collection: Allow playbooks to be executed using collection

When available in a collection 'playbooks' directory, playbooks can be directly accessed as roles and modules: 'namespace.collection.playbook'. This allows, for example the deployment roles to be executed with the provided ansible-freeipa playbooks requiring minimal effort from the user part. In order to be accessible, though, the playbooks must not use dash ("-") on the file names, as they are replaced by underscorse ("_") during Ansible processing and then, the files are not found. By renaming the playbooks that, currently, do not set any variable as an usage example, replacing "-" by "_", we allow the FreeIPA collection playbooks to be executed without the user having to search for the correct file, like: $ ansible-playbook -i inventory freeipa.ansible_freeipa.install_server
Merge pull request #1340 from t-woerner/dns_over_tls_hotfix
2026-05-14 13:32:10 +00:00 · 2025-03-17 15:39:07 -03:00 · 2025-02-11 14:51:58 +05:30 · 2025-02-07 18:16:10 +01:00 · 2025-02-04 11:54:15 -03:00 · 2025-02-04 12:32:42 +01:00
20 changed files with 23 additions and 3 deletions
--- a/playbooks/backup_server.yml
+++ b/playbooks/backup_server.yml
--- a/playbooks/backup_server_to_controller.yml
+++ b/playbooks/backup_server_to_controller.yml
--- a/playbooks/copy_all_backups_from_server.yml
+++ b/playbooks/copy_all_backups_from_server.yml
--- a/playbooks/install_client.yml
+++ b/playbooks/install_client.yml
--- a/playbooks/install_cluster.yml
+++ b/playbooks/install_cluster.yml
--- a/playbooks/install_replica.yml
+++ b/playbooks/install_replica.yml
--- a/playbooks/install_server.yml
+++ b/playbooks/install_server.yml
--- a/playbooks/install_smartcard_clients.yml
+++ b/playbooks/install_smartcard_clients.yml
--- a/playbooks/install_smartcard_replicas.yml
+++ b/playbooks/install_smartcard_replicas.yml
--- a/playbooks/install_smartcard_server.yml
+++ b/playbooks/install_smartcard_server.yml
--- a/playbooks/install_smartcard_servers.yml
+++ b/playbooks/install_smartcard_servers.yml
--- a/playbooks/remove_all_backups_from_server.yml
+++ b/playbooks/remove_all_backups_from_server.yml
--- a/playbooks/uninstall_client.yml
+++ b/playbooks/uninstall_client.yml
--- a/playbooks/uninstall_cluster.yml
+++ b/playbooks/uninstall_cluster.yml
--- a/playbooks/uninstall_replica.yml
+++ b/playbooks/uninstall_replica.yml
--- a/playbooks/uninstall_server.yml
+++ b/playbooks/uninstall_server.yml
--- a/plugins/modules/ipagroup.py
+++ b/plugins/modules/ipagroup.py
@@ -581,8 +581,8 @@ def main():
                "https://pagure.io/freeipa/issue/9349")
    if (
-        externalmember is not None
+        (externalmember is not None
-        or idoverrideuser is not None
+         or idoverrideuser is not None)
        and context == "client"
    ):
        ansible_module.fail_json(
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -279,6 +279,7 @@ def main():
    options.no_sssd = False
    options.sssd = not options.no_sssd
    options.no_ac = False
    options.dns_over_tls = False
    nosssd_files = module.params.get('nosssd_files')
    selinux_works = module.params.get('selinux_works')
    krb_name = module.params.get('krb_name')
@@ -376,6 +377,11 @@ def main():
            ssh_config_dir = paths.SSH_CONFIG_DIR
        else:
            ssh_config_dir = services.knownservices.sshd.get_config_dir()
        argspec_update_ssh_keys = getargspec(update_ssh_keys)
        # Hotfix for https://github.com/freeipa/freeipa/pull/7343
        if "options" in argspec_update_ssh_keys.args:
            update_ssh_keys(hostname, ssh_config_dir, options, cli_server[0])
        else:
            update_ssh_keys(hostname, ssh_config_dir, options.create_sshfp)
        try:
--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -331,6 +331,13 @@ options.add_agents = False
 # ServerReplicaInstall
 options.subject_base = None
 options.ca_subject = None
 # Hotfix for https://github.com/freeipa/freeipa/pull/7343
 options.dns_over_tls = False
 options.dns_over_tls_key = None
 options.dns_over_tls_cert = None
 options.dot_forwarders = None
 options.dns_policy = None
 # pylint: enable=attribute-defined-outside-init
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -354,6 +354,13 @@ options.add_agents = False
 # no_msdcs is deprecated
 options.no_msdcs = False
 # Hotfix for https://github.com/freeipa/freeipa/pull/7343
 options.dns_over_tls = False
 options.dns_over_tls_key = None
 options.dns_over_tls_cert = None
 options.dot_forwarders = None
 options.dns_policy = None
 # For pylint
 options.external_cert_files = None
 options.dirsrv_cert_files = None
Author	SHA1	Message	Date
Rafael Guterres Jeffman	da4194b4f4	collection: Allow playbooks to be executed using collection When available in a collection 'playbooks' directory, playbooks can be directly accessed as roles and modules: 'namespace.collection.playbook'. This allows, for example the deployment roles to be executed with the provided ansible-freeipa playbooks requiring minimal effort from the user part. In order to be accessible, though, the playbooks must not use dash ("-") on the file names, as they are replaced by underscorse ("_") during Ansible processing and then, the files are not found. By renaming the playbooks that, currently, do not set any variable as an usage example, replacing "-" by "_", we allow the FreeIPA collection playbooks to be executed without the user having to search for the correct file, like: $ ansible-playbook -i inventory freeipa.ansible_freeipa.install_server	2025-03-17 15:39:07 -03:00
Varun Mylaraiah	feb33e4e3a	Merge pull request #1340 from t-woerner/dns_over_tls_hotfix ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343)	2025-02-11 14:51:58 +05:30
Thomas Woerner	3c50a8121f	ipa* deployment roles: Hotfix for dns_over_tls (Freeipa#7343) This is a hotfix to allow deployments of clients, replicas and servers with the dns_over_tls PR for freeipa: https://github.com/freeipa/freeipa/pull/7343/ ipaclient: client.update_ssh_keys has changed parameters, options.dns_over_tls needs to be set for ipaclient_setup_nss. ipareplica, ipaserver: Set new parameters globally in module_utils so far: options.dns_over_tls, options.dns_over_tls_key, options.dns_over_tls_cert, options.dot_forwarders and options.dns_policy. The enablement for DNS over TLS for the deployment roles will be done later on.	2025-02-07 18:16:10 +01:00
Rafael Guterres Jeffman	e8688d4cf5	Merge pull request #1337 from t-woerner/ipagroup_fix_externalmember_client_context_fail ipagroup: Fix test for externalmember use in client context	2025-02-04 11:54:15 -03:00
Thomas Woerner	d540be425a	ipagroup: Fix test for externalmember use in client context The test has been changed with the management fix for AD objects. The conditional was lacking brackets and therefore did not properly work. The brackets have been added. Related: https://issues.redhat.com/browse/RHEL-70023	2025-02-04 12:32:42 +01:00