Skip to content

Latest commit

 

History

History
150 lines (111 loc) · 3.16 KB

README-hbacsvcgroup.md

File metadata and controls

150 lines (111 loc) · 3.16 KB

HBACsvcgroup module

Description

The hbacsvcgroup (HBAC Service Group) module allows to ensure presence and absence of HBAP Service Groups and members of the groups.

Features

  • HBAC Service Group management

Supported FreeIPA Versions

FreeIPA versions 4.4.0 and up are supported by the ipahbacsvcgroup module.

Requirements

Controller

  • Ansible version: 2.8+

Node

  • Supported FreeIPA version (see above)

Usage

Example inventory file

[ipaserver]
ipaserver.test.local

Example playbook to make sure HBAC Service Group login exists:

---
- name: Playbook to handle hbacsvcgroups
  hbacsvcs: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service Group login is present
  - ipahbacsvcgroup:
      ipaadmin_password: MyPassword123
      name: login

Example playbook to make sure HBAC Service Group login exists with the only HBAC Service sshd:

---
- name: Playbook to handle hbacsvcgroups
  hbacsvcs: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service Group login is present with the only HBAC Service sshd
  - ipahbacsvcgroup:
      ipaadmin_password: MyPassword123
      name: login
      hbacsvc:
      - sshd

Example playbook to make sure HBAC Service sshd is present in HBAC Service Group login:

---
- name: Playbook to handle hbacsvcgroups
  hbacsvcs: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service sshd is present in HBAC Service Group login
  - ipahbacsvcgroup:
      ipaadmin_password: MyPassword123
      name: login
      hbacsvc:
      - sshd
      action: member

Example playbook to make sure HBAC Service sshd is absent in HBAC Service Group login:

---
- name: Playbook to handle hbacsvcgroups
  hbacsvcs: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service sshd is present in HBAC Service Group login
  - ipahbacsvcgroup:
      ipaadmin_password: MyPassword123
      name: login
      hbacsvc:
      - sshd
      action: member
      state: absent

Example playbook to make sure HBAC Service Group login is absent:

---
- name: Playbook to handle hbacsvcgroups
  hbacsvcs: ipaserver
  become: true

  tasks:
  # Ensure HBAC Service Group login is present
  - ipahbacsvcgroup:
      ipaadmin_password: MyPassword123
      name: login
      state: absent

Variables

ipahbacsvcgroup

Variable Description Required
ipaadmin_principal The admin principal is a string and defaults to admin no
ipaadmin_password The admin password is a string and is required if there is no admin ticket available on the node no
name | cn The list of hbacsvcgroup name strings. no
description The hbacsvcgroup description string. no
nomembers Suppress processing of membership attributes. (bool) no
hbacsvc List of hbacsvc name strings assigned to this hbacsvcgroup. no
action Work on hbacsvcgroup or member level. It can be on of member or hbacsvcgroup and defaults to hbacsvcgroup. no
state The state to ensure. It can be one of present or absent, default: present. no

Authors

Thomas Woerner