- Jul 27, 2020
-
-
Thomas Woerner authored
These are links to the Red Hat Enterprise linux files.
-
- Jul 07, 2020
-
-
Thomas Woerner authored
The parameters master_host_name, config_setup_ca, dirman_password have not been set for some modules. Also there was no ldap2 connection within ipareplica_setup_kra. All this resulted in improper configuration where for example KRA deployment failed in the end. A conversion warning in ipareplica_setup_adtrust has also been fixed for the setup_ca parameter. Fixes #314 (IPA replica installation failure - DS enabled SSL - second part)
-
- Jul 02, 2020
-
-
Thomas Woerner authored
With the CA-less patches the types for the pkcs12 infos have been changed to lists in the modules. This is resulting in a bad conversion from None to [''] for the parameters. Because of this a normal replica deployment is failing as [''] is not a valid value. The install.yml files for ipareplica and also ipaserver have been changed in the way that the pkcs12 values are checked if they are None. The parameter will simply be omitted in this case and the parameter in the module will become None by default.
-
- Jun 30, 2020
-
-
Thomas Woerner authored
Ansible is now also supporting discovered_python_interpreter for action_plugins. task_vars needs to be non Null and contain a setting for discovered_python_interpreter. The ipaclient_get_otp action_plugin therefore needed to be adapted.
-
- Jun 22, 2020
-
-
Ary Kleinerman authored
-
- Jun 15, 2020
-
-
Thomas Woerner authored
The ca-less PR introduced a bug when http_ca_cert is not set. The test for loading the certificate is testing for None, but the string will only be empty in this case. Related: #298 (Install server and replicas without CA)
-
- Jun 09, 2020
-
-
Samuel Veloso authored
-
Samuel Veloso authored
-
- Jun 03, 2020
-
-
Thomas Woerner authored
With the encoded _http_ca_cert from ipaserver_test it is possible to revert back to the IPA upstream code to write the pkcs12 http certificates. The passed _http_ca_cert only needs to be decoded with decode_certificate.
-
Thomas Woerner authored
The created temporary pkcs12 copies need to be removed in all cases. A new task has been added.
-
Thomas Woerner authored
The function load_pkcs12 should not be skipped to verify the given certificates. After the certificates have been verified and the temporary certificate copies have been generated, these files are copied to /etc/ipa/.tmp_pkcs12_* as the temporary files will simply be removed as soon as the file descriptors have been closed. Additionally the [http,dirsrv,pkinit]_pkcs12_info is recreated to point to the copied temporary files. With this revertion the need to change other modules has been rediced to the minium, the IPA upstream code can simply be used. The passed back certificates [http,dirsrv,pkinit]_ca_cert are encoded using encode_certificate.
-
Thomas Woerner authored
The encode_certificate and decode_certificate are needed to encode and decode a certificate in the way that it can be passed back from a module and imported back into a usable certificate in another module. For newer IPA versions the certificate is normally an IPACertificate for older IPA versions it is simply a bytes array. But in both cases it needs to be converted not to break Ansible.
-
Samuel Veloso authored
-
- May 14, 2020
-
-
Ivan Aragonés Muniesa authored
Added useful notes and the missing variable ipaserver_no_pkinit.
-
Ivan Aragonés Muniesa authored
Corrected variable names and description
-
- Apr 26, 2020
-
-
Sergio Oliveira Campos authored
-
Sergio Oliveira Campos authored
-
Sergio Oliveira Campos authored
-
- Apr 02, 2020
-
-
Thomas Woerner authored
krb was set, but not used afterwards. Therefore it can be removed.
-
Thomas Woerner authored
The installer_ccache parameter is used in the module. The ccache parameter was only set, but not used at all.
-
- Mar 30, 2020
-
-
Thomas Woerner authored
The use of "default: idstart+199999" in the description of the idmax parameter was resulting in the galaxy import error: Cannot parse "DOCUMENTATION": mapping values are not allowed here in "<unicode string>", line 52, column 58: ... value for the IDs range (default: idstart+199999) The ":" has simply been removed to fix this issue.
-
- Mar 20, 2020
-
-
Thomas Woerner authored
The import of ansible_ipa_server, ansible_ipa_replica and ansible_ipa_client might result in a permission denied error for the log file. It seems that for collections the module utils seem to be loaded before the needed permissions are aquired now. The fix simply adds a wrapper for standard_logging_setup that is called in all the modules of the server, replica and client roles to do the loggin setup as one of the first steps of the module execution and not before.
-
Thomas Woerner authored
The documentation contains the pramaters several times. Reducing the list to one. Also fixed a typo in options key.
-
Abhijeet Kasurde authored
Gracefully handle RuntimeError raised during parameter validation in fail_json. Fixes: #115 Signed-off-by:
Abhijeet Kasurde <akasurde@redhat.com>
-
- Feb 13, 2020
-
-
Rafael Guterres Jeffman authored
Modify examples in server and replica roles for consistency with client role, by defining language for code blocks.
-
- Jan 23, 2020
-
-
Jesús authored
Keep the valid keytab file pre-existent in the master node. This fixes #191.
-
Thomas Woerner authored
Use ipaserver_realm as a fallback if ipareplica_realm is not defined. This had been done for ipareplica_domain and ipaserver_domain, but was missing for ipareplica_realm and ipaserver_realm. Related: #114 (ipareplica 'Env' object has no attribute 'realm')
-
- Dec 11, 2019
-
-
Thomas Woerner authored
The use of zone_overlay_check for the domain name validation is not good for a repeated execution of the server deployment where setup_dns is enabled. The zone overlay check will fail with "DNS zone X already exists in DNS". zone_overlay_check is later on used in dns.install_check so it is not needed to do it here also. Fixes issues #164 (domain option validator should not call zone overlap..)
-
- Dec 09, 2019
-
-
Alexander Bokovoy authored
ipareplica role by default tries to configure firewalld but it didn't check if firewalld related packages were installed. Similar to DNS and trust to AD features, install firewalld-related packages before trying to configure firewalld. Additionally, enable and start firewalld.service because otherwise firewall-cmd cannot communicate with firewalld itself (it is not starting on demand). If and administrator considers not to use firewalld, a default for ipareplica_setup_firewalld variable has to be set to 'no'. Fixes: https://github.com/freeipa/ansible-freeipa/issues/116
-
Alexander Bokovoy authored
ipaserver role by default tries to configure firewalld but it didn't check if firewalld related packages were installed. Similar to DNS and trust to AD features, install firewalld-related packages before trying to configure firewalld. Additionally, enable and start firewalld.service because otherwise firewall-cmd cannot communicate with firewalld itself (it is not starting on demand). If and administrator considers not to use firewalld, a default for ipaserver_setup_firewalld variable has to be set to 'no'. Fixes: https://github.com/freeipa/ansible-freeipa/issues/116
-
- Dec 06, 2019
-
-
Thomas Woerner authored
Exchange ipaclient_allow_repair and ipaclient_otp in Special Variables
-
Thomas Woerner authored
The docuemntation of ipaclient_otp was not part of the pull request 102 (commit d1af0ff4). The role README has been updated.
-
- Dec 02, 2019
-
-
Thomas Woerner authored
The files for RHEL-8 (RedHat-8.yml) have simply been linked to CentOS-8.yml for the ipaserver, ipareplica and ipaclient roles. Fixes issue #121 (roles/*/vars needs CentOS-8.yml files)
-
- Nov 20, 2019
-
-
Thomas Woerner authored
The sssd options in the ipaclient role missed a 's' in the role. The readme of the role used the proper names with 3 's'. The names in the role have been fixed and if the old setting are used, they will be used in the first place. Also utils/ansible-ipa-client-install has been adaped to use the proper option names now. This fixes issue #145 (The ipaclient role misspells sssd)
-
- Oct 25, 2019
-
-
Thomas Woerner authored
Updated requirements for python3-gssapi
-
- Oct 07, 2019
-
-
Thorsten Scherf authored
-
- Sep 04, 2019
-
-
Thomas Woerner authored
configure_nsswitch_database has been removed with the freeipa commit https://github.com/freeipa/freeipa/commit/41ef8fba31ddbb32e2e5b7cccdc9b582a0809111 The 4.4 compatibility hack leads to a ALREADY installed error in ipaclient_test because of the removal. This affects ipaclient and ipareplica roles and also the ipaclient deployment part in ipaserver. configure_nsswitch_database is not used any more in ipaclient role modules and therefore simply can be removed from ansible_ipa_client.
-
- Jul 30, 2019
-
-
Thomas Woerner authored
These settings are file descriptors if external certificates are used and are not used later in the roles. Therefore these settings have been removed. Fixes: #110 (Ansible error with external certificates)
-
- Jul 26, 2019
-
-
Thomas Woerner authored
In the README these settings have been single values instead of string lists: ipareplica_http_cert_file ipareplica_pkinit_cert_file instead of ipareplica_http_cert_files ipareplica_pkinit_cert_files
-
- Jul 23, 2019
-
-
Uumas authored
-