- Docs »
- ipa_subca - Manage FreeIPA Lightweight Sub Certificate Authorities.
-
You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.
ipa_subca - Manage FreeIPA Lightweight Sub Certificate Authorities.
- Add, modify, enable, disable and delete an IPA Lightweight Sub Certificate Authorities using IPA API.
Parameter |
Choices/Defaults |
Comments |
ipa_host
|
Default:
"ipa.example.com"
|
IP or hostname of IPA server.
If the value is not specified in the task, the value of environment variable IPA_HOST will be used instead.
If both the environment variable IPA_HOST and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
ipa_pass
required |
|
Password of administrative user.
If the value is not specified in the task, the value of environment variable IPA_PASS will be used instead.
If both the environment variable IPA_PASS and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
ipa_port
|
Default:
443
|
Port of FreeIPA / IPA server.
If the value is not specified in the task, the value of environment variable IPA_PORT will be used instead.
If both the environment variable IPA_PORT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
ipa_prot
|
|
Protocol used by IPA server.
If the value is not specified in the task, the value of environment variable IPA_PROT will be used instead.
If both the environment variable IPA_PROT and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
ipa_user
|
Default:
"admin"
|
Administrative account used on IPA server.
If the value is not specified in the task, the value of environment variable IPA_USER will be used instead.
If both the environment variable IPA_USER and the value are not specified in the task, then default value is set.
Environment variable fallback mechanism is added in version 2.5.
|
state
|
Choices:
present ←
- absent
- enable
- disable
|
State to ensure
State 'disable' and 'enable' is available for FreeIPA 4.4.2 version and onwards
|
subca_desc
required |
|
The Sub Certificate Authority's description.
|
subca_name
required |
|
The Sub Certificate Authority name which needs to be managed.
|
subca_subject
required |
|
The Sub Certificate Authority's Subject. e.g., 'CN=SampleSubCA1,O=testrelm.test'
|
validate_certs
|
Default:
"yes"
|
This only applies if ipa_prot is https.
If set to no , the SSL certificates will not be validated.
This should only set to no used on personally controlled sites using self-signed certificates.
|
# Ensure IPA Sub CA is present
- ipa_subca:
ipa_host: spider.example.com
ipa_pass: Passw0rd!
state: present
subca_name: AnsibleSubCA1
subca_subject: 'CN=AnsibleSubCA1,O=example.com'
subca_desc: Ansible Sub CA
# Ensure that IPA Sub CA is removed
- ipa_subca:
ipa_host: spider.example.com
ipa_pass: Passw0rd!
state: absent
subca_name: AnsibleSubCA1
# Ensure that IPA Sub CA is disabled
- ipa_subca:
ipa_host: spider.example.com
ipa_pass: Passw0rd!
state: disable
subca_name: AnsibleSubCA1
Common return values are documented here, the following are the fields unique to this module:
Key |
Returned |
Description |
subca
dict
|
always |
IPA Sub CA record as returned by IPA API.
|
This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.
This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.
For a list of other modules that are also maintained by the Ansible Community, see here.
- Abhijeet Kasurde (@Akasurde)
Hint
If you notice any issues in this documentation you can edit this document to improve it.