|
Packit Service |
0a38ef |
Sudocmdgroup module
|
|
Packit Service |
0a38ef |
===================
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Description
|
|
Packit Service |
0a38ef |
-----------
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
The sudocmdgroup module allows to ensure presence and absence of sudocmdgroups and members of sudocmdgroups.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
The sudocmdgroup module is as compatible as possible to the Ansible upstream `ipa_sudocmdgroup` module, but additionally offers to make sure that sudocmds are present or absent in a sudocmdgroup.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Features
|
|
Packit Service |
0a38ef |
--------
|
|
Packit Service |
0a38ef |
* Sudocmdgroup management
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Supported FreeIPA Versions
|
|
Packit Service |
0a38ef |
--------------------------
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
FreeIPA versions 4.4.0 and up are supported by the ipasudocmdgroup module.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Requirements
|
|
Packit Service |
0a38ef |
------------
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
**Controller**
|
|
Packit Service |
0a38ef |
* Ansible version: 2.8+
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
**Node**
|
|
Packit Service |
0a38ef |
* Supported FreeIPA version (see above)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Usage
|
|
Packit Service |
0a38ef |
=====
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Example inventory file
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
```ini
|
|
Packit Service |
0a38ef |
[ipaserver]
|
|
Packit Service |
0a38ef |
ipaserver.test.local
|
|
Packit Service |
0a38ef |
```
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Example playbook to make sure sudocmdgroup is present:
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
```yaml
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
- name: Playbook to handle sudocmdgroups
|
|
Packit Service |
0a38ef |
hosts: ipaserver
|
|
Packit Service |
0a38ef |
become: true
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
tasks:
|
|
Packit Service |
0a38ef |
# Ensure sudocmdgroup is present
|
|
Packit Service |
0a38ef |
- ipasudocmdgroup:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: group01
|
|
Packit Service |
0a38ef |
description: Group of important commands
|
|
Packit Service |
0a38ef |
```
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Example playbook to make sure that a sudo command and sudocmdgroups are present in existing sudocmdgroup:
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
```yaml
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
- name: Playbook to handle sudocmdgroups
|
|
Packit Service |
0a38ef |
hosts: ipaserver
|
|
Packit Service |
0a38ef |
become: true
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
tasks:
|
|
Packit Service |
0a38ef |
# Ensure sudo commands are present in existing sudocmdgroup
|
|
Packit Service |
0a38ef |
- ipasudocmdgroup:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: group01
|
|
Packit Service |
0a38ef |
sudocmd:
|
|
Packit Service |
0a38ef |
- /usr/bin/su
|
|
Packit Service |
0a38ef |
- /usr/bin/less
|
|
Packit Service |
0a38ef |
action: member
|
|
Packit Service |
0a38ef |
```
|
|
Packit Service |
0a38ef |
`action` controls if the sudocmdgroup or member will be handled. To add or remove members, set `action` to `member`.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Example playbook to make sure that a sudo command and sudocmdgroups are absent in sudocmdgroup:
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
```yaml
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
- name: Playbook to handle sudocmdgroups
|
|
Packit Service |
0a38ef |
hosts: ipaserver
|
|
Packit Service |
0a38ef |
become: true
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
tasks:
|
|
Packit Service |
0a38ef |
# Ensure sudocmds are absent in existing sudocmdgroup
|
|
Packit Service |
0a38ef |
- ipasudocmdgroup:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: group01
|
|
Packit Service |
0a38ef |
sudocmd:
|
|
Packit Service |
0a38ef |
- /usr/bin/su
|
|
Packit Service |
0a38ef |
- /usr/bin/less
|
|
Packit Service |
0a38ef |
action: member
|
|
Packit Service |
0a38ef |
state: absent
|
|
Packit Service |
0a38ef |
```
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Example playbook to make sure sudocmdgroup is absent:
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
```yaml
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
- name: Playbook to handle sudocmdgroups
|
|
Packit Service |
0a38ef |
hosts: ipaserver
|
|
Packit Service |
0a38ef |
become: true
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
tasks:
|
|
Packit Service |
0a38ef |
# Ensure sudocmdgroup is absent
|
|
Packit Service |
0a38ef |
- ipasudocmdgroup:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: group01
|
|
Packit Service |
0a38ef |
state: absent
|
|
Packit Service |
0a38ef |
```
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Variables
|
|
Packit Service |
0a38ef |
=========
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ipasudocmdgroup
|
|
Packit Service |
0a38ef |
-------
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Variable | Description | Required
|
|
Packit Service |
0a38ef |
-------- | ----------- | --------
|
|
Packit Service |
0a38ef |
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
|
|
Packit Service |
0a38ef |
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
|
|
Packit Service |
0a38ef |
`name` \| `cn` | The list of sudocmdgroup name strings. | no
|
|
Packit Service |
0a38ef |
`description` | The sudocmdgroup description string. | no
|
|
Packit Service |
0a38ef |
`nomembers` | Suppress processing of membership attributes. (bool) | no
|
|
Packit Service |
0a38ef |
`sudocmd` | List of sudocmdgroup name strings assigned to this sudocmdgroup. | no
|
|
Packit Service |
0a38ef |
`action` | Work on sudocmdgroup or member level. It can be on of `member` or `sudocmdgroup` and defaults to `sudocmdgroup`. | no
|
|
Packit Service |
0a38ef |
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | no
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Authors
|
|
Packit Service |
0a38ef |
=======
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
Rafael Guterres Jeffman
|