- Jul 05, 2022
-
-
Thomas Woerner authored
With ansible-2.13 it is required to use jinja for list concatenation. list: "[] + ['a'] + ['b']" needs to become list: "{{ [] + ['a'] + ['b'] }}" copy_external_cert.yml needed to be changed.
-
- Sep 29, 2021
-
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
Rafael Guterres Jeffman authored
-
- Aug 31, 2021
-
-
Rafael Guterres Jeffman authored
When loading variables in all ansible-freeipa roles, it is expected that a file with these variables is present for each supported Linux distribution, and then, based on the information about the distribution provided by Ansible, the correct file is loaded. Previously, only the facts `distribution` and dinstribution version related facts were used, which required specific files, or links to files for distributions in the same "family", which will probably have the same variables set. This change adds searching for files based on the `os_family` fact, allowing distributions that follow the same family rules to be supported, without any changes to the codebase. It is still possible that a specific distribution configuration overrides the default behavior, as `os_family` has lower priority than `distribution`. For example, distributions on the `RedHat` family, like Oracle Linux, Alma Linux, and Rocky Linux, work withoutadding new files, or links to files, to fill the `vars`. Fix issue #573. Fix issue #523.
-
- Mar 19, 2021
-
-
Grzegorz Grasza authored
Without this change the "Import variables specific to distribution" tasks fail with "Could not find file on the Ansible Controller..." on environments with inject facts disabled. This changes the tests to run with ansible with inject_facts_as_vars = false and fixes other roles and playbooks.
-
- Nov 25, 2020
-
-
Thomas Woerner authored
The common_check function in the replica installer code has been changed for the new memory checker code. With this the server and replica command line installers got the option --skip-mem-check. The server and replica role now also support the memory cheker and there are new variables for server and replica: ipaserver_mem_check - for ipaserver ipareplica_mem_check - for ipaserver These bool values default to yes and can be turned off in the inventory or playbook if needed. Related to freeipa PR https://pagure.io/freeipa/issue/8404 (Detect and fail if not enough memory is available for installation) Fixes: #450 (IPA Replica Installation Fails)
-
- Nov 18, 2020
-
-
Thomas Woerner authored
Currently the certifaictes are copied ot the server with the complete path that is provided within the playbook. This could result in unexpected file placements. Certificates should be placed in the /root folder for the deployment. Fixes #405 (copy_external_cert does not handle pathed items)
-
- Sep 08, 2020
-
-
Thomas Woerner authored
These tests have been deactivated for some time with b51397eb and are removed now.
-
Thomas Woerner authored
The new variables ipa[server,replica]_firewalld_zone have been added to be able to set the zone in which the needed services for IPA are enabled. New tasks have been added to check if the zone is available in the runtime and also permamanet environment. The code to enable firewalld has been moved out of thee ipa[server,replica]_install_packages blocks to make sure that the firewalld service is also enabled if the package is already installed. Fixes: issue #177 (How to set up firewalld zones?)
-
- Jul 02, 2020
-
-
Thomas Woerner authored
With the CA-less patches the types for the pkcs12 infos have been changed to lists in the modules. This is resulting in a bad conversion from None to [''] for the parameters. Because of this a normal replica deployment is failing as [''] is not a valid value. The install.yml files for ipareplica and also ipaserver have been changed in the way that the pkcs12 values are checked if they are None. The parameter will simply be omitted in this case and the parameter in the module will become None by default.
-
- Jun 03, 2020
-
-
Thomas Woerner authored
The created temporary pkcs12 copies need to be removed in all cases. A new task has been added.
-
Samuel Veloso authored
-
- Dec 09, 2019
-
-
Alexander Bokovoy authored
ipaserver role by default tries to configure firewalld but it didn't check if firewalld related packages were installed. Similar to DNS and trust to AD features, install firewalld-related packages before trying to configure firewalld. Additionally, enable and start firewalld.service because otherwise firewall-cmd cannot communicate with firewalld itself (it is not starting on demand). If and administrator considers not to use firewalld, a default for ipaserver_setup_firewalld variable has to be set to 'no'. Fixes: https://github.com/freeipa/ansible-freeipa/issues/116
-
- Jul 17, 2019
-
-
Thomas Woerner authored
Use and generation of dirsrv_pkcs12_info, http_pkcs12_info and pkinit_pkcs12_info has been fixed in: - ipaserver_setup_ds - ipaserver_setup_http - ipaserver_test
-
Thomas Woerner authored
The variables dirsrv_cert_name, dirsrv_pin, http_cert_name, http_pin, pkinit_cert_name and pkinit_pin have not been initialized properly.
-
Thomas Woerner authored
The parameters ip_addresses, domain and realm have not been properly set for the setup of dns if _setup_dns as not enabled.
-
- Jul 05, 2019
-
-
Thomas Woerner authored
sync_time is not using options anymore, but has two new arguments. These are ntp_servers and ntp_pool. The options argument is not used anymore. This requires to use inspect on sync_time to be able to detect if the old or the new function is available. The call for get_time_source has been added, but is documented out as the call is only useful in interactive mode. ipaserver_test now returns ntp_servers and ntp_pool, which are then used for ipaserver_setup_ntp.
-
- Jun 27, 2019
-
-
Thomas Woerner authored
This adds support for the --external-ca option to ipaserver. Lots of additional tests and checks from ServerInstallInterface.__init__ have been added to ipaserver_test. Also duplicate tests cna checks have been removed. Installer settings in ansible_ipa_server module_util are now also set to the defaults that are used in Installable, ServerInstallInterface, ServerMasterInstall, ADTrustInstallInterface and Uninstall. The /root/ipa.csr file generated on the node in ca.install_step_0 will be copied to the controller as "{{ inventory_hostname }}-ipa.csr". The new task file copy_external_cert.yml has been added to copy the generated certificate defined in ipaserver_external_cert_files to the node to continue with ca.install_step_1. The tasks/install.yml file has been adapted to make sure that the steps that will be done in step two will be skipped after step one has been done.
-
- Jun 26, 2019
-
-
Thomas Woerner authored
This is not needed and will calm down ansible-lint, which is not able to handle the extra tasks folder prefix.
-
- Jun 07, 2019
-
-
Thomas Woerner authored
The install checks have been done temporarily in _test and finally also in _prepare. This is not needed and also not done this way in the command line installers.
-
Thomas Woerner authored
The addtion is not oly adding the config setting, but also fixing the deployment without the setting as functions and methods have been changed for pki_config_override. There is a new setting for the ipaserver role: ipaserver_pki_config_override
-
Thomas Woerner authored
The section is not used since a long time any more and can therefore be removed.
-
- Jun 04, 2019
-
-
David Sastre Medina authored
The use of squash_actions to invoke a package module, such as “yum”, to only invoke the module once is deprecated, and will be removed in Ansible 2.11. Instead of relying on implicit squashing, tasks should instead supply the list directly to the name, pkg or package parameter of the module. See [1] for a reference to the upstream documentation. The ipa-krb5 and ipa-sssd modules include *_packages variables in both defaults/ and vars/, additionally, the list of packages in ipa-sssd differs from one to the other. Unify list of packages into vars/ [1]: https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.7.html#using-a-loop-on-a-package-module-via-squash-actions
-
Thomas Woerner authored
This test is not properly working with EL-8 nodes as the default system python is not located in /usr/bin. Additionally Ansible 2.8 is able to detect the default python version on the system. As the installation base for IPA 4.5.90 where the Python 3 bindings have not been working properly should be really small or not existing any more the deactivation of this test should be fine.
-
- May 31, 2019
-
-
Thomas Woerner authored
The freeipa-trust service has not been added if adtrust was enabled. For ipareplica the addition of freeipa-replication has been removed as the used port is not used anymore since some time. Fixes: #83 (when installing with ipaserver_setup_adtrust: true the firewalld service freeipa-trust is not added)
-
- May 03, 2019
-
-
Thomas Woerner authored
-
Thomas Woerner authored
-
- Apr 18, 2019
-
-
Thomas Woerner authored
This reverts commit bbaaf1f7.
-
- Apr 17, 2019
-
-
Thomas Woerner authored
There have been missing settings that have not been provided to ipaserver_setup_adtrust. These are: enable_compat, rid_base and secondary_rid_base. The settings rid_base and secondary_rid_base are now initialized in ipaserver_test and propagated in the results. The two settings netbios_name and reset_netbios_name are placed in the adtrust binding in the adtrust.install_check call. These are now saved when ipaserver_test finishes and are written back in the fist steps of ipaserver_setup_adtrust to make adtrust.install working. The settings add_sids and add_agents are now initialized in ansible_ipa_server in the same way as in ServerMasterInstall. These settings are fixed in the server deployment.
-
Thomas Woerner authored
Meta end_play has been used as a simple solution to end the playbook processing in special conditions, like for example when the deployment was already done before. meta end_play has been replaced with blocks and conditions for these blocks. Fixes: #70 (Avoid using meta end_play)
-
Thomas Woerner authored
The ansible_fqdn hostname has been enforced to be set and used in ipaserver, ipareplica and also ipaclient role. This has been removed as the hostname should only be set if specified explicitly with ipa[server,replica,client]_hostname.
-
- Apr 03, 2019
-
-
Thomas Woerner authored
Use ipaserver_install_packages to enable or disable package installation for the client deployment part with ipaclient role.
-
- Mar 26, 2019
-
-
Thomas Woerner authored
The role test is executed in the ipa[server,replica,client] roles first. These tests are usable in the Ansible test mode, but the folllowing steps in the task list are not. Therefore the blocks following the tests are limited to not being executed in test mode.
-
Thomas Woerner authored
python_2_3_test needs to be executed also in test mode to make sure that the follwing ipa[server,replica,client]_test modules could be executed also in test mode.
-
Thomas Woerner authored
For consitency the result_ prefix has been added to the registered result of the py3test.py script.
-
- Feb 12, 2019
-
-
Thomas Woerner authored
The use of the _no_ prefix was not good and has been fixed now. The X_setup_firewalld settings default to yes.
-
Thomas Woerner authored
With these settings for server, replica and client it is possible to skip package installation. This is for example useful if the packages are already installed. The settings default to yes The setting ipareplica_no_package_install has been removed.
-
- Nov 22, 2018
-
-
Thomas Woerner authored
As the old way to include tasks is deprecated, replace static include statements with import_tasks and dynamic ones with include_tasks. Increaded the required ansible version to 2.5.0 to make sure that include_tasks and import_tasks is working as expected. Fixes issue #38
-
Thomas Woerner authored
This is more like the normal installer behavior and should also help with issue #50: https://github.com/freeipa/ansible-freeipa/issues/50
-