Skip to content
  1. Dec 16, 2019
    • Rafael Guterres Jeffman's avatar
      New vault management module. · af4e8432
      Rafael Guterres Jeffman authored
      There is a new vault management module placed in the plugins folder:
      
        plugins/modules/ipavault.py
      
      The vault module allows to ensure presence and absence of vaults, manage
      members and owner of the vault, and archive data in the vault.
      
      Here is the documentation for the module:
      
          README-vault.md
      
      New example playbooks have been added:
      
          playbooks/vault/data-archive-in-asymmetric-vault.yml
          playbooks/vault/data-archive-in-symmetric-vault.yml
          playbooks/vault/ensure-asymetric-vault-is-absent.yml
          playbooks/vault/ensure-asymetric-vault-is-present.yml
          playbooks/vault/ensure-service-vault-is-absent.yml
          playbooks/vault/ensure-service-vault-is-present.yml
          playbooks/vault/ensure-shared-vault-is-absent.yml
          playbooks/vault/ensure-shared-vault-is-present.yml
          playbooks/vault/ensure-standard-vault-is-absent.yml
          playbooks/vault/ensure-standard-vault-is-present.yml
          playbooks/vault/ensure-symetric-vault-is-absent.yml
          playbooks/vault/ensure-symetric-vault-is-present.yml
          playbooks/vault/ensure-vault-is-present-with-members.yml
          playbooks/vault/ensure-vault-member-group-is-absent.yml
          playbooks/vault/ensure-vault-member-group-is-present.yml
          playbooks/vault/ensure-vault-member-user-is-absent.yml
          playbooks/vault/ensure-vault-member-user-is-present.yml
          playbooks/vault/ensure-vault-owner-is-absent.yml
          playbooks/vault/ensure-vault-owner-is-present.yml
      
      New tests added for the module:
      
          tests/vault/test_vault.yml
      af4e8432
  2. Dec 02, 2019
    • Thomas Woerner's avatar
      ipahost: Extension to be able handle several hosts and all settings · 94b1f25b
      Thomas Woerner authored
      The ipahost management module was not able to add several hosts at once.
      Addtionally there have been settings missing.
      
      ansible_freeipa_module has been extended to provide two additional functions
      that are needed to simplify the extension of the ipahost module:
      
          gen_add_del_lists(user_list, res_list)
          encode_certificate(cert)
      
      gen_add_del_lists will generate the lists for the addition and removal of
      members using the provided user and ipa settings.
      
      encode_certificate will encode a certificate using base64 with also taking
      FreeIPA and Python versions into account.
      
      The missing settings in ipahost have been:
      
          certificate
          managedby_host
          principal
          create_keytab_[user,group,host,hostgroup]
          retrieve_keytab_[user,group,host,hostgroup]
          sshpubkey
          userclass
          auth_ind
          requires_pre_auth
          ok_as_delegate
          ok_to_auth_as_delegate
      
      The README-host.md file has been updated to provide information about the
      new settings and also the members. Also examples for the new things have
      been added.
      
      New example playbooks have been added:
      
          playbooks/host/add-host.yml
          playbooks/host/host-member-allow_create_keytab-absent.yml
          playbooks/host/host-member-allow_create_keytab-present.yml
          playbooks/host/host-member-allow_retrieve_keytab-absent.yml
          playbooks/host/host-member-allow_retrieve_keytab-present.yml
          playbooks/host/host-member-certificate-absent.yml
          playbooks/host/host-member-certificate-present.yml
          playbooks/host/host-member-managedby_host-absent.yml
          playbooks/host/host-member-managedby_host-present.yml
          playbooks/host/host-member-principal-absent.yml
          playbooks/host/host-member-principal-present.yml
          playbooks/host/host-present-with-allow_create_keytab.yml
          playbooks/host/host-present-with-allow_retrieve_keytab.yml
          playbooks/host/host-present-with-certificate.yml
          playbooks/host/host-present-with-managedby_host.yml
          playbooks/host/host-present-with-principal.yml
          playbooks/host/host-present-with-randompassword.yml
          playbooks/host/host-present.yml
          playbooks/host/hosts-member-certificate-absent.yml
          playbooks/host/hosts-member-certificate-present.yml
          playbooks/host/hosts-member-managedby_host-absent.yml
          playbooks/host/hosts-member-managedby_host-present.yml
          playbooks/host/hosts-member-principal-absent.yml
          playbooks/host/hosts-member-principal-present.yml
          playbooks/host/hosts-present-with-certificate.yml
          playbooks/host/hosts-present-with-managedby_host.yml
          playbooks/host/hosts-present-with-randompasswords.yml
      
      New tests have been added for the module:
      
          tests/host/certificate/cert1.der
          tests/host/certificate/cert1.pem
          tests/host/certificate/cert2.der
          tests/host/certificate/cert2.pem
          tests/host/certificate/cert3.der
          tests/host/certificate/cert3.pem
          tests/host/certificate/private1.key
          tests/host/certificate/private2.key
          tests/host/certificate/private3.key
          tests/host/certificate/test_host_certificate.yml
          tests/host/certificate/test_hosts_certificate.yml
          tests/host/test_host.yml
          tests/host/test_host_allow_create_keytab.yml
          tests/host/test_host_allow_retrieve_keytab.yml
          tests/host/test_host_managedby_host.yml
          tests/host/test_host_principal.yml
          tests/host/test_host_random.yml
          tests/host/test_hosts.yml
          tests/host/test_hosts_managedby_host.yml
          tests/host/test_hosts_principal.yml
      94b1f25b
  3. Nov 20, 2019
    • Thomas Woerner's avatar
      ipahost: Return generated random password · c36cb954
      Thomas Woerner authored
      The random password is only returned if random is yes and the host did
      not exist or update_password is yes.
      
      If only one host is handled by the module, the returned dict is containing
      this dict:
      
        { "randompassword": "<the host random password>" }
      
      If several hosts are handled by the module (future feature):
      
        { "<host>": { "randompassword": "<the host random password>" } }
      
      Fixes issue #134 (ipahost does not return the random password)
      c36cb954
    • Thomas Woerner's avatar
      ipauser: Return generated random password · b5f20922
      Thomas Woerner authored
      The random password is only returned if random is yes and user did not exist
      or update_password is yes.
      
      If only one user is handled by the module, the returned dict is containing
      this dict:
      
        { "randompassword": "<the user random password>" }
      
      If several users are handled by the module:
      
        { "<user>": { "randompassword": "<the user random password>" } }
      
      This is related to issue #134 (ipahost does not return the random password)
      b5f20922
  4. Nov 07, 2019
    • Rafael Guterres Jeffman's avatar
      New sudorule (Sudo Rule) management module · 2f621608
      Rafael Guterres Jeffman authored
      There is a new sudorule (Sudo Rule) management module placed in the plugins
      folder:
      
        plugins/modules/ipasudorule.py
      
      The sudorule module allows to ensure presence and absence of Sudo Rules.
      
      Here is the documentation for the module:
      
        README-sudorule.md
      
      New example playbooks have been added:
      
          playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml
          playbooks/sudorule/ensure-sudorule-host-member-is-present.yml
          playbooks/sudorule/ensure-sudorule-hostgroup-member-is-absent.yml
          playbooks/sudorule/ensure-sudorule-hostgroup-member-is-present.yml
          playbooks/sudorule/ensure-sudorule-is-absent.yml
          playbooks/sudorule/ensure-sudorule-is-disabled.yml
          playbooks/sudorule/ensure-sudorule-is-enabled.yml
          playbooks/sudorule/ensure-sudorule-is-present.yml
          playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml
          playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml
      
      New tests added for the module:
      
        tests/hbacrule/test_sudorule.yml
      2f621608
  5. Nov 05, 2019
    • Thomas Woerner's avatar
      New hbacrule (HBAC Rule) management module · d36d25d6
      Thomas Woerner authored
      There is a new hbacrule (HBAC Rule) management module placed in the plugins
      folder:
      
        plugins/modules/ipahbacrule.py
      
      The hbacrule module allows to ensure presence and absence of HBAC Rules.
      
      Here is the documentation for the module:
      
        README-hbacrule.md
      
      New example playbooks have been added:
      
        playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-present.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml
        playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml
      
      New tests added for the module:
      
        tests/hbacrule/test_hbacrule.yml
      d36d25d6
  6. Oct 25, 2019
    • Thomas Woerner's avatar
      New hbacsvcgroup (HBAC Service Group) management module · 4b9860e1
      Thomas Woerner authored
      There is a new hbacsvcgroup (HBAC Service Group) management module placed
      in the plugins folder:
      
        plugins/modules/ipahbacsvcgroup.py
      
      The hbacsvc module allows to ensure presence and absence of HBAC Service
      Groups.
      
      Here is the documentation for the module:
      
        README-hbacsvcgroup.md
      
      New example playbooks have been added:
      
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-absent.yml
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-absent.yml
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-present.yml
        playbooks/hbacsvcgroup/ensure-hbacsvcgroup-present.yml
      
      New tests added for the module:
      
         tests/hbacsvcgroup/test_hbacsvcgroup.yml
      4b9860e1
  7. Oct 24, 2019
    • Thomas Woerner's avatar
      New hbacsvc (HBAC Service) management module · 42eaadfb
      Thomas Woerner authored
      There is a new hbacsvc (HBAC Service) management module placed in the plugins
      folder:
      
        plugins/modules/ipahbacsvc.py
      
      The hbacsvc module allows to ensure presence and absence of HBAC Services.
      
      Here is the documentation for the module:
      
        README-hbacsvc.md
      
      New example playbooks have been added:
      
        playbooks/hbacsvc/ensure-hbacsvc-absent.yml
        playbooks/hbacsvc/ensure-hbacsvc-present.yml
      
      New tests added for pwpolicy:
      
        tests/hbacsvc/test_hbacsvc.yml
      42eaadfb
  8. Oct 22, 2019
    • Thomas Woerner's avatar
      New pwpolicy management module · b3fd3a51
      Thomas Woerner authored
      There is a new pwpolicy management module placed in the plugins folder:
      
        plugins/modules/ipapwpolicy.py
      
      The pwpolicy module allows to ensure presence and absence of pwpolicies for
      groups.
      
      Here is the documentation for the module:
      
        README-pwpolicy.md
      
      New example playbooks have been added:
      
        playbooks/pwpolicy/pwpolicy_absent.yml
        playbooks/pwpolicy/pwpolicy_present.yml
      
      New tests added for pwpolicy:
      
        tests/pwpolicy/test_pwpolicy.yml
      b3fd3a51
    • Rafael Guterres Jeffman's avatar
      New sudocmdgroup management module. · fce3935d
      Rafael Guterres Jeffman authored
      
      
      There is a new sudocmdgroup management module placed in the plugins folder:
      
      plugins/modules/ipasudocmdgroup.py
      
      The sudocmdgroup module allows to add or remove sudo command groups..
      
      The sudocmdgroup module is as compatible as possible to the Ansible upstream
      ipa_sudocmdgroup module, and additionally offers to ensure member presence
      and absence.
      
      Here is the documentation for the module:
      
        README-sudocmdgroup.md
      
      New example playbooks have been added:
      
        playbooks/sudocmd/ensure-sudocmdgroup-is-absent.yml
        playbooks/sudocmd/ensure-sudocmdgroup-is-present.yml
        playbooks/sudocmd/ensure-sudocmd-is-absent-in-sudocmdgroup.yml
        playbooks/sudocmd/ensure-sudocmd-is-present-in-sudocmdgroup.yml
      
      A test playbook is provided in:
      
        tests/sudocmdgroup/test_sudocmdgroup.yml
      
      Signed-off-by: default avatarRafael Guterres Jeffman <rjeffman@redhat.com>
      fce3935d
    • Rafael Guterres Jeffman's avatar
      New sudocmd management module. · 5d962c06
      Rafael Guterres Jeffman authored
      
      
      There is a new sudocmd management module placed in the plugins folder:
      
        plugins/modules/ipasudocmd.py
      
      The sudocmd module allows to add or remove sudo commands.
      
      The sudocmd module is as compatible as possible to the Ansible upstream
      ipa_sudocmd module.
      
      Here is the documentation for the module:
      
        README-sudocmd.md
      
      New example playbooks have been added:
      
        playbooks/sudocmd/ensure-sudocmd-is-absent.yml
        playbooks/sudocmd/ensure-sudocmd-is-present.yml
      
      Signed-off-by: default avatarRafael Guterres Jeffman <rjeffman@redhat.com>
      5d962c06
  9. Oct 21, 2019
    • Thomas Woerner's avatar
      ipauser: User module extension · 40713e71
      Thomas Woerner authored
      The ipauser module now supports all user settings and additionally to ensure
      the presence of several users with the new users setting. The users setting
      can also be used with other states, but it has to be limited to only contain
      the name of the users.
      
      There updated user management module is placed in the plugins folder:
      
        plugins/modules/ipauser.py
      
      The user module now additionally allows to handle these user settings:
      
        initials
        principalexpiration
        random
        city
        userstate
        postalcode
        mobile
        pager
        fax
        orgunit
        manager
        carlicense
        sshpubkey
        userauthtype
        userclass
        radius
        radiususer
        departmentnumber
        employeenumber
        employeetype
        preferredlanguage
        certificate
        certmapdata
        noprivate
        nomembers
      
      Here is the updated documentation for the module:
      
        README-user.md
      
      New example playbooks have been added:
      
        playbooks/user/user_certificate_absent.yml
        playbooks/user/user_certificate_present.yml
        playbooks/user/user_present.yml
        playbooks/user/users_absent.yml
        playbooks/user/users_certificate_absent.yml
        playbooks/user/users_certificate_present.yml
        playbooks/user/users_present.yml
        plugins/modules/ipauser.py
      
      New tests added for ipauser:
      
        tests/user/certificate/cert1.der
        tests/user/certificate/cert1.pem
        tests/user/certificate/cert2.der
        tests/user/certificate/cert2.pem
        tests/user/certificate/cert3.der
        tests/user/certificate/cert3.pem
        tests/user/certificate/private1.key
        tests/user/certificate/private2.key
        tests/user/certificate/private3.key
        tests/user/certificate/test_user_certificate.yml
        tests/user/certificate/test_users_certificate.yml
        tests/user/certmapdata/test_user_certmapdata.yml
        tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml
        tests/user/certmapdata/test_users_certmapdata.yml
        tests/user/test_user.yml
        tests/user/test_users.yml
        tests/user/test_users_absent.yml
        tests/user/test_users_invalid_cert.yml
        tests/user/test_users_present.yml
        tests/user/test_users_present_slice.yml
        tests/user/users_absent.json
        tests/user/users_absent.sh
        tests/user/users_present.json
        tests/user/users_present.sh
      40713e71
  10. Sep 23, 2019
    • Thomas Woerner's avatar
      New hostgroup management module · 2abebc68
      Thomas Woerner authored
      There is a new hostgroup management module placed in the plugins folder:
      
        plugins/modules/ipahostgroup.py
      
      The hostgroup module allows to add, remove and disable hosts.
      
      The hostgroup module is as compatible as possible to the Ansible upstream
      ipa_hostgroup module, but addtionally offers to ensure member presence and
      absence.
      
      Here is the documentation for the module:
      
        README-hostgroup.md
      
      New example playbooks have been added:
      
        playbooks/hostgroup/ensure-hostgroup-is-absent.yml
        playbooks/hostgroup/ensure-hostgroup-is-present.yml
        playbooks/hostgroup/ensure-hosts-and-hostgroups-are-absent-in-hostgroup.yml
        playbooks/hostgroup/ensure-hosts-and-hostgroups-are-present-in-hostgroup.yml
      2abebc68
    • Thomas Woerner's avatar
      New hostgroup management module · 74ea40f6
      Thomas Woerner authored
      There is a new hostgroup management module placed in the plugins folder:
      
        plugins/modules/ipahostgroup.py
      
      The hostgroup module allows to add, remove and disable hosts.
      
      The hostgroup module is as compatible as possible to the Ansible upstream
      ipa_hostgroup module, but addtionally offers to ensure member presence and
      absence.
      
      Here is the documentation for the module:
      
        README-hostgroup.md
      
      New example playbooks have been added:
      
        playbooks/hostgroup/ensure-hostgroup-is-absent.yml
        playbooks/hostgroup/ensure-hostgroup-is-present.yml
        playbooks/hostgroup/ensure-hosts-and-hostgroups-are-absent-in-hostgroup.yml
        playbooks/hostgroup/ensure-hosts-and-hostgroups-are-present-in-hostgroup.yml
      74ea40f6
  11. Sep 10, 2019
    • Thomas Woerner's avatar
      New host management module · 4fc722f7
      Thomas Woerner authored
      There is a new user management module placed in the plugins folder:
      
        plugins/modules/ipauser.py
      
      The host module allows to add, remove and disable hosts.
      
      The host module is as compatible as possible to the Ansible upstream
      ipa_host` module, but addtionally offers to disable hosts.
      
      Here is the documentation for the module:
      
        README-host.md
      
      New example playbooks have been added:
      
        playbooks/host/add-host.yml
        playbooks/host/delete-host.yml
        playbooks/host/disable-host.yml
      4fc722f7
  12. Jul 09, 2019
    • Thomas Woerner's avatar
      ipauser exmaple playbooks: More updates · e63b5759
      Thomas Woerner authored
      e63b5759
    • Thomas Woerner's avatar
      ipagroup playbooks: Add names for tasks · cf01262b
      Thomas Woerner authored
      ansible-lint does not like to have tasks without names. The comments have
      been adapted and transformed into name tags.
      cf01262b
    • Thomas Woerner's avatar
      ipauser playbooks: Add names for tasks · 0c3d35a5
      Thomas Woerner authored
      ansible-lint does not like to have tasks without names. The comments have
      been adapted and transformed into name tags.
      0c3d35a5
    • Thomas Woerner's avatar
      New group management module · 2afb8c6a
      Thomas Woerner authored
      There is a new group management module placed in the plugins folder:
      
        plugins/modules/ipagroup.py
      
      The group module allows to add, remove, enable, disable, unlock und undelete
      groups.
      
      The group module is as compatible as possible to the Ansible upstream
      `ipa_group` module, but addtionally offers to add users to a group and also
      to remove users from a group.
      
      Here is the documentation for the module:
      
        README-group.md
      
      New example playbooks have been added:
      
        playbooks/user/add-groups-to-group.yml
        playbooks/user/add-user-to-group.yml
        playbooks/user/add-group.yml
        playbooks/user/delete-group.yml
      2afb8c6a
    • Thomas Woerner's avatar
      New user management module · a36e8e08
      Thomas Woerner authored
      There is a new user management module placed in the plugins folder:
      
        plugins/modules/ipauser.py
      
      The user module allows to add, remove, enable, disable, unlock und undelete
      users.
      
      The user module is as compatible as possible to the Ansible upstream
      `ipa_user` module, but addtionally offers to preserve delete, enable,
      disable, unlock and undelete users.
      
      Here is the documentation for the module:
      
        README-user.md
      
      New example playbooks have been added:
      
        playbooks/user/add-user.yml
        playbooks/user/delete-user.yml
        playbooks/user/enable-user.yml
        playbooks/user/disable-user.yml
        playbooks/user/delete-preserve--user.yml
        playbooks/user/undelete-user.yml
      a36e8e08
  13. Jul 01, 2019
  14. Jun 17, 2019
    • Thomas Woerner's avatar
      ipatopologysegment: Allow domain+ca suffix, new state: checked · 56a8aced
      Thomas Woerner authored
      It is now possible to use domain+ca as suffix, That means that the segment
      will be handled for the suffixes domain and also ca.
      
      The new state checked is returning two lists found and not-found. If a
      segment exists, the ckecked suffix is added to the found list. If a segment
      from suffix is not found, it is added to the not-found list.
      
      New example playbooks have been added:
         playbooks/topology/add-topologysegments.yml
         playbooks/topology/check-topologysegments.yml
         playbooks/topology/delete-topologysegments.yml
      
      The cluster playbook has been extended by the
      56a8aced
  15. Jun 05, 2019
    • Thomas Woerner's avatar
      New topology managament modules · 62fd4cc1
      Thomas Woerner authored
      There are now two topology management modules placed in the plugins folder:
      
        plugins/modules/ipatopologysegment.py
        plugins/modules/ipatopologysuffix.py
      
      Topology segments can be added, removed and reinitialized with the
      ipatopologysegment module. Also it is possible to verify topology suffixes
      with the ipatopologysuffix module.
      
      A new module_utils for plugins has been added:
      
        plugins/module_utils/ansible_freeipa_module.py
      
      And documentation for the modules:
      
        README-topology.md
      
      New sample playbooks are available in playbooks/topology:
      
        playbooks/topology/add-topologysegment.yml
        playbooks/topology/delete-topologysegment.yml
        playbooks/topology/reinitialize-topologysegment.yml
        playbooks/topology/verify-topologysuffix.yml
      
      The plugins folder can be used with the new Ansible Collections supported
      by Ansible 2.8 and Ansible galaxy 3.2.
      62fd4cc1
    • Thomas Woerner's avatar
      New playbook folder for sample playbooks · 9c2b9957
      Thomas Woerner authored
      The playbooks install-client.yml, install-cluster.yml, install-replica.yml,
      install-server.yml, uninstall-client.yml, uninstall-cluster.yml,
      uninstall-replica.yml and uninstall-server.yml have been moved into
      the playbooks folder.
      9c2b9957
Loading