There have been missing settings that have not been provided to
ipaserver_setup_adtrust. These are: enable_compat, rid_base and
secondary_rid_base.
The settings rid_base and secondary_rid_base are now initialized in
ipaserver_test and propagated in the results.
The two settings netbios_name and reset_netbios_name are placed in the
adtrust binding in the adtrust.install_check call. These are now saved
when ipaserver_test finishes and are written back in the fist steps of
ipaserver_setup_adtrust to make adtrust.install working.
The settings add_sids and add_agents are now initialized in
ansible_ipa_server in the same way as in ServerMasterInstall. These
settings are fixed in the server deployment.
Meta end_play has been used as a simple solution to end the playbook
processing in special conditions, like for example when the deployment
was already done before.
meta end_play has been replaced with blocks and conditions for these
blocks.
Fixes: #70 (Avoid using meta end_play)
The ansible_fqdn hostname has been enforced to be set and used in
ipaserver, ipareplica and also ipaclient role. This has been removed as
the hostname should only be set if specified explicitly with
ipa[server,replica,client]_hostname.
The role test is executed in the ipa[server,replica,client] roles first.
These tests are usable in the Ansible test mode, but the folllowing steps
in the task list are not. Therefore the blocks following the tests are
limited to not being executed in test mode.
python_2_3_test needs to be executed also in test mode to make sure that the
follwing ipa[server,replica,client]_test modules could be executed also in
test mode.
With these settings for server, replica and client it is possible to skip
package installation. This is for example useful if the packages are already
installed. The settings default to yes
The setting ipareplica_no_package_install has been removed.
As the old way to include tasks is deprecated, replace static include
statements with import_tasks and dynamic ones with include_tasks.
Increaded the required ansible version to 2.5.0 to make sure that
include_tasks and import_tasks is working as expected.
Fixes issue #38
Service entries in cn=FQDN,cn=masters,cn=ipa,cn=etc are no longer
created as enabled. Instead they are flagged as configuredService. At
the very end of the installer, the service entries are switched from
configured to enabled service.
This is related to freeipa upstream commit:
Delay enabling services until end of installer:
https://github.com/freeipa/freeipa/commit/7284097
With IPA 4.7 bigger changes have been introduced
Changes:
- Use of timeconf and chrony instead of ntpconf and ntpd.
- New IPAChangeConf (not used in ipaserver modules)
- New check_ldap_conf form ipaclient.install.client
- custodia instance needed for ca and kra
- no_ntp defaults to yes for client installation part
- A new option ntp_pool has been introduced (set to None).
When forwarders list or the no_forwarders flag has been set, the
configuraiton does not reflect the setting. With no_forwarders
the preparation step of the DNS server could fail in ipaserver_prepare.
This is addressing the issue of pull request #25.
- Do not register a change in the playbook run when registering the
variable checking for whether or not Python 3 imports work
Signed-off-by: Kellin <kellin@retromud.org>
A new section has been added to configure firewalld automatically as the
last step of the server installation.
A new switch has been added to be able to turn firewalld configuration off:
ipaserver_no_firewalld. It defaults to no.
The client role is used also while installing the server. There has been an
issue where the server installation has not been complete because of a
playbook termination in the client.
This has been fixed and the client and also the server are fully configured
in the server installation.
forward_policy needs to be None for the DNS check for proper initialization
if the user is not providing another forward_policy value. forward_policy will
be set in the DNS check.
no_dnssec_validation is enabled in the DNS check if the forwarders do not
provide DNSSEC validation. Therefore this needs to be handed over to the dns
installation later on.
New return values for forward_policy and no_dnssec_validation have been added
to the ipaserver_test module.
These global variables are initialized in the dns module in the
dns.install_check function. The settings are needed to be able to do a
proper dns setup in the ipaserver_setup_dns ansible module.
