- Dec 16, 2019
-
-
Rafael Guterres Jeffman authored
There is a new vault management module placed in the plugins folder: plugins/modules/ipavault.py The vault module allows to ensure presence and absence of vaults, manage members and owner of the vault, and archive data in the vault. Here is the documentation for the module: README-vault.md New example playbooks have been added: playbooks/vault/data-archive-in-asymmetric-vault.yml playbooks/vault/data-archive-in-symmetric-vault.yml playbooks/vault/ensure-asymetric-vault-is-absent.yml playbooks/vault/ensure-asymetric-vault-is-present.yml playbooks/vault/ensure-service-vault-is-absent.yml playbooks/vault/ensure-service-vault-is-present.yml playbooks/vault/ensure-shared-vault-is-absent.yml playbooks/vault/ensure-shared-vault-is-present.yml playbooks/vault/ensure-standard-vault-is-absent.yml playbooks/vault/ensure-standard-vault-is-present.yml playbooks/vault/ensure-symetric-vault-is-absent.yml playbooks/vault/ensure-symetric-vault-is-present.yml playbooks/vault/ensure-vault-is-present-with-members.yml playbooks/vault/ensure-vault-member-group-is-absent.yml playbooks/vault/ensure-vault-member-group-is-present.yml playbooks/vault/ensure-vault-member-user-is-absent.yml playbooks/vault/ensure-vault-member-user-is-present.yml playbooks/vault/ensure-vault-owner-is-absent.yml playbooks/vault/ensure-vault-owner-is-present.yml New tests added for the module: tests/vault/test_vault.yml
-
- Dec 02, 2019
-
-
Thomas Woerner authored
The ipahost management module was not able to add several hosts at once. Addtionally there have been settings missing. ansible_freeipa_module has been extended to provide two additional functions that are needed to simplify the extension of the ipahost module: gen_add_del_lists(user_list, res_list) encode_certificate(cert) gen_add_del_lists will generate the lists for the addition and removal of members using the provided user and ipa settings. encode_certificate will encode a certificate using base64 with also taking FreeIPA and Python versions into account. The missing settings in ipahost have been: certificate managedby_host principal create_keytab_[user,group,host,hostgroup] retrieve_keytab_[user,group,host,hostgroup] sshpubkey userclass auth_ind requires_pre_auth ok_as_delegate ok_to_auth_as_delegate The README-host.md file has been updated to provide information about the new settings and also the members. Also examples for the new things have been added. New example playbooks have been added: playbooks/host/add-host.yml playbooks/host/host-member-allow_create_keytab-absent.yml playbooks/host/host-member-allow_create_keytab-present.yml playbooks/host/host-member-allow_retrieve_keytab-absent.yml playbooks/host/host-member-allow_retrieve_keytab-present.yml playbooks/host/host-member-certificate-absent.yml playbooks/host/host-member-certificate-present.yml playbooks/host/host-member-managedby_host-absent.yml playbooks/host/host-member-managedby_host-present.yml playbooks/host/host-member-principal-absent.yml playbooks/host/host-member-principal-present.yml playbooks/host/host-present-with-allow_create_keytab.yml playbooks/host/host-present-with-allow_retrieve_keytab.yml playbooks/host/host-present-with-certificate.yml playbooks/host/host-present-with-managedby_host.yml playbooks/host/host-present-with-principal.yml playbooks/host/host-present-with-randompassword.yml playbooks/host/host-present.yml playbooks/host/hosts-member-certificate-absent.yml playbooks/host/hosts-member-certificate-present.yml playbooks/host/hosts-member-managedby_host-absent.yml playbooks/host/hosts-member-managedby_host-present.yml playbooks/host/hosts-member-principal-absent.yml playbooks/host/hosts-member-principal-present.yml playbooks/host/hosts-present-with-certificate.yml playbooks/host/hosts-present-with-managedby_host.yml playbooks/host/hosts-present-with-randompasswords.yml New tests have been added for the module: tests/host/certificate/cert1.der tests/host/certificate/cert1.pem tests/host/certificate/cert2.der tests/host/certificate/cert2.pem tests/host/certificate/cert3.der tests/host/certificate/cert3.pem tests/host/certificate/private1.key tests/host/certificate/private2.key tests/host/certificate/private3.key tests/host/certificate/test_host_certificate.yml tests/host/certificate/test_hosts_certificate.yml tests/host/test_host.yml tests/host/test_host_allow_create_keytab.yml tests/host/test_host_allow_retrieve_keytab.yml tests/host/test_host_managedby_host.yml tests/host/test_host_principal.yml tests/host/test_host_random.yml tests/host/test_hosts.yml tests/host/test_hosts_managedby_host.yml tests/host/test_hosts_principal.yml
-
- Nov 20, 2019
-
-
Thomas Woerner authored
The random password is only returned if random is yes and the host did not exist or update_password is yes. If only one host is handled by the module, the returned dict is containing this dict: { "randompassword": "<the host random password>" } If several hosts are handled by the module (future feature): { "<host>": { "randompassword": "<the host random password>" } } Fixes issue #134 (ipahost does not return the random password)
-
Thomas Woerner authored
The random password is only returned if random is yes and user did not exist or update_password is yes. If only one user is handled by the module, the returned dict is containing this dict: { "randompassword": "<the user random password>" } If several users are handled by the module: { "<user>": { "randompassword": "<the user random password>" } } This is related to issue #134 (ipahost does not return the random password)
-
- Nov 07, 2019
-
-
Rafael Guterres Jeffman authored
There is a new sudorule (Sudo Rule) management module placed in the plugins folder: plugins/modules/ipasudorule.py The sudorule module allows to ensure presence and absence of Sudo Rules. Here is the documentation for the module: README-sudorule.md New example playbooks have been added: playbooks/sudorule/ensure-sudorule-host-member-is-absent.yml playbooks/sudorule/ensure-sudorule-host-member-is-present.yml playbooks/sudorule/ensure-sudorule-hostgroup-member-is-absent.yml playbooks/sudorule/ensure-sudorule-hostgroup-member-is-present.yml playbooks/sudorule/ensure-sudorule-is-absent.yml playbooks/sudorule/ensure-sudorule-is-disabled.yml playbooks/sudorule/ensure-sudorule-is-enabled.yml playbooks/sudorule/ensure-sudorule-is-present.yml playbooks/sudorule/ensure-sudorule-sudocmd-is-absent.yml playbooks/sudorule/ensure-sudorule-sudocmd-is-present.yml New tests added for the module: tests/hbacrule/test_sudorule.yml
-
- Nov 05, 2019
-
-
Thomas Woerner authored
There is a new hbacrule (HBAC Rule) management module placed in the plugins folder: plugins/modules/ipahbacrule.py The hbacrule module allows to ensure presence and absence of HBAC Rules. Here is the documentation for the module: README-hbacrule.md New example playbooks have been added: playbooks/hbacrule/ensure-hbarule-allhosts-absent.yml playbooks/hbacrule/ensure-hbarule-allhosts-disabled.yml playbooks/hbacrule/ensure-hbarule-allhosts-enabled.yml playbooks/hbacrule/ensure-hbarule-allhosts-present.yml playbooks/hbacrule/ensure-hbarule-allhosts-server-member-absent.yml playbooks/hbacrule/ensure-hbarule-allhosts-server-member-present.yml New tests added for the module: tests/hbacrule/test_hbacrule.yml
-
- Oct 25, 2019
-
-
Thomas Woerner authored
There is a new hbacsvcgroup (HBAC Service Group) management module placed in the plugins folder: plugins/modules/ipahbacsvcgroup.py The hbacsvc module allows to ensure presence and absence of HBAC Service Groups. Here is the documentation for the module: README-hbacsvcgroup.md New example playbooks have been added: playbooks/hbacsvcgroup/ensure-hbacsvcgroup-absent.yml playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-absent.yml playbooks/hbacsvcgroup/ensure-hbacsvcgroup-member-present.yml playbooks/hbacsvcgroup/ensure-hbacsvcgroup-present.yml New tests added for the module: tests/hbacsvcgroup/test_hbacsvcgroup.yml
-
- Oct 24, 2019
-
-
Thomas Woerner authored
There is a new hbacsvc (HBAC Service) management module placed in the plugins folder: plugins/modules/ipahbacsvc.py The hbacsvc module allows to ensure presence and absence of HBAC Services. Here is the documentation for the module: README-hbacsvc.md New example playbooks have been added: playbooks/hbacsvc/ensure-hbacsvc-absent.yml playbooks/hbacsvc/ensure-hbacsvc-present.yml New tests added for pwpolicy: tests/hbacsvc/test_hbacsvc.yml
-
- Oct 22, 2019
-
-
Thomas Woerner authored
There is a new pwpolicy management module placed in the plugins folder: plugins/modules/ipapwpolicy.py The pwpolicy module allows to ensure presence and absence of pwpolicies for groups. Here is the documentation for the module: README-pwpolicy.md New example playbooks have been added: playbooks/pwpolicy/pwpolicy_absent.yml playbooks/pwpolicy/pwpolicy_present.yml New tests added for pwpolicy: tests/pwpolicy/test_pwpolicy.yml
-
Rafael Guterres Jeffman authored
There is a new sudocmdgroup management module placed in the plugins folder: plugins/modules/ipasudocmdgroup.py The sudocmdgroup module allows to add or remove sudo command groups.. The sudocmdgroup module is as compatible as possible to the Ansible upstream ipa_sudocmdgroup module, and additionally offers to ensure member presence and absence. Here is the documentation for the module: README-sudocmdgroup.md New example playbooks have been added: playbooks/sudocmd/ensure-sudocmdgroup-is-absent.yml playbooks/sudocmd/ensure-sudocmdgroup-is-present.yml playbooks/sudocmd/ensure-sudocmd-is-absent-in-sudocmdgroup.yml playbooks/sudocmd/ensure-sudocmd-is-present-in-sudocmdgroup.yml A test playbook is provided in: tests/sudocmdgroup/test_sudocmdgroup.yml Signed-off-by:
Rafael Guterres Jeffman <rjeffman@redhat.com>
-
Rafael Guterres Jeffman authored
There is a new sudocmd management module placed in the plugins folder: plugins/modules/ipasudocmd.py The sudocmd module allows to add or remove sudo commands. The sudocmd module is as compatible as possible to the Ansible upstream ipa_sudocmd module. Here is the documentation for the module: README-sudocmd.md New example playbooks have been added: playbooks/sudocmd/ensure-sudocmd-is-absent.yml playbooks/sudocmd/ensure-sudocmd-is-present.yml Signed-off-by:
Rafael Guterres Jeffman <rjeffman@redhat.com>
-
- Oct 21, 2019
-
-
Thomas Woerner authored
The ipauser module now supports all user settings and additionally to ensure the presence of several users with the new users setting. The users setting can also be used with other states, but it has to be limited to only contain the name of the users. There updated user management module is placed in the plugins folder: plugins/modules/ipauser.py The user module now additionally allows to handle these user settings: initials principalexpiration random city userstate postalcode mobile pager fax orgunit manager carlicense sshpubkey userauthtype userclass radius radiususer departmentnumber employeenumber employeetype preferredlanguage certificate certmapdata noprivate nomembers Here is the updated documentation for the module: README-user.md New example playbooks have been added: playbooks/user/user_certificate_absent.yml playbooks/user/user_certificate_present.yml playbooks/user/user_present.yml playbooks/user/users_absent.yml playbooks/user/users_certificate_absent.yml playbooks/user/users_certificate_present.yml playbooks/user/users_present.yml plugins/modules/ipauser.py New tests added for ipauser: tests/user/certificate/cert1.der tests/user/certificate/cert1.pem tests/user/certificate/cert2.der tests/user/certificate/cert2.pem tests/user/certificate/cert3.der tests/user/certificate/cert3.pem tests/user/certificate/private1.key tests/user/certificate/private2.key tests/user/certificate/private3.key tests/user/certificate/test_user_certificate.yml tests/user/certificate/test_users_certificate.yml tests/user/certmapdata/test_user_certmapdata.yml tests/user/certmapdata/test_user_certmapdata_issuer_subject.yml tests/user/certmapdata/test_users_certmapdata.yml tests/user/test_user.yml tests/user/test_users.yml tests/user/test_users_absent.yml tests/user/test_users_invalid_cert.yml tests/user/test_users_present.yml tests/user/test_users_present_slice.yml tests/user/users_absent.json tests/user/users_absent.sh tests/user/users_present.json tests/user/users_present.sh
-
- Sep 23, 2019
-
-
Thomas Woerner authored
There is a new hostgroup management module placed in the plugins folder: plugins/modules/ipahostgroup.py The hostgroup module allows to add, remove and disable hosts. The hostgroup module is as compatible as possible to the Ansible upstream ipa_hostgroup module, but addtionally offers to ensure member presence and absence. Here is the documentation for the module: README-hostgroup.md New example playbooks have been added: playbooks/hostgroup/ensure-hostgroup-is-absent.yml playbooks/hostgroup/ensure-hostgroup-is-present.yml playbooks/hostgroup/ensure-hosts-and-hostgroups-are-absent-in-hostgroup.yml playbooks/hostgroup/ensure-hosts-and-hostgroups-are-present-in-hostgroup.yml
-
Thomas Woerner authored
There is a new hostgroup management module placed in the plugins folder: plugins/modules/ipahostgroup.py The hostgroup module allows to add, remove and disable hosts. The hostgroup module is as compatible as possible to the Ansible upstream ipa_hostgroup module, but addtionally offers to ensure member presence and absence. Here is the documentation for the module: README-hostgroup.md New example playbooks have been added: playbooks/hostgroup/ensure-hostgroup-is-absent.yml playbooks/hostgroup/ensure-hostgroup-is-present.yml playbooks/hostgroup/ensure-hosts-and-hostgroups-are-absent-in-hostgroup.yml playbooks/hostgroup/ensure-hosts-and-hostgroups-are-present-in-hostgroup.yml
-
- Sep 10, 2019
-
-
Thomas Woerner authored
There is a new user management module placed in the plugins folder: plugins/modules/ipauser.py The host module allows to add, remove and disable hosts. The host module is as compatible as possible to the Ansible upstream ipa_host` module, but addtionally offers to disable hosts. Here is the documentation for the module: README-host.md New example playbooks have been added: playbooks/host/add-host.yml playbooks/host/delete-host.yml playbooks/host/disable-host.yml
-
- Jul 09, 2019
-
-
Thomas Woerner authored
-
Thomas Woerner authored
ansible-lint does not like to have tasks without names. The comments have been adapted and transformed into name tags.
-
Thomas Woerner authored
ansible-lint does not like to have tasks without names. The comments have been adapted and transformed into name tags.
-
Thomas Woerner authored
There is a new group management module placed in the plugins folder: plugins/modules/ipagroup.py The group module allows to add, remove, enable, disable, unlock und undelete groups. The group module is as compatible as possible to the Ansible upstream `ipa_group` module, but addtionally offers to add users to a group and also to remove users from a group. Here is the documentation for the module: README-group.md New example playbooks have been added: playbooks/user/add-groups-to-group.yml playbooks/user/add-user-to-group.yml playbooks/user/add-group.yml playbooks/user/delete-group.yml
-
Thomas Woerner authored
There is a new user management module placed in the plugins folder: plugins/modules/ipauser.py The user module allows to add, remove, enable, disable, unlock und undelete users. The user module is as compatible as possible to the Ansible upstream `ipa_user` module, but addtionally offers to preserve delete, enable, disable, unlock and undelete users. Here is the documentation for the module: README-user.md New example playbooks have been added: playbooks/user/add-user.yml playbooks/user/delete-user.yml playbooks/user/enable-user.yml playbooks/user/disable-user.yml playbooks/user/delete-preserve--user.yml playbooks/user/undelete-user.yml
-
- Jul 01, 2019
-
-
Thomas Woerner authored
The use of password will conflict with the user password setting and is not really descriptive. ipaadmin_principal and ipaadmin_password are also used in the roles.
-
- Jun 17, 2019
-
-
Thomas Woerner authored
It is now possible to use domain+ca as suffix, That means that the segment will be handled for the suffixes domain and also ca. The new state checked is returning two lists found and not-found. If a segment exists, the ckecked suffix is added to the found list. If a segment from suffix is not found, it is added to the not-found list. New example playbooks have been added: playbooks/topology/add-topologysegments.yml playbooks/topology/check-topologysegments.yml playbooks/topology/delete-topologysegments.yml The cluster playbook has been extended by the
-
- Jun 05, 2019
-
-
Thomas Woerner authored
There are now two topology management modules placed in the plugins folder: plugins/modules/ipatopologysegment.py plugins/modules/ipatopologysuffix.py Topology segments can be added, removed and reinitialized with the ipatopologysegment module. Also it is possible to verify topology suffixes with the ipatopologysuffix module. A new module_utils for plugins has been added: plugins/module_utils/ansible_freeipa_module.py And documentation for the modules: README-topology.md New sample playbooks are available in playbooks/topology: playbooks/topology/add-topologysegment.yml playbooks/topology/delete-topologysegment.yml playbooks/topology/reinitialize-topologysegment.yml playbooks/topology/verify-topologysuffix.yml The plugins folder can be used with the new Ansible Collections supported by Ansible 2.8 and Ansible galaxy 3.2.
-
Thomas Woerner authored
The playbooks install-client.yml, install-cluster.yml, install-replica.yml, install-server.yml, uninstall-client.yml, uninstall-cluster.yml, uninstall-replica.yml and uninstall-server.yml have been moved into the playbooks folder.
-