source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-role.md

c8 c8s master
  1.   8a9012d31c448db2cfb31a24aedcdffa95e3f618
  2.   README-role.md
Blob History Raw
Packit Service a166ed 
Role module
Packit Service a166ed 
===========
Packit Service a166ed
Packit Service a166ed 
Description
Packit Service a166ed 
-----------
Packit Service a166ed
Packit Service a166ed 
The role module allows to ensure presence, absence of roles and members of roles.
Packit Service a166ed
Packit Service a166ed 
The role module is as compatible as possible to the Ansible upstream `ipa_role` module, but additionally offers role member management.
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Features
Packit Service a166ed 
--------
Packit Service a166ed
Packit Service a166ed 
* Role management
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Supported FreeIPA Versions
Packit Service a166ed 
--------------------------
Packit Service a166ed
Packit Service a166ed 
FreeIPA versions 4.4.0 and up are supported by the iparole module.
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Requirements
Packit Service a166ed 
------------
Packit Service a166ed
Packit Service a166ed 
**Controller**
Packit Service a166ed 
* Ansible version: 2.8+
Packit Service a166ed
Packit Service a166ed 
**Node**
Packit Service a166ed 
* Supported FreeIPA version (see above)
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Usage
Packit Service a166ed 
=====
Packit Service a166ed
Packit Service a166ed 
Example inventory file
Packit Service a166ed
Packit Service a166ed 
```ini
Packit Service a166ed 
[ipaserver]
Packit Service a166ed 
ipaserver.test.local
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Example playbook to make sure role is present with all members:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role with members.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      user:
Packit Service a166ed 
      - pinky
Packit Service a166ed 
      group:
Packit Service a166ed 
      - group01
Packit Service a166ed 
      host:
Packit Service a166ed 
      - host01.example.com
Packit Service a166ed 
      hostgroup:
Packit Service a166ed 
      - hostgroup01
Packit Service a166ed 
      privilege:
Packit Service a166ed 
      - Group Administrators
Packit Service a166ed 
      - User Administrators
Packit Service a166ed 
      service:
Packit Service a166ed 
      - service01
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to rename a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
- iparole:
Packit Service a166ed 
    ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
    name: somerole
Packit Service a166ed 
    rename: anotherrole
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to make sure role is absent:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      state: absent
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a user is a member of a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      user:
Packit Service a166ed 
      - pinky
Packit Service a166ed 
      action: member
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a group is a member of a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      host:
Packit Service a166ed 
      - host01.example.com
Packit Service a166ed 
      action: member
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a host is a member of a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      host:
Packit Service a166ed 
      - host01.example.com
Packit Service a166ed 
      action: member
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a hostgroup is a member of a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      hostgroup:
Packit Service a166ed 
      - hostgroup01
Packit Service a166ed 
      action: member
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a service is a member of a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      service:
Packit Service a166ed 
      - service01
Packit Service a166ed 
      action: member
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a privilege is a member of a role:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      privilege:
Packit Service a166ed 
      - Group Administrators
Packit Service a166ed 
      - User Administrators
Packit Service a166ed 
      action: member
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure that different members are not associated with a role.
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to manage IPA role member.
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: yes
Packit Service a166ed 
  gather_facts: no
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - iparole:
Packit Service a166ed 
      ipaadmin_password: SomeADMINpassword
Packit Service a166ed 
      name: somerole
Packit Service a166ed 
      user:
Packit Service a166ed 
      - pinky
Packit Service a166ed 
      group:
Packit Service a166ed 
      - group01
Packit Service a166ed 
      host:
Packit Service a166ed 
      - host01.example.com
Packit Service a166ed 
      hostgroup:
Packit Service a166ed 
      - hostgroup01
Packit Service a166ed 
      privilege:
Packit Service a166ed 
      - Group Administrators
Packit Service a166ed 
      - User Administrators
Packit Service a166ed 
      service:
Packit Service a166ed 
      - service01
Packit Service a166ed 
      action: member
Packit Service a166ed 
      state: absent
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Variables
Packit Service a166ed 
---------
Packit Service a166ed
Packit Service a166ed 
iparole
Packit Service a166ed 
-------
Packit Service a166ed
Packit Service a166ed 
Variable | Description | Required
Packit Service a166ed 
-------- | ----------- | --------
Packit Service a166ed 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service a166ed 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service a166ed 
`name` \| `cn` | The list of role name strings. | yes
Packit Service a166ed 
`description` | A description for the role. | no
Packit Service a166ed 
`rename` | Rename the role object. | no
Packit Service a166ed 
`privilege` | Privileges associated to this role. | no
Packit Service a166ed 
`user` | List of users to be assigned or not assigned to the role. | no
Packit Service a166ed 
`group` | List of groups to be assigned or not assigned to the role. | no
Packit Service a166ed 
`host` | List of hosts to be assigned or not assigned to the role. | no
Packit Service a166ed 
`hostgroup` | List of hostgroups to be assigned or not assigned to the role. | no
Packit Service a166ed 
`service` | List of services to be assigned or not assigned to the role. | no
Packit Service a166ed 
`action` | Work on role or member level. It can be on of `member` or `role` and defaults to `role`. | no
Packit Service a166ed 
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. | no
Packit Service a166ed
Packit Service a166ed
Packit Service a166ed 
Authors
Packit Service a166ed 
=======
Packit Service a166ed
Packit Service a166ed 
Rafael Jeffman

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation