The hbacsvc (HBAC Service) module allows to ensure presence and absence of HBAC Services.
FreeIPA versions 4.4.0 and up are supported by the ipahbacsvc module.
Controller * Ansible version: 2.8+
Node * Supported FreeIPA version (see above)
Example inventory file
[ipaserver] ipaserver.test.local
Example playbook to make sure HBAC Service for http is present
--- - name: Playbook to handle HBAC Services hosts: ipaserver become: true tasks: # Ensure HBAC Service for http is present - ipahbacsvc: ipaadmin_password: SomeADMINpassword name: http description: Web service
Example playbook to make sure HBAC Service for tftp is present
--- - name: Playbook to handle HBAC Services hosts: ipaserver become: true tasks: # Ensure HBAC Service for tftp is present - ipahbacsvc: ipaadmin_password: SomeADMINpassword name: tftp description: TFTPWeb service
Example playbook to make sure HBAC Services for http and tftp are absent
--- - name: Playbook to handle HBAC Services hosts: ipaserver become: true tasks: # Ensure HBAC Service for http and tftp are absent - ipahbacsvc: ipaadmin_password: SomeADMINpassword name: http,tftp state: absent
Variable | Description | Required |
---|---|---|
ipaadmin_principal |
The admin principal is a string and defaults to admin |
no |
ipaadmin_password |
The admin password is a string and is required if there is no admin ticket available on the node | no |
name | cn | service |
The list of hbacsvc name strings. | no |
description |
The hbacsvc description string. | no |
state |
The state to ensure. It can be one of present or absent , default: present . |
no |
Thomas Woerner