The hbacsvcgroup (HBAC Service Group) module allows to ensure presence and absence of HBAC Service Groups and members of the groups.
FreeIPA versions 4.4.0 and up are supported by the ipahbacsvcgroup module.
Controller * Ansible version: 2.8+
Node * Supported FreeIPA version (see above)
Example inventory file
[ipaserver] ipaserver.test.local
Example playbook to make sure HBAC Service Group login exists:
--- - name: Playbook to handle hbacsvcgroups hbacsvcs: ipaserver become: true tasks: # Ensure HBAC Service Group login is present - ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: login
Example playbook to make sure HBAC Service Group login exists with the only HBAC Service sshd:
--- - name: Playbook to handle hbacsvcgroups hbacsvcs: ipaserver become: true tasks: # Ensure HBAC Service Group login is present with the only HBAC Service sshd - ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: login hbacsvc: - sshd
Example playbook to make sure HBAC Service sshd is present in HBAC Service Group login:
--- - name: Playbook to handle hbacsvcgroups hbacsvcs: ipaserver become: true tasks: # Ensure HBAC Service sshd is present in HBAC Service Group login - ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: login hbacsvc: - sshd action: member
Example playbook to make sure HBAC Service sshd is absent in HBAC Service Group login:
--- - name: Playbook to handle hbacsvcgroups hbacsvcs: ipaserver become: true tasks: # Ensure HBAC Service sshd is present in HBAC Service Group login - ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: login hbacsvc: - sshd action: member state: absent
Example playbook to make sure HBAC Service Group login is absent:
--- - name: Playbook to handle hbacsvcgroups hbacsvcs: ipaserver become: true tasks: # Ensure HBAC Service Group login is present - ipahbacsvcgroup: ipaadmin_password: SomeADMINpassword name: login state: absent
Variable | Description | Required |
---|---|---|
ipaadmin_principal |
The admin principal is a string and defaults to admin |
no |
ipaadmin_password |
The admin password is a string and is required if there is no admin ticket available on the node | no |
name | cn |
The list of hbacsvcgroup name strings. | no |
description |
The hbacsvcgroup description string. | no |
nomembers |
Suppress processing of membership attributes. (bool) | no |
hbacsvc |
List of hbacsvc name strings assigned to this hbacsvcgroup. | no |
action |
Work on hbacsvcgroup or member level. It can be on of member or hbacsvcgroup and defaults to hbacsvcgroup . |
no |
state |
The state to ensure. It can be one of present or absent , default: present . |
no |
Thomas Woerner