Skip to content
  1. Dec 02, 2019
    • Thomas Woerner's avatar
      ipahost: Extension to be able handle several hosts and all settings · 94b1f25b
      Thomas Woerner authored
      The ipahost management module was not able to add several hosts at once.
      Addtionally there have been settings missing.
      
      ansible_freeipa_module has been extended to provide two additional functions
      that are needed to simplify the extension of the ipahost module:
      
          gen_add_del_lists(user_list, res_list)
          encode_certificate(cert)
      
      gen_add_del_lists will generate the lists for the addition and removal of
      members using the provided user and ipa settings.
      
      encode_certificate will encode a certificate using base64 with also taking
      FreeIPA and Python versions into account.
      
      The missing settings in ipahost have been:
      
          certificate
          managedby_host
          principal
          create_keytab_[user,group,host,hostgroup]
          retrieve_keytab_[user,group,host,hostgroup]
          sshpubkey
          userclass
          auth_ind
          requires_pre_auth
          ok_as_delegate
          ok_to_auth_as_delegate
      
      The README-host.md file has been updated to provide information about the
      new settings and also the members. Also examples for the new things have
      been added.
      
      New example playbooks have been added:
      
          playbooks/host/add-host.yml
          playbooks/host/host-member-allow_create_keytab-absent.yml
          playbooks/host/host-member-allow_create_keytab-present.yml
          playbooks/host/host-member-allow_retrieve_keytab-absent.yml
          playbooks/host/host-member-allow_retrieve_keytab-present.yml
          playbooks/host/host-member-certificate-absent.yml
          playbooks/host/host-member-certificate-present.yml
          playbooks/host/host-member-managedby_host-absent.yml
          playbooks/host/host-member-managedby_host-present.yml
          playbooks/host/host-member-principal-absent.yml
          playbooks/host/host-member-principal-present.yml
          playbooks/host/host-present-with-allow_create_keytab.yml
          playbooks/host/host-present-with-allow_retrieve_keytab.yml
          playbooks/host/host-present-with-certificate.yml
          playbooks/host/host-present-with-managedby_host.yml
          playbooks/host/host-present-with-principal.yml
          playbooks/host/host-present-with-randompassword.yml
          playbooks/host/host-present.yml
          playbooks/host/hosts-member-certificate-absent.yml
          playbooks/host/hosts-member-certificate-present.yml
          playbooks/host/hosts-member-managedby_host-absent.yml
          playbooks/host/hosts-member-managedby_host-present.yml
          playbooks/host/hosts-member-principal-absent.yml
          playbooks/host/hosts-member-principal-present.yml
          playbooks/host/hosts-present-with-certificate.yml
          playbooks/host/hosts-present-with-managedby_host.yml
          playbooks/host/hosts-present-with-randompasswords.yml
      
      New tests have been added for the module:
      
          tests/host/certificate/cert1.der
          tests/host/certificate/cert1.pem
          tests/host/certificate/cert2.der
          tests/host/certificate/cert2.pem
          tests/host/certificate/cert3.der
          tests/host/certificate/cert3.pem
          tests/host/certificate/private1.key
          tests/host/certificate/private2.key
          tests/host/certificate/private3.key
          tests/host/certificate/test_host_certificate.yml
          tests/host/certificate/test_hosts_certificate.yml
          tests/host/test_host.yml
          tests/host/test_host_allow_create_keytab.yml
          tests/host/test_host_allow_retrieve_keytab.yml
          tests/host/test_host_managedby_host.yml
          tests/host/test_host_principal.yml
          tests/host/test_host_random.yml
          tests/host/test_hosts.yml
          tests/host/test_hosts_managedby_host.yml
          tests/host/test_hosts_principal.yml
      94b1f25b
    • Thomas Woerner's avatar
      ansible_freeipa_module: Better support for KRB5CCNAME environment variable · e77f4daa
      Thomas Woerner authored
      The use of gssapi.creds.Credentials is not good if krb5 ticket forwarding
      is used. It will fail. gssapi.Credentials with usage and store is the proper
      way to do this.
      e77f4daa
  2. Nov 29, 2019
  3. Oct 22, 2019
  4. Oct 21, 2019
  5. Oct 18, 2019
  6. Oct 09, 2019
  7. Aug 12, 2019
    • Thomas Woerner's avatar
      ansible_freeipa_module: Add support for GSSAPI · 09ab29b4
      Thomas Woerner authored
      The GSSAPI can be enabled in the management modules with either the
      KRB5CCNAME or the KRB5_CLIENT_KTNAME environment variable.
      
      For KRB5CCNAME it is needed to create a ccache file
      
        kinit admin@TEST.LOCAL -c /root/admin.ccache
      
      that is transferred to the nodes (here into /root) and activated in the
      playbook with
      
        environment:
          KRB5CCNAME: /root/admin.ccache
      
      For KRB5_CLIENT_KTNAME a admin keytab has to be generated
      
        ipa-getkeytab -s ipaserver.test.local -p admin@TEST.LOCAL -k \
        /root/admin.keytab
      
      that is transferred to the nodes (here into /root) and activated in the
      playbook with
      
        environment:
          KRB5_CLIENT_KTNAME: /root/admin.keytab
      
      It will be needed to set ipaadmin_principal if the admin principal is not
      admin.
      
      The management modules can be used without a password in this case.
      09ab29b4
    • Thomas Woerner's avatar
      ansible_freeipa_module: Add ansible module argument to valid_creds function · c69d0bc5
      Thomas Woerner authored
      For debug and error reporting it is needed to have the ansible module also
      in the valid_creds function.
      c69d0bc5
  8. Jul 11, 2019
  9. Jul 09, 2019
  10. Jun 05, 2019
    • Thomas Woerner's avatar
      New topology managament modules · 62fd4cc1
      Thomas Woerner authored
      There are now two topology management modules placed in the plugins folder:
      
        plugins/modules/ipatopologysegment.py
        plugins/modules/ipatopologysuffix.py
      
      Topology segments can be added, removed and reinitialized with the
      ipatopologysegment module. Also it is possible to verify topology suffixes
      with the ipatopologysuffix module.
      
      A new module_utils for plugins has been added:
      
        plugins/module_utils/ansible_freeipa_module.py
      
      And documentation for the modules:
      
        README-topology.md
      
      New sample playbooks are available in playbooks/topology:
      
        playbooks/topology/add-topologysegment.yml
        playbooks/topology/delete-topologysegment.yml
        playbooks/topology/reinitialize-topologysegment.yml
        playbooks/topology/verify-topologysuffix.yml
      
      The plugins folder can be used with the new Ansible Collections supported
      by Ansible 2.8 and Ansible galaxy 3.2.
      62fd4cc1
Loading