source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-group.md

c8 c8s master
  1.   24e69067cf58ccacd5e848dd0ad755dc22eb7e14
  2.   README-group.md
Blob History Raw
Packit 8cb997 
Group module
Packit 8cb997 
============
Packit 8cb997
Packit 8cb997 
Description
Packit 8cb997 
-----------
Packit 8cb997
Packit 8cb997 
The group module allows to ensure presence and absence of groups and members of groups.
Packit 8cb997
Packit 8cb997 
The group module is as compatible as possible to the Ansible upstream `ipa_group` module, but additionally offers to add users to a group and also to remove users from a group.
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Features
Packit 8cb997 
--------
Packit 8cb997 
* Group management
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Supported FreeIPA Versions
Packit 8cb997 
--------------------------
Packit 8cb997
Packit 8cb997 
FreeIPA versions 4.4.0 and up are supported by the ipagroup module.
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Requirements
Packit 8cb997 
------------
Packit 8cb997
Packit 8cb997 
**Controller**
Packit 8cb997 
* Ansible version: 2.8+
Packit 8cb997
Packit 8cb997 
**Node**
Packit 8cb997 
* Supported FreeIPA version (see above)
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Usage
Packit 8cb997 
=====
Packit 8cb997
Packit 8cb997 
Example inventory file
Packit 8cb997
Packit 8cb997 
```ini
Packit 8cb997 
[ipaserver]
Packit 8cb997 
ipaserver.test.local
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Example playbook to add groups:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle groups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Create group ops with gid 1234
Packit 8cb997 
  - ipagroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: ops
Packit 8cb997 
      gidnumber: 1234
Packit 8cb997
Packit 8cb997 
  # Create group sysops
Packit 8cb997 
  - ipagroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: sysops
Packit 8cb997 
      user:
Packit 8cb997 
      - pinky
Packit 8cb997
Packit 8cb997 
  # Create group appops
Packit 8cb997 
  - ipagroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: appops
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997 
Example playbook to add users to a group:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle groups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Add user member brain to group sysops
Packit 8cb997 
  - ipagroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: sysops
Packit 8cb997 
      action: member
Packit 8cb997 
      user:
Packit 8cb997 
      - brain
Packit 8cb997 
```
Packit 8cb997 
`action` controls if a the group or member will be handled. To add or remove members, set `action` to `member`.
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Example playbook to add group members to a group:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle groups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Add group members sysops and appops to group sysops
Packit 8cb997 
  - ipagroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: ops
Packit 8cb997 
      group:
Packit 8cb997 
      - sysops
Packit 8cb997 
      - appops
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997 
Example playbook to remove groups:
Packit 8cb997
Packit 8cb997 
```yaml
Packit 8cb997 
---
Packit 8cb997 
- name: Playbook to handle groups
Packit 8cb997 
  hosts: ipaserver
Packit 8cb997 
  become: true
Packit 8cb997
Packit 8cb997 
  tasks:
Packit 8cb997 
  # Remove goups sysops, appops and ops
Packit 8cb997 
  - ipagroup:
Packit 8cb997 
      ipaadmin_password: MyPassword123
Packit 8cb997 
      name: sysops,appops,ops
Packit 8cb997 
      state: absent
Packit 8cb997 
```
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Variables
Packit 8cb997 
=========
Packit 8cb997
Packit 8cb997 
ipagroup
Packit 8cb997 
-------
Packit 8cb997
Packit 8cb997 
Variable | Description | Required
Packit 8cb997 
-------- | ----------- | --------
Packit 8cb997 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit 8cb997 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit 8cb997 
`name` \| `cn` | The list of group name strings. | no
Packit 8cb997 
`description` | The group description string. | no
Packit 8cb997 
`gid` \| `gidnumber` | The GID integer. | no
Packit 8cb997 
`nonposix` | Create as a non-POSIX group. (bool) | no
Packit 8cb997 
`external` | Allow adding external non-IPA members from trusted domains. (flag) | no
Packit 8cb997 
`nomembers` | Suppress processing of membership attributes. (bool) | no
Packit 8cb997 
`user` | List of user name strings assigned to this group. | no
Packit 8cb997 
`group` | List of group name strings assigned to this group. | no
Packit 8cb997 
`service` | List of service name strings assigned to this group. Only usable with IPA versions 4.7 and up. | no
Packit 8cb997 
`action` | Work on group or member level. It can be on of `member` or `group` and defaults to `group`. | no
Packit 8cb997 
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
Packit 8cb997
Packit 8cb997
Packit 8cb997 
Authors
Packit 8cb997 
=======
Packit 8cb997
Packit 8cb997 
Thomas Woerner

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation