- Jul 05, 2022
-
-
Thomas Woerner authored
With ansible-2.13 it is required to use jinja for list concatenation. list: "[] + ['a'] + ['b']" needs to become list: "{{ [] + ['a'] + ['b'] }}" copy_external_cert.yml needed to be changed.
-
- Jan 13, 2022
-
-
Thomas Woerner authored
ERROR: Found 6 pylint issue(s) which need to be resolved: ERROR: plugins/modules/ipaserver_prepare.py:395:4: invalid-name: Variable name "e" doesn't conform to snake_case naming style ERROR: roles/ipaserver/library/ipaserver_prepare.py:395:4: invalid-name: Variable name "e" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:333:12: invalid-name: Variable name "ds" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:348:12: invalid-name: Variable name "ds" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:361:12: invalid-name: Variable name "ip" doesn't conform to snake_case naming style ERROR: roles/ipaserver/module_utils/ansible_ipa_server.py:364:12: invalid-name: Variable name "e" doesn't conform to snake_case naming style e has been replaced with err, ds with _ds, ip with _ip.
-
- Jan 12, 2022
-
-
Rafael Guterres Jeffman authored
Fix pylint warnings raised by enabling linter on ansible-freeipa roles.
-
- Dec 10, 2021
-
-
Rafael Guterres Jeffman authored
Recently added Ubuntu configuration filesi for roles miss document start marker.
-
- Nov 29, 2021
-
-
Rafael Guterres Jeffman authored
Ubuntu Bionic Beaver must use python2 as Python interpreter due to the way python-ipalib package is defined. Before using the role for installation, one must install package python2.7 before executing this role. Based on the work by Manuel Laurent (@mlaurent205 on Github).
-
- Nov 24, 2021
-
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
Thomas Woerner authored
This patch is needed to pass Automation Hub tests.
-
- Sep 29, 2021
-
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
- Aug 31, 2021
-
-
Rafael Guterres Jeffman authored
When loading variables in all ansible-freeipa roles, it is expected that a file with these variables is present for each supported Linux distribution, and then, based on the information about the distribution provided by Ansible, the correct file is loaded. Previously, only the facts `distribution` and dinstribution version related facts were used, which required specific files, or links to files for distributions in the same "family", which will probably have the same variables set. This change adds searching for files based on the `os_family` fact, allowing distributions that follow the same family rules to be supported, without any changes to the codebase. It is still possible that a specific distribution configuration overrides the default behavior, as `os_family` has lower priority than `distribution`. For example, distributions on the `RedHat` family, like Oracle Linux, Alma Linux, and Rocky Linux, work withoutadding new files, or links to files, to fill the `vars`. Fix issue #573. Fix issue #523.
-
- Jun 04, 2021
-
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
- May 11, 2021
-
-
Thomas Woerner authored
Line too long and too many blank line errors and a trailing whitespace have been fixed.
-
- Mar 19, 2021
-
-
Grzegorz Grasza authored
Without this change the "Import variables specific to distribution" tasks fail with "Could not find file on the Ansible Controller..." on environments with inject facts disabled. This changes the tests to run with ansible with inject_facts_as_vars = false and fixes other roles and playbooks.
-
- Feb 16, 2021
-
-
Matt Davis authored
* prevents failures on Ansible 2.9 during module build due to https://github.com/ansible/ansible/issues/68361 * fixes https://github.com/freeipa/ansible-freeipa/issues/315
-
- Nov 25, 2020
-
-
Thomas Woerner authored
The common_check function in the replica installer code has been changed for the new memory checker code. With this the server and replica command line installers got the option --skip-mem-check. The server and replica role now also support the memory cheker and there are new variables for server and replica: ipaserver_mem_check - for ipaserver ipareplica_mem_check - for ipaserver These bool values default to yes and can be turned off in the inventory or playbook if needed. Related to freeipa PR https://pagure.io/freeipa/issue/8404 (Detect and fail if not enough memory is available for installation) Fixes: #450 (IPA Replica Installation Fails)
-
- Nov 18, 2020
-
-
Thomas Woerner authored
Currently the certifaictes are copied ot the server with the complete path that is provided within the playbook. This could result in unexpected file placements. Certificates should be placed in the /root folder for the deployment. Fixes #405 (copy_external_cert does not handle pathed items)
-
- Sep 18, 2020
-
-
Thomas Woerner authored
https://pagure.io/freeipa/issue/8458 moved more things to the ipalib and ipalib.facts: - sysrestore has been moved from ipalib.install to ipalib - is_ipa_configured has been moved from ipaserver.install.installutils to ipalib.facts Fixes: #394 (TASK [ipaclient : Install - IPA client test] Error: module 'ipalib.install.sysrestore' has no attribute 'SYSRESTORE_STATEFILE')
-
- Sep 08, 2020
-
-
Thomas Woerner authored
These tests have been deactivated for some time with b51397eb and are removed now.
-
Thomas Woerner authored
The new variables ipa[server,replica]_firewalld_zone have been added to be able to set the zone in which the needed services for IPA are enabled. New tasks have been added to check if the zone is available in the runtime and also permamanet environment. The code to enable firewalld has been moved out of thee ipa[server,replica]_install_packages blocks to make sure that the firewalld service is also enabled if the package is already installed. Fixes: issue #177 (How to set up firewalld zones?)
-
- Sep 03, 2020
-
-
Thomas Woerner authored
IPA_MODULES has been moved from ipaserver.install.installutils to ipalib.facts with https://pagure.io/freeipa/issue/8458
-
- Jul 27, 2020
-
-
Thomas Woerner authored
These are links to the Red Hat Enterprise linux files.
-
- Jul 02, 2020
-
-
Thomas Woerner authored
With the CA-less patches the types for the pkcs12 infos have been changed to lists in the modules. This is resulting in a bad conversion from None to [''] for the parameters. Because of this a normal replica deployment is failing as [''] is not a valid value. The install.yml files for ipareplica and also ipaserver have been changed in the way that the pkcs12 values are checked if they are None. The parameter will simply be omitted in this case and the parameter in the module will become None by default.
-
- Jun 15, 2020
-
-
Thomas Woerner authored
The ca-less PR introduced a bug when http_ca_cert is not set. The test for loading the certificate is testing for None, but the string will only be empty in this case. Related: #298 (Install server and replicas without CA)
-
- Jun 03, 2020
-
-
Thomas Woerner authored
With the encoded _http_ca_cert from ipaserver_test it is possible to revert back to the IPA upstream code to write the pkcs12 http certificates. The passed _http_ca_cert only needs to be decoded with decode_certificate.
-
Thomas Woerner authored
The created temporary pkcs12 copies need to be removed in all cases. A new task has been added.
-
Thomas Woerner authored
The function load_pkcs12 should not be skipped to verify the given certificates. After the certificates have been verified and the temporary certificate copies have been generated, these files are copied to /etc/ipa/.tmp_pkcs12_* as the temporary files will simply be removed as soon as the file descriptors have been closed. Additionally the [http,dirsrv,pkinit]_pkcs12_info is recreated to point to the copied temporary files. With this revertion the need to change other modules has been rediced to the minium, the IPA upstream code can simply be used. The passed back certificates [http,dirsrv,pkinit]_ca_cert are encoded using encode_certificate.
-
Thomas Woerner authored
The encode_certificate and decode_certificate are needed to encode and decode a certificate in the way that it can be passed back from a module and imported back into a usable certificate in another module. For newer IPA versions the certificate is normally an IPACertificate for older IPA versions it is simply a bytes array. But in both cases it needs to be converted not to break Ansible.
-
Samuel Veloso authored
-
- May 14, 2020
-
-
Ivan Aragonés Muniesa authored
Added useful notes and the missing variable ipaserver_no_pkinit.
-
Ivan Aragonés Muniesa authored
Corrected variable names and description
-
- Apr 26, 2020
-
-
Sergio Oliveira Campos authored
-
- Mar 30, 2020
-
-
Thomas Woerner authored
The use of "default: idstart+199999" in the description of the idmax parameter was resulting in the galaxy import error: Cannot parse "DOCUMENTATION": mapping values are not allowed here in "<unicode string>", line 52, column 58: ... value for the IDs range (default: idstart+199999) The ":" has simply been removed to fix this issue.
-
- Mar 20, 2020
-
-
Thomas Woerner authored
The import of ansible_ipa_server, ansible_ipa_replica and ansible_ipa_client might result in a permission denied error for the log file. It seems that for collections the module utils seem to be loaded before the needed permissions are aquired now. The fix simply adds a wrapper for standard_logging_setup that is called in all the modules of the server, replica and client roles to do the loggin setup as one of the first steps of the module execution and not before.
-
Abhijeet Kasurde authored
Gracefully handle RuntimeError raised during parameter validation in fail_json. Fixes: #115 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
-
- Feb 13, 2020
-
-
Rafael Guterres Jeffman authored
Modify examples in server and replica roles for consistency with client role, by defining language for code blocks.
-
- Dec 11, 2019
-
-
Thomas Woerner authored
The use of zone_overlay_check for the domain name validation is not good for a repeated execution of the server deployment where setup_dns is enabled. The zone overlay check will fail with "DNS zone X already exists in DNS". zone_overlay_check is later on used in dns.install_check so it is not needed to do it here also. Fixes issues #164 (domain option validator should not call zone overlap..)
-