|
Packit Service |
0f71a7 |
Config module
|
|
Packit Service |
0f71a7 |
===========
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Description
|
|
Packit Service |
0f71a7 |
-----------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
The config module allows the setting of global config parameters within IPA. If no parameters are specified it returns the list of all current parameters.
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
The config module is as compatible as possible to the Ansible upstream `ipa_config` module, but adds many additional parameters
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Features
|
|
Packit Service |
0f71a7 |
--------
|
|
Packit Service |
0f71a7 |
* IPA server configuration management
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Supported FreeIPA Versions
|
|
Packit Service |
0f71a7 |
--------------------------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
FreeIPA versions 4.4.0 and up are supported by the ipaconfig module.
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Requirements
|
|
Packit Service |
0f71a7 |
------------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
**Controller**
|
|
Packit Service |
0f71a7 |
* Ansible version: 2.8+
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
**Node**
|
|
Packit Service |
0f71a7 |
* Supported FreeIPA version (see above)
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Usage
|
|
Packit Service |
0f71a7 |
=====
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example inventory file
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```ini
|
|
Packit Service |
0f71a7 |
[ipaserver]
|
|
Packit Service |
0f71a7 |
ipaserver.test.local
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Example playbook to read config options:
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Playbook to handle global config options
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: return current values of the global configuration options
|
|
Packit Service |
0f71a7 |
ipaconfig:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: password
|
|
Packit Service |
0f71a7 |
register: result
|
|
Packit Service |
0f71a7 |
- name: display default login shell
|
|
Packit Service |
0f71a7 |
debug:
|
|
Packit Service |
0f71a7 |
msg: '{{result.config.defaultlogin }}'
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
- name: ensure defaultloginshell and maxusernamelength are set as required
|
|
Packit Service |
0f71a7 |
ipaconfig:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: password
|
|
Packit Service |
0f71a7 |
defaultlogin: /bin/bash
|
|
Packit Service |
0f71a7 |
maxusername: 64
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
```yaml
|
|
Packit Service |
0f71a7 |
---
|
|
Packit Service |
0f71a7 |
- name: Playbook to ensure some config options are set
|
|
Packit Service |
0f71a7 |
hosts: ipaserver
|
|
Packit Service |
0f71a7 |
become: true
|
|
Packit Service |
0f71a7 |
tasks:
|
|
Packit Service |
0f71a7 |
- name: set defaultlogin and maxusername
|
|
Packit Service |
0f71a7 |
ipaconfig:
|
|
Packit Service |
0f71a7 |
ipaadmin_password: password
|
|
Packit Service |
0f71a7 |
defaultlogin: /bin/bash
|
|
Packit Service |
0f71a7 |
maxusername: 64
|
|
Packit Service |
0f71a7 |
```
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Variables
|
|
Packit Service |
0f71a7 |
=========
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
ipauser
|
|
Packit Service |
0f71a7 |
-------
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
**General Variables:**
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Variable | Description | Required
|
|
Packit Service |
0f71a7 |
-------- | ----------- | --------
|
|
Packit Service |
0f71a7 |
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
|
Packit Service |
0f71a7 |
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
|
Packit Service |
0f71a7 |
`maxusername` \| `ipamaxusernamelength` | Set the maximum username length (1 to 255) | no
|
|
Packit Service |
0f71a7 |
`maxhostname` \| `ipamaxhostnamelength` | Set the maximum hostname length between 64-255 | no
|
|
Packit Service |
0f71a7 |
`homedirectory` \| `ipahomesrootdir` | Set the default location of home directories | no
|
|
Packit Service |
0f71a7 |
`defaultshell` \| `ipadefaultloginshell` | Set the default shell for new users | no
|
|
Packit Service |
0f71a7 |
`defaultgroup` \| `ipadefaultprimarygroup` | Set the default group for new users | no
|
|
Packit Service |
0f71a7 |
`emaildomain`\| `ipadefaultemaildomain` | Set the default e-mail domain | false
|
|
Packit Service |
0f71a7 |
`searchtimelimit` \| `ipasearchtimelimit` | Set maximum amount of time (seconds) for a search -1 to 2147483647 (-1 or 0 is unlimited) | no
|
|
Packit Service |
0f71a7 |
`searchrecordslimit` \| `ipasearchrecordslimit` | Set maximum number of records to search -1 to 2147483647 (-1 or 0 is unlimited) | no
|
|
Packit Service |
0f71a7 |
`usersearch` \| `ipausersearchfields` | Set list of fields to search when searching for users | no
|
|
Packit Service |
0f71a7 |
`groupsearch` \| `ipagroupsearchfields` | Set list of fields to search in when searching for groups | no
|
|
Packit Service |
0f71a7 |
`enable_migration` \| `ipamigrationenabled` | Enable migration mode (choices: True, False ) | no
|
|
Packit Service |
0f71a7 |
`groupobjectclasses` \| `ipagroupobjectclasses` | Set default group objectclasses (list) | no
|
|
Packit Service |
0f71a7 |
`userobjectclasses` \| `ipauserobjectclasses` | Set default user objectclasses (list) | no
|
|
Packit Service |
0f71a7 |
`pwdexpnotify` \| `ipapwdexpadvnotify` | Set number of days's notice of impending password expiration (0 to 2147483647) | no
|
|
Packit Service |
0f71a7 |
`configstring` \| `ipaconfigstring` | Set extra hashes to generate in password plug-in (choices:`AllowNThash`, `KDC:Disable Last Success`, `KDC:Disable Lockout`, `KDC:Disable Default Preauth for SPNs`). Use `""` to clear this variable. | no
|
|
Packit Service |
0f71a7 |
`selinuxusermaporder` \| `ipaselinuxusermaporder`| Set ordered list in increasing priority of SELinux users | no
|
|
Packit Service |
0f71a7 |
`selinuxusermapdefault`\| `ipaselinuxusermapdefault` | Set default SELinux user when no match is found in SELinux map rule | no
|
|
Packit Service |
0f71a7 |
`pac_type` \| `ipakrbauthzdata` | set default types of PAC supported for services (choices: `MS-PAC`, `PAD`, `nfs:NONE`). Use `""` to clear this variable. | no
|
|
Packit Service |
0f71a7 |
`user_auth_type` \| `ipauserauthtype` | set default types of supported user authentication (choices: `password`, `radius`, `otp`, `disabled`). Use `""` to clear this variable. | no
|
|
Packit Service |
0f71a7 |
`domain_resolution_order` \| `ipadomainresolutionorder` | Set list of domains used for short name qualification | no
|
|
Packit Service |
0f71a7 |
`ca_renewal_master_server` \| `ipacarenewalmasterserver`| Renewal master for IPA certificate authority. | no
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Return Values
|
|
Packit Service |
0f71a7 |
=============
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Variable | Description | Returned When
|
|
Packit Service |
0f71a7 |
-------- | ----------- | -------------
|
|
Packit Service |
0f71a7 |
`config` | config dict
Fields: | No values to configure are specified
|
|
Packit Service |
0f71a7 |
| `maxusername` |
|
|
Packit Service |
0f71a7 |
| `maxhostname` |
|
|
Packit Service |
0f71a7 |
| `homedirectory` |
|
|
Packit Service |
0f71a7 |
| `defaultshell` |
|
|
Packit Service |
0f71a7 |
| `defaultgroup` |
|
|
Packit Service |
0f71a7 |
| `emaildomain` |
|
|
Packit Service |
0f71a7 |
| `searchtimelimit` |
|
|
Packit Service |
0f71a7 |
| `searchrecordslimit` |
|
|
Packit Service |
0f71a7 |
| `usersearch` |
|
|
Packit Service |
0f71a7 |
| `groupsearch` |
|
|
Packit Service |
0f71a7 |
| `enable_migration` |
|
|
Packit Service |
0f71a7 |
| `groupobjectclasses` |
|
|
Packit Service |
0f71a7 |
| `userobjectclasses` |
|
|
Packit Service |
0f71a7 |
| `pwdexpnotify` |
|
|
Packit Service |
0f71a7 |
| `configstring` |
|
|
Packit Service |
0f71a7 |
| `selinuxusermapdefault` |
|
|
Packit Service |
0f71a7 |
| `selinuxusermaporder` |
|
|
Packit Service |
0f71a7 |
| `pac_type` |
|
|
Packit Service |
0f71a7 |
| `user_auth_type` |
|
|
Packit Service |
0f71a7 |
| `domain_resolution_order` |
|
|
Packit Service |
0f71a7 |
| `ca_renewal_master_server` |
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
All returned fields take the same form as their namesake input parameters
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Authors
|
|
Packit Service |
0f71a7 |
=======
|
|
Packit Service |
0f71a7 |
|
|
Packit Service |
0f71a7 |
Chris Procter
|