- Mar 21, 2019
-
-
Thomas Woerner authored
The new module ipaclient_setup_ntp to configure and sync time with the NTP server has been added. The irregular setting ipaclient_ntp has been removed. The ipaclient_setup_ntp module is using either the new sync_time call or for compatibility with older FreeIPA versions synconce_ntp. The reference for ipaclient_ntp in REPLICA.md has been removed also. This also fixes #55.
-
Thomas Woerner authored
ipaclient_extras could configure several things internally according to provided settings. These have been ssh, sshd, automount, firefox an also nis. The ssh and sshd configuration is now plocated in ipaclient_setup_ssh, the automount configuration in ipaclient_setup_automount, the firefox configuration in ipaclient_setup_firefox and the nis configuration in ipaclient_setup_nis. The following additional settings have been added to roles/ipaclient/defaults/main.yml to provide the same configruation options as ipa-client-install does: ipaclient_no_ssh: no ipaclient_no_sshd: no ipaclient_no_nisdomain: no ipaclient_configure_firefox: no
-
Thomas Woerner authored
The naming in the ipaclient role has not been following the naming scheme and conventions used in the ipaserver and ipareplica roles. Also registered results of modules and commands have not been unsing the result_ prefix as in the other roles. All this has been fixed and the naming is consistent now. These are the renames: ipahost -> ipaclient_get_otp ipaapi -> ipaclient_api ipaextras -> ipaclient_extras ipafixca -> ipaclient_fix_ca ipafstore -> ipaclient_fstore ipa_facts -> ipaclient_get_facts ipahost -> ipaclient_get_otp ipajoin -> ipaclient_join ipanss -> ipaclient_setup_nss ipasssd -> ipaclient_setup_sssd ipadiscovery -> ipaclient_test ipatest -> ipaclient_test_keytab
-
Thomas Woerner authored
Move module_utils to role specific locations
-
- Feb 20, 2019
-
-
David Sastre Medina authored
-
- Feb 12, 2019
-
-
Thomas Woerner authored
The use of the _no_ prefix was not good and has been fixed now. The X_setup_firewalld settings default to yes.
-
Thomas Woerner authored
With these settings for server, replica and client it is possible to skip package installation. This is for example useful if the packages are already installed. The settings default to yes The setting ipareplica_no_package_install has been removed.
-
Thomas Woerner authored
Fixes #51 upstream
-
- Feb 11, 2019
-
-
Thomas Woerner authored
-
Thomas Woerner authored
New information about requirements, limitations, installation and usage
-
- Feb 01, 2019
-
-
Alessandro De Blasis authored
-
- Nov 26, 2018
-
-
Thomas Woerner authored
The ipareplica role is reusing the ipaserver_enable_ipa module. This module needed some extensions on the server to enable the delayed services and also to dump DNS configuration (see commit a1287265). For replica it is not needed to dump the DNS configuration, therefore it is simply possible to set detup_dns to no to make this module also working for ipareplica.
-
- Nov 23, 2018
-
-
Thomas Woerner authored
This typo has been introduced with 20d25d0d in import_tasks for the Python 2/3 test.
-
- Nov 22, 2018
-
-
Thomas Woerner authored
The use of custodiainstance.get_custodia_instance requires that options.promote exists. As this is a server installation, promote is set to False.
-
Thomas Woerner authored
As the old way to include tasks is deprecated, replace static include statements with import_tasks and dynamic ones with include_tasks. Increaded the required ansible version to 2.5.0 to make sure that include_tasks and import_tasks is working as expected. Fixes issue #38
-
Thomas Woerner authored
ipaserver_setup_adtrust was using api_Backend_ldap2_connect instead of api_Backend_ldap2 with attribute connect set to True. Fixes issue #39
-
Thomas Woerner authored
This is more like the normal installer behavior and should also help with issue #50: https://github.com/freeipa/ansible-freeipa/issues/50
-
Thomas Woerner authored
subject_validator and also VALID_SUBJECT_ATTRS are provided of the ca binding. Fixes issue #43
-
Thomas Woerner authored
This reverts commit 7a76f73b. It needs to be done as ansible 2.7.1 is now complaining on unknown attribues. This fixes issue #48: https://github.com/freeipa/ansible-freeipa/issues/48
-
Thomas Woerner authored
Service entries in cn=FQDN,cn=masters,cn=ipa,cn=etc are no longer created as enabled. Instead they are flagged as configuredService. At the very end of the installer, the service entries are switched from configured to enabled service. This is related to freeipa upstream commit: Delay enabling services until end of installer: https://github.com/freeipa/freeipa/commit/7284097
-
Thomas Woerner authored
Custodia is configured before CA and used in the setup of CA. Also add support for name FIRST_MASTER as a replacement for MASTER_PEER. This is related to the freeipa upstream commits: Use single Custodia instance in installers: https://github.com/freeipa/freeipa/commit/994f71a Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER: https://github.com/freeipa/freeipa/commit/842cb5f
-
- Nov 21, 2018
-
-
Thomas Woerner authored
The api command to get the server config is failing with more recent freeipa versions. Therefore another way to gather the server config using api.Backend.rpcclient.forward has been added in case the first version fails. The new code is from freeipa commit 8af6accfa5734a7e9a7c92fcf38d5440482413d4 (https://github.com/freeipa/freeipa/commit/8af6accf)
-
- Jul 23, 2018
-
-
Thomas Woerner authored
This is a partly pick of the changes done by pyguy for pull request #28. The unrelated changed on inventory files have been removed and the change to the README has been adapted to use the "Supported Distributions" section. The original commits by pyguy in https://github.com/pyguy/ansible-freeipa are: commit 1ed1fa845eafd69432b1fd1fc8e5329e4991e84a Author: pyguy <hr.josheghani@gmail.com> Date: Mon Jun 25 17:17:31 2018 +0430 Ubuntu Support added commit 9a4a7c84e4af20af27e814aba4fc2c6b8b35ec0f Author: pyguy <hr.josheghani@gmail.com> Date: Sun Jun 24 10:58:07 2018 +0430 Ubuntu support added
-
- Jul 19, 2018
-
-
Thomas Woerner authored
There is a pull request and also a proposal for ansible be able to limit the number of concurrent executions for a single task: - https://github.com/ansible/proposals/issues/129 - https://github.com/ansible/ansible/pull/42528 The keyword is currently named max_concurrent, but might be renamed later on. If the keyword is present, but not supported by ansible, it will be simply ignored. Therefore there is no issue right now with adding in here early.
-
Thomas Woerner authored
The ipaclient role is now used instead of ipa-client-install.
-
Thomas Woerner authored
-
Thomas Woerner authored
This is needed to use ipaclient in ipareplica for client deployment.
-
Thomas Woerner authored
This is done in IPAChangeConf.changeConf and IPAChangeConf.newConf
-
Thomas Woerner authored
Set default_domain if not ipadiscovery.dnsok or not ipadiscovery.kdc like it is done in ipa-client-install.
-
Thomas Woerner authored
These roles will most likely not work in the common case. Therefore the roles have been renamed. The ipa-krpb5 role is used by ipcalient, but the ipa-sssd role is currently not used.
-
- Jul 17, 2018
-
-
Thomas Woerner authored
custodiainstance.import_dm_password does not support master_host_name post 4.6.90 anymore. A new inspect call has been added to verify if the arg is supported or not.
-
- Jul 09, 2018
-
-
Thomas Woerner authored
-
Thomas Woerner authored
custodia needs to be used here with newer IPA versions (introduced with 4.6.4). With this master_host_name does is not supplied to custodia.import_dm_password as an arguemtn anymore.
-
Thomas Woerner authored
The use of IPA versions to determine if get_custodia_instance should be used was not optimal as the patch that introduced this has been back-ported to the EL-7 package with verion 4.5.4. As get_custodia_instance was not available before we can simply check if get_custodia_instance exists in custodiainstance.
-
Thomas Woerner authored
Tee message for a domain and realm name mismatch should be a warning and not a fail in the ipaserver test. It is also a warning in the normal installer.
-
Thomas Woerner authored
The use of IPA versions to determine if get_custodia_instance should be used was not optimal as the patch that introduced this has been back-ported to the EL-7 package with verion 4.5.4. As get_custodia_instance was not available before we can simply check if get_custodia_instance exists in custodiainstance.
-
Thomas Woerner authored
-
Thomas Woerner authored
-
Thomas Woerner authored
Lowered Version for Setup CA | Tested on CentOS 7.5
-
Thomas Woerner authored
CentOS 7 Compatibility
-