Merge pull request #511 from t-woerner/ipaclient_otp_rmkeytab_error#7

ipaclient: Do not fail on rmkeytab error #7
2026-03-27 13:53:06 +00:00 · 2021-02-22 20:27:53 +05:30 · 2021-02-22 13:28:04 +01:00 · 2021-02-04 17:06:23 +05:30 · 2021-02-04 17:03:59 +05:30 · 2021-02-04 08:30:37 -03:00
18 changed files with 70 additions and 49 deletions
--- a/molecule/centos-8-build/molecule.yml
+++ b/molecule/centos-8-build/molecule.yml
@@ -3,7 +3,7 @@ driver:
  name: docker
 platforms:
  - name: centos-8-build
-    image: centos:8
+    image: "centos:centos8"
    pre_build_image: true
    hostname: ipaserver.test.local
    dns_servers:
--- a/molecule/fedora-latest-build/molecule.yml
+++ b/molecule/fedora-latest-build/molecule.yml
@@ -3,7 +3,7 @@ driver:
  name: docker
 platforms:
  - name: fedora-latest-build
-    image: fedora-latest
+    image: "fedora:latest"
    dockerfile: Dockerfile
    hostname: ipaserver.test.local
    dns_servers:
--- a/playbooks/permission/permission-absent.yml
+++ b/playbooks/permission/permission-absent.yml
@@ -4,8 +4,8 @@
  become: true

  tasks:
-  - name: Ensure permission TestPerm1 is absent
+  - name: Ensure permission is absent
    ipapermission:
+      ipaadmin_password: SomeADMINpassword
      name: TestPerm1
      state: absent
-
--- a/playbooks/permission/permission-allow-read-employeenum.yml
+++ b/playbooks/permission/permission-allow-read-employeenum.yml
@@ -4,11 +4,12 @@
  become: true

  tasks:
-  - name: Ensure permission TestPerm2 is present with Read rights to employeenumber
+  - name: Ensure permission is present with set of rights to attribute employeenumber
    ipapermission:
-      name: TestPerm2
+      ipaadmin_password: SomeADMINpassword
+      name: TestPerm1
      object_type: user
-      perm_rights: 
+      right:
        - read
        - search
        - compare
--- a/playbooks/permission/permission-member-absent.yml
+++ b/playbooks/permission/permission-member-absent.yml
@@ -4,8 +4,9 @@
  become: true

  tasks:
-  - name: Ensure privilege User Administrators privilege is absent on Permission TestPerm1
+  - name: Ensure permission privilege, "User Administrators", is absent
    ipapermission:
+      ipaadmin_password: SomeADMINpassword
      name: TestPerm1
      privilege: "User Administrators"
      action: member
--- a/playbooks/permission/permission-member-present.yml
+++ b/playbooks/permission/permission-member-present.yml
@@ -4,8 +4,9 @@
  become: true

  tasks:
-  - name: Ensure permission TestPerm1 is present with the User Administrators privilege present
+  - name: Ensure permission is present with "User Administrators" privilege
    ipapermission:
+      ipaadmin_password: SomeADMINpassword
      name: TestPerm1
      privilege: "User Administrators"
      action: member
--- a/playbooks/permission/permission-present.yml
+++ b/playbooks/permission/permission-present.yml
@@ -4,8 +4,9 @@
  become: true

  tasks:
-  - name: Ensure permission TestPerm1 is present
+  - name: Ensure permission is present
    ipapermission:
+      ipaadmin_password: SomeADMINpassword
      name: TestPerm1
      object_type: host
-      perm_rights: all
+      right: all
--- a/playbooks/permission/permission-renamed.yml
+++ b/playbooks/permission/permission-renamed.yml
@@ -4,8 +4,9 @@
  become: true

  tasks:
-  - name: Ensure permission TestPerm1 is present
+  - name: Ensure permission TestPerm1 is renamed to TestPermRenamed
    ipapermission:
+      ipaadmin_password: SomeADMINpassword
      name: TestPerm1
      rename: TestPermRenamed
      state: renamed
--- a/playbooks/selfservice/selfservice-absent.yml
+++ b/playbooks/selfservice/selfservice-absent.yml
@@ -1,11 +1,11 @@
 ---
- name: Delegation absent
+- name: Selfservice absent
  hosts: ipaserver
  become: true

  tasks:
-  - name: Ensure delegation "basic manager attributes" is absent
-    ipadelegation:
+  - name: Ensure selfservice "basic manager attributes" is absent
+    ipaselfservice:
      ipaadmin_password: SomeADMINpassword
      name: "basic manager attributes"
      state: absent
--- a/playbooks/selfservice/selfservice-member-absent.yml
+++ b/playbooks/selfservice/selfservice-member-absent.yml
@@ -1,15 +1,15 @@
 ---
- name: Delegation member absent
+- name: Selfservice member absent
  hosts: ipaserver
  become: true

  tasks:
-  - name: Ensure delegation "basic manager attributes" member attributes employeenumber and employeetype are absent
-    ipadelegation:
+  - name: Ensure selfservice "basic manager attributes" member attributes employeenumber and employeetype are absent
+    ipaselfservice:
      ipaadmin_password: SomeADMINpassword
      name: "basic manager attributes"
      attribute:
-      - employeenumber
-      - employeetype
+      - businesscategory
+      - departmentnumber
      action: member
      state: absent
--- a/playbooks/selfservice/selfservice-member-present.yml
+++ b/playbooks/selfservice/selfservice-member-present.yml
@@ -1,11 +1,11 @@
 ---
- name: Delegation member present
+- name: Selfservice member present
  hosts: ipaserver
  become: true

  tasks:
-  - name: Ensure delegation "basic manager attributes" member attribute departmentnumber is present
-    ipadelegation:
+  - name: Ensure selfservice "basic manager attributes" member attribute departmentnumber is present
+    ipaselfservice:
      ipaadmin_password: SomeADMINpassword
      name: "basic manager attributes"
      attribute:
--- a/playbooks/selfservice/selfservice-present.yml
+++ b/playbooks/selfservice/selfservice-present.yml
@@ -1,11 +1,11 @@
 ---
- name: Delegation present
+- name: Selfservice present
  hosts: ipaserver
  become: true

  tasks:
-  - name: Ensure delegation "basic manager attributes" is present
-    ipadelegation:
+  - name: Ensure selfservice "basic manager attributes" is present
+    ipaselfservice:
      ipaadmin_password: SomeADMINpassword
      name: "basic manager attributes"
      permission: read
--- a/plugins/modules/ipasudorule.py
+++ b/plugins/modules/ipasudorule.py
@@ -429,16 +429,16 @@ def main():

                    # Generate addition and removal lists
                    host_add, host_del = gen_add_del_lists(
-                        host, res_find.get('member_host', []))
+                        host, res_find.get('memberhost_host', []))

                    hostgroup_add, hostgroup_del = gen_add_del_lists(
-                        hostgroup, res_find.get('member_hostgroup', []))
+                        hostgroup, res_find.get('memberhost_hostgroup', []))

                    user_add, user_del = gen_add_del_lists(
-                        user, res_find.get('member_user', []))
+                        user, res_find.get('memberuser_user', []))

                    group_add, group_del = gen_add_del_lists(
-                        group, res_find.get('member_group', []))
+                        group, res_find.get('memberuser_group', []))

                    allow_cmd_add, allow_cmd_del = gen_add_del_lists(
                        allow_sudocmd,
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -181,8 +181,12 @@
    # Do not fail on error codes 3 and 5:
    #   3 - Unable to open keytab
    #   5 - Principal name or realm not found in keytab
+    #   7 - Failed to set cursor, typically when errcode
+    #       would be issued in past
    failed_when: result_ipa_rmkeytab.rc != 0 and
-                 result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
+                 result_ipa_rmkeytab.rc != 3 and
+                 result_ipa_rmkeytab.rc != 5 and
+                 result_ipa_rmkeytab.rc != 7
    when: (ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool

  - name: Install - Backup and set hostname
--- a/tests/azure/azure-pipelines.yml
+++ b/tests/azure/azure-pipelines.yml
@@ -15,7 +15,7 @@ trigger:
 - master

 pool:
-  vmImage: 'ubuntu-18.04'
+  vmImage: 'ubuntu-20.04'

 stages:
 - stage: Centos7
--- a/tests/azure/build-containers.yml
+++ b/tests/azure/build-containers.yml
@@ -11,7 +11,7 @@ schedules:
 trigger: none

 pool:
-  vmImage: 'ubuntu-18.04'
+  vmImage: 'ubuntu-20.04'

 jobs:

--- a/tests/azure/templates/build_container.yml
+++ b/tests/azure/templates/build_container.yml
@@ -15,7 +15,7 @@ jobs:
    inputs:
      versionSpec: '3.6'

-  - script: python -m pip install --upgrade pip setuptools wheel
+  - script: python -m pip install --upgrade pip setuptools wheel ansible
    displayName: Install tools

  - script: pip install molecule[docker]
--- a/utils/build-galaxy-release.sh
+++ b/utils/build-galaxy-release.sh
@@ -15,49 +15,61 @@ find . -name "*~" -exec rm {} \;
 sed -i -e "s/ansible.module_utils.ansible_freeipa_module/ansible_collections.${collection_prefix}.plugins.module_utils.ansible_freeipa_module/" plugins/modules/*.py

 (cd plugins/module_utils && {
-    ln -s ../../roles/*/module_utils/*.py .
+    ln -sf ../../roles/*/module_utils/*.py .
 })

 (cd plugins/modules && {
    sed -i -e "s/ansible.module_utils.ansible_ipa_/ansible_collections.${collection_prefix}.plugins.module_utils.ansible_ipa_/" ../../roles/*/library/*.py
-    ln -s ../../roles/*/library/*.py .
+    ln -sf ../../roles/*/library/*.py .
 })

 [ ! -x plugins/action_plugins ] && mkdir plugins/action_plugins
 (cd plugins/action_plugins && {
-    ln -s ../../roles/*/action_plugins/*.py .
+    ln -sf ../../roles/*/action_plugins/*.py .
 })

+echo "Fixing examples in plugins/modules..."
 find plugins/modules -name "*.py" -print0 |
-    while IFS= read -d -r '' line; do
-        python utils/galaxyfy-module-EXAMPLES.py "$x" \
+    while IFS= read -d '' -r line; do
+        python utils/galaxyfy-module-EXAMPLES.py "$line" \
               "ipa" "$collection_prefix"
    done
+echo -e "\033[AFixing examples in plugins/modules... \033[32;1mDONE\033[0m"

+echo "Fixing examples in roles/*/library..."
 find roles/*/library -name "*.py" -print0 |
-    while IFS= read -d -r '' line; do
-        python utils/galaxyfy-module-EXAMPLES.py "$x" \
+    while IFS= read -d '' -r line; do
+        python utils/galaxyfy-module-EXAMPLES.py "$line" \
               "ipa" "$collection_prefix"
    done
+echo -e "\033[AFixing examples in roles/*/library... \033[32;1mDONE\033[0m"

-for x in roles/*/tasks/*.yml; do
-    python utils/galaxyfy-playbook.py "$x" "ipa" "$collection_prefix"
+echo "Fixing playbooks in roles/*/tasks..."
+for line in roles/*/tasks/*.yml; do
+    python utils/galaxyfy-playbook.py "$line" "ipa" "$collection_prefix"
 done
+echo -e "\033[AFixing playbooks in roles/*tasks... \033[32;1mDONE\033[0m"

+echo "Fixing playbooks in playbooks..."
 find playbooks -name "*.yml" -print0 |
-    while IFS= read -d -r '' line; do
-        python utils/galaxyfy-playbook.py "$x" "ipa" "$collection_prefix"
+    while IFS= read -d '' -r line; do
+        python utils/galaxyfy-playbook.py "$line" "ipa" "$collection_prefix"
    done
+echo -e "\033[AFixing playbooks in playbooks... \033[32;1mDONE\033[0m"

+echo "Fixing README(s)..."
 find . -name "README*.md" -print0 |
-    while IFS= read -d -r '' line; do
-        python utils/galaxyfy-README.py "$x" "ipa" "$collection_prefix"
+    while IFS= read -d '' -r line; do
+        python utils/galaxyfy-README.py "$line" "ipa" "$collection_prefix"
    done
+echo -e "\033[AFixing examples in plugins/modules... \033[32;1mDONE\033[0m"

+echo "Fixing playbbooks in tests..."
 find tests -name "*.yml" -print0 |
-    while IFS= read -d -r '' line; do
-        python utils/galaxyfy-playbook.py "$x" "ipa" "$collection_prefix"
+    while IFS= read -d '' -r line; do
+        python utils/galaxyfy-playbook.py "$line" "ipa" "$collection_prefix"
    done
+echo -e "\033[AFixing playbooks in tests... \033[32;1mDONE\033[0m"

 #git diff
Author	SHA1	Message	Date
Varun Mylaraiah	3c666ccdaa	Merge pull request #511 from t-woerner/ipaclient_otp_rmkeytab_error#7 ipaclient: Do not fail on rmkeytab error #7	2021-02-22 20:27:53 +05:30
Thomas Woerner	976cd1baa7	ipaclient: Do not fail on rmkeytab error #7 Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check return value of krb5_kt_(start\|end)_seq_get) in IPA 4.9.2 there is a new error reported for ipa-rmkeytab in case of a non existing keytab file. Using ipa-rmkeytab now results in the error #7 in this case. The client role is using ipa-rmkeytab and needs to ignore error #7 also. Fixes: #510 (ipa-client installation with OTP is failed with error code 7 (keytab: /usr/sbin/ipa-rmkeytab returned 7))	2021-02-22 13:28:04 +01:00
Varun Mylaraiah	5bed0d627b	Merge pull request #505 from rjeffman/fix_ipaselfservice_example_playbooks example playbooks: ipaselfservice examples mentioned ipadelegation.	2021-02-04 17:06:23 +05:30
Varun Mylaraiah	630c378ab1	Merge pull request #504 from rjeffman/fix_ipapermission_example_playbooks Fix ipapermission example playbooks	2021-02-04 17:03:59 +05:30
Rafael Guterres Jeffman	0447143047	example playbooks: ipaselfservice examples mentioned ipadelegation. The example playbooks for ipaselfservice were using the wrong module, ipadelegation. This patch changes the references from ipadelegation to ipaselfservice on these example playbooks. Also, the attributes were changed, so the same attributes are used throughout the examples.	2021-02-04 08:30:37 -03:00
Rafael Guterres Jeffman	6e45d1ea06	example playbooks: use only one permission name. By using only one permission name, examples are easier to follow.	2021-02-01 18:02:52 -03:00
Rafael Guterres Jeffman	be27a615d0	example playbooks: removed permission names from task names.	2021-02-01 18:02:33 -03:00
Rafael Guterres Jeffman	e2c6480fe0	example playbooks: Use default password in ipapermission examples. Example playbooks for ipapermission didn't have default password set.	2021-02-01 17:58:03 -03:00
Rafael Guterres Jeffman	873b69107e	example playbooks: Fix invalid variable in ipapermission playbooks. ipapremission playbooks were using the invalid attribute `perm_right`. The attribute was changed to `right`.	2021-02-01 17:55:32 -03:00
Rafael Guterres Jeffman	e2cb68de54	Merge pull request #495 from rjeffman/molecule_fix_image_build Fix container build.	2021-01-26 19:18:27 -03:00
Rafael Guterres Jeffman	be1720e9ea	Merge pull request #501 from enothen/500-Sudorule-fix-false-positive-changes Fixed names of member objects of sudorule	2021-01-26 19:17:26 -03:00
Rafael Guterres Jeffman	90779ed7ab	upstream CI: change name of base image for CentOS and Fedora. Building containers for CentOS and Fedora were failing due to image download failure. The container build process was fixed by changing the base images.	2021-01-26 16:25:57 -03:00
Rafael Guterres Jeffman	141554bd3d	upstream CI: Explicitly install Ansible. Without explicit installation, Ansible was failing to run on Azure pipelines. This change explicitly install the latest Ansible version available through `pip`.	2021-01-26 16:25:49 -03:00
Rafael Guterres Jeffman	dff921039d	upstream CI: update Azure vmImage to 'ubuntu-20.04'. In the near future, Github will use Ubuntu 20.04, for workflows, and this change will keep the upstream CI environment consistent between Github and Azure.	2021-01-26 16:25:36 -03:00
Eric Nothen	2cc4c27fa3	ipasudorule: Fix names of member objects. Fixed names of sudorule member objects, as they did not match the names provided by IdM. From: To: member_host memberhost_host member_hostgroup memberhost_hostgroup member_user memberuser_user member_group memberuser_group Fixes: #500	2021-01-26 18:55:26 +01:00
Thomas Woerner	38b3e817ad	Merge pull request #499 from rjeffman/utils_fix_covscan_findings_lint_check Fix build-galaxy.sh execution and add running info.	2021-01-18 15:04:49 +01:00
Rafael Guterres Jeffman	a292645a01	Fix build-galaxy.sh execution and add running info. This patch adds a missing argument to `read` and adds information on which step is being executed.	2021-01-18 10:46:19 -03:00
Thomas Woerner	6ffc51a75f	utils/build-galaxy-release.sh: Use proper variable for galaxify A wrong variable was used inside of the while IFS read loops. This prevented that the modules, playbooks, tasks, example playbooks and also tests have been adapted for the galaxy release naming scheme.	2021-01-18 14:19:41 +01:00