ipa_role - Manage FreeIPA role
New in version 2.3.
Synopsis
- Add, modify and delete a role within FreeIPA server using FreeIPA API
Options
| parameter | required | default | choices | comments |
|---|---|---|---|---|
| cn | yes | Role name. Can not be changed as it is the unique identifier. aliases: name | ||
| description | no | A description of this role-group. | ||
| group | no | List of group names assign to this role. If an empty list is passed all assigned groups will be unassigned from the role. If option is omitted groups will not be checked or changed. If option is passed all assigned groups that are not passed will be unassigned from the role. | ||
| host | no | List of host names to assign. If an empty list is passed all assigned hosts will be unassigned from the role. If option is omitted hosts will not be checked or changed. If option is passed all assigned hosts that are not passed will be unassigned from the role. | ||
| hostgroup | no | List of host group names to assign. If an empty list is passed all assigned host groups will be removed from the role. If option is omitted host groups will not be checked or changed. If option is passed all assigned hostgroups that are not passed will be unassigned from the role. | ||
| ipa_host | no | ipa.example.com | IP or hostname of IPA server | |
| ipa_pass | yes | Password of administrative user | ||
| ipa_port | no | 443 | Port of IPA server | |
| ipa_prot | no | https |
| Protocol used by IPA server |
| ipa_user | no | admin | Administrative account used on IPA server | |
| privilege (added in 2.4)
| no | None | List of privileges granted to the role. If an empty list is passed all assigned privileges will be removed. If option is omitted privileges will not be checked or changed. If option is passed all assigned privileges that are not passed will be removed. | |
| service | no | List of service names to assign. If an empty list is passed all assigned services will be removed from the role. If option is omitted services will not be checked or changed. If option is passed all assigned services that are not passed will be removed from the role. | ||
| state | no | present |
| State to ensure |
| user | no | List of user names to assign. If an empty list is passed all assigned users will be removed from the role. If option is omitted users will not be checked or changed. | ||
| validate_certs | no | True | This only applies if ipa_prot is https.If set to no, the SSL certificates will not be validated.This should only set to no used on personally controlled sites using self-signed certificates. |
Examples
# Ensure role is present
- ipa_role:
name: dba
description: Database Administrators
state: present
user:
- pinky
- brain
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
# Ensure role with certain details
- ipa_role:
name: another-role
description: Just another role
group:
- editors
host:
- host01.example.com
hostgroup:
- hostgroup01
privilege:
- Group Administrators
- User Administrators
service:
- service01
# Ensure role is absent
- ipa_role:
name: dba
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
Return Values
Common return values are documented here Return Values, the following are the fields unique to this module:
| name | description | returned | type | sample |
|---|---|---|---|---|
| role | Role as returned by IPA API. | always | dict |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
For help in developing on modules, should you be so inclined, please read Community Information & Contributing, Testing Ansible and Developing Modules.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.4/ipa_role_module.html