source-git / ansible-freeipa

Clone
Source Code
GIT

Blame README-trust.md

c8 c8s master
  1.   47160dfbdf2e3c6f01a010798017a9577e65c310
  2.   README-trust.md
Blob History Raw
Packit Service a166ed 
Trust module
Packit Service a166ed 
============
Packit Service a166ed
Packit Service a166ed 
Description
Packit Service a166ed 
-----------
Packit Service a166ed
Packit Service a166ed 
The trust module allows to ensure presence and absence of a domain trust.
Packit Service a166ed
Packit Service a166ed 
Features
Packit Service a166ed 
--------
Packit Service a166ed
Packit Service a166ed 
* Trust management
Packit Service a166ed
Packit Service a166ed 
Supported FreeIPA Versions
Packit Service a166ed 
--------------------------
Packit Service a166ed
Packit Service a166ed 
FreeIPA versions 4.4.0 and up are supported by the ipatrust module.
Packit Service a166ed
Packit Service a166ed 
Requirements
Packit Service a166ed 
------------
Packit Service a166ed
Packit Service a166ed 
**Controller**
Packit Service a166ed
Packit Service a166ed 
* Ansible version: 2.8+
Packit Service a166ed
Packit Service a166ed 
**Node**
Packit Service a166ed
Packit Service a166ed 
* Supported FreeIPA version (see above)
Packit Service a166ed 
* samba-4
Packit Service a166ed 
* ipa-server-trust-ad
Packit Service a166ed
Packit Service a166ed 
Usage
Packit Service a166ed 
=====
Packit Service a166ed
Packit Service a166ed 
Example inventory file
Packit Service a166ed
Packit Service a166ed 
```ini
Packit Service a166ed 
[ipaserver]
Packit Service a166ed 
ipaserver.test.local
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a one-way trust is present:
Packit Service a166ed 
Omitting the two_way option implies the default of one-way
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to ensure a one-way trust is present
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: true
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - name: ensure the one-way trust present
Packit Service a166ed 
    ipatrust:
Packit Service a166ed 
      realm: ad.example.test
Packit Service a166ed 
      admin: Administrator
Packit Service a166ed 
      password: secret_password
Packit Service a166ed 
      state: present
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a two-way trust is present using a shared-secret:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to ensure a two-way trust is present
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: true
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - name: ensure the two-way trust is present
Packit Service a166ed 
    ipatrust:
Packit Service a166ed 
      realm: ad.example.test
Packit Service a166ed 
      trust_secret: my_share_Secret
Packit Service a166ed 
      two_way: True
Packit Service a166ed 
      state: present
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
Example playbook to ensure a trust is absent:
Packit Service a166ed
Packit Service a166ed 
```yaml
Packit Service a166ed 
---
Packit Service a166ed 
- name: Playbook to ensure a trust is absent
Packit Service a166ed 
  hosts: ipaserver
Packit Service a166ed 
  become: true
Packit Service a166ed
Packit Service a166ed 
  tasks:
Packit Service a166ed 
  - name: ensure the trust is absent
Packit Service a166ed 
    ipatrust:
Packit Service a166ed 
      realm: ad.example.test
Packit Service a166ed 
      state: absent
Packit Service a166ed 
```
Packit Service a166ed
Packit Service a166ed 
This will only delete the ipa-side of the trust and it does NOT delete the id-range that matches the trust,
Packit Service a166ed
Packit Service a166ed 
Variables
Packit Service a166ed 
=========
Packit Service a166ed
Packit Service a166ed 
ipatrust
Packit Service a166ed 
-------
Packit Service a166ed
Packit Service a166ed 
Variable | Description | Required
Packit Service a166ed 
-------- | ----------- | --------
Packit Service a166ed 
`ipaadmin_principal` | The admin principal is a string and defaults to `admin` | no
Packit Service a166ed 
`ipaadmin_password` | The admin password is a string and is required if there is no admin ticket available on the node | no
Packit Service a166ed 
`realm` | The realm name string. | yes
Packit Service a166ed 
`admin` | Active Directory domain administrator string. | no
Packit Service a166ed 
`password` | Active Directory domain administrator's password string. | no
Packit Service a166ed 
`server` | Domain controller for the Active Directory domain string. | no
Packit Service a166ed 
`trust_secret` | Shared secret for the trust string. | no
Packit Service a166ed 
`base_id` | First posix id for the trusted domain integer. | no
Packit Service a166ed 
`range_size` | Size of the ID range reserved for the trusted domain integer. | no
Packit Service a166ed 
`range_type` | Type of trusted domain ID range, It can be one of `ipa-ad-trust` or `ipa-ad-trust-posix`and defaults to `ipa-ad-trust`. | no
Packit Service a166ed 
`two_way` | Establish bi-directional trust. By default trust is inbound one-way only. (bool) | no
Packit Service a166ed 
`external` | Establish external trust to a domain in another forest. The trust is not transitive beyond the domain. (bool) | no
Packit Service a166ed 
`state` | The state to ensure. It can be one of `present` or `absent`, default: `present`. | yes
Packit Service a166ed
Packit Service a166ed 
Authors
Packit Service a166ed 
=======
Packit Service a166ed
Packit Service a166ed 
Rob Verduijn

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation