diff --git a/roles/ipaclient/library/ipaclient_join.py b/roles/ipaclient/library/ipaclient_join.py
index 31c01a4fd5daa50ec7e3bc4cd82288e34f3eb13d..5d41a546a9dc00941a186ccd69129aca3a6a75f0 100644
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -5,7 +5,7 @@
#
# Based on ipa-client-install code
#
-# Copyright (C) 2017 Red Hat
+# Copyright (C) 2017-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -43,51 +43,67 @@ description:
options:
servers:
description: Fully qualified name of IPA servers to enroll to
- required: no
+ type: list
+ elements: str
+ required: yes
domain:
description: Primary DNS domain of the IPA deployment
- required: no
+ type: str
+ required: yes
realm:
description: Kerberos realm name of the IPA deployment
- required: no
+ type: str
+ required: yes
hostname:
description: Fully qualified name of this host
- required: no
+ type: str
+ required: yes
kdc:
description: The name or address of the host running the KDC
- required: no
+ type: str
+ required: yes
basedn:
description: The basedn of the IPA server (of the form dc=example,dc=com)
- required: no
+ type: str
+ required: yes
principal:
description:
User Principal allowed to promote replicas and join IPA realm
- required: yes
+ type: str
+ required: no
password:
description: Admin user kerberos password
- required: yes
+ type: str
+ required: no
keytab:
description: Path to backed up keytab from previous enrollment
- required: yes
+ type: str
+ required: no
admin_keytab:
description: The path to a local admin keytab
- required: yes
+ type: str
+ required: no
ca_cert_file:
description:
A CA certificate to use. Do not acquire the IPA CA certificate via
automated means
- required: yes
+ type: str
+ required: no
force_join:
description: Force client enrollment even if already enrolled
- required: yes
+ type: bool
+ required: no
kinit_attempts:
description: Repeat the request for host Kerberos ticket X times
- required: yes
+ type: int
+ required: no
+ default: 5
debug:
description: Turn on extra debugging
- required: yes
+ type: bool
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -130,7 +146,7 @@ import tempfile
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import (
- setup_logging,
+ setup_logging, check_imports,
SECURE_PATH, sysrestore, paths, options, configure_krb5_conf,
realm_to_suffix, kinit_keytab, GSSError, kinit_password, NUM_VERSION,
get_ca_cert, get_ca_certs, errors, run
@@ -140,25 +156,26 @@ from ansible.module_utils.ansible_ipa_client import (
def main():
module = AnsibleModule(
argument_spec=dict(
- servers=dict(required=True, type='list'),
- domain=dict(required=True),
- realm=dict(required=True),
- hostname=dict(required=True),
- kdc=dict(required=True),
- basedn=dict(required=True),
- principal=dict(required=False),
- password=dict(required=False, no_log=True),
- keytab=dict(required=False),
- admin_keytab=dict(required=False),
- ca_cert_file=dict(required=False),
+ servers=dict(required=True, type='list', elements='str'),
+ domain=dict(required=True, type='str'),
+ realm=dict(required=True, type='str'),
+ hostname=dict(required=True, type='str'),
+ kdc=dict(required=True, type='str'),
+ basedn=dict(required=True, type='str'),
+ principal=dict(required=False, type='str'),
+ password=dict(required=False, type='str', no_log=True),
+ keytab=dict(required=False, type='str', no_log=False),
+ admin_keytab=dict(required=False, type='str', no_log=False),
+ ca_cert_file=dict(required=False, type='str'),
force_join=dict(required=False, type='bool'),
kinit_attempts=dict(required=False, type='int', default=5),
debug=dict(required=False, type='bool'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
module._ansible_debug = True
+ check_imports(module)
setup_logging()
servers = module.params.get('servers')