Skip to content
  1. May 05, 2023
  2. Apr 28, 2023
  3. Apr 27, 2023
  4. Apr 20, 2023
  5. Apr 18, 2023
    • Thomas Woerner's avatar
      New utils/facts.py: Provide facts about the repo like role and module lists · 5cbc8b7a
      Thomas Woerner authored
      The list of modules and roles is needed in several scripts now,
      therefore it makes sense to have one place for this.
      
      Here are the current variables:
      
      BASE_DIR:           Base directory of the repo
      ROLES:              List of roles in the roles folder
      MANAGEMENT_MODULES: List of management modules in the plugins/modules
                          folder
      ROLES_MODULES:      List of modules in the roles/*/library folders
      ALL_MODULES:        List of all modules, the management and the roles
                          modules
      
      All lists are sorted.
      5cbc8b7a
  6. Apr 14, 2023
  7. Apr 05, 2023
  8. Apr 04, 2023
  9. Apr 03, 2023
    • Thomas Woerner's avatar
      ipagroup: Fix ensuring external group group members (without trust-ad) · 80abf635
      Thomas Woerner authored
      Due to an API misbehaviour in FreeIPA, ipaexternalmembers need to be
      treated differently than other group members parameters. Even an empty
      array triggers all tests for external members, including the check for
      installed dcerpc bindings.
      
      Therefore ipagroup module has been changed to not set ipaexternalmember
      to an empty list if there are no external members to be added or
      removed.
      80abf635
  10. Mar 30, 2023
  11. Mar 28, 2023
    • Thomas Woerner's avatar
      ipareplica/server: Enable removal from domain with undeployment · 476d9d50
      Thomas Woerner authored
      New variables have been added to ipareplica and ipaserver role to enable
      the removal from the domein with the undeployment.
      
      `ipaserver_remove_from_domain`
      This enables the removal of the server from the domain additionally to the
      undeployment.
      
      `ipaserver_remove_on_server`
      The value defines the server/replica in the domain that will to be used to
      remove the server/replica from the domain if
      `ipaserver_ignore_topology_disconnect` and `ipaserver_remove_from_domain`
      are enabled. Without the need to enable
      `ipaserver_ignore_topology_disconnect`, the value will be automatically
      detected using the replication agreements of the server/replica.
      
      For the replica role it is possible to use the server variables, but
      also the replica versions: `ipareplica_remove_from_domain` and
      `ipareplica_remove_on_server`.
      
      The already existing parameters `ipaserver_ignore_topology_disconnect` and
      `ipaserver_ignore_last_of_role` have been added to the README files for
      server and replica with descriptions. The same for the replica versions
      of the parameters.
      
      The ipareplica role is not calling the `ipa-server-install` anymore, it
      is instead using (including) the server role for the task.
      
      The new module `ipaserver_get_connected_server` has been added to the
      server role to be able to get a connected server using the replication
      agreements. This module is only used if
      `ipaserver_ignore_topology_disconnect` is not needed.
      476d9d50
  12. Mar 27, 2023
  13. Mar 24, 2023
    • Thomas Woerner's avatar
      ipaclient: ipaclient_fix_ca also needs krb_name parameter · 10d072a8
      Thomas Woerner authored
      With the fix to defer creating the final krb5.conf on clients a bug has
      been introduced with ipaclient_fix_ca: The krb_name parameter that
      points to the temporary krb5 configuration was not added to the module
      
      Without this the server affinity is broken for allow_repair and additionally
      ipaclient_fix_ca could fail if krb5 configuration needs to be repraied
      and also CA needs to be fixed.
      
      The krb_name parameter has been added to ipaclient_fix_ca and is also
      properly set in tasks/install.yml.
      10d072a8
    • Thomas Woerner's avatar
      ipaclient: ipaclient_setup_nss also needs krb_name parameter · 0ec89eb5
      Thomas Woerner authored
      With the fix to defer creating the final krb5.conf on clients a bug has
      been introduced with ipaclient_setup_nss: The krb_name parameter that
      points to the temporary krb5 configuration was not added to the module.
      
      With a properly configured DNS (like for example IPA DNS) the krb TXT
      records have been present in the DNS configuration. These have been used
      automatically as a fallback and broke server affinity for the client.
      Without the TXT records creating the IPA NSS database failed with
       "Cannot find KDC for realm ..".
      
      The krb_name parameter has been added to ipaclient_setup_nss and is also
      properly set in tasks/install.yml.
      0ec89eb5
  14. Mar 20, 2023
Loading