Skip to content
Snippets Groups Projects
Commit 95c38d16 authored by Thomas Woerner's avatar Thomas Woerner
Browse files

New ipaclient options: force_join, kinit_attempts, ntp and mkhomedir

parent 9ad38c66
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
library/ipaclient.py
+ 40
3
View file @ 95c38d16
...@@ -63,12 +63,29 @@ options: ...@@ -63,12 +63,29 @@ options:
otp: otp:
description: The One-Time-Password used to join the IPA realm. description: The One-Time-Password used to join the IPA realm.
required: false required: false
force_join:
description: Set force_join to yes to join the host even if it is already enrolled.
required: false
choices: [ "yes", "force" ]
default: yes
kinit_attempts:
description: Repeat the request for host Kerberos ticket X times.
required: false
ntp:
description: Set to no to not configure and enable NTP
required: false
default: yes
mkhomedir:
description: Set to yes to configure PAM to create a users home directory if it does not exist.
required: false
default: no
extr_args: extr_args:
description: The list of extra arguments to provide to ipa-client-install. description: The list of extra arguments to provide to ipa-client-install.
required: false required: false
type: list type: list
author: author:
- Florence Blanc-Renaud - Florence Blanc-Renaud
- Thomas Woerner
''' '''
EXAMPLES = ''' EXAMPLES = '''
...@@ -81,7 +98,8 @@ EXAMPLES = ''' ...@@ -81,7 +98,8 @@ EXAMPLES = '''
- ipaclient: - ipaclient:
principal: admin principal: admin
password: MySecretPassword password: MySecretPassword
extraargs: [ '--no-ntp', '--kinit-attempts=5'] ntp: no
kinit_attempts: 5
# Enroll client using admin credentials, with specified domain and # Enroll client using admin credentials, with specified domain and
# autodiscovery of the IPA server # autodiscovery of the IPA server
...@@ -89,7 +107,8 @@ EXAMPLES = ''' ...@@ -89,7 +107,8 @@ EXAMPLES = '''
principal: admin principal: admin
password: MySecretPassword password: MySecretPassword
domain: ipa.domain.com domain: ipa.domain.com
extraargs: [ '--no-ntp', '--kinit-attempts=5'] ntp: no
kinit_attempts: 5
# Enroll client using admin credentials, with specified server # Enroll client using admin credentials, with specified server
- ipaclient: - ipaclient:
...@@ -97,7 +116,8 @@ EXAMPLES = ''' ...@@ -97,7 +116,8 @@ EXAMPLES = '''
password: MySecretPassword password: MySecretPassword
domain: ipa.domain.com domain: ipa.domain.com
server: ipaserver.ipa.domain.com server: ipaserver.ipa.domain.com
extraargs: [ '--no-ntp', '--kinit-attempts=5'] ntp: no
kinit_attempts: 5
# Enroll client using One-Time-Password, with specified domain and realm # Enroll client using One-Time-Password, with specified domain and realm
- ipaclient: - ipaclient:
...@@ -207,6 +227,10 @@ def ensure_ipa_client(module): ...@@ -207,6 +227,10 @@ def ensure_ipa_client(module):
password = module.params.get('password') password = module.params.get('password')
keytab = module.params.get('keytab') keytab = module.params.get('keytab')
otp = module.params.get('otp') otp = module.params.get('otp')
force_join = module.params.get('force_join')
kinit_attempts = module.params.get('kinit_attempts')
ntp = module.params.get('ntp')
mkhomedir = module.params.get('mkhomedir')
extra_args = module.params.get('extra_args') extra_args = module.params.get('extra_args')
# Ensure that at least one auth method is specified # Ensure that at least one auth method is specified
...@@ -258,6 +282,15 @@ def ensure_ipa_client(module): ...@@ -258,6 +282,15 @@ def ensure_ipa_client(module):
if otp: if otp:
cmd.append("--password") cmd.append("--password")
cmd.append(otp) cmd.append(otp)
if force_join:
cmd.append("--force-join")
if kinit_attempts:
cmd.append("--kinit-attempts")
cmd.append(str(kinit_attempts))
if not ntp:
cmd.append("--no-ntp")
if mkhomedir:
cmd.append("--mkhomedir")
if extra_args: if extra_args:
for extra_arg in extra_args: for extra_arg in extra_args:
cmd.append(extra_arg) cmd.append(extra_arg)
...@@ -286,6 +319,10 @@ def main(): ...@@ -286,6 +319,10 @@ def main():
password=dict(required=False, no_log=True), password=dict(required=False, no_log=True),
keytab=dict(required=False, type='path'), keytab=dict(required=False, type='path'),
otp=dict(required=False), otp=dict(required=False),
force_join=dict(required=False, type='bool', default=False),
kinit_attempts=dict(required=False, type='int'),
ntp=dict(required=False, type='bool', default=True),
mkhomedir=dict(required=False, type='bool', default=False),
extra_args=dict(default=None, type='list') extra_args=dict(default=None, type='list')
), ),
) )
......
roles/ipaclient/defaults/main.yml
+ 4
0
View file @ 95c38d16
...@@ -9,4 +9,8 @@ ipaclient_principal: ...@@ -9,4 +9,8 @@ ipaclient_principal:
ipaclient_password: ipaclient_password:
ipaclient_keytab: ipaclient_keytab:
ipaclient_otp: ipaclient_otp:
ipaclient_force_join: no
ipaclient_kinit_attempts:
ipaclient_ntp: yes
ipaclient_mkhomedir: no
ipaclient_extraargs: [] ipaclient_extraargs: []
roles/ipaclient/tasks/install.yml
+ 4
0
View file @ 95c38d16
...@@ -42,4 +42,8 @@ ...@@ -42,4 +42,8 @@
password: "{{ ipaclient_password | default(omit) }}" password: "{{ ipaclient_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}" keytab: "{{ ipaclient_keytab | default(omit) }}"
otp: "{{ ipaclient_otp | default(omit) }}" otp: "{{ ipaclient_otp | default(omit) }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
extra_args: "{{ ipaclient_extraargs | default(omit) }}" extra_args: "{{ ipaclient_extraargs | default(omit) }}"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment