ipa_subca - Manage FreeIPA Lightweight Sub Certificate Authorities.
New in version 2.5.
Synopsis
- Add, modify, enable, disable and delete an IPA Lightweight Sub Certificate Authorities using IPA API.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| ipa_host | Default: ipa.example.com | IP or hostname of IPA server. If the value is not specified in the task, the value of environment variable IPA_HOST will be used instead.If both the environment variable IPA_HOST and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5. |
| ipa_pass required | Password of administrative user. If the value is not specified in the task, the value of environment variable IPA_PASS will be used instead.If both the environment variable IPA_PASS and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5. | |
| ipa_port | Default: 443 | Port of FreeIPA / IPA server. If the value is not specified in the task, the value of environment variable IPA_PORT will be used instead.If both the environment variable IPA_PORT and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5. |
| ipa_prot |
| Protocol used by IPA server. If the value is not specified in the task, the value of environment variable IPA_PROT will be used instead.If both the environment variable IPA_PROT and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5. |
| ipa_user | Default: admin | Administrative account used on IPA server. If the value is not specified in the task, the value of environment variable IPA_USER will be used instead.If both the environment variable IPA_USER and the value are not specified in the task, then default value is set.Environment variable fallback mechanism is added in version 2.5. |
| state |
| State to ensure State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards |
| subca_desc required | The Sub Certificate Authority's description. | |
| subca_name required | The Sub Certificate Authority name which needs to be managed. | |
| subca_subject required | The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test' | |
| validate_certs | Default: yes | This only applies if ipa_prot is https.If set to no, the SSL certificates will not be validated.This should only set to no used on personally controlled sites using self-signed certificates. |
Examples
# Ensure IPA Sub CA is present
- ipa_subca:
ipa_host: spider.example.com
ipa_pass: Passw0rd!
state: present
subca_name: AnsibleSubCA1
subca_subject: 'CN=AnsibleSubCA1,O=example.com'
subca_desc: Ansible Sub CA
# Ensure that IPA Sub CA is removed
- ipa_subca:
ipa_host: spider.example.com
ipa_pass: Passw0rd!
state: absent
subca_name: AnsibleSubCA1
# Ensure that IPA Sub CA is disabled
- ipa_subca:
ipa_host: spider.example.com
ipa_pass: Passw0rd!
state: disable
subca_name: AnsibleSubCA1
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| subca dict | always | IPA Sub CA record as returned by IPA API. |
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Author
- Abhijeet Kasurde (@akasurde)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.5/modules/ipa_subca_module.html