Skip to content
  1. Jul 22, 2019
  2. Jul 17, 2019
  3. Jul 16, 2019
  4. Jul 11, 2019
    • Thomas Woerner's avatar
      library/ipaclient_get_otp: Enable force mode for host_add call · 1fa1468b
      Thomas Woerner authored
      When OTP is used for installation of a client or the client part of
      a replica and also there is no DNS record for the client, then
      ipaclient_get_otp fails in the host_add call.
      
      With the force mode the host_add call will ignore the missing DNS
      record and will properly add the host. The host information and also
      the DNS record will be updated while deploying the client according
      to the given settings.
      
      Fixes: #74 (ipaclient fails when ipaclient_use_otp is true and client ..)
      1fa1468b
    • Thomas Woerner's avatar
      ipaserver_setup_kra: Since 4.7.1 FIRST_MASTER needs to be used · 8cd34b4d
      Thomas Woerner authored
      Since 4.7.1 it is needed to use CustodiaModes.FIRST_MASTER instead of
      CustodiaModes.MASTER_PEER for the get_custodia_instance.
      
      This has been fixed already in ipaserver_setup_ca and also
      ipaserver_setup_custodia, but was missed in ipaserver_setup_kra.
      
      Fixes: #92 (KRA install fails in tasks: [ipaserver : Install - Setup KRA])
      8cd34b4d
  5. Jul 05, 2019
    • Thomas Woerner's avatar
      ipaserver: Support sync_time changes of 4.8.0 · d2968b26
      Thomas Woerner authored
      sync_time is not using options anymore, but has two new arguments. These
      are ntp_servers and ntp_pool. The options argument is not used anymore.
      
      This requires to use inspect on sync_time to be able to detect if the old
      or the new function is available.
      
      The call for get_time_source has been added, but is documented out as the
      call is only useful in interactive mode.
      
      ipaserver_test now returns ntp_servers and ntp_pool, which are then used
      for ipaserver_setup_ntp.
      d2968b26
    • Thomas Woerner's avatar
      ipaclient: Support sync_time changes of 4.8.0 · 03d904b7
      Thomas Woerner authored
      sync_time is not using options anymore, but has two new arguments. These
      are ntp_servers and ntp_pool. The options argument is not used anymore.
      
      This requires to use inspect on sync_time to be able to detect if the old
      or the new function is available.
      
      The call for get_time_source has been added, but is documented out as the
      call is only useful in interactive mode.
      
      ipaclient_test now returns ntp_servers and ntp_pool, which are then used
      for ipaclient_setup_ntp.
      03d904b7
    • Thomas Woerner's avatar
      ipaclient/action_plugins/ipaclient_get_otp: Enhanced error reporting · 7a5fadfc
      Thomas Woerner authored
      If kinit_password call failed because of wrong password or even because
      kinit was not found, there was a very unspecific error message. Now these
      errors will be properly reported.
      
      Fixes: RHBZ#1727277
      7a5fadfc
    • Thomas Woerner's avatar
      roles/ipaclient/README.md: OTP needs kinit on controller · 45b2648a
      Thomas Woerner authored
      Add Information about needed /usr/bin/kinit on the controller when OTP is used
      45b2648a
  6. Jul 02, 2019
    • Thomas Woerner's avatar
      ipaserver_prepare: Properly report error, do show trace back · 115f96d0
      Thomas Woerner authored
      The raises of RuntimeError, ValueError and ScriptError are currently not
      properly handled in ipaserver_prepare. This results in a trace back error
      shown in Ansible instead of only showing the error message.
      
      This happened for example if a nameserver is in /etc/resolv.conf that is
      not reachable.
      115f96d0
  7. Jun 27, 2019
    • Thomas Woerner's avatar
      ipaserver: Add support for external signed CA · 45d80080
      Thomas Woerner authored
      This adds support for the --external-ca option to ipaserver. Lots of
      additional tests and checks from ServerInstallInterface.__init__ have
      been added to ipaserver_test. Also duplicate tests cna checks have been
      removed.
      
      Installer settings in ansible_ipa_server module_util are now also set
      to the defaults that are used in Installable, ServerInstallInterface,
      ServerMasterInstall, ADTrustInstallInterface and Uninstall.
      
      The /root/ipa.csr file generated on the node in ca.install_step_0 will
      be copied to the controller as "{{ inventory_hostname }}-ipa.csr".
      
      The new task file copy_external_cert.yml has been added to copy the
      generated certificate defined in ipaserver_external_cert_files to the node
      to continue with ca.install_step_1.
      
      The tasks/install.yml file has been adapted to make sure that the steps
      that will be done in step two will be skipped after step one has been
      done.
      45d80080
  8. Jun 26, 2019
  9. Jun 25, 2019
Loading