Without this change the "Import variables specific to distribution"
tasks fail with "Could not find file on the Ansible Controller..."
on environments with inject facts disabled.
This changes the tests to run with ansible with
inject_facts_as_vars = false and fixes other roles and playbooks.
Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check
return value of krb5_kt_(start|end)_seq_get) in IPA 4.9.2 there is a new
error reported for ipa-rmkeytab in case of a non existing keytab file.
Using ipa-rmkeytab now results in the error #7 in this case.
The client role is using ipa-rmkeytab and needs to ignore error #7 also.
Fixes: #510 (ipa-client installation with OTP is failed with error code 7
(keytab: /usr/sbin/ipa-rmkeytab returned 7))
ansible-doc is reporting several issues in modules. Most of them have benn
due to misspelled description key word or due to use of multi line text
without the | in the description line.
https://pagure.io/freeipa/issue/8458 moved more things to the ipalib and
ipalib.facts:
- sysrestore has been moved from ipalib.install to ipalib
- is_ipa_configured has been moved from ipaserver.install.installutils to
ipalib.facts
Fixes: #394 (TASK [ipaclient : Install - IPA client test] Error: module
'ipalib.install.sysrestore' has no attribute
'SYSRESTORE_STATEFILE')
Ansible is now also supporting discovered_python_interpreter for
action_plugins. task_vars needs to be non Null and contain a setting for
discovered_python_interpreter. The ipaclient_get_otp action_plugin
therefore needed to be adapted.
The import of ansible_ipa_server, ansible_ipa_replica and ansible_ipa_client
might result in a permission denied error for the log file. It seems that
for collections the module utils seem to be loaded before the needed
permissions are aquired now.
The fix simply adds a wrapper for standard_logging_setup that is called in
all the modules of the server, replica and client roles to do the loggin
setup as one of the first steps of the module execution and not before.
The files for RHEL-8 (RedHat-8.yml) have simply been linked to CentOS-8.yml
for the ipaserver, ipareplica and ipaclient roles.
Fixes issue #121 (roles/*/vars needs CentOS-8.yml files)
The sssd options in the ipaclient role missed a 's' in the role. The readme
of the role used the proper names with 3 's'. The names in the role have
been fixed and if the old setting are used, they will be used in the first
place.
Also utils/ansible-ipa-client-install has been adaped to use the proper
option names now.
This fixes issue #145 (The ipaclient role misspells sssd)
configure_nsswitch_database has been removed with the freeipa commit
41ef8fba31
The 4.4 compatibility hack leads to a ALREADY installed error in
ipaclient_test because of the removal. This affects ipaclient and
ipareplica roles and also the ipaclient deployment part in ipaserver.
configure_nsswitch_database is not used any more in ipaclient role modules
and therefore simply can be removed from ansible_ipa_client.
The documentation of the module paramaters have been updated. The parameter
list has been updated and all parameters are providing a description and
the required argument has been updated to reflect current setting in the
modules.
All module_utils are now providing the __all__ structure. Alse the imports
in the modules have been updated to only import freeipa sturctures from
module_utils.
The description of ipaclient_on_master in the ipaclient README was
providing the information that the flag is also used for relicas. This
is not correct and has been removed.
When OTP is used for installation of a client or the client part of
a replica and also there is no DNS record for the client, then
ipaclient_get_otp fails in the host_add call.
With the force mode the host_add call will ignore the missing DNS
record and will properly add the host. The host information and also
the DNS record will be updated while deploying the client according
to the given settings.
Fixes: #74 (ipaclient fails when ipaclient_use_otp is true and client ..)
sync_time is not using options anymore, but has two new arguments. These
are ntp_servers and ntp_pool. The options argument is not used anymore.
This requires to use inspect on sync_time to be able to detect if the old
or the new function is available.
The call for get_time_source has been added, but is documented out as the
call is only useful in interactive mode.
ipaclient_test now returns ntp_servers and ntp_pool, which are then used
for ipaclient_setup_ntp.
If kinit_password call failed because of wrong password or even because
kinit was not found, there was a very unspecific error message. Now these
errors will be properly reported.
Fixes: RHBZ#1727277
