The parameter options.no_dnssec_validation was set using a bad
parameter name. This lead to not beeing able to turn off dnssec
validation in the replica deployment.
Fixes: #456 (ipareplica_no_dnssec_validation)
ansible-doc is reporting several issues in modules. Most of them have benn
due to misspelled description key word or due to use of multi line text
without the | in the description line.
The import of ansible_ipa_server, ansible_ipa_replica and ansible_ipa_client
might result in a permission denied error for the log file. It seems that
for collections the module utils seem to be loaded before the needed
permissions are aquired now.
The fix simply adds a wrapper for standard_logging_setup that is called in
all the modules of the server, replica and client roles to do the loggin
setup as one of the first steps of the module execution and not before.
These settings are file descriptors if external certificates are used and
are not used later in the roles. Therefore these settings have been removed.
Fixes: #110 (Ansible error with external certificates)
The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
module.
This one was missed in the big module update.
The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.
Some errors have been printed to the error log only and fail_json only got
an empty string as error message. This made the causes of the errors hard
to get.
These two varibles in the dns binding are initialized in the installation
check in the install_check parts of ipareplica_prepare and used later on
in the dns configuration in ipareplica_setup_dns.
Some settings for kra have not been correct for kra with the change to
use single Custodia instance in the installer (freeipa 994f71ac8).
These modules have been adapted:
ipareplica_custodia_import_dm_password
ipareplica_enable_ipa
ipareplica_setup_ca
ipareplica_setup_custodia
ipareplica_setup_kra
The hidden replica support introduced some incompatible changes to replica
deployment. The methods find_providing_server and find_providing_serves
have been moved from ipaserver.install.service to ipaserver.masters.
Additionally the host_name argument for find_providing_server is a list
now. This breaks existing ipareplica Ansible modules ipareplica_prepare
and ipareplica_enable_ipa.
There have been missing settings that have not been provided to
ipareplica_setup_adtrust. These are: enable_compat, rid_base and
secondary_rid_base.
The settings rid_base and secondary_rid_base are now initialized in
ipareplica_prepare and propagated in the results.
The two settings netbios_name and reset_netbios_name are placed in the
adtrust binding in the adtrust.install_check call. These are now saved
when ipareplica_prepare finishes and are written back in the fist steps of
ipareplica_setup_adtrust to make adtrust.install working.
The settings add_sids and add_agents are now initialized in
ansible_ipa_replica in the same way as in ServerMasterInstall. These
settings are fixed in the replica deployment.
Related: #73 (ipaserver_setup_adtrust fails on default smb.conf)
The configuration of DNS failed because of missing DNS settings in the
ipareplica_prepare and ipareplica_setup_dns.
Some fixed settings for use with DNSInstallInterface have been added
to ansible_ipa_replica:
options.dnssec_master = False
options.disable_dnssec_master = False
options.kasp_db_file = None
options.force = False
Fixes: #58 (install-replica fails: reverse_zones seems to be empty)
Fixes: #63 (ipareplica_setup_dns fails)
With FreeIPA 4.7.0 there is no support for domain level 0 anymore, the
check for the minimal domain level should use MIN_DOMAIN_LEVEL instead of
DOMAIN_LEVEL_1.
With IPA 4.7 bigger changes have been introduced
Changes:
- Use of timeconf and chrony instead of ntpconf and ntpd.
- custodia instance needed for ca and kra
- Use of create_ipa_conf with changed setting in setup_http for install_http,
reverted back afterwards.
The support for external cert files is not complete yet.
Please have a look at the example inventory file inventory/hosts.replica and
also the install and uninstall playbook files install-replica.yml and
uninstall-replica.yml
