNS forwarders
+ required: True
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: True
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: True
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: True
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: True
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: True
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: True
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: True
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: True
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: False
+ skip_conncheck:
+ description: Skip connection check to remote master
+ required: True
+ dm_password:
+ description: Directory Manager password
+ required: yes
+ password:
+ description: Admin user kerberos password
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: no
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: yes
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: yes
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: yes
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: yes
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: yes
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: yes
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: yes
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: yes
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: yes
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ skip_conncheck:
+ description: Skip connection check to remote master
+ required: yes
+ dm_password:
+ description: Directory Manager password
+ required: yes
+ password:
+ description: Admin user kerberos password
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ principal:
+ description:
+ User Principal allowed to promote replicas and join IPA realm
+ required: no
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: yes
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: yes
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: yes
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: yes
+ keytab:
+ description: Path to backed up keytab from previous enrollment
+ required: yes
+ mkhomedir:
+ description: Create home directories for users on their first login
+ required: yes
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ ssh_trust_dns:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: yes
+ no_ssh:
+ description: Do not configure OpenSSH client
+ required: yes
+ no_sshd:
+ description: Do not configure OpenSSH server
+ required: yes
+ no_dns_sshfp:
+ description: Do not automatically create DNS SSHFP records
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ skip_conncheck:
+ description: Skip connection check to remote master
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
index b16dacec..b68a5eca 100644
--- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
+++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
@@ -38,23 +38,25 @@ description:
Promote openldap.conf
options:
setup_kra:
- description:
- required: no
- subject_base:
- description:
+ description: Configure a dogtag KRA
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_promote_sssd.py b/roles/ipareplica/library/ipareplica_promote_sssd.py
index f8be21d6..a63f2e1b 100644
--- a/roles/ipareplica/library/ipareplica_promote_sssd.py
+++ b/roles/ipareplica/library/ipareplica_promote_sssd.py
@@ -38,23 +38,25 @@ description:
Promote sssd
options:
setup_kra:
- description:
- required: no
- subject_base:
- description:
+ description: Configure a dogtag KRA
required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_restart_kdc.py b/roles/ipareplica/library/ipareplica_restart_kdc.py
index 67070985..3eff24b5 100644
--- a/roles/ipareplica/library/ipareplica_restart_kdc.py
+++ b/roles/ipareplica/library/ipareplica_restart_kdc.py
@@ -37,6 +37,38 @@ short description: Restart KDC
description:
Restart KDC
options:
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_ui_redirect:
+ description: Do not automatically redirect to the Web UI
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _ca_file:
+ description: The installer _ca_file setting
+ required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ dirman_password:
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
index 8380bc81..d269a40f 100644
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -38,23 +38,41 @@ description:
Setup adtrust
options:
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
subject_base:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ enable_compat:
+ description: Enable support for trusted domains for old clients
required: yes
- ccache:
- description:
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
required: yes
- _top_dir:
- description:
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
required: yes
+ adtrust_netbios_name:
+ description: The adtrust netbios_name setting
+ required: no
+ adtrust_reset_netbios_name:
+ description: The adtrust reset_netbios_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
setup_ca:
- description:
- required: yes
+ description: Configure a dogtag CA
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index 8d34b7bc..a07c9e4a 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -37,65 +37,67 @@ short description: Setup CA
description:
Setup CA
options:
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
- required: yes
- pki_config_override:
- description:
+ description: Disable pkinit setup steps
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_kra_enabled:
- description:
+ description: The installer _kra_enabled setting
required: yes
_kra_host_name:
- description:
+ description: The installer _kra_host_name setting
required: yes
_dirsrv_pkcs12_info:
- description:
+ description: The installer _dirsrv_pkcs12_info setting
required: yes
_pkinit_pkcs12_info:
- description:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
_ca_subject:
- description:
- required: yes
+ description: The installer _ca_subject setting
+ required: no
_subject_base:
- description:
- required: yes
+ description: The installer _subject_base setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
config_ca_host_name:
- description:
- required: yes
+ description: The config ca_host_name setting
+ required: no
config_ips:
- description:
+ description: The config ips setting
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index 55921092..75930464 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -38,44 +38,49 @@ description:
Setup custodia
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_kra_enabled:
- description:
+ description: The installer _kra_enabled setting
required: yes
_kra_host_name:
- description:
+ description: The installer _kra_host_name setting
required: yes
- _top_dir:
- description:
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 9d77e97f..34e52364 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -38,26 +38,46 @@ description:
Setup DNS
options:
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
required: yes
subject_base:
- description:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ zonemgr:
+ description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
required: yes
- ccache:
- description:
+ forwarders:
+ description: Add DNS forwarders
required: yes
- _top_dir:
- description:
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
required: yes
- setup_ca:
- description:
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
required: yes
+ dns_ip_addresses:
+ description: The dns ip_addresses setting
+ required: no
+ dns_reverse_zones:
+ description: The dns reverse_zones setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index 4f766f5b..c0e15651 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,73 +56,86 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
required: yes
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
required: yes
- dirserv_cert_files:
- description:
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
required: yes
force_join:
- description:
+ description: Force client enrollment even if already enrolled
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
server:
- description:
- required: yes
+ description: Fully qualified name of IPA server to enroll to
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
installer_ccache:
- description:
- required: yes
+ description: The installer ccache setting
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_dirsrv_pkcs12_info:
- description:
+ description: The installer _dirsrv_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
_add_to_ipaservers:
- description:
- required: yes
+ description: The installer _add_to_ipaservers setting
+ required: no
_ca_subject:
- description:
- required: yes
+ description: The installer _ca_subject setting
+ required: no
_subject_base:
- description:
- required: yes
+ description: The installer _subject_base setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
config_setup_ca:
- description:
- required: yes
+ description: The config setup_ca setting
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
config_ca_host_name:
- description:
- required: yes
+ description: The config ca_host_name setting
+ required: no
config_ips:
- description:
+ description: The config ips setting
required: yes
author:
- Thomas Woerner
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index c5738e25..7b645f7b 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -38,41 +38,46 @@ description:
Setup HTTP
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
+ config_ca_host_name:
+ description: The config ca_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_enabled:
- description:
+ description: The installer _ca_enabled setting
required: yes
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_http_pkcs12_info:
- description:
+ description: The installer _http_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index ebeb6f91..86b077a5 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -45,7 +45,7 @@ options:
required: yes
ip_addresses:
description: List of Master Server IP Addresses
- required: no
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
required: yes
@@ -56,22 +56,73 @@ options:
description: Fully qualified name of this host
required: yes
ca_cert_files:
- description: List of iles containing CA certificates for the service certificate files
+ description:
+ List of files containing CA certificates for the service certificate
+ files
required: yes
no_host_dns:
description: Do not use DNS for hostname lookup during installation
required: yes
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
setup_adtrust:
- description:
+ description: Configure AD trust capability
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
setup_dns:
- description:
+ description: Configure bind with our zone
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ force_join:
+ description: Force client enrollment even if already enrolled
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
+ server:
+ description: Fully qualified name of IPA server to enroll to
+ required: no
+ config_master_host_name:
+ description: The config master_host_name setting
+ required: no
+ ccache:
+ description: The local ccache
+ required: no
+ installer_ccache:
+ description: The installer ccache setting
+ required: no
+ _ca_enabled:
+ description: The installer _ca_enabled setting
+ required: yes
+ _kra_enabled:
+ description: The installer _kra_enabled setting
+ required: yes
+ _kra_host_name:
+ description: The installer _kra_host_name setting
required: yes
- external_ca:
- description:
+ _top_dir:
+ description: The installer _top_dir setting
+ required: no
+ _add_to_ipaservers:
+ description: The installer _add_to_ipaservers setting
+ required: no
+ _ca_subject:
+ description: The installer _ca_subject setting
+ required: no
+ _subject_base:
+ description: The installer _subject_base setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 01604738..2d0180ed 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -38,29 +38,31 @@ description:
Setup KRB
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_pkinit_pkcs12_info:
- description:
+ description: The installer _pkinit_pkcs12_info setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_setup_otpd.py b/roles/ipareplica/library/ipareplica_setup_otpd.py
index d7a2212a..4c5092d7 100644
--- a/roles/ipareplica/library/ipareplica_setup_otpd.py
+++ b/roles/ipareplica/library/ipareplica_setup_otpd.py
@@ -38,35 +38,37 @@ description:
Setup OTPD
options:
setup_ca:
- description:
+ description: Configure a dogtag CA
required: yes
setup_kra:
- description:
+ description: Configure a dogtag KRA
required: yes
no_pkinit:
- description:
+ description: Disable pkinit setup steps
required: yes
no_ui_redirect:
- description:
+ description: Do not automatically redirect to the Web UI
required: yes
subject_base:
- description:
- required: yes
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: no
config_master_host_name:
- description:
- required: yes
+ description: The config master_host_name setting
+ required: no
ccache:
- description:
- required: yes
+ description: The local ccache
+ required: no
_ca_file:
- description:
+ description: The installer _ca_file setting
required: yes
_top_dir:
- description:
- required: yes
+ description: The installer _top_dir setting
+ required: no
dirman_password:
- description:
- required: yes
+ description: Directory Manager (master) password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index c747002b..ec33caef 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -31,9 +31,91 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_test
-short description:
-description:
+short description: IPA replica deployment tests
+description: IPA replica deployment tests
options:
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ servers:
+ description: Fully qualified name of IPA servers to enroll to
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ hidden_replica:
+ description: Install a hidden replica
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ ntp_servers:
+ description: ntp servers to use
+ required: yes
+ ntp_pool:
+ description: ntp server pool to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_enable_ipa.py b/roles/ipaserver/library/ipaserver_enable_ipa.py
index 13f1b280..5f50213a 100644
--- a/roles/ipaserver/library/ipaserver_enable_ipa.py
+++ b/roles/ipaserver/library/ipaserver_enable_ipa.py
@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: enable_ipa
-short description:
-description:
+module: ipaserver_enable_ipa
+short description: Enable IPA
+description: Enable IPA
options:
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_load_cache.py b/roles/ipaserver/library/ipaserver_load_cache.py
index c231e5f4..20d335ca 100644
--- a/roles/ipaserver/library/ipaserver_load_cache.py
+++ b/roles/ipaserver/library/ipaserver_load_cache.py
@@ -33,10 +33,12 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_load_cache
-short description:
-description:
+short description: Load cache file
+description: Load cache file
options:
dm_password:
+ description: Directory Manager password
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_master_password.py b/roles/ipaserver/library/ipaserver_master_password.py
index 5a0f3c27..0bb444e1 100644
--- a/roles/ipaserver/library/ipaserver_master_password.py
+++ b/roles/ipaserver/library/ipaserver_master_password.py
@@ -30,14 +30,17 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: master_password
+module: ipaserver_master_password
short description: Generate kerberos master password if not given
description:
Generate kerberos master password if not given
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
master_password:
description: kerberos master password (normally autogenerated)
- required: false
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py
index acabcd5d..68dadc5e 100644
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -33,37 +33,116 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_prepare
-short description:
-description:
+short description: Prepare IPA server deployment
+description: Prepare IPA server deployment
options:
+ force:
+ description: Installer force parameter
+ required: yes
dm_password:
+ description: Directory Manager password
+ required: no
password:
+ description: Admin user kerberos password
+ required: no
ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
setup_dns:
+ description: Configure bind with our zone
+ required: yes
external_ca:
+ description: External ca setting
+ required: yes
+ external_ca_type:
+ description: Type of the external CA
+ required: yes
+ external_ca_profile:
+ description:
+ Specify the certificate profile/template to use at the external CA
+ required: yes
external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
forwarders:
+ description: Add DNS forwarders
+ required: yes
no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
setup_ca:
+ description: Configure a dogtag CA
+ required: yes
_hostname_overridden:
+ description: The installer _hostname_overridden setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py
index c2e6285b..da6ef681 100644
--- a/roles/ipaserver/library/ipaserver_set_ds_password.py
+++ b/roles/ipaserver/library/ipaserver_set_ds_password.py
@@ -32,10 +32,68 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: set_ds_password
-short description:
-description:
+module: ipaserver_set_ds_password
+short description: Set DS password
+description: Set DS password
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
+ no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ domainlevel:
+ description: The domain level
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_adtrust.py b/roles/ipaserver/library/ipaserver_setup_adtrust.py
index 914e4f33..4838f2ba 100644
--- a/roles/ipaserver/library/ipaserver_setup_adtrust.py
+++ b/roles/ipaserver/library/ipaserver_setup_adtrust.py
@@ -32,10 +32,35 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_adtrust
-short description:
-description:
+module: ipaserver_setup_adtrust
+short description: Setup trust ad
+description: Setup trust ad
options:
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
+ adtrust_netbios_name:
+ description: The adtrust netbios_name setting
+ required: no
+ adtrust_reset_netbios_name:
+ description: The adtrust reset_netbios_name setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index 42f01d87..374b20b7 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -33,39 +33,119 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ca
-short description:
-description:
+short description: Setup CA
+description: Setup CA
options:
dm_password:
+ description: Directory Manager password
+ required: no
password:
+ description: Admin user kerberos password
+ required: no
master_password:
+ description: kerberos master password (normally autogenerated)
+ required: no
ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
setup_dns:
+ description: Configure bind with our zone
+ required: yes
setup_ca:
+ description: Configure a dogtag CA
+ required: yes
idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
_dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
external_ca:
+ description: External ca setting
+ required: yes
+ external_ca_type:
+ description: Type of the external CA
+ required: yes
+ external_ca_profile:
+ description:
+ Specify the certificate profile/template to use at the external CA
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
_subject_base:
+ description: The installer _subject_base setting
+ required: yes
ca_subject:
+ description: The installer ca_subject setting
+ required: yes
_ca_subject:
+ description: The installer _ca_subject setting
+ required: yes
ca_signing_algorithm:
+ description: Signing algorithm of the IPA CA certificate
+ required: yes
reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
domainlevel:
+ description: The domain level
+ required: yes
_http_ca_cert:
+ description: The installer _http_ca_cert setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_custodia.py b/roles/ipaserver/library/ipaserver_setup_custodia.py
index 48074ccf..2514e06f 100644
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -33,12 +33,18 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_custodia
-short description:
-description:
+short description: Setup custodia
+description: Setup custodia
options:
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
setup_ca:
+ description: Configure a dogtag CA
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_dns.py b/roles/ipaserver/library/ipaserver_setup_dns.py
index d61f3b78..ae1429a6 100644
--- a/roles/ipaserver/library/ipaserver_setup_dns.py
+++ b/roles/ipaserver/library/ipaserver_setup_dns.py
@@ -32,17 +32,46 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_dns
-short description:
-description:
+module: ipaserver_setup_dns
+short description: Setup DNS
+description: Setup DNS
options:
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: no
setup_dns:
+ description: Configure bind with our zone
+ required: no
setup_ca:
+ description: Configure a dogtag CA
+ required: no
zonemgr:
+ description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
+ required: yes
forwarders:
+ description: Add DNS forwarders
+ required: no
forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ dns_ip_addresses:
+ description: The dns ip_addresses setting
+ required: no
+ dns_reverse_zones:
+ description: The dns reverse_zones setting
+ required: no
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py
index 8d3b2442..5ce35f41 100644
--- a/roles/ipaserver/library/ipaserver_setup_ds.py
+++ b/roles/ipaserver/library/ipaserver_setup_ds.py
@@ -33,21 +33,64 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ds
-short description:
-description:
+short description: Configure directory server
+description: Configure directory server
options:
dm_password:
+ description: Directory Manager password
+ required: no
password:
+ description: Admin user kerberos password
+ required: no
domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
hostname:
+ description: Fully qualified name of this host
+ required: yes
idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
idmax:
- no_pkinit:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
ca_subject:
- setup_ca
+ description: The installer ca_subject setting
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py
index 781aa9af..a29a0447 100644
--- a/roles/ipaserver/library/ipaserver_setup_http.py
+++ b/roles/ipaserver/library/ipaserver_setup_http.py
@@ -32,10 +32,111 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_ds
-short description:
-description:
+module: ipaserver_setup_http
+short description: Setup HTTP
+description: Setup HTTP
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: no
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ no_ui_redirect:
+ description: Do not automatically redirect to the Web UI
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ _subject_base:
+ description: The installer _subject_base setting
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ _ca_subject:
+ description: The installer _ca_subject setting
+ required: yes
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
+ domainlevel:
+ description: The domain level
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ _dirsrv_pkcs12_info:
+ description: The installer _dirsrv_pkcs12_info setting
+ required: yes
+ _http_pkcs12_info:
+ description: The installer _http_pkcs12_info setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_kra.py b/roles/ipaserver/library/ipaserver_setup_kra.py
index 08cf6f44..ebf03b09 100644
--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -32,10 +32,28 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_kra
-short description:
-description:
+module: ipaserver_setup_kra
+short description: Setup KRA
+description: Setup KRA
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: no
+ setup_ca:
+ description: Configure a dogtag CA
+ required: no
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py
index 0b217dfc..8690edd7 100644
--- a/roles/ipaserver/library/ipaserver_setup_krb.py
+++ b/roles/ipaserver/library/ipaserver_setup_krb.py
@@ -32,10 +32,83 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_ds
-short description:
-description:
+module: ipaserver_setup_krb
+short description: Setup KRB
+description: Setup KRB
options:
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: no
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: no
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ip_addresses:
+ description: List of Master Server IP Addresses
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ no_hbac_allow:
+ description: Don't install allow_all HBAC rule
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: no
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: no
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ _pkinit_pkcs12_info:
+ description: The installer _pkinit_pkcs12_info setting
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_ntp.py b/roles/ipaserver/library/ipaserver_setup_ntp.py
index 7ebf7fc5..2e635ab6 100644
--- a/roles/ipaserver/library/ipaserver_setup_ntp.py
+++ b/roles/ipaserver/library/ipaserver_setup_ntp.py
@@ -32,10 +32,16 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_ntp
-short description:
-description:
+module: ipaserver_setup_ntp
+short description: Setup NTP
+description: Setup NTP
options:
+ ntp_servers:
+ description: ntp servers to use
+ required: yes
+ ntp_pool:
+ description: ntp server pool to use
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_setup_otpd.py b/roles/ipaserver/library/ipaserver_setup_otpd.py
index c05c3f9a..12a87567 100644
--- a/roles/ipaserver/library/ipaserver_setup_otpd.py
+++ b/roles/ipaserver/library/ipaserver_setup_otpd.py
@@ -32,10 +32,19 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: setup_otpd
-short description:
-description:
+module: ipaserver_setup_otpd
+short description: Setup OTPD
+description: Setup OTPD
options:
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: no
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
author:
- Thomas Woerner
'''
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index 1d30ccde..c1163aed 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -31,9 +31,169 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_test
-short description:
-description:
+short description: IPA server test
+description: IPA server test
options:
+ force:
+ description: Installer force parameter
+ required: yes
+ dm_password:
+ description: Directory Manager password
+ required: no
+ password:
+ description: Admin user kerberos password
+ required: no
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: yes
+ domain:
+ description: Primary DNS domain of the IPA deployment
+ required: yes
+ realm:
+ description: Kerberos realm name of the IPA deployment
+ required: yes
+ hostname:
+ description: Fully qualified name of this host
+ required: yes
+ ca_cert_files:
+ description:
+ List of files containing CA certificates for the service certificate
+ files
+ required: yes
+ no_host_dns:
+ description: Do not use DNS for hostname lookup during installation
+ required: yes
+ pki_config_override:
+ description: Path to ini file with config overrides
+ required: yes
+ setup_adtrust:
+ description: Configure AD trust capability
+ required: yes
+ setup_kra:
+ description: Configure a dogtag KRA
+ required: yes
+ setup_dns:
+ description: Configure bind with our zone
+ required: yes
+ idstart:
+ description: The starting value for the IDs range (default random)
+ required: yes
+ idmax:
+ description: The max value for the IDs range (default: idstart+199999)
+ required: yes
+ no_pkinit:
+ description: Disable pkinit setup steps
+ required: yes
+ dirsrv_config_file:
+ description:
+ The path to LDIF file that will be used to modify configuration of
+ dse.ldif during installation of the directory server instance
+ required: yes
+ dirsrv_cert_files:
+ description:
+ Files containing the Directory Server SSL certificate and private key
+ required: yes
+ http_cert_files:
+ description:
+ File containing the Apache Server SSL certificate and private key
+ required: yes
+ pkinit_cert_files:
+ description:
+ File containing the Kerberos KDC SSL certificate and private key
+ required: yes
+ dirsrv_pin:
+ description: The password to unlock the Directory Server private key
+ required: yes
+ http_pin:
+ description: The password to unlock the Apache Server private key
+ required: yes
+ pkinit_pin:
+ description: The password to unlock the Kerberos KDC private key
+ required: yes
+ dirsrv_cert_name:
+ description: Name of the Directory Server SSL certificate to install
+ required: yes
+ http_cert_name:
+ description: Name of the Apache Server SSL certificate to install
+ required: yes
+ pkinit_cert_name:
+ description: Name of the Kerberos KDC SSL certificate to install
+ required: yes
+ ntp_servers:
+ description: ntp servers to use
+ required: yes
+ ntp_pool:
+ description: ntp server pool to use
+ required: yes
+ no_ntp:
+ description: Do not configure ntp
+ required: yes
+ external_ca:
+ description: External ca setting
+ required: yes
+ external_ca_type:
+ description: Type of the external CA
+ required: yes
+ external_ca_profile:
+ description:
+ Specify the certificate profile/template to use at the external CA
+ required: yes
+ external_cert_files:
+ description:
+ File containing the IPA CA certificate and the external CA certificate
+ chain
+ required: yes
+ subject_base:
+ description:
+ The certificate subject base (default O=<realm-name>).
+ RDNs are in LDAP order (most specific RDN first).
+ required: yes
+ ca_subject:
+ description: The installer ca_subject setting
+ required: yes
+ allow_zone_overlap:
+ description: Create DNS zone even if it already exists
+ required: yes
+ reverse_zones:
+ description: The reverse DNS zones to use
+ required: yes
+ no_reverse:
+ description: Do not create new reverse DNS zone
+ required: yes
+ auto_reverse:
+ description: Create necessary reverse zones
+ required: yes
+ zonemgr:
+ description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
+ required: yes
+ forwarders:
+ description: Add DNS forwarders
+ required: yes
+ no_forwarders:
+ description: Do not add any DNS forwarders, use root servers instead
+ required: yes
+ auto_forwarders:
+ description: Use DNS forwarders configured in /etc/resolv.conf
+ required: yes
+ forward_policy:
+ description: DNS forwarding policy for global forwarders
+ required: yes
+ no_dnssec_validation:
+ description: Disable DNSSEC validation
+ required: yes
+ enable_compat:
+ description: Enable support for trusted domains for old clients
+ required: yes
+ netbios_name:
+ description: NetBIOS name of the IPA domain
+ required: yes
+ rid_base:
+ description: Start value for mapping UIDs and GIDs to RIDs
+ required: yes
+ secondary_rid_base:
+ description:
+ Start value of the secondary range for mapping UIDs and GIDs to RIDs
+ required: yes
author:
- Thomas Woerner
'''
--
GitLab