Truncate stdout and stderr in the way that it hopefully shows all
important information. At least 15 lines of stdout (Ansible tasks) and
remaining from stderr to fill up to maxlen size.
The test log mostly only showed lines from stderr as the log was a
concatenation of stdout and stderr and only the last 2500 chars of this
have been used. This was hiding the test result from stdout and failures
have not beeen visible.
The no_log tag is only allowed in the argument_spec, but not in the
DOCUMENTATION section. Set no_log=False for token_uri and
keys_uri=keys_uri in the argument_spec to enforce logging.
Several fixes for the DOCUMENTATION section: The short_description tag
was 'short description', the chain option was missing and the unknown
authers tag has been removed.
setuptools might not be installed before importing and using
galaxy_importer. This could result in a backtrace by disabling
ANSIBLE_TEST_LOCAL_IMAGE in galaxy-importer.cfg to run latest tests.
The service READNE so far lacks the documentation of multi service
handling within a single task.
The alias for the continue parameter was also added.
Fixes: #1113
The bindings for requests and urllib3 might not be available, especially
in the ansible-test fake execution test (next version). These imports are
now in a try exception clause to make sure that the fake execution test
will be passing and also that there is a better error message if the
bindings are missing.
urllib3.exceptions.InsecureRequestWarning is now also only disabled if
no certificate has been given for the verification of the connection.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
This patch updates the minimum supported Ansible version and the list
of available modules.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
ansible-freeipa roles do not work with Ansible 2.8 anymore, so the
minimum supported version is changed to 2.15, the oldest supported
Ansible version as of today.
This patch includes the change to the version number in the collection
and all plugin README files. The collection README was also update to
remove text that related only to previous Ansible versions.
The parameters
- subtree (ipapermlocation)
- target (ipapermtarget)
- targetto (ipapermtargetto)
- targetfrom (ipapermtargetfrom)
have not been idempotent as the result returned from permission_show was
a DN and not a string.
The find_permission function has been exetended to convert the values
for these parameters to strings.
Fixes: #1257
The error string returned by execute_ipa_commands in batch mode
additionally contains the whole parameter list for the command. This is
different to non batch mode execution and breaks tests that are checking
the returned error message.
A left over debug message also have been removed from the error
processing.
Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.
Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.
Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.
Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.
Certificates given by ansible could have leading and trailing white
space, but also multi line input is possible that also could have
leading and training white space and newlines.
New function:
- convert_input_certificates(module, certs, state)
FreeIPA commit ea0bf4020ce0b1e32572e128e9323c5af60ec93d
After an HSM replica install ensure all certs are visible
If a certificate on a token does not have NSS trust set then
it won't be visible in the softoken. This can be disconcerting
for those used to seeing all the certificates.
Loop through the possibilities and set no trust (or Peer) for
all the certificates on the token.
Also ensure that the CA certificate has the correct nickname.
Related: https://pagure.io/freeipa/issue/9273
replicainstall.install_ca_cert has been removed, paths.IPA_CERTUPDATE is
called instead if the client was configured before deploying with
iparepica role.
FreeIPA commit 8f25b2a74a587548976f3d29f0b69d566d70125d
Refactor CA file handling in replica installer
Clean up and remove obsolete code from ipa-replica-install. For several
versions replica installer first ensures that a host is an IPA client,
then promotes the client to a replica. The client installer code sets up
CA stores like IPA_CA_CRT already.
The config attributes config_master_host_name and also config_ca_host_name
are not changed within ipareplica_install_ca_certs, therefore it is not
needed to return them and also to use the returned values for following
tasks.
The HSM parameters
token_name
token_library_path
token_password
token_password_file
are set to None to enable deployment with IPA 4.12 as a workaround till
HSM can be fully supported by the ipaserver role.
