- Mar 27, 2024
-
-
Thomas Woerner authored
FreeIPA PR https://github.com/freeipa/freeipa/pull/7286 moved ipalib.install.kinit to ipalib. It is first tried to import kinit_keytab and kinit_password from ipalib.kinit, then ipalib.install.kinit and finally in some cases where support for IPA 4.5.0 is needed still also ipapython.ipautil. Related: https://github.com/freeipa/freeipa/pull/7286
-
- Mar 13, 2024
-
-
Thomas Woerner authored
The custodia setup is executed twice. At first in ipaserver_setup_custodia and then additionally in ipaserver_setup_ca. The custodia setup code in ipaserver_setup_ca.py has been adapted to fit the code in ipaserver_setup_custodia.py. The extra Setup custodia step in the server roles has been removed together with ipaserver_setup_custodia.py.
-
- Mar 11, 2024
-
-
Thomas Woerner authored
If ipaserver_domain is not given, the domain name is generated from the host fqdn. This generated value was so far not returned, but the empty given value instead.
-
- Feb 07, 2024
-
-
Rafael Guterres Jeffman authored
As FreeIPA now requires MS-PAC to be set in ipaKrbAuthzData to trigger PAC generation, there's a timing issue that causes API malfunction which is long enough to cause the client part insallation to fail. By restarting KDC after DS password is set, we force cached values to be refreshed, allowing the API to work correctly. Resolves: https://github.com/freeipa/ansible-freeipa/issues/1200
-
- Sep 14, 2023
-
-
Thomas Woerner authored
The use of del os.environ assumes that the environment variable exists. If the variable does not exist, this call will result in a traceback. The solution is to use os.environ.pop(VARIABLE, None) instead. This is the ansible-freeipa fix for https://pagure.io/freeipa/issue/9446 (Nightly test failure for replica installation with --setup-ca)
-
- Jun 05, 2023
-
-
Rafael Guterres Jeffman authored
If server FQDN matches the domain name, the installation will succeed, but DNS records will not work. If 'setup_dns: true' is used, there will be no A record for the host, only a NS record, and the PTR record will point to the domain name. Based on: https://github.com/freeipa/freeipa/pull/6853 Related to: https://pagure.io/freeipa/issue/9003
-
- May 05, 2023
-
-
Thomas Woerner authored
random_serial_numbers was missing the default value in the DOCMENTATION section.
-
Thomas Woerner authored
Automatic field numbering specification is not allowed by ansible-test.
-
- Apr 04, 2023
-
-
Rafael Guterres Jeffman authored
Since FreeIPA version 4.10 it is possible to deploy servers that use Random Serial Number v3 support for certificates. This patch exposes the 'random_serial_numbers' parameter, as 'ipaserver_random_serial_numbers', allowing a user to have random serial numbers enabled for the domain. The use of random serial numbers is allowed on new installations only.
-
- Mar 28, 2023
-
-
Thomas Woerner authored
New variables have been added to ipareplica and ipaserver role to enable the removal from the domein with the undeployment. `ipaserver_remove_from_domain` This enables the removal of the server from the domain additionally to the undeployment. `ipaserver_remove_on_server` The value defines the server/replica in the domain that will to be used to remove the server/replica from the domain if `ipaserver_ignore_topology_disconnect` and `ipaserver_remove_from_domain` are enabled. Without the need to enable `ipaserver_ignore_topology_disconnect`, the value will be automatically detected using the replication agreements of the server/replica. For the replica role it is possible to use the server variables, but also the replica versions: `ipareplica_remove_from_domain` and `ipareplica_remove_on_server`. The already existing parameters `ipaserver_ignore_topology_disconnect` and `ipaserver_ignore_last_of_role` have been added to the README files for server and replica with descriptions. The same for the replica versions of the parameters. The ipareplica role is not calling the `ipa-server-install` anymore, it is instead using (including) the server role for the task. The new module `ipaserver_get_connected_server` has been added to the server role to be able to get a connected server using the replication agreements. This module is only used if `ipaserver_ignore_topology_disconnect` is not needed.
-
- Nov 14, 2022
-
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` - `choices` needs to match `argument_spec` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` - `choices` needs to match `argument_spec` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` RETURN section - `type: str` needs to be used for string parameters argument_spec - `type='str'` needs to be set for string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
- Aug 30, 2022
-
-
Thomas Woerner authored
The idstart needs to be larger than UID_MAX or GID_MAX from /etc/login.defs. This is "Require idstart to be larger than UID_MAX" for freeipa. Fixes: #896 (Invalid RID/SID SSSD backtrace after deployment)
-
- Aug 26, 2022
-
-
Thomas Woerner authored
Before "short description" was used in most plugins, modules and also in the new module templates. ansible-doc was therefore not showing the short description. To fix the issue the flag was renamed to short_description instead. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2121362 'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
-
- Jul 27, 2022
-
-
Thomas Woerner authored
The SID is always generated in the command line installers in newer IPA versions. This also needs to be done in the ipaserver and ipareplica roles. For the IPA versions that are supporting this, the adtrust setup is always executed to generated the SIDs, but only configures AD trust if ipaserver_setup_adtrust or ipareplica_setup_adtrust is also enabled. A check has been added to ipaserver_test and ipareplica_test to only enable the SID generation for the IPA versions supporting this. This is related to https://pagure.io/freeipa/8995 Fixes: - https://bugzilla.redhat.com/show_bug.cgi?id=2110478 - https://bugzilla.redhat.com/show_bug.cgi?id=2110491
-
- Jul 25, 2022
-
-
Thomas Woerner authored
The option _random_serial_numbers was using with the wrong type in ipaserver_setup_ca.py and ipareplica_setup_ca.py. Therefore RSN was always enabled. Fixes: - https://bugzilla.redhat.com/show_bug.cgi?id=2110523 - https://bugzilla.redhat.com/show_bug.cgi?id=2110526
-
- Jul 06, 2022
-
-
Thomas Woerner authored
Python 3.11 dropped compat inspect.getargspec. As the roles and modules need to support Python2 and Python3, the code for getargspec has been copied from Python 3.10 and is added as a fallback as soon as getargspec can not be imported from inspect. The copied getargspec is using getfullargspec internally. Fixes: #855 (Python's inspect.getargspec was removed in version 3.11)
-
Thomas Woerner authored
With the support for Random Serial Numbers v3 in FreeIPA 4.10, the attribute random_serial_numbers has been added to the installer options. options._random_serial_numbers is generated by ca.install_check and later used by ca.install in the _setup_ca module. ca.install_check is using options.random_serial_numbers and generating options._random_serial_numbers which is later used by ca.install in ca.install the _setup_ca module. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2103928 https://bugzilla.redhat.com/show_bug.cgi?id=2103924
-
- Jan 13, 2022
-
-
Thomas Woerner authored
ERROR: Found 6 pylint issue(s) which need to be resolved: ERROR: plugins/modules/ipaserver_prepare.py:395:4: invalid-name: Variable name "e" doesn't conform to snake_case naming style ERROR: roles/ipaserver/library/ipaserver_prepare.py:395:4: invalid-name: Variable name "e" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:333:12: invalid-name: Variable name "ds" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:348:12: invalid-name: Variable name "ds" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:361:12: invalid-name: Variable name "ip" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:364:12: invalid-name: Variable name "e" doesn't conform to snake_case naming style e has been replaced with err, ds with _ds, ip with _ip.
-
- Jan 12, 2022
-
-
Rafael Guterres Jeffman authored
Fix pylint warnings raised by enabling linter on ansible-freeipa roles.
-
- Nov 24, 2021
-
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
- Nov 25, 2020
-
-
Thomas Woerner authored
The common_check function in the replica installer code has been changed for the new memory checker code. With this the server and replica command line installers got the option --skip-mem-check. The server and replica role now also support the memory cheker and there are new variables for server and replica: ipaserver_mem_check - for ipaserver ipareplica_mem_check - for ipaserver These bool values default to yes and can be turned off in the inventory or playbook if needed. Related to freeipa PR https://pagure.io/freeipa/issue/8404 (Detect and fail if not enough memory is available for installation) Fixes: #450 (IPA Replica Installation Fails)
-
- Jun 15, 2020
-
-
Thomas Woerner authored
The ca-less PR introduced a bug when http_ca_cert is not set. The test for loading the certificate is testing for None, but the string will only be empty in this case. Related: #298 (Install server and replicas without CA)
-