ipaclient_setup_nss: Create DNS SSHFP records, update to latest FreeIPA

There have been several settings in ipaclient_setup_nss that have been hard coded instead of using the settings from the role. This has been fixed and the code in ipaclient_setup_nss has been updated to the latest version of FreeIPA with compatibility changes for older FreeIPA versions. Additionally the api is now properly configured so that the DNS SSHFP records are now properly created if no_dns_sshfp is not enabled.
2026-06-23 09:14:43 +00:00 · 2019-04-26 13:13:43 +02:00
parent c18b777141
commit 9148dde50a
4 changed files with 383 additions and 166 deletions
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -267,6 +267,18 @@
        mkhomedir: "{{ ipaclient_mkhomedir }}"
        ca_enabled: "{{ result_ipaclient_api.ca_enabled }}"
        on_master: "{{ ipaclient_on_master }}"
+        enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
+        all_ip_addresses: "{{ ipaclient_all_ip_addresses }}"
+        ip_addresses: "{{ ipaclient_ip_addresses | default(omit) }}"
+        request_cert: "{{ ipaclient_request_cert }}"
+        preserve_sssd: "{{ ipassd_preserve_sssd }}"
+        no_ssh: "{{ ipaclient_no_ssh }}"
+        no_sshd: "{{ ipaclient_no_sshd }}"
+        no_sudo: "{{ ipaclient_no_sudo }}"
+        fixed_primary: "{{ ipassd_fixed_primary }}"
+        permit: "{{ ipassd_permit }}"
+        no_krb5_offline_passwords: "{{ ipassd_no_krb5_offline_passwords }}"
+        no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"

    - name: Install - Configure SSH and SSHD
      ipaclient_setup_ssh: