There is a new server management module placed in the plugins folder:
plugins/modules/ipaserver.py
The server module allows to ensure presence and absence of servers. The
module requires an existing server, the deployment of a new server can
not be done with the module.
DNSName has been added to ansible_freeipa_module in plugins/module_utils
as this is used for locations.
Here is the documentation for the module:
README-server.md
New example playbooks have been added:
playbooks/server/server-absent-continue.yml
playbooks/server/server-absent-force.yml
playbooks/server/server-absent-ignore_last_of_role.yml
playbooks/server/server-absent-ignore_topology_disconnect.yml
playbooks/server/server-absent.yml
playbooks/server/server-hidden.yml
playbooks/server/server-location.yml
playbooks/server/server-no-location.yml
playbooks/server/server-no-service-weight.yml
playbooks/server/server-not-hidden.yml
playbooks/server/server-present.yml
playbooks/server/server-service-weight.yml
New tests for the module:
tests/server/test_server.yml
Change in module_utils/ansible_freeipa_module:
DNSName is imported from ipapython.dnsutil and also added to __all__
Module was raising exceptions when trying to create a new privilege
with permissions. This change fixes the behavior and ensuure
idempotence with trying to create a privilege with the same values.
Tests for this behavior have been appended to:
tests/privilege/test_privilege.yml
There were no test for the arguments of compare_args_ipa() to check
if they were `None`, and they were used in contexts where `None`
would raise exceptions.
A test was added to return `False` if only one of the parameters is
`None`, and `True` if both are None.
IPA translates exception messages and Ansible uses controller's
language to execute plugins on target hosts, and since ansible-freeipa
uses Exceptions messages to detect some errors and/or states, using any
language that has a translation for the required messages may cause the
plugin to misbehave.
This patch modifies ansible_freeipa_module in plugin/module_utils to
force the use of "C" as the language by setting the environment variable
LANGUAGE.
Tests were added to verify the correct behavior:
tests/environment/test_locale.yml
The first test will fail, if ansible_freeipa_module is not patched, with
the message:
host_show failed: nonexistent: host nicht gefunden
This issue is not present if the language selected does not provide
a translation for the eror message.
This patch does not fix encoding issues that might occur in certain
releases (e.g.: CentOS 8.3).
Fix#516
Tests for service certificates were still using pre-generated
certificate files. This patch uses the same approach as other tests,
it generates a certficate, when needed, and use file lookup.
The Github workflow Ubuntu images do not provide Ansible pre-installed
anymore, and this patch forces its installation through Python's pip.
Different jobs were created to test documentation with different
versions of Ansible, currently 2.9 and the latest available.
In CentOS 8 and also Fedora the configuration and start of chrony
fails with
Fatal error : adjtimex(0x8001) failed : Operation not permitted
For more information: https://bugzilla.redhat.com/show_bug.cgi?id=1772053
NTP will not be needed before a separate namespace is used for clocks.
Without this change the "Import variables specific to distribution"
tasks fail with "Could not find file on the Ansible Controller..."
on environments with inject facts disabled.
This changes the tests to run with ansible with
inject_facts_as_vars = false and fixes other roles and playbooks.
Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check
return value of krb5_kt_(start|end)_seq_get) in IPA 4.9.2 there is a new
error reported for ipa-rmkeytab in case of a non existing keytab file.
Using ipa-rmkeytab now results in the error #7 in this case.
The client role is using ipa-rmkeytab and needs to ignore error #7 also.
Fixes: #510 (ipa-client installation with OTP is failed with error code 7
(keytab: /usr/sbin/ipa-rmkeytab returned 7))
The example playbooks for ipaselfservice were using the wrong module,
ipadelegation. This patch changes the references from ipadelegation
to ipaselfservice on these example playbooks.
Also, the attributes were changed, so the same attributes are used
throughout the examples.
Building containers for CentOS and Fedora were failing due to image
download failure. The container build process was fixed by changing
the base images.
Without explicit installation, Ansible was failing to run on
Azure pipelines. This change explicitly install the latest
Ansible version available through `pip`.
In the near future, Github will use Ubuntu 20.04, for workflows, and
this change will keep the upstream CI environment consistent between
Github and Azure.
Fixed names of sudorule member objects, as they did not match the names provided by IdM.
From: To:
member_host memberhost_host
member_hostgroup memberhost_hostgroup
member_user memberuser_user
member_group memberuser_group
Fixes: #500
A wrong variable was used inside of the while IFS read loops. This
prevented that the modules, playbooks, tasks, example playbooks and also
tests have been adapted for the galaxy release naming scheme.
In `ipapermission` plugin, Some attributtes were not being managed
when `action: member` was enabled.
This patch enable member management for `right`, `rawfilter`,
`filter, and fixes management of `memberof`.
Fix issue #489
When adding A or AAAA records using the compatibility mode with
Ansible's community general plugin, the reverse (PTR) record was
added, but the A/AAAA record was not. This patch fixes the behavior.
Fix issue #491
