- Jul 22, 2019
-
-
Thomas Woerner authored
result_ipaclient_test.dnso has been used instead of result_ipaclient_test.dnsok in the assignment of dnsok.
-
Thomas Woerner authored
The check for the existence of get_custodia_instance in custodiainstance is not sufficient for the use od create_replica in CustodiaInstance. A new check for create_replica in CustodiaInstance has been added.
-
Thomas Woerner authored
In the test of options.zonemgr the value has been be checked uninitialized.
-
Thomas Woerner authored
Fallback for older releases has been added to use '/usr/bin/getent' if paths.GETENT is not defined.
-
Thomas Woerner authored
six.moves.configparser does not always provide RawConfigParser.
-
Thomas Woerner authored
-
Thomas Woerner authored
The documentation of the module paramaters have been updated. The parameter list has been updated and all parameters are providing a description and the required argument has been updated to reflect current setting in the modules.
-
Thomas Woerner authored
These are set in the prepare step and used in the ds_init_info fuction.
-
Thomas Woerner authored
These are set by ca.install_check, but flake8 does not know about this.
-
Thomas Woerner authored
These functions are not used and therefore these functions have been removed.
-
Thomas Woerner authored
All module_utils are now providing the __all__ structure. Alse the imports in the modules have been updated to only import freeipa sturctures from module_utils.
-
Thomas Woerner authored
These are white space and line length changes to calm down pylint and flake8.
-
- Jul 17, 2019
-
-
Thomas Woerner authored
Use and generation of dirsrv_pkcs12_info, http_pkcs12_info and pkinit_pkcs12_info has been fixed in: - ipaserver_setup_ds - ipaserver_setup_http - ipaserver_test
-
Thomas Woerner authored
The variables dirsrv_cert_name, dirsrv_pin, http_cert_name, http_pin, pkinit_cert_name and pkinit_pin have not been initialized properly.
-
Thomas Woerner authored
The parameters ip_addresses, domain and realm have not been properly set for the setup of dns if _setup_dns as not enabled.
-
Thomas Woerner authored
This setting can not be set for replica deployments, but needs to be initilized.
-
Thomas Woerner authored
-
Thomas Woerner authored
Some errors have been printed to the error log only and fail_json only got an empty string as error message. This made the causes of the errors hard to get.
-
Thomas Woerner authored
The variables dirsrv_cert_name, dirsrv_pin, http_cert_name, http_pin, pkinit_cert_name and pkinit_pin have not been initialized properly.
-
Thomas Woerner authored
These two varibles in the dns binding are initialized in the installation check in the install_check parts of ipareplica_prepare and used later on in the dns configuration in ipareplica_setup_dns.
-
Thomas Woerner authored
There is a new setting for the ipareplica role: ipareplica_pki_config_override
-
Thomas Woerner authored
The description of ipaclient_on_master in the ipaclient README was providing the information that the flag is also used for relicas. This is not correct and has been removed.
-
Thomas Woerner authored
dnsok has been used unitialized in the compatilbility code without sssd.
-
Thomas Woerner authored
All module and module_utils scripts have been adapted to be able to only import the symbols that are really needed and used.
-
Thomas Woerner authored
-
Thomas Woerner authored
-
Thomas Woerner authored
-
- Jul 16, 2019
-
-
Andrey Shevchenko authored
-
Thomas Woerner authored
-
- Jul 11, 2019
-
-
Thomas Woerner authored
When OTP is used for installation of a client or the client part of a replica and also there is no DNS record for the client, then ipaclient_get_otp fails in the host_add call. With the force mode the host_add call will ignore the missing DNS record and will properly add the host. The host information and also the DNS record will be updated while deploying the client according to the given settings. Fixes: #74 (ipaclient fails when ipaclient_use_otp is true and client ..)
-
Thomas Woerner authored
Since 4.7.1 it is needed to use CustodiaModes.FIRST_MASTER instead of CustodiaModes.MASTER_PEER for the get_custodia_instance. This has been fixed already in ipaserver_setup_ca and also ipaserver_setup_custodia, but was missed in ipaserver_setup_kra. Fixes: #92 (KRA install fails in tasks: [ipaserver : Install - Setup KRA])
-
- Jul 05, 2019
-
-
Thomas Woerner authored
sync_time is not using options anymore, but has two new arguments. These are ntp_servers and ntp_pool. The options argument is not used anymore. This requires to use inspect on sync_time to be able to detect if the old or the new function is available. The call for get_time_source has been added, but is documented out as the call is only useful in interactive mode. ipaserver_test now returns ntp_servers and ntp_pool, which are then used for ipaserver_setup_ntp.
-
Thomas Woerner authored
sync_time is not using options anymore, but has two new arguments. These are ntp_servers and ntp_pool. The options argument is not used anymore. This requires to use inspect on sync_time to be able to detect if the old or the new function is available. The call for get_time_source has been added, but is documented out as the call is only useful in interactive mode. ipaclient_test now returns ntp_servers and ntp_pool, which are then used for ipaclient_setup_ntp.
-
Thomas Woerner authored
If kinit_password call failed because of wrong password or even because kinit was not found, there was a very unspecific error message. Now these errors will be properly reported. Fixes: RHBZ#1727277
-
Thomas Woerner authored
Add Information about needed /usr/bin/kinit on the controller when OTP is used
-
- Jul 02, 2019
-
-
Thomas Woerner authored
The raises of RuntimeError, ValueError and ScriptError are currently not properly handled in ipaserver_prepare. This results in a trace back error shown in Ansible instead of only showing the error message. This happened for example if a nameserver is in /etc/resolv.conf that is not reachable.
-
- Jun 27, 2019
-
-
Thomas Woerner authored
This adds support for the --external-ca option to ipaserver. Lots of additional tests and checks from ServerInstallInterface.__init__ have been added to ipaserver_test. Also duplicate tests cna checks have been removed. Installer settings in ansible_ipa_server module_util are now also set to the defaults that are used in Installable, ServerInstallInterface, ServerMasterInstall, ADTrustInstallInterface and Uninstall. The /root/ipa.csr file generated on the node in ca.install_step_0 will be copied to the controller as "{{ inventory_hostname }}-ipa.csr". The new task file copy_external_cert.yml has been added to copy the generated certificate defined in ipaserver_external_cert_files to the node to continue with ca.install_step_1. The tasks/install.yml file has been adapted to make sure that the steps that will be done in step two will be skipped after step one has been done.
-
- Jun 26, 2019
-
-
Thomas Woerner authored
This is not needed and will calm down ansible-lint, which is not able to handle the extra tasks folder prefix.
-
Thomas Woerner authored
These vars files are providing the module names used with the Ansible package module to install the needed RPM packages.
-
- Jun 25, 2019
-
-
Thomas Woerner authored
The general setting of installer.add_sids was not correct and has been fixed.
-