- Mar 28, 2023
-
-
Thomas Woerner authored
New variables have been added to ipareplica and ipaserver role to enable the removal from the domein with the undeployment. `ipaserver_remove_from_domain` This enables the removal of the server from the domain additionally to the undeployment. `ipaserver_remove_on_server` The value defines the server/replica in the domain that will to be used to remove the server/replica from the domain if `ipaserver_ignore_topology_disconnect` and `ipaserver_remove_from_domain` are enabled. Without the need to enable `ipaserver_ignore_topology_disconnect`, the value will be automatically detected using the replication agreements of the server/replica. For the replica role it is possible to use the server variables, but also the replica versions: `ipareplica_remove_from_domain` and `ipareplica_remove_on_server`. The already existing parameters `ipaserver_ignore_topology_disconnect` and `ipaserver_ignore_last_of_role` have been added to the README files for server and replica with descriptions. The same for the replica versions of the parameters. The ipareplica role is not calling the `ipa-server-install` anymore, it is instead using (including) the server role for the task. The new module `ipaserver_get_connected_server` has been added to the server role to be able to get a connected server using the replication agreements. This module is only used if `ipaserver_ignore_topology_disconnect` is not needed.
-
- Mar 17, 2023
-
-
Rafael Guterres Jeffman authored
Some ipareplica role had a few module calls with parameters set like 'some_argument | default(omit)' that were not actually available in such modules. If a user provided 'some_argument', the paramater would then be passed to the module and ipareplica deployment would fail. By removing the parameters from the 'install' task, ipareplica deployment works even if the variables are set by the user.
-
- Mar 06, 2023
-
-
Denis Karpelevich authored
This is an ansible-freeipa update for the freeipa RFE: https://pagure.io/freeipa/issue/9159 "`ipa-client-install` should provide option to enable `subid: sss` in `/etc/nsswitch.conf`". This option allows to configure authselect with the sssd profile + with-subid feature, in order to have SSSD setup as a datasource for subid in /etc/nsswitch.conf. The default behavior remains unchanged: without the option, /etc/nsswitch.conf keeps the line subid: files Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
-
- Feb 27, 2023
-
-
Thomas Woerner authored
A temporary krb5 configuration was used to join the domain in ipaclient_join. After that the final krkb5 configuration was created with enabled DNS discovery and used for the remainaing tasks, where also a connection to the IPA API was done. With several servers the DNS discovery could have picked up a different server. If the client deployment was faster than the replication this could have lead to an unknown host error. The issue was seen in performance testing where many simultaneous client enrollments have been done.. The goal is to keep server affinity as long as possible within the deployment process: The temporary krb5.conf that was used before in ipaclient_join was pulled out into an own module. The generated temporary krb5.conf is now used in ipaclient_join and also ipaclient_api. The generation of the final krb5.conf is moved to the end of the deployment process. Same as: https://pagure.io/freeipa/issue/9228 The setup of certmonger has been pulled out of ipaclient_setup_nss and moved to the end of the process after generating the final krb5.conf as it will use t will only use /etc/krb5.conf. Certificate issuance may fail during deployment due to using the final krb5.conf, but certmonger will re-try the request in this case. Same as: https://pagure.io/freeipa/issue/9246
-
- Feb 08, 2023
-
-
Thomas Woerner authored
The test in ipaclient_test_keytab is at first trying to use an existing krb5.conf to test if the host keytab can be used. With working DNS lookup an absent krb5.conf is not reported as an error as DNS lookup is silently used instead. A temporary krb5.conf is now used in this test that forces to deactivate DNS lookups and also to load /etc/krb5.conf. A missing krb5.conf is now detected properly as the kinit call fails now properly. Thanks to Julien Rische for this proposal. ipaclient_test_keytab is now properly returning the state of usable or not usable krb5.conf in krb5_conf_ok. This fixes the handling of this case later on in the role.
-
- Jan 31, 2023
-
-
Thomas Woerner authored
ipabackup_item needs to be set again in copy_backup_to_server.yml. The variable is later on used in restore.yml.
-
- Jan 12, 2023
-
-
Rafael Guterres Jeffman authored
ansible-lint warns if Jinja2 templates are not used as the last item in a task name.
-
Rafael Guterres Jeffman authored
ansible-lint warns if set_fact sets a variable where the name is used or can be as a parameter for the role.
-
- Jan 11, 2023
-
-
Rafael Guterres Jeffman authored
ansible-lint warns if 'warn' key is used before block and always keys.
-
Rafael Guterres Jeffman authored
This patch fixes ansible-lint warns on jinja2 template spacing in roles
-
Rafael Guterres Jeffman authored
ansible-lint warns if task names don't start with an uppercase letter.
-
Rafael Guterres Jeffman authored
ansible-lint warns to avoid using free-form when calling module actions and ansible-freeipa roles used this form with 'ansible.builtin.fail'.
-
Rafael Guterres Jeffman authored
ansible-lint warns if version strings are used as numbers instead fo strings.
-
Thomas Woerner authored
yamllint is failing for unnamed tasks. All block and include_tasks tasks are now named.
-
- Dec 20, 2022
-
-
Thomas Woerner authored
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is ansible.builtin.set_fact instead of set_fact for example and aplies for all actions that are part of ansible.builtin. All the replaced ansible.builtins: assert, command, copy, debug, fail, fetch, file, import_playbook, import_tasks, include_role, include_tasks, include_vars, package, set_fact, shell, slurp, stat, systemd
-
Thomas Woerner authored
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is ansible.builtin.set_fact instead of set_fact for example and aplies for all actions that are part of ansible.builtin. All the replaced ansible.builtins: assert, command, copy, debug, fail, fetch, file, import_playbook, import_tasks, include_role, include_tasks, include_vars, package, set_fact, shell, slurp, stat, systemd
-
Thomas Woerner authored
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is ansible.builtin.set_fact instead of set_fact for example and aplies for all actions that are part of ansible.builtin. All the replaced ansible.builtins: assert, command, copy, debug, fail, fetch, file, import_playbook, import_tasks, include_role, include_tasks, include_vars, package, set_fact, shell, slurp, stat, systemd
-
Thomas Woerner authored
Use Fully Qualified Collection Name (FQCN) for ansible builtins. This is ansible.builtin.set_fact instead of set_fact for example and aplies for all actions that are part of ansible.builtin. All the replaced ansible.builtins: assert, command, copy, debug, fail, fetch, file, import_playbook, import_tasks, include_role, include_tasks, include_vars, package, set_fact, shell, slurp, stat, systemd
-
- Nov 29, 2022
-
-
Thomas Woerner authored
The DNS resolver configuration should not happen in the server client part installation where ipaclient_on_master is enabled.
-
- Nov 23, 2022
-
-
Thomas Woerner authored
The generation of the OTP for client deployment is now completely happening on the first of the given or detected servers with delegate_to. The module ipaclient_get_otp has been replaced by a new module using code from ipahost module and module_utils ansible_freeipa_module. The action plugin ipaclient_get_otp has been removed and with this also ipaclient_get_facts. If an admin keytab is used instead of an admin password, it is copied to the server as a temporary file to enable the OTP generation. The temporary file is removed again after using the ipaclient_get_otp module. The utils script build-galaxy-release.sh has been updated to not copy the ipaclient action plugin to the global plugins folder of the collection. This change is import for the use of the ipaclient role with AAP as only the base environment is sufficient now. The ipaclient README and also the global README have been updated as kinit is not needed anymore on the controller for OTP. Fixes #903 (Allow the use of principals other than admin when using ipaadmin_keytab)
-
Thomas Woerner authored
The configuration of the DNS resolver is useful if the IPA server has internal DNS support. The installation of packages is happening before the DNS resolver is configured, therefore package installation needs to be possible without the configuration of the DNS resolver. The DNS nameservers are configured for `NetworkManager`, `systemd-resolved` (if installed and enabled) and `/etc/resolv.conf` if neither NetworkManager nor systemd-resolved is used. Example inventory: [ipaserver] ipaserver.example.com [ipaclients] ipaclient1.example.com [ipaclients:vars] ipaadmin_principal=admin ipaadmin_password=MySecretPassword123 ipaclient_domain=example.com ipaclient_configure_dns_resolver=yes ipaclient_dns_servers=192.168.100.1 ipaclient_cleanup_dns_resolver=yes New parameters: ipaclient_configure_dns_resolver The bool value defines if the DNS resolver is configured. before deploying the client. This is useful if the IPA server has internal DNS support. ipaclient_dns_server need to be set also. ipaclient_dns_servers The list of DNS server IP addresses. This is only useful with ipaclient_configure_dns_resolver. ipaclient_cleanup_dns_resolver The bool value defines if DNS resolvers that have been configured before with ipaclient_configure_dns_resolver will be cleaned up again. New module: roles/ipaclient/library/ipaclient_configure_dns_resolver.py Fixes: #902 (Consider adding support for client DNS resolver configuration)
-
- Nov 14, 2022
-
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` - `choices` needs to match `argument_spec` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` - `choices` needs to match `argument_spec` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` RETURN section - `type: str` needs to be used for string parameters argument_spec - `type='str'` needs to be set for string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters A call to ansible_ipa_server.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
All imports that are only available after installing IPA need to be in a try exception clause to be able to pass the fake execution test. The old workaround "if 'ansible.executor' in sys.modules:" is not working with this test anymore. If the imports can not be done, all used and needed attributes are defines with the value None. The new function check_imports has been added to fail with module.fail_json if an import exception occured and ANSIBLE_IPA_SERVER_MODULE_IMPORT_ERROR is not None. This function needs to be called in all modules. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_replica.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `required` tags need to be fixed according to the `argument_spec` - `type` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` argument_spec - `type='str'` needs to be set for string parameters supports_check_mode is turned off as it is not supported. A call to ansible_ipa_replica.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-