Documentation

ipa_subca - Manage FreeIPA Lightweight Sub Certificate Authorities.

New in version 2.5.

Synopsis

  • Add, modify, enable, disable and delete an IPA Lightweight Sub Certificate Authorities using IPA API.

Parameters

Parameter Choices/Defaults Comments
ipa_host Default:
ipa.example.com
IP or hostname of IPA server.
If the value is not specified in the task, the value of environment variable IPA_HOST will be used instead.
If both the environment variable IPA_HOST and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_pass
required
Password of administrative user.
If the value is not specified in the task, the value of environment variable IPA_PASS will be used instead.
If both the environment variable IPA_PASS and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_port Default:
443
Port of FreeIPA / IPA server.
If the value is not specified in the task, the value of environment variable IPA_PORT will be used instead.
If both the environment variable IPA_PORT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_prot
    Choices:
  • http
  • https ←
Protocol used by IPA server.
If the value is not specified in the task, the value of environment variable IPA_PROT will be used instead.
If both the environment variable IPA_PROT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
ipa_user Default:
admin
Administrative account used on IPA server.
If the value is not specified in the task, the value of environment variable IPA_USER will be used instead.
If both the environment variable IPA_USER and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
state
    Choices:
  • present ←
  • absent
  • enable
  • disable
State to ensure
State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards
subca_desc
required
The Sub Certificate Authority's description.
subca_name
required
The Sub Certificate Authority name which needs to be managed.
subca_subject
required
The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test'
validate_certs Default:
yes
This only applies if ipa_prot is https.
If set to no, the SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates.

Examples

# Ensure IPA Sub CA is present
- ipa_subca:
    ipa_host: spider.example.com
    ipa_pass: Passw0rd!
    state: present
    subca_name: AnsibleSubCA1
    subca_subject: 'CN=AnsibleSubCA1,O=example.com'
    subca_desc: Ansible Sub CA

# Ensure that IPA Sub CA is removed
- ipa_subca:
    ipa_host: spider.example.com
    ipa_pass: Passw0rd!
    state: absent
    subca_name: AnsibleSubCA1

# Ensure that IPA Sub CA is disabled
- ipa_subca:
    ipa_host: spider.example.com
    ipa_pass: Passw0rd!
    state: disable
    subca_name: AnsibleSubCA1

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
subca
dict
always
IPA Sub CA record as returned by IPA API.



Status

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author

  • Abhijeet Kasurde (@Akasurde)

Hint

If you notice any issues in this documentation you can edit this document to improve it.