- Sep 14, 2023
-
-
Thomas Woerner authored
The use of del os.environ assumes that the environment variable exists. If the variable does not exist, this call will result in a traceback. The solution is to use os.environ.pop(VARIABLE, None) instead. This is the ansible-freeipa fix for https://pagure.io/freeipa/issue/9446 (Nightly test failure for replica installation with --setup-ca)
-
- Mar 28, 2023
-
-
Thomas Woerner authored
New variables have been added to ipareplica and ipaserver role to enable the removal from the domein with the undeployment. `ipaserver_remove_from_domain` This enables the removal of the server from the domain additionally to the undeployment. `ipaserver_remove_on_server` The value defines the server/replica in the domain that will to be used to remove the server/replica from the domain if `ipaserver_ignore_topology_disconnect` and `ipaserver_remove_from_domain` are enabled. Without the need to enable `ipaserver_ignore_topology_disconnect`, the value will be automatically detected using the replication agreements of the server/replica. For the replica role it is possible to use the server variables, but also the replica versions: `ipareplica_remove_from_domain` and `ipareplica_remove_on_server`. The already existing parameters `ipaserver_ignore_topology_disconnect` and `ipaserver_ignore_last_of_role` have been added to the README files for server and replica with descriptions. The same for the replica versions of the parameters. The ipareplica role is not calling the `ipa-server-install` anymore, it is instead using (including) the server role for the task. The new module `ipaserver_get_connected_server` has been added to the server role to be able to get a connected server using the replication agreements. This module is only used if `ipaserver_ignore_topology_disconnect` is not needed.
-
- Nov 23, 2022
-
-
Thomas Woerner authored
The generation of the OTP for client deployment is now completely happening on the first of the given or detected servers with delegate_to. The module ipaclient_get_otp has been replaced by a new module using code from ipahost module and module_utils ansible_freeipa_module. The action plugin ipaclient_get_otp has been removed and with this also ipaclient_get_facts. If an admin keytab is used instead of an admin password, it is copied to the server as a temporary file to enable the OTP generation. The temporary file is removed again after using the ipaclient_get_otp module. The utils script build-galaxy-release.sh has been updated to not copy the ipaclient action plugin to the global plugins folder of the collection. This change is import for the use of the ipaclient role with AAP as only the base environment is sufficient now. The ipaclient README and also the global README have been updated as kinit is not needed anymore on the controller for OTP. Fixes #903 (Allow the use of principals other than admin when using ipaadmin_keytab)
-
- Nov 14, 2022
-
-
Thomas Woerner authored
ansible-test with ansible-2.14 is adding a lot of new tests to ensure that the documentation section and the agument spec is complete. Needed changes: DOCUMENTATION section - `type: str` needs to be set for string parameters - `type: list` needs to be set for list parameters - `elements: str` needs to be given for list of string parameters - `required` tags need to be fixed according to the `argument_spec` - `default` tag needs to match `argument_spec` - `author` needs to be given with the github user also: `Name (@user)` - `choices` needs to match `argument_spec` RETURN section - `type: string` is not valid and needs to be replaced by `type: str` - `elements: str` needs to be given for list of string parameters argument_spec - `type='str'` needs to be set for string parameters - `elements='str'` needs to be added to all list of string parameters A call to ansible_ipa_client.check_imports has been added to check for import errors. The `copyright` date is extended with `-2022`.
-
- Aug 26, 2022
-
-
Thomas Woerner authored
Before "short description" was used in most plugins, modules and also in the new module templates. ansible-doc was therefore not showing the short description. To fix the issue the flag was renamed to short_description instead. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2121362 'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
-
- Jan 12, 2022
-
-
Rafael Guterres Jeffman authored
Fix pylint warnings raised by enabling linter on ansible-freeipa roles.
-
- Nov 24, 2021
-
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
- Apr 26, 2020
-
-
Sergio Oliveira Campos authored
-
Sergio Oliveira Campos authored
-
Sergio Oliveira Campos authored
-
- Jul 22, 2019
-
-
Thomas Woerner authored
The documentation of the module paramaters have been updated. The parameter list has been updated and all parameters are providing a description and the required argument has been updated to reflect current setting in the modules.
-
Thomas Woerner authored
These are white space and line length changes to calm down pylint and flake8.
-
- Jul 17, 2019
-
-
Thomas Woerner authored
-
Thomas Woerner authored
-
- Jul 11, 2019
-
-
Thomas Woerner authored
When OTP is used for installation of a client or the client part of a replica and also there is no DNS record for the client, then ipaclient_get_otp fails in the host_add call. With the force mode the host_add call will ignore the missing DNS record and will properly add the host. The host information and also the DNS record will be updated while deploying the client according to the given settings. Fixes: #74 (ipaclient fails when ipaclient_use_otp is true and client ..)
-
- Jun 12, 2019
-
-
Thomas Woerner authored
With the deactivation of the Python2/3 test the handling of ansible_python_interpreter needs to be removed as the setting might not exist and is not changed in with the Python2/3 test any more.
-
- Mar 21, 2019
-
-
Thomas Woerner authored
The naming in the ipaclient role has not been following the naming scheme and conventions used in the ipaserver and ipareplica roles. Also registered results of modules and commands have not been unsing the result_ prefix as in the other roles. All this has been fixed and the naming is consistent now. These are the renames: ipahost -> ipaclient_get_otp ipaapi -> ipaclient_api ipaextras -> ipaclient_extras ipafixca -> ipaclient_fix_ca ipafstore -> ipaclient_fstore ipa_facts -> ipaclient_get_facts ipahost -> ipaclient_get_otp ipajoin -> ipaclient_join ipanss -> ipaclient_setup_nss ipasssd -> ipaclient_setup_sssd ipadiscovery -> ipaclient_test ipatest -> ipaclient_test_keytab
-
- Jun 21, 2018
-
-
Thomas Woerner authored
As the action plugin is used with the default python interpreter and the change to python3 for FreeIPA, the use of OTP was not working anymore. The ansible_python_interpreter is not automatically used for the module part of the action plugin. Therefore ansible_python_interpreter needed to be added to the action plugin call as a new var to make sure that the module part is used with the proper python version. Also a new import for the Python2/3 import test has been added to discover of the server is supporting python2 or python3. The old ansible_python_interpreter setting is saved before doing this and restored after the one-time password has been generated on the server.
-
Thomas Woerner authored
paths.KDESTROY instead of "kdestroy" and paths.GETENT instead of "getent" Affected modules: roles/ipaclient/library/ipahost.py roles/ipaclient/library/ipajoin.py roles/ipaclient/library/ipanss.py
-
Thomas Woerner authored
The directories library and action_plugins do only contain ipaclient specific modules and plugins. Therefore these directories should be located in the ipaclient role directory.
-
- Feb 01, 2018
-
-
Thomas Woerner authored
-
- Oct 17, 2017
-
-
Florence Blanc-Renaud authored
The module had unused imports preventing execution with an IPA 4.4 server. The commit removes unneeded imports, and adds documentation details.
-
- Sep 15, 2017
-
-
Florence Blanc-Renaud authored
When ipahost is run to generate an OTP and the host is already existing, the OTP is properly generated but ipa-join will fail if the host is already enrolled (ie when it has a keytab). Add a step calling ipa host-disable to erase OTP and keytab before requesting an OTP.
-
- Aug 10, 2017
-
-
Florence Blanc-Renaud authored
node and the credential cache is copied to the managed node ipahost module is also using facts gathered from the server to find the domain and realm.
-
- Jul 03, 2017
-
-
Florence Blanc-Renaud authored
-