The roles ipaconf, krb5 and sssd have been using GPLv2+ in the license meta
information while everything else is GPLv3. Therefore the license meta
information has been changed to GPLv3.
The relative import of the distribution specific vars files requires to use
is not working. {{ role_path }} needs to be used to force the load of the
proper files.
The server role has different setting names:
- groups.ipaserver: groups.ipaservers
- ipaserver_domain: ipaclient_domain
- ipaserver_realm: ipaclient_realm
Both need to be supported to be able to sue the client role within the server
role, but also standalone.
forward_policy needs to be None for the DNS check for proper initialization
if the user is not providing another forward_policy value. forward_policy will
be set in the DNS check.
no_dnssec_validation is enabled in the DNS check if the forwarders do not
provide DNSSEC validation. Therefore this needs to be handed over to the dns
installation later on.
New return values for forward_policy and no_dnssec_validation have been added
to the ipaserver_test module.
These global variables are initialized in the dns module in the
dns.install_check function. The settings are needed to be able to do a
proper dns setup in the ipaserver_setup_dns ansible module.
Attempt to sync time if on_master is not set and no_ntp is not set: At
first with given or dicovered time servers. If no ntp servers have been
given or discovered, then with the ipa server.
New parameters:
on_master:
description: IPA client installation on IPA server
required: false
default: false
type: bool
default: no
ntp_servers:
description: List of NTP servers to use
required: false
type: list
default: []
no_ntp:
description: Do not sync time and do not detect time servers
required: false
default: false
type: bool
default: no
The ntp_servers output parameter is now always an empty list if on_master
or no_ntp is set.
ipaclient_hostname needs to be specified in the inventory file for the hosts
where the name needs to get changed.
Example:
192.168.1.1 ipaclient_hostname=ipaclient1.mine.local
The option should not be specified in [ipaclients:vars] as all hosts would
get the same name.
With ansible 2.3.1 it is possible to have one place as an additional utils
module to do all the needed steps to be able to generate the environment for
new and older ipa versions.
The library modules are now a lot smaller.
The minimal ansible version has been increased to 2.3.1.
In the future it might now also be possible to have a special
ansible_ipa_client version for ipa < 4.4 in this utils module.
