With IPA 4.5 integers for examle in pwpolicy_find are returned as
integer values. The internally generated value will be converted from
integer to string (using to_text) if the value from find call result
is a string (or unicode for Python2).
The function api_get_realm is returning the realm of a connected FreeIPA
api. This is needed for proper principal checks in the extended ipauser
module that supports principals now.
The conversion is needed because older FreeIPA versions are returning
tuples in some cases instead of lists. To be able to compare them the
conversion to a list is needed.
The module_params_get function can and should be used as a replacement of
ansible_module.params.get. For Python2 it is needed to convert parameters
to unicode. Otherwise there will be an error in the FreeIPA API command.
The private function _afm_convert has been added to do the conversion
recursively.
api_check_param can be used to verify if params are available for a command
in the used FreeIPA version. The function has been added as api is normally
not imported into modules.
api_command is always used within try clause, therefore it is not needed
to have an extra try clause within api_command. Additionally it is needed
to get the dofferent errors in the next level.
The GSSAPI can be enabled in the management modules with either the
KRB5CCNAME or the KRB5_CLIENT_KTNAME environment variable.
For KRB5CCNAME it is needed to create a ccache file
kinit admin@TEST.LOCAL -c /root/admin.ccache
that is transferred to the nodes (here into /root) and activated in the
playbook with
environment:
KRB5CCNAME: /root/admin.ccache
For KRB5_CLIENT_KTNAME a admin keytab has to be generated
ipa-getkeytab -s ipaserver.test.local -p admin@TEST.LOCAL -k \
/root/admin.keytab
that is transferred to the nodes (here into /root) and activated in the
playbook with
environment:
KRB5_CLIENT_KTNAME: /root/admin.keytab
It will be needed to set ipaadmin_principal if the admin principal is not
admin.
The management modules can be used without a password in this case.
date_format parses the supported date formats and creates a datetime object.
compare_args_ipa compares generated args with args returned by IPA command
find_ functions.
There are now two topology management modules placed in the plugins folder:
plugins/modules/ipatopologysegment.py
plugins/modules/ipatopologysuffix.py
Topology segments can be added, removed and reinitialized with the
ipatopologysegment module. Also it is possible to verify topology suffixes
with the ipatopologysuffix module.
A new module_utils for plugins has been added:
plugins/module_utils/ansible_freeipa_module.py
And documentation for the modules:
README-topology.md
New sample playbooks are available in playbooks/topology:
playbooks/topology/add-topologysegment.yml
playbooks/topology/delete-topologysegment.yml
playbooks/topology/reinitialize-topologysegment.yml
playbooks/topology/verify-topologysuffix.yml
The plugins folder can be used with the new Ansible Collections supported
by Ansible 2.8 and Ansible galaxy 3.2.
