|
Packit Service |
a166ed |
Selfservice module
|
|
Packit Service |
a166ed |
=================
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Description
|
|
Packit Service |
a166ed |
-----------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
The selfservice module allows to ensure presence, absence of selfservices and selfservice attributes.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Features
|
|
Packit Service |
a166ed |
--------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
* Selfservice management
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Supported FreeIPA Versions
|
|
Packit Service |
a166ed |
--------------------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
FreeIPA versions 4.4.0 and up are supported by the ipaselfservice module.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Requirements
|
|
Packit Service |
a166ed |
------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
**Controller**
|
|
Packit Service |
a166ed |
* Ansible version: 2.8+
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
**Node**
|
|
Packit Service |
a166ed |
* Supported FreeIPA version (see above)
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Usage
|
|
Packit Service |
a166ed |
=====
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example inventory file
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```ini
|
|
Packit Service |
a166ed |
[ipaserver]
|
|
Packit Service |
a166ed |
ipaserver.test.local
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to make sure selfservice "Users can manage their own name details" is present:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to manage IPA selfservice.
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
tasks:
|
|
Packit Service |
a166ed |
- ipaselfservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "Users can manage their own name details"
|
|
Packit Service |
a166ed |
permission: read
|
|
Packit Service |
a166ed |
attribute:
|
|
Packit Service |
a166ed |
- title
|
|
Packit Service |
a166ed |
- initials
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to make sure selfservice "Users can manage their own name details" is absent:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to manage IPA selfservice.
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
tasks:
|
|
Packit Service |
a166ed |
- ipaselfservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "Users can manage their own name details"
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to make sure "Users can manage their own name details" member attribute initials is present:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to manage IPA selfservice.
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
tasks:
|
|
Packit Service |
a166ed |
- ipaselfservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "Users can manage their own name details"
|
|
Packit Service |
a166ed |
attribute:
|
|
Packit Service |
a166ed |
- initials
|
|
Packit Service |
a166ed |
action: member
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to make sure "Users can manage their own name details" member attribute initials is absent:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to manage IPA selfservice.
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
tasks:
|
|
Packit Service |
a166ed |
- ipaselfservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "Users can manage their own name details"
|
|
Packit Service |
a166ed |
attribute:
|
|
Packit Service |
a166ed |
- initials
|
|
Packit Service |
a166ed |
action: member
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to make sure selfservice "Users can manage their own name details" is absent:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to manage IPA selfservice.
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
tasks:
|
|
Packit Service |
a166ed |
- ipaselfservice:
|
|
Packit Service |
a166ed |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
a166ed |
name: "Users can manage their own name details"
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Variables
|
|
Packit Service |
a166ed |
---------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
ipaselfservice
|
|
Packit Service |
a166ed |
-------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Variable | Description | Required
|
|
Packit Service |
a166ed |
-------- | ----------- | --------
|
|
Packit Service |
a166ed |
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
|
Packit Service |
a166ed |
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
|
Packit Service |
a166ed |
`name` \| `aciname` | The list of selfservice name strings. | yes
|
|
Packit Service |
a166ed |
`permission` \| `permissions` | The permission to grant `read`, `read,write`, `write`]. Default is `write`. | no
|
|
Packit Service |
a166ed |
`attribute` \| `attrs` | The attribute list to which the selfservice applies. | no
|
|
Packit Service |
a166ed |
`action` | Work on selfservice or member level. It can be on of `member` or `selfservice` and defaults to `selfservice`. | no
|
|
Packit Service |
a166ed |
`state` | The state to ensure. It can be one of `present`, `absent`, default: `present`. | no
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Authors
|
|
Packit Service |
a166ed |
=======
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Thomas Woerner
|