source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-group.md

c8 c8s master
  1.   c8s
  2.   README-group.md
Blob History Raw
Packit Service 0a38ef 
Group module
Packit Service 0a38ef 
============
Packit Service 0a38ef
Packit Service 0a38ef 
Description
Packit Service 0a38ef 
-----------
Packit Service 0a38ef
Packit Service 0a38ef 
The group module allows to ensure presence and absence of groups and members of groups.
Packit Service 0a38ef
Packit Service 0a38ef 
The group module is as compatible as possible to the Ansible upstream `ipa_group` module, but additionally offers to add users to a group and also to remove users from a group.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Features
Packit Service 0a38ef 
--------
Packit Service 0a38ef 
* Group management
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Supported FreeIPA Versions
Packit Service 0a38ef 
--------------------------
Packit Service 0a38ef
Packit Service 0a38ef 
FreeIPA versions 4.4.0 and up are supported by the ipagroup module.
Packit Service 0a38ef
Packit Service a166ed 
Some variables are only supported on newer versions of FreeIPA. Check `Variables` section for details.
Packit Service a166ed
Packit Service 0a38ef
Packit Service 0a38ef 
Requirements
Packit Service 0a38ef 
------------
Packit Service 0a38ef
Packit Service 0a38ef 
**Controller**
Packit Service 0a38ef 
* Ansible version: 2.8+
Packit Service 0a38ef
Packit Service 0a38ef 
**Node**
Packit Service 0a38ef 
* Supported FreeIPA version (see above)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Usage
Packit Service 0a38ef 
=====
Packit Service 0a38ef
Packit Service 0a38ef 
Example inventory file
Packit Service 0a38ef
Packit Service 0a38ef 
```ini
Packit Service 0a38ef 
[ipaserver]
Packit Service 0a38ef 
ipaserver.test.local
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to add groups:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle groups
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Create group ops with gid 1234
Packit Service 0a38ef 
  - ipagroup:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: ops
Packit Service 0a38ef 
      gidnumber: 1234
Packit Service 0a38ef
Packit Service 0a38ef 
  # Create group sysops
Packit Service 0a38ef 
  - ipagroup:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: sysops
Packit Service 0a38ef 
      user:
Packit Service 0a38ef 
      - pinky
Packit Service 0a38ef
Packit Service 0a38ef 
  # Create group appops
Packit Service 0a38ef 
  - ipagroup:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: appops
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to add users to a group:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle groups
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Add user member brain to group sysops
Packit Service 0a38ef 
  - ipagroup:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: sysops
Packit Service 0a38ef 
      action: member
Packit Service 0a38ef 
      user:
Packit Service 0a38ef 
      - brain
Packit Service 0a38ef 
```
Packit Service 0a38ef 
`action` controls if a the group or member will be handled. To add or remove members, set `action` to `member`.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to add group members to a group:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle groups
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Add group members sysops and appops to group sysops
Packit Service 0a38ef 
  - ipagroup:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: ops
Packit Service 0a38ef 
      group:
Packit Service 0a38ef 
      - sysops
Packit Service 0a38ef 
      - appops
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service a166ed 
Example playbook to add members from a trusted realm to an external group:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
--
Packit Service a166ed 
- name: Playbook to handle groups.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  became: true
Packit Service a166ed
Packit Service a166ed 
  - name: Create an external group and add members from a trust to it.
Packit Service a166ed 
    ipagroup:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: extgroup
Packit Service a166ed 
      external: yes
Packit Service a166ed 
      externalmember:
Packit Service a166ed 
      - WINIPA\\Web Users
Packit Service a166ed 
      - WINIPA\\Developers
Packit Service a166ed 
```
Packit Service a166ed
Packit Service 0a38ef 
Example playbook to remove groups:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle groups
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Remove goups sysops, appops and ops
Packit Service 0a38ef 
  - ipagroup:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: sysops,appops,ops
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Variables
Packit Service 0a38ef 
=========
Packit Service 0a38ef
Packit Service 0a38ef 
ipagroup
Packit Service 0a38ef 
-------
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0a38ef 
`name` \| `cn` | The list of group name strings. | no
Packit Service 0a38ef 
`description` | The group description string. | no
Packit Service 0a38ef 
`gid` \| `gidnumber` | The GID integer. | no
Packit Service a166ed 
`posix` | Create a non-POSIX group or change a non-POSIX to a posix group. (bool) | no
Packit Service 0a38ef 
`nonposix` | Create as a non-POSIX group. (bool) | no
Packit Service 0a38ef 
`external` | Allow adding external non-IPA members from trusted domains. (bool) | no
Packit Service 0a38ef 
`nomembers` | Suppress processing of membership attributes. (bool) | no
Packit Service 0a38ef 
`user` | List of user name strings assigned to this group. | no
Packit Service 0a38ef 
`group` | List of group name strings assigned to this group. | no
Packit Service 0a38ef 
`service` | List of service name strings assigned to this group. Only usable with IPA versions 4.7 and up. | no
Packit Service 0a38ef 
`membermanager_user` | List of member manager users assigned to this group. Only usable with IPA versions 4.8.4 and up. | no
Packit Service 0a38ef 
`membermanager_group` | List of member manager groups assigned to this group. Only usable with IPA versions 4.8.4 and up. | no
Packit Service a166ed 
`externalmember` \| `ipaexternalmember`  \| `external_member`| List of members of a trusted domain in DOM\\name or name@domain form. | no
Packit Service 0a38ef 
`action` | Work on group or member level. It can be on of `member` or `group` and defaults to `group`. | no
Packit Service 0a38ef 
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Authors
Packit Service 0a38ef 
=======
Packit Service 0a38ef
Packit Service 0a38ef 
Thomas Woerner

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation