This is an Ansible role for installing FreeIPA server.
None.
| Variable | Description | Default | Required |
|---|---|---|---|
| freeipa_days_before_inactive | The number of days an account can go without being authenticated before it is determined to be inactive and is disabled. | 45 |
No |
| freeipa_disable_inactive_users | Whether or not to (1) configure FreeIPA to enable tracking of the most recent authentication time for each user and (2) create a systemd timer and service to disable inactive users. | false |
No |
| freeipa_disable_trace | Whether or not to disable trace functionality for all HTTP and HTTPS requests. | false |
No |
| freeipa_enable_hsts | Whether or not to return HSTS headers for all HTTP and HTTPS requests. | false |
No |
None.
This role can be installed via the command:
ansible-galaxy install --role-file path/to/requirements.ymlwhere requirements.yml looks like:
---
- name: freeipa_server
src: https://github.com/cisagov/ansible-role-freeipa-serverand may contain other roles as well.
For more information about installing Ansible roles via a YAML file,
please see the ansible-galaxy
documentation.
Here's how to use it in a playbook:
- hosts: freeipa_servers
become: true
become_method: sudo
tasks:
- name: Install FreeIPA server
ansible.builtin.include_role:
name: freeipa_serverWe welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.
Shane Frasier - jeremy.frasier@gwe.cisa.dhs.gov