There is a new hostgroup management module placed in the plugins folder:
plugins/modules/ipahostgroup.py
The hostgroup module allows to add, remove and disable hosts.
The hostgroup module is as compatible as possible to the Ansible upstream
ipa_hostgroup module, but addtionally offers to ensure member presence and
absence.
Here is the documentation for the module:
README-hostgroup.md
New example playbooks have been added:
playbooks/hostgroup/ensure-hostgroup-is-absent.yml
playbooks/hostgroup/ensure-hostgroup-is-present.yml
playbooks/hostgroup/ensure-hosts-and-hostgroups-are-absent-in-hostgroup.yml
playbooks/hostgroup/ensure-hosts-and-hostgroups-are-present-in-hostgroup.yml
There is a new user management module placed in the plugins folder:
plugins/modules/ipauser.py
The host module allows to add, remove and disable hosts.
The host module is as compatible as possible to the Ansible upstream
ipa_host` module, but addtionally offers to disable hosts.
Here is the documentation for the module:
README-host.md
New example playbooks have been added:
playbooks/host/add-host.yml
playbooks/host/delete-host.yml
playbooks/host/disable-host.yml
The GSSAPI can be enabled in the management modules with either the
KRB5CCNAME or the KRB5_CLIENT_KTNAME environment variable.
For KRB5CCNAME it is needed to create a ccache file
kinit admin@TEST.LOCAL -c /root/admin.ccache
that is transferred to the nodes (here into /root) and activated in the
playbook with
environment:
KRB5CCNAME: /root/admin.ccache
For KRB5_CLIENT_KTNAME a admin keytab has to be generated
ipa-getkeytab -s ipaserver.test.local -p admin@TEST.LOCAL -k \
/root/admin.keytab
that is transferred to the nodes (here into /root) and activated in the
playbook with
environment:
KRB5_CLIENT_KTNAME: /root/admin.keytab
It will be needed to set ipaadmin_principal if the admin principal is not
admin.
The management modules can be used without a password in this case.
Currently it is ignored if the entry for reinitialized can not be found if
the name or left and right are not correct. Now there is a failure in this
case.
Fixes: #107 (Reinitialize are failed to find the node in ipatopology ..)
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
With adding the domain and ca suffixes with `suffix: domain+ca` only ca
has been added as the suffix was only used from the last command. The
suffix is now stored together with the command and the argument. This
will fix this error.
Fixes: #106 (Last suffix adding twice in the list of topology segments)
There is a new group management module placed in the plugins folder:
plugins/modules/ipagroup.py
The group module allows to add, remove, enable, disable, unlock und undelete
groups.
The group module is as compatible as possible to the Ansible upstream
`ipa_group` module, but addtionally offers to add users to a group and also
to remove users from a group.
Here is the documentation for the module:
README-group.md
New example playbooks have been added:
playbooks/user/add-groups-to-group.yml
playbooks/user/add-user-to-group.yml
playbooks/user/add-group.yml
playbooks/user/delete-group.yml
There is a new user management module placed in the plugins folder:
plugins/modules/ipauser.py
The user module allows to add, remove, enable, disable, unlock und undelete
users.
The user module is as compatible as possible to the Ansible upstream
`ipa_user` module, but addtionally offers to preserve delete, enable,
disable, unlock and undelete users.
Here is the documentation for the module:
README-user.md
New example playbooks have been added:
playbooks/user/add-user.yml
playbooks/user/delete-user.yml
playbooks/user/enable-user.yml
playbooks/user/disable-user.yml
playbooks/user/delete-preserve--user.yml
playbooks/user/undelete-user.yml
date_format parses the supported date formats and creates a datetime object.
compare_args_ipa compares generated args with args returned by IPA command
find_ functions.
The use of password will conflict with the user password setting and is
not really descriptive. ipaadmin_principal and ipaadmin_password are also
used in the roles.
It is now possible to use domain+ca as suffix, That means that the segment
will be handled for the suffixes domain and also ca.
The new state checked is returning two lists found and not-found. If a
segment exists, the ckecked suffix is added to the found list. If a segment
from suffix is not found, it is added to the not-found list.
New example playbooks have been added:
playbooks/topology/add-topologysegments.yml
playbooks/topology/check-topologysegments.yml
playbooks/topology/delete-topologysegments.yml
The cluster playbook has been extended by the
There are now two topology management modules placed in the plugins folder:
plugins/modules/ipatopologysegment.py
plugins/modules/ipatopologysuffix.py
Topology segments can be added, removed and reinitialized with the
ipatopologysegment module. Also it is possible to verify topology suffixes
with the ipatopologysuffix module.
A new module_utils for plugins has been added:
plugins/module_utils/ansible_freeipa_module.py
And documentation for the modules:
README-topology.md
New sample playbooks are available in playbooks/topology:
playbooks/topology/add-topologysegment.yml
playbooks/topology/delete-topologysegment.yml
playbooks/topology/reinitialize-topologysegment.yml
playbooks/topology/verify-topologysuffix.yml
The plugins folder can be used with the new Ansible Collections supported
by Ansible 2.8 and Ansible galaxy 3.2.
