The call of standard_logging_setup results in verbose and debug output in
the ansible modules. This needs to be done in an altenative way.
This reverts commit 2113c79111.
The inspect binding is needed because of the inspection of
validate_domain_name that has been introduced with commit
818db5cb4d for FreeIPA versions prior
to 4.7.
The entity argument for validate_domain_name is only available in
FreeIPA 4.7 and later. This has been fixed using inspect to be able to
detect if entity is a valid argument. If not the whole realm name check
is skipped.
Related: #61 (ipaserver role - Fails on ipaclient install)
Fixes: #66 (Python 2 error with validate_domain)
Removed unused user_input import from ipapython.ipautil. Added import
of DN from ipapython.dn. Set ntpinstance to None if timeconf or
sync_time could not be imported on older FreeIPA releases.
The installer logs have not been created using the ansible ipaclient,
ipareplica and ipaserver roles. This has been fixed and the installer
logs are created now.
The role test is executed in the ipa[server,replica,client] roles first.
These tests are usable in the Ansible test mode, but the folllowing steps
in the task list are not. Therefore the blocks following the tests are
limited to not being executed in test mode.
python_2_3_test needs to be executed also in test mode to make sure that the
follwing ipa[server,replica,client]_test modules could be executed also in
test mode.
With these settings for server, replica and client it is possible to skip
package installation. This is for example useful if the packages are already
installed. The settings default to yes
The setting ipareplica_no_package_install has been removed.
As the old way to include tasks is deprecated, replace static include
statements with import_tasks and dynamic ones with include_tasks.
Increaded the required ansible version to 2.5.0 to make sure that
include_tasks and import_tasks is working as expected.
Fixes issue #38
Service entries in cn=FQDN,cn=masters,cn=ipa,cn=etc are no longer
created as enabled. Instead they are flagged as configuredService. At
the very end of the installer, the service entries are switched from
configured to enabled service.
This is related to freeipa upstream commit:
Delay enabling services until end of installer:
https://github.com/freeipa/freeipa/commit/7284097
This is a partly pick of the changes done by pyguy for pull request #28.
The unrelated changed on inventory files have been removed and the change
to the README has been adapted to use the "Supported Distributions" section.
The original commits by pyguy in https://github.com/pyguy/ansible-freeipa
are:
commit 1ed1fa845eafd69432b1fd1fc8e5329e4991e84a
Author: pyguy <hr.josheghani@gmail.com>
Date: Mon Jun 25 17:17:31 2018 +0430
Ubuntu Support added
commit 9a4a7c84e4af20af27e814aba4fc2c6b8b35ec0f
Author: pyguy <hr.josheghani@gmail.com>
Date: Sun Jun 24 10:58:07 2018 +0430
Ubuntu support added
Tee message for a domain and realm name mismatch should be a warning and
not a fail in the ipaserver test. It is also a warning in the normal
installer.
The use of IPA versions to determine if get_custodia_instance should be
used was not optimal as the patch that introduced this has been back-ported
to the EL-7 package with verion 4.5.4. As get_custodia_instance was not
available before we can simply check if get_custodia_instance exists in
custodiainstance.
Lowered version check to be compatible with CentOS 7.5
Added missing attributes to setup_kra to be compatible with latest python2-ipaserver librarty on CentOS 7.5 (python2-ipaserver-4.5.4-10.el7.centos.3.noarch)
A new Fedora-27 ditribution specific file has been added. Additionally
ipaserver_packages_adtrust has been updated in all files to contain
[free]ipa-server-trust-ad.
With IPA 4.7 bigger changes have been introduced
Changes:
- Use of timeconf and chrony instead of ntpconf and ntpd.
- New IPAChangeConf (not used in ipaserver modules)
- New check_ldap_conf form ipaclient.install.client
- custodia instance needed for ca and kra
- no_ntp defaults to yes for client installation part
- A new option ntp_pool has been introduced (set to None).
tasks.create_tmpfiles_dirs only needs IPAAPI_USER as an argument for
version 4.5.4. For 4.5 there is no support for arguments.
IPAAPI_USER is therefore only needed for 4.5.4 in
module_utils/ansible_ipa_server.py
When forwarders list or the no_forwarders flag has been set, the
configuraiton does not reflect the setting. With no_forwarders
the preparation step of the DNS server could fail in ipaserver_prepare.
This is addressing the issue of pull request #25.
- Do not register a change in the playbook run when registering the
variable checking for whether or not Python 3 imports work
Signed-off-by: Kellin <kellin@retromud.org>
b29db07c3b3d8937f53684fdbba985fec525d69d by Christian Heimes
Replace custom file_exists() and dir_exists() functions with proper
functions from Python's stdlib.
The change also gets rid of pylint's invalid bad-python3-import error,
https://github.com/PyCQA/pylint/issues/1565
options.kasp_db_file is used in dns.install_check if options.dnssec_master
is enabled. kasp_db_file defauts to None and is only a supported option in
the post deployment ipa-dns-install script. Therefore it is suffient to
set it to None.
A new section has been added to configure firewalld automatically as the
last step of the server installation.
A new switch has been added to be able to turn firewalld configuration off:
ipaserver_no_firewalld. It defaults to no.
The client role is used also while installing the server. There has been an
issue where the server installation has not been complete because of a
playbook termination in the client.
This has been fixed and the client and also the server are fully configured
in the server installation.
forward_policy needs to be None for the DNS check for proper initialization
if the user is not providing another forward_policy value. forward_policy will
be set in the DNS check.
no_dnssec_validation is enabled in the DNS check if the forwarders do not
provide DNSSEC validation. Therefore this needs to be handed over to the dns
installation later on.
New return values for forward_policy and no_dnssec_validation have been added
to the ipaserver_test module.
