Skip to content

Latest commit

 

History

History
287 lines (167 loc) · 7.85 KB

REFERENCE.md

File metadata and controls

287 lines (167 loc) · 7.85 KB

Reference

Table of Contents

Classes

Public Classes

  • ipa: Manages IPA masters, replicas and clients.

Private Classes

  • ipa::client: Manage ipa client
  • ipa::client::debian: Ensure that home directories get created on Debian and Ubuntu clients.
  • ipa::server: Manage IPA server install
  • ipa::server::flushcache: Manage cache flushing
  • ipa::server::master: Manage primary server
  • ipa::server::redhat
  • ipa::server::replica: Manage replica install

Classes

ipa

TODO: Allow creation of root zone for isolated networks -- https://www.freeipa.org/page/Howto/DNS_in_isolated_networks TODO: Class comments. TODO: Dependencies and metadata updates. TODO: Variable scope and passing. TODO: configurable admin username.

Parameters

The following parameters are available in the ipa class:

domain

Data type: Stdlib::Fqdn

(string) The name of the IPA domain to create or join.

ipa_role

Data type: Enum['client', 'master', 'replica']

(string) What role the node will be. Options are 'master', 'replica', and 'client'.

admin_password

Data type: Optional[Variant[Sensitive[String[8]],String[8]]]

(string) Password which will be assigned to the IPA account named 'admin'.

Default value: undef

directory_services_password

Data type: Optional[Variant[Sensitive[String[8]],String[8]]]

(string) Password which will be passed into the ipa setup's parameter named "--ds-password".

Default value: undef

allow_zone_overlap

Data type: Boolean

(boolean) if set to true, allow creating of (reverse) zone even if the zone is already resolvable. Using this option is discouraged as it result in later problems with domain name. You may have to use this, though, when migrating existing DNS domains to FreeIPA.

Default value: false

no_dnssec_validation

Data type: Boolean

(boolean) if set to true, DNSSEC validation is disabled.

Default value: false

configure_dns_server

Data type: Boolean

(boolean) If true, then the parameter '--setup-dns' is passed to the IPA server installer. Also, triggers the install of the required dns server packages.

Default value: true

configure_replica_ca

Data type: Boolean

(boolean) If true, then the parameter '--setup-ca' is passed to the IPA replica installer.

Default value: false

configure_ntp

Data type: Boolean

(boolean) If false, then the parameter '--no-ntp' is passed to the IPA client and server installers.

Default value: true

configure_ssh

Data type: Boolean

(boolean) If false, then the parameter '--no-ssh' is passed to the IPA client and server installers.

Default value: true

configure_sshd

Data type: Boolean

(boolean) If false, then the parameter '--no-sshd' is passed to the IPA client and server installers.

Default value: true

custom_dns_forwarders

Data type: Array[String]

(array[string]) Each element in this array is prefixed with '--forwarder ' and passed to the IPA server installer.

Default value: []

domain_join_principal

Data type: Variant[Sensitive[String[1]],String[1]]

(string) The principal (usually username) used to join a client or replica to the IPA domain.

Default value: 'admin'

domain_join_password

Data type: Optional[Variant[Sensitive[String[1]],String[1]]]

(string) The password for the domain_join_principal.

Default value: $directory_services_password

enable_dns_updates

Data type: Boolean

(boolean) If true, then the parameter '--enable-dns-updates' is passed to the IPA installer.

Default value: false

enable_hostname

Data type: Boolean

(boolean) If true, then the parameter '--hostname' is populated with the parameter 'ipa_server_fqdn' and passed to the IPA installer.

Default value: true

enable_ip_address

Data type: Boolean

(boolean) If true, then the parameter '--ip-address' is populated with the parameter 'ip_address' and passed to the IPA installer.

Default value: false

fixed_primary

Data type: Boolean

(boolean) If true, then the parameter '--fixed-primary' is passed to the IPA installer.

Default value: false

idstart

Data type: Integer[10000]

(integer) From the IPA man pages: "The starting user and group id number".

Default value: (fqdn_rand('10737') + 10000

idmax

Data type: Optional[Variant[Integer,Undef]]

(integer) From the IPA man pages: "The max value for the IDs range (default: idstart+199999)".

Default value: undef

ip_address

Data type: Optional[Stdlib::IP::Address]

(string) IP address to pass to the IPA installer.

Default value: undef

ipa_server_fqdn

Data type: String

(string) Actual fqdn of the IPA server or client.

Default value: fact('networking.fqdn')

ipa_master_fqdn

Data type: Optional[Stdlib::Fqdn]

(string) FQDN of the server to use for a client or replica domain join.

Default value: undef

mkhomedir

Data type: Boolean

(boolean) If true, then the parameter '--mkhomedir' is passed to the IPA server and client installers.

Default value: true

no_ui_redirect

Data type: Boolean

(boolean) If true, then the parameter '--no-ui-redirect' is passed to the IPA server installer.

Default value: false

realm

Data type: Optional[Stdlib::Fqdn]

(string) The name of the IPA realm to create or join.

Default value: undef

adjust_login_defs

Data type: Boolean

(boolean) Adjust UID_MAX and GID_MAX in login.defs. Without this newer server installers fail. Default false.

Default value: false