source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-topology.md

c8 c8s master
  1.   c8s
  2.   README-topology.md
Blob History Raw
Packit Service 0a38ef 
Topology modules
Packit Service 0a38ef 
================
Packit Service 0a38ef
Packit Service 0a38ef 
Description
Packit Service 0a38ef 
-----------
Packit Service 0a38ef
Packit Service 0a38ef 
These modules allow to manage the topology. That means that it can made sure that topology segments are present, absent or reinitialized. Also it is possible to verify topology suffixes.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Features
Packit Service 0a38ef 
--------
Packit Service 0a38ef 
* Topology management
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Supported FreeIPA Versions
Packit Service 0a38ef 
--------------------------
Packit Service 0a38ef
Packit Service 0a38ef 
FreeIPA versions 4.4.0 and up are supported by the ipatopologysegment and ipatopologysuffix modules.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Requirements
Packit Service 0a38ef 
------------
Packit Service 0a38ef
Packit Service 0a38ef 
**Controller**
Packit Service 0a38ef 
* Ansible version: 2.8+
Packit Service 0a38ef
Packit Service 0a38ef 
**Node**
Packit Service 0a38ef 
* Supported FreeIPA version (see above)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Usage
Packit Service 0a38ef 
=====
Packit Service 0a38ef
Packit Service 0a38ef 
Example inventory file
Packit Service 0a38ef
Packit Service 0a38ef 
```ini
Packit Service 0a38ef 
[ipaserver]
Packit Service 0a38ef 
ipaserver.test.local
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to add a topology segment with default name (cn):
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle topologysegment
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Add topology segment
Packit Service 0a38ef 
    ipatopologysegment:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      suffix: domain
Packit Service 0a38ef 
      left: ipareplica1.test.local
Packit Service 0a38ef 
      right: ipareplica2.test.local
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef 
```
Packit Service 0a38ef 
The name (cn) can also be set if it should not be the default `{left}-to-{right}`.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to delete a topology segment:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle topologysegment
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Delete topology segment
Packit Service 0a38ef 
    ipatopologysegment:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      suffix: domain
Packit Service 0a38ef 
      left: ipareplica1.test.local
Packit Service 0a38ef 
      right: ipareplica2.test.local
Packit Service 0a38ef 
      state: absent
Packit Service 0a38ef 
```
Packit Service 0a38ef 
It is possible to either use the name (cn) or left and right nodes. If left and right nodes are used, then the name will be searched and used internally.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to reinitialize a topology segment:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle topologysegment
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Reinitialize topology segment
Packit Service 0a38ef 
    ipatopologysegment:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      suffix: domain
Packit Service 0a38ef 
      left: ipareplica1.test.local
Packit Service 0a38ef 
      right: ipareplica2.test.local
Packit Service 0a38ef 
      direction: left-to-right
Packit Service 0a38ef 
      state: reinitialized
Packit Service 0a38ef 
```
Packit Service 0a38ef 
It is possible to either use the name (cn) or left and right nodes. If left and right nodes are used, then the name will be searched and used internally.
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to verify a topology suffix:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Playbook to handle topologysuffix
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Verify topology suffix
Packit Service 0a38ef 
    ipatopologysuffix:
Packit Service 0a38ef 
      ipaadmin_password: SomeADMINpassword
Packit Service 0a38ef 
      suffix: domain
Packit Service 0a38ef 
      state: verified
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef 
Example playbook to add or remove or check or reinitialize a list of topology segments:
Packit Service 0a38ef
Packit Service 0a38ef 
```yaml
Packit Service 0a38ef 
---
Packit Service 0a38ef 
- name: Add topology segments
Packit Service 0a38ef 
  hosts: ipaserver
Packit Service 0a38ef 
  become: true
Packit Service 0a38ef 
  gather_facts: false
Packit Service 0a38ef
Packit Service 0a38ef 
  vars:
Packit Service 0a38ef 
    ipaadmin_password: password1
Packit Service 0a38ef 
    ipatopology_segments:
Packit Service 0a38ef 
    - {suffix: domain, left: replica1.test.local, right: replica2.test.local}
Packit Service 0a38ef 
    - {suffix: domain, left: replica2.test.local, right: replica3.test.local}
Packit Service 0a38ef 
    - {suffix: domain, left: replica3.test.local, right: replica4.test.local}
Packit Service 0a38ef 
    - {suffix: domain+ca, left: replica4.test.local, right: replica1.test.local}
Packit Service 0a38ef
Packit Service 0a38ef 
  tasks:
Packit Service 0a38ef 
  - name: Add topology segment
Packit Service 0a38ef 
    ipatopologysegment:
Packit Service 0a38ef 
      ipaadmin_password: "{{ ipaadmin_password }}"
Packit Service 0a38ef 
      suffix: "{{ item.suffix }}"
Packit Service 0a38ef 
      name: "{{ item.name | default(omit) }}"
Packit Service 0a38ef 
      left: "{{ item.left }}"
Packit Service 0a38ef 
      right: "{{ item.right }}"
Packit Service 0a38ef 
      state: present
Packit Service 0a38ef 
      #state: absent
Packit Service 0a38ef 
      #state: checked
Packit Service 0a38ef 
      #state: reinitialized
Packit Service 0a38ef 
    loop: "{{ ipatopology_segments | default([]) }}"
Packit Service 0a38ef 
```
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Variables
Packit Service 0a38ef 
=========
Packit Service 0a38ef
Packit Service 0a38ef 
ipatopologysegment
Packit Service 0a38ef 
------------------
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0a38ef 
`suffix` | The topology suffix to be used, this can either be `domain`, `ca` or `domain+ca` | yes
Packit Service 0a38ef 
`name` \| `cn` | The topology segment name (cn) is the unique identifier for a segment. | no
Packit Service 0a38ef 
`left` \| `leftnode` | The left replication node string - an IPA server | no
Packit Service 0a38ef 
`right` \| `rightnode` | The right replication node string - an IPA server | no
Packit Service 0a38ef 
`direction` | The direction a segment will be reinitialized. It can either be `left-to-right` or `right-to-left` and only used with `state: reinitialized` |
Packit Service 0a38ef 
`state` | The state to ensure. It can be one of `present`, `absent`, `enabled`, `disabled`, `checked` or `reinitialized` | yes
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
ipatopologysuffix
Packit Service 0a38ef 
-----------------
Packit Service 0a38ef
Packit Service 0a38ef 
Verify FreeIPA topology suffix
Packit Service 0a38ef
Packit Service 0a38ef 
Variable | Description | Required
Packit Service 0a38ef 
-------- | ----------- | --------
Packit Service 0a38ef 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service 0a38ef 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service 0a38ef 
`suffix` | The topology suffix to be used, this can either be `domain` or `ca` | yes
Packit Service 0a38ef 
`state` | The state to ensure. It can only be `verified` | yes
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
Authors
Packit Service 0a38ef 
=======
Packit Service 0a38ef
Packit Service 0a38ef 
Thomas Woerner

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation