source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-sudorule.md

c8 c8s master
  1.   0cfb78a6b56eb323102ba4582119b0e687abb7f2
  2.   README-sudorule.md
Blob History Raw
Packit Service 0a38ef 
Sudorule module
Packit Service 0a38ef 
===============
Packit Service 0a38ef
Packit Service 0a38ef 
Description
Packit Service 0a38ef 
-----------
Packit Service 0a38ef
Packit Service 0a38ef 
The sudorule (Sudo Rule) module allows to ensure presence and absence of Sudo Rules and host, hostgroups, users, and user groups as members of Sudo Rule.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Features
Packit Service 0a38ef 
--------
Packit Service 0a38ef 
* Sudo Rule management
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Supported FreeIPA Versions
Packit Service 0a38ef 
--------------------------
Packit Service 0a38ef
Packit Service 0a38ef 
FreeIPA versions 4.4.0 and up are supported by the ipasudorule module.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Requirements
Packit Service 0a38ef 
------------
Packit Service 0a38ef
Packit Service 0a38ef 
**Controller**
Packit Service 0a38ef 
* Ansible version: 2.8+
Packit Service 0a38ef
Packit Service 0a38ef 
**Node**
Packit Service 0a38ef 
* Supported FreeIPA version (see above)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Usage
Packit Service 0a38ef 
=====
Packit Service 0a38ef
Packit Service 0a38ef 
Example inventory file
Packit Service 0a38ef
Packit Service 0a38ef 
```ini
Packit Service 0a38ef 
[ipaserver]
Packit Service 0a38ef 
ipaserver.test.local
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to make sure Sudo Rule is present:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle sudorules
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Ensure Sudo Rule is present
Packit Service 0a38ef 
  - ipasudorule:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testrule1
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to make sure sudocmds are present in Sudo Rule:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle sudorules
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Ensure Sudo Rule is present
Packit Service 0a38ef 
  - ipasudorule:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testrule1
Packit Service 0a38ef 
      allow_sudocmd:
Packit Service 0a38ef 
      - /sbin/ifconfig
Packit Service 0a38ef 
      action: member
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to make sure sudocmds are not present in Sudo Rule:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle sudorules
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Ensure Sudo Rule is present
Packit Service 0a38ef 
  - ipasudorule:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testrule1
Packit Service 0a38ef 
      allow_sudocmd:
Packit Service 0a38ef 
      - /sbin/ifconfig
Packit Service 0a38ef 
      action: member
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to make sure Sudo Rule is absent:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle sudorules
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  # Ensure Sudo Rule is present
Packit Service 0a38ef 
  - ipasudorule:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      name: testrule1
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Variables
Packit Service 0a38ef 
=========
Packit Service 0a38ef
Packit Service 0a38ef 
ipasudorule
Packit Service 0a38ef 
---------------
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0a38ef 
`name` \| `cn` | The list of sudorule name strings. | yes
Packit Service 0a38ef 
`description` | The sudorule description string. | no
Packit Service 0a38ef 
`usercategory` \| `usercat` | User category the rule applies to. Choices: ["all", ""] | no
Packit Service 0a38ef 
`hostcategory` \| `hostcat` | Host category the rule applies to. Choices: ["all", ""] | no
Packit Service 0a38ef 
`cmdcategory` \| `cmdcat` | Command category the rule applies to. Choices: ["all", ""] | no
Packit Service 0a38ef 
`runasusercategory` \| `rusasusercat` | RunAs User category the rule applies to. Choices: ["all", ""] | no
Packit Service 0a38ef 
`runasgroupcategory` \| `runasgroupcat` | RunAs Group category the rule applies to. Choices: ["all", ""] | no
Packit Service 0a38ef 
`nomembers` | Suppress processing of membership attributes. (bool) | no
Packit Service 0a38ef 
`host` | List of host name strings assigned to this sudorule. | no
Packit Service 0a38ef 
`hostgroup` | List of host group name strings assigned to this sudorule. | no
Packit Service 0a38ef 
`user` | List of user name strings assigned to this sudorule. | no
Packit Service 0a38ef 
`group` | List of user group name strings assigned to this sudorule. | no
Packit Service 0a38ef 
`allow_sudocmd` | List of sudocmd name strings assigned to the allow group of this sudorule. | no
Packit Service 0a38ef 
`deny_sudocmd` | List of sudocmd name strings assigned to the deny group of this sudorule. | no
Packit Service 0a38ef 
`allow_sudocmdgroup` | List of sudocmd groups name strings assigned to the allow group of this sudorule. | no
Packit Service 0a38ef 
`deny_sudocmdgroup` | List of sudocmd groups name strings assigned to the deny group of this sudorule. | no
Packit Service 0a38ef 
`sudooption` \| `option` | List of options to the sudorule | no
Packit Service 0a38ef 
`order` | Integer to order the sudorule | no
Packit Service 0a38ef 
`runasuser` | List of users for Sudo to execute as. | no
Packit Service 0a38ef 
`runasgroup` | List of groups for Sudo to execute as. | no
Packit Service 0a38ef 
`action` | Work on sudorule or member level. It can be on of `member` or `sudorule` and defaults to `sudorule`. | no
Packit Service 0a38ef 
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled` or `disabled`, default: `present`. | no
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Authors
Packit Service 0a38ef 
=======
Packit Service 0a38ef
Packit Service 0a38ef 
Rafael Jeffman

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation