- Jun 14, 2019
-
-
Thomas Woerner authored
-
Thomas Woerner authored
-
Thomas Woerner authored
-
Thomas Woerner authored
This is for example the case if ipaadmin_keytab is used instead without ipaclient_use_otp.
-
Thomas Woerner authored
ipaadmin_keytab has been supported only with with ipaclient_use_otp. But it can also be used without for ipa-join. Important is that ipaadmin_keytab needs to be placed on the cliend node and ipaadmin_keytab needs to be a full path. Otherwise the file will not be found.
-
Thomas Woerner authored
Password and keytab do not need to be set explicitely to an empty string when they are not set. Also there is no need to have string length checks in the role tasks.
-
- Jun 12, 2019
-
-
Thomas Woerner authored
With the deactivation of the Python2/3 test the handling of ansible_python_interpreter needs to be removed as the setting might not exist and is not changed in with the Python2/3 test any more.
-
- Jun 07, 2019
-
-
Thomas Woerner authored
Run validate_hostname to check for valid host name if constants.MAXHOSTNAMELEN is defined. The call has not been used in older FreeIPA versions.
-
- Jun 05, 2019
-
-
Thomas Woerner authored
ansible-freeipa is a new Ansible Collection introduced with Ansible 2.8 and Ansible Galaxy 3.2.
-
Thomas Woerner authored
This will result in a better role documentation on galaxy.
-
- Jun 04, 2019
-
-
Thomas Woerner authored
This test is not properly working with EL-8 nodes as the default system python is not located in /usr/bin. Additionally Ansible 2.8 is able to detect the default python version on the system. As the installation base for IPA 4.5.90 where the Python 3 bindings have not been working properly should be really small or not existing any more the deactivation of this test should be fine.
-
- May 31, 2019
-
-
Thomas Woerner authored
The generated OTP password is stored into ipaadmin_password. The original password is now saved and restored later on again. This fixes the failure with incorrect password while installing the client part in a replica deployment.
-
Thomas Woerner authored
if _on_master is set, deactivate _get_otp as OTP is not needed at all for the client side install part on a master.
-
Thomas Woerner authored
gssapi is only needed for OTP if keytab is used. The common case with password does not require gssapi. This change also fixes the new ansible 2.8 failure if gssapi is not installed on the controller. Ansible 2.8 seems to also transfer and load action plugins to the node if they are not used.
-
- May 13, 2019
-
-
Scott Poore authored
Correcting small typo for lenth to length in a check
-
- May 09, 2019
-
-
Brant Evans authored
-
- May 03, 2019
-
-
Thomas Woerner authored
-
Thomas Woerner authored
-
Thomas Woerner authored
-
Thomas Woerner authored
Dependencies and platforms have been updated. Commented out lines has been removed.
-
Thomas Woerner authored
-
- Apr 26, 2019
-
-
Thomas Woerner authored
There have been several settings in ipaclient_setup_nss that have been hard coded instead of using the settings from the role. This has been fixed and the code in ipaclient_setup_nss has been updated to the latest version of FreeIPA with compatibility changes for older FreeIPA versions. Additionally the api is now properly configured so that the DNS SSHFP records are now properly created if no_dns_sshfp is not enabled.
-
Thomas Woerner authored
The old name ntpconf has been still used in one place of the NTP configuration for FreeIPA versions that do not provide the sync_time function. Fixes: #76 (Ansible Configure NTP Task)
-
Thomas Woerner authored
The use of version numbers for backward compatibility checks is not optimal because the version number is not changed if changes are back ported. The version dependant check has been replaced with an inspect argspec check.
-
Thomas Woerner authored
options.no_krb5_offline_passwords was set using the not existing role variable krb5_offline_passwords instead of no_krb5_offline_passwords.
-
- Apr 18, 2019
-
-
Thomas Woerner authored
This reverts commit bbaaf1f7.
-
- Apr 17, 2019
-
-
Thomas Woerner authored
Meta end_play has been used as a simple solution to end the playbook processing in special conditions, like for example when the deployment was already done before. meta end_play has been replaced with blocks and conditions for these blocks. Fixes: #70 (Avoid using meta end_play)
-
Thomas Woerner authored
The ansible_fqdn hostname has been enforced to be set and used in ipaserver, ipareplica and also ipaclient role. This has been removed as the hostname should only be set if specified explicitly with ipa[server,replica,client]_hostname.
-
Thomas Woerner authored
The FreeIPA versions since 4.7.0 are using chrony and also the new sync_time function for time synchronization which has been added to ipaclient/install/client.py. The old version in ipaclient_setup_ntp has been updated to the code that has been used in 4.6.4.
-
- Apr 16, 2019
-
-
Thomas Woerner authored
The installer logs have not been created using the ansible ipaclient, ipareplica and ipaserver roles. This has been fixed and the installer logs are created now. This is a new and fixed version of 2113c791 where verbose mode is turned off.
-
- Apr 05, 2019
-
-
Thomas Woerner authored
cli_servers from ipaclient_test was missing in ipaclient_setup_ntp. This resulted in a backtrace and is fixed now. Fix options.ntp_servers check to not use length on NoneType.
-
Thomas Woerner authored
The call of standard_logging_setup results in verbose and debug output in the ansible modules. This needs to be done in an altenative way. This reverts commit 2113c791.
-
- Apr 04, 2019
-
-
Thomas Woerner authored
check_ldap_conf is only available in FreeIPA 4.7 and later and tasks.is_nosssd_supported is only available since 4.6.90.pre2. check_ldap_conf is None (ansible_ipa_client) if it can not be imported. hasattr has been added to check if is_nosssd_supported is a valid attribute in tasks. Fixes: #61 (ipaserver role - Fails on ipaclient install)
-
Thomas Woerner authored
The entity argument for validate_domain_name is only available in FreeIPA 4.7 and later. This has been fixed using inspect to be able to detect if entity is a valid argument. If not the whole realm name check is skipped. Related: #61 (ipaserver role - Fails on ipaclient install) Fixes: #66 (Python 2 error with validate_domain)
-
- Apr 03, 2019
-
-
Thomas Woerner authored
This setting had the wrong and unsed prefix ipahost. THis has been fixed and the proper prefix ipaclient is now used. The change in ipaclient/defaults/main.yml was missing from the first commit b5d6dc00
-
Thomas Woerner authored
The installer logs have not been created using the ansible ipaclient, ipareplica and ipaserver roles. This has been fixed and the installer logs are created now.
-
Thomas Woerner authored
This setting had the wrong and unsed prefix ipahost. THis has been fixed and the proper prefix ipaclient is now used.
-
Thomas Woerner authored
Krb5 configuration was also done if ipaclient_on_master was set. This resulted in a reverted configuration while deploying the client part in a server deploment.
-
- Mar 26, 2019
-
-
Thomas Woerner authored
The role test is executed in the ipa[server,replica,client] roles first. These tests are usable in the Ansible test mode, but the folllowing steps in the task list are not. Therefore the blocks following the tests are limited to not being executed in test mode.
-
Thomas Woerner authored
python_2_3_test needs to be executed also in test mode to make sure that the follwing ipa[server,replica,client]_test modules could be executed also in test mode.
-