ipa_sudocmd - Manage FreeIPA sudo command
New in version 2.3.
Synopsis
- Add, modify or delete sudo command within FreeIPA server using FreeIPA API.
Parameters
| Parameter | Choices/Defaults | Comments |
|---|---|---|
| description |
A description of this command.
|
|
| ipa_host | Default:
"ipa.example.com"
|
IP or hostname of IPA server.
If the value is not specified in the task, the value of environment variable
IPA_HOST will be used instead.
If both the environment variable
IPA_HOST and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
| ipa_pass
required
|
Password of administrative user.
If the value is not specified in the task, the value of environment variable
IPA_PASS will be used instead.
If both the environment variable
IPA_PASS and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
|
| ipa_port | Default:
443
|
Port of FreeIPA / IPA server.
If the value is not specified in the task, the value of environment variable
IPA_PORT will be used instead.
If both the environment variable
IPA_PORT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
| ipa_prot |
|
Protocol used by IPA server.
If the value is not specified in the task, the value of environment variable
IPA_PROT will be used instead.
If both the environment variable
IPA_PROT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
| ipa_user | Default:
"admin"
|
Administrative account used on IPA server.
If the value is not specified in the task, the value of environment variable
IPA_USER will be used instead.
If both the environment variable
IPA_USER and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
| state |
|
State to ensure
|
| sudocmd
required
|
Sudo Command.
aliases: name |
|
| validate_certs | Default:
"yes"
|
This only applies if
ipa_prot is https.
If set to
no, the SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates.
|
Examples
# Ensure sudo command exists
- ipa_sudocmd:
name: su
description: Allow to run su via sudo
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
# Ensure sudo command does not exist
- ipa_sudocmd:
name: su
state: absent
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description |
|---|---|---|
| sudocmd
dict
|
always |
Sudo command as return from IPA API
|
Status
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
Maintenance
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
Author
- Thomas Krahn (@Nosmoht)
Hint
If you notice any issues in this documentation you can edit this document to improve it.
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.6/modules/ipa_sudocmd_module.html