What's the proper way of creating HBAC/SUDO rules in a Primary/replica setup
by J N
Hi,
I'm new to ansible and FreeIPA project, and I'm currently trying to setup HBAC and SUDO rules to my primary server and the replicas.
Is the practice to only apply rules to the primary server and let it replicate to the replicas? The reason I'm asking is because when I try to create HBAC/SUDO rules on the primary and the replicas I get an error in ansible saying:
changed: [192.168.204.10]
fatal: [192.168.204.11]: FAILED! => {"changed": false, "msg": "sudorule_add: test_rule: sudo rule with name \"test_rule\" already exists"}
However, if I try to retun the play it will work as an idempotently:
ok: [192.168.204.10]
ok: [192.168.204.11]
Question:
What's the practice when running a replicas, should only the "main" master be updated?
1 year
How to parse this under command module
by HUANG, TONY
Hi,
I am trying to add ipa migrate-ds as a task using the command or shell
module, but it keeps on erroring out. How should I parse this?
ipa migrate-ds --bind-dn="cn=Directory Manager"
--user-container=cn=users,cn=accounts
--group-container=cn=groups,cn=accounts --group-objectclass=posixgroup
--user-ignore-attribute={krbPrincipalName,krbextradata,krblastfailedauth,krblastpwdchange,krblastsuccessfulauth,krbloginfailedcount,krbpasswordexpiration,krbticketflags,krbpwdpolicyreference,mepManagedEntry}
--user-ignore-objectclass mepOriginEntry
--group-ignore-attribute=mepmanagedby
--group-ignore-objectclass=mepmanagedEntry --with-compat ldap://
ipa.server.com
Thanks!
Tony
1 year