The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.
The raises of RuntimeError, ValueError and ScriptError are currently not
properly handled in ipaserver_prepare. This results in a trace back error
shown in Ansible instead of only showing the error message.
This happened for example if a nameserver is in /etc/resolv.conf that is
not reachable.
This adds support for the --external-ca option to ipaserver. Lots of
additional tests and checks from ServerInstallInterface.__init__ have
been added to ipaserver_test. Also duplicate tests cna checks have been
removed.
Installer settings in ansible_ipa_server module_util are now also set
to the defaults that are used in Installable, ServerInstallInterface,
ServerMasterInstall, ADTrustInstallInterface and Uninstall.
The /root/ipa.csr file generated on the node in ca.install_step_0 will
be copied to the controller as "{{ inventory_hostname }}-ipa.csr".
The new task file copy_external_cert.yml has been added to copy the
generated certificate defined in ipaserver_external_cert_files to the node
to continue with ca.install_step_1.
The tasks/install.yml file has been adapted to make sure that the steps
that will be done in step two will be skipped after step one has been
done.
The install checks have been done temporarily in _test and finally also
in _prepare. This is not needed and also not done this way in the command
line installers.
There have been missing settings that have not been provided to
ipaserver_setup_adtrust. These are: enable_compat, rid_base and
secondary_rid_base.
The settings rid_base and secondary_rid_base are now initialized in
ipaserver_test and propagated in the results.
The two settings netbios_name and reset_netbios_name are placed in the
adtrust binding in the adtrust.install_check call. These are now saved
when ipaserver_test finishes and are written back in the fist steps of
ipaserver_setup_adtrust to make adtrust.install working.
The settings add_sids and add_agents are now initialized in
ansible_ipa_server in the same way as in ServerMasterInstall. These
settings are fixed in the server deployment.
With IPA 4.7 bigger changes have been introduced
Changes:
- Use of timeconf and chrony instead of ntpconf and ntpd.
- New IPAChangeConf (not used in ipaserver modules)
- New check_ldap_conf form ipaclient.install.client
- custodia instance needed for ca and kra
- no_ntp defaults to yes for client installation part
- A new option ntp_pool has been introduced (set to None).
options.kasp_db_file is used in dns.install_check if options.dnssec_master
is enabled. kasp_db_file defauts to None and is only a supported option in
the post deployment ipa-dns-install script. Therefore it is suffient to
set it to None.
