internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-27 05:43:05 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: internet:v1.8.2
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0
...
compare: internet:v1.8.4
Branches Tags
internet:master internet:run_collection_playbooks internet:validate_emaildomain internet:0.4 internet:automember_verify_condition_keys internet:ipaautomember_documantation_fix internet:fix_image_build internet:t-woerner-permission-typo1 internet:fix-role-readme-title-1 internet:fix-role-readme-title internet:t-woerner-group-readme-external internet:fix_logger_info_calls
internet:v1.16.0 internet:v1.15.1 internet:v1.15.0 internet:v1.14.7 internet:v1.14.6 internet:v1.14.5 internet:v1.14.4 internet:v1.14.3 internet:v1.14.2 internet:v1.14.1 internet:v1.14.0 internet:v1.13.2 internet:v1.13.1 internet:v1.13.0 internet:v1.12.1 internet:v1.12.0 internet:v1.11.1 internet:v1.11.0 internet:v1.10.0 internet:v1.9.2 internet:v1.9.1 internet:v1.9.0 internet:v1.8.4 internet:v1.8.3 internet:v1.8.2 internet:v1.8.1 internet:v1.8.0 internet:v1.7.0 internet:v1.6.3 internet:v1.6.2 internet:v1.6.1 internet:v1.6.0 internet:v1.5.3 internet:v1.5.2 internet:v1.5.1 internet:v1.5.0 internet:v0.4.2 internet:v0.4.1 internet:v0.4.0 internet:v0.3.8 internet:v0.3.7 internet:v0.3.6 internet:v0.3.5 internet:v0.3.4 internet:v0.3.3 internet:v0.3.2 internet:v0.3.1 internet:v0.3.0 internet:v0.2.1 internet:v0.2.0 internet:v0.1.12 internet:v0.1.11 internet:v0.1.10 internet:v0.1.9 internet:v0.1.8 internet:v0.1.7 internet:v0.1.6 internet:v0.1.5 internet:v0.1.4 internet:v0.1.3 internet:v0.1.2 internet:v0.1.1 internet:v0.1.0

47 Commits
v1.8.2 ... v1.8.4

Author SHA1 Message Date
Rafael Guterres Jeffman
433d1096f8 Merge pull request #911 from t-woerner/update_spec_file 
utils/ansible-freeipa.spec.in: Sync with Fedora rawhide spec file
 2022-09-09 14:46:30 -03:00
Thomas Woerner
6a2d007b41 Merge pull request #912 from rjeffman/ipaconfig_fix_playbook_titles 
ipaconfig: Fix example playbook titles.
 2022-09-09 19:41:19 +02:00
Thomas Woerner
b0f58ef3a8 Merge pull request #906 from rjeffman/ipaconfig_sid 
ipaconfig: Add support for SID related attributes.
 2022-09-09 19:38:08 +02:00
Rafael Guterres Jeffman
3c8d6c7c7a ipaconfig: Add support for SID related attributes. 
Since FreeIPA 4.9.8 the 'config_mod' command has parameters to enable
and configure SIDs, and set the Netbios name.

This patch adds the following parameters to ipaconfig plugin:
    enable_sids: New users and groups automatically get a SID assigned
    add_sids: Add SIDs for existing users and groups
    netbios_name: NetBIOS name of the IPA domain

Both add_sids and netbios_name requires 'enable_sid: yes'.

'enable_sid' and 'netbios_name' are returned when querying IPA
configuration.

'add_sids' always generate SIDs for users and groups, so, muiltiple
executions of the playbook with 'add_sids: yes' will return 'changed',
even if users and groups SIDs are not modified.

A new test playbook is available:

    tests/config/test_config_sid.yml

New examples playbooks are available:

    playbooks/config/change-ipa-domain-netbios-name.yml
    playbooks/config/generate-users-groups-sids.yml

Fixes: #781
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2069174
Related: https://bugzilla.redhat.com/show_bug.cgi?id=2069184
 2022-09-09 11:40:05 -03:00
Rafael Guterres Jeffman
3b28050f1e ipaconfig: Fix example playbook titles. 2022-09-09 11:24:59 -03:00
Thomas Woerner
2973c80975 Merge pull request #904 from rjeffman/ipabackup_fix_parameter_eval_order 
ipabackup: Fix order of ipabackup_name parameter evaluation.
 2022-09-08 16:32:06 +02:00
Thomas Woerner
0f8f55dfd9 Merge pull request #910 from rjeffman/fix_fast_pr_tests 
upstream CI: Force retrieval of ansible-freeipa master.
 2022-09-08 16:30:28 +02:00
Rafael Guterres Jeffman
777f25d91c upstream CI: Force retrieval of ansible-freeipa master. 
This patch forces the addition of a remote repository pointing to the
main ansible-freeipa repo, and fetch its contents before confaring the
modified files. The remote repository is removed after the modified
file list is generated.
 2022-09-08 08:51:56 -03:00
Rafael Guterres Jeffman
727861cb85 upstream CI: Force retrieval of ansible-freeipa master. 
This patch forces the addition of a remote repository pointing to the
main ansible-freeipa repo, and fetch its contents before confaring the
modified files. The remote repository is removed after the modified
file list is generated.
 2022-09-08 08:50:56 -03:00
Rafael Guterres Jeffman
e6da214bfb ipabackup: Fix order of ipabackup_name parameter evaluation. 
When performing a backup with 'state:present', if 'ipabackup_name' is
provided, the backup will be performed, but the role with return an
error since 'ipabackup_name' should not be set for this state.

This patch moves the parameter evaluation to be performed before the
actual backup is performed, so that the backup is not performed and an
error is reported.
 2022-09-08 08:50:56 -03:00
Thomas Woerner
68a99ba5f9 utils/ansible-freeipa.spec.in: Sync with Fedora rawhide spec file 
The spec file was updated and was lacking several updates.
 2022-09-08 13:42:30 +02:00
Thomas Woerner
d936a3794e Merge pull request #901 from rjeffman/tests_ipabackup 
ipabackup: Add playbook tests for ipabackup.
 2022-09-07 14:26:53 +02:00
Thomas Woerner
bb0ba1ef2c Merge pull request #908 from rjeffman/ci_fix_module_comparison 
upstream CI: Ensure 'master' branch is available for set_test_modules
 2022-09-06 21:25:51 +02:00
Rafael Guterres Jeffman
1eb83548fa upstream CI: Ensure 'master' branch is available for set_test_modules 
If the repository is setup in a way that master branch is not available
for comparing the current HEAD against it, the comparison will fail and
not module/role will be scheduled for testing.

This patch forces fetching 'master' from ansible-freeipa repository,
allowing the comparison to be performed.
 2022-09-06 15:47:01 -03:00
Thomas Woerner
5d7afb5f85 Merge pull request #893 from rjeffman/ci_tests_fast_run 
upstream CI: run PR tests only for affected plugins
 2022-09-06 19:28:41 +02:00
Rafael Guterres Jeffman
f7c45c4f46 ipabackup: Add playbook tests for ipabackup. 
A new test playbook for ipabackup role can be found at:

    tests/role_backup/test_backup.yml

The test is not yet complete, as 'state: restored' is not tested.
 2022-09-06 09:35:21 -03:00
Rafael Guterres Jeffman
38a4bf804f Merge pull request #905 from t-woerner/ipaserver_ipareplica_module_log_isatty 
ipaserver/ipareplica: Add isatty method to AnsibleModuleLog
 2022-09-05 17:24:28 -03:00
Thomas Woerner
7077776de3 ipaserver/ipareplica: Add isatty method to AnsibleModuleLog 
In some cases ipa code is using sys.stdout.isatty. As stdout is mapped
to AnsibleModuleLog this call will lead in a traceback as it was not
defined.

The staticmethod isatty has been added to AnsibleModuleLog in ipaserver
role module_utils/ansible_ipa_server.py and in ipareplica role
module_utils/ansible_ipa_repica.py.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2120415
       ansible-freeipa Replica Install Setup DNS fails
Fixes: #251 - 'AnsibleModuleLog' object has no attribute 'isatty'
Fixes: #117 - 'AnsibleModuleLog' object has no attribute 'isatty'
 2022-09-05 13:23:02 +02:00
Rafael Guterres Jeffman
2514158498 upstream CI: run PR tests only for affected plugins 
The current workflow for bug fixing or new enhancements in
ansible-freeipa includes running Ansible playbooks tests for all the
available plugins for every pull request, even for contained
modifications.

This patch creates a new workflow for pull requests where only the
affected plugins are tested in the PR. Changes that might affect other
parts of the code will trigger tests for the parts affected.

A utility script, utils/filter_tests, is used to set the variables
IPA_ENABLED_MODULES and IPA_ENABLED_TESTS before executing the tests,
effectively limiting which tests are executed. The script uses the
python plugin 'utils/filter_plugins.py' which lists all test modules
that should be executed for a list of modified source files.

Tests are selected for execution based on the plugin name. For example,
a change to 'plugins/modules/ipalocation.py' would trigger all playbook
tests under 'tests/location'. If a test playbook is modified, it is
scheduled to be executed. Changes to any file under
'plugins/module_utils' will force the execution of all tests, since any
module might be affected by that change.

The nature of the change is not evaluated, so a simple typo fix of a
comment in a file under 'plugins/module_utils' would still schedule all
test playbooks to be executed.

For roles, any file changed under the role directory would set the role
to be included in the tests. Playbook tests for roles must be created
under 'tests/<rolename>_role', where role name in the name of the role
without 'ipa', for example, the 'ipabackup' role test playbooks would
be stored under 'tests/backup_role'.

Since there is the possibility that the list of tests to be executed
might be less than the number of tests groups used (3), a new pytest
dependency was added, pytest-custom_exit_code, so that having no tests
to run isn't a test failure.

A new pipeline on Azure needs to be created to use the new test script.
 2022-09-02 19:06:46 -03:00
Rafael Guterres Jeffman
c6cc4df77b check_test_configuration: Add support for IPA_* environment variables 
This patch adds support for IPA_ENABLED_* and IPA_DISABLED_* environment
variables as existing global configuration for the tests.
 2022-08-31 15:06:43 -03:00
Rafael Guterres Jeffman
b3ee4f9bed tests: Drop pytest-split-tests in favor of pytest-split 
The plugin pytest-split-tests is used to split the tests in several
groups so that the tests can be executed in parallel is upstream CI.

The issue is thet pytest-split-tests last release was more that a
year ago, upstream developers have not been responsive, and there is
a bug when the number of tests to be executed by a group is zero.
The patch to fix this issue has been open for a year.

This patch deprecates the use of pytest-split-tests, changing the
plugin used to split the tests to pytest-split, which is actively
mainatined.
 2022-08-31 15:06:43 -03:00
Thomas Woerner
401d5d5acc Merge pull request #849 from rjeffman/dev_run_tests_locally 
Run tests locally with upstream CI images.
 2022-08-31 15:40:00 +02:00
Rafael Guterres Jeffman
b971c6c5eb Merge pull request #897 from t-woerner/add_ipaserver_idstart_check 
ipaserver: Add missing idstart check
 2022-08-31 10:01:03 -03:00
Thomas Woerner
de8911af50 ipaserver: Add missing idstart check 
The idstart needs to be larger than UID_MAX or GID_MAX from /etc/login.defs.
This is "Require idstart to be larger than UID_MAX" for freeipa.

Fixes: #896 (Invalid RID/SID SSSD backtrace after deployment)
 2022-08-30 16:38:42 +02:00
Rafael Guterres Jeffman
7e6e6c2dc2 run-tests: Run tests locally with upstream CI images 
This patch allows local execution of playbook tests using ustream CI
testing images. Either 'podman' or 'docker' can be used to execute the
tests.
 2022-08-29 18:13:30 -03:00
Rafael Guterres Jeffman
668d89cdb2 Merge pull request #894 from t-woerner/ipaserver_no_ipaclient_package_install 
ipaserver: ipaclient part does not need to install packages
 2022-08-29 17:50:06 -03:00
Rafael Guterres Jeffman
0c1d4efc03 Merge pull request #895 from t-woerner/temporarily_disable_some_dns_tests_in_fedora_rawhide 
fedora rawhide: Temporarily disable failing DNS tests
 2022-08-29 17:35:50 -03:00
Thomas Woerner
eefe91b852 Merge pull request #890 from rjeffman/fix_disable_test_split 
upstream CI: Fix list evaluation in IPA_ENABLED/IPA_DISABLED tests
 2022-08-29 15:35:17 +02:00
Thomas Woerner
bed8bf6661 fedora rawhide: Temporarily disable failing DNS tests 
Some DNS tests have been disabled for Fedora latest, but not for Fedora
Rawhide. Therefore these tests are filin still in nighty:

- dnsforwardzone
- test_dnsconfig_forwarders_ports
 2022-08-29 14:59:56 +02:00
Thomas Woerner
577aeea3f3 ipaserver: ipaclient part does not need to install packages 
The client part installation is checking for the client packages. These
packages are part of the server packages that have been installed with
the server role and therefore the task is not needed.

This is helping to reduce the deployment time of a server.
 2022-08-29 10:10:20 +02:00
Rafael Guterres Jeffman
4775ad9a53 Merge pull request #892 from t-woerner/fix_short_description_tag 
Fix short_description flag in plugins, role modules and templates
 2022-08-26 15:26:57 -03:00
Thomas Woerner
81143be96a Fix short_description flag in plugins, role modules and templates 
Before "short description" was used in most plugins, modules and also
in the new module templates.

ansible-doc was therefore not showing the short description. To fix the
issue the flag was renamed to short_description instead.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2121362
       'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
 2022-08-26 15:27:00 +02:00
Rafael Guterres Jeffman
7debaa23ac upstream CI: Fix list evaluation in IPA_ENABLED/IPA_DISABLED tests 
When enabling or disabling multiple tests, a comma separated list must
be used, but current code is using a colon to split the list.

This patch fixes this behavior.
 2022-08-25 13:06:10 -03:00
Rafael Guterres Jeffman
e05dc41e0f Merge pull request #876 from t-woerner/ipareplica_do_not_overwrite_ipaclient_no_ntp_for_client_part_deployment 
ipareplica: Do not overwrite ipaclient_no_ntp for client part deployment
 2022-08-25 09:30:42 -03:00
Thomas Woerner
8bab7d365b Merge pull request #889 from rjeffman/doc_user_required_fields 
ipauser: Add note on attributes 'first' and 'last' requirements
 2022-08-25 14:08:19 +02:00
Thomas Woerner
018337a19b Merge pull request #884 from rjeffman/ci_enable_distro_selection 
upstream CI: enable/disable tests based on test image
 2022-08-25 10:08:05 +02:00
Rafael Guterres Jeffman
bb08884221 ipauser: Add note on attributes 'first' and 'last' requirements 
Attributes 'first' and 'last' are required if user does not exist, but
current documentation doesn't make it clear. This patch adds a note on
both attributes to make clear the cases where the attribute is required
 2022-08-24 23:23:51 -03:00
Rafael Guterres Jeffman
abef329b8a upstream ci: Add step to display scenario configuration 
Since test configuration can vary in different scenarios (test images)
this patch adds a script to list the scenarios configuration, and a
step to the playbook test jobs to display the scenario configuration.
 2022-08-24 16:52:38 -03:00
Rafael Guterres Jeffman
3216f8df37 upstream ci: Avoid scheduling tests that will not be executed. 
Currently, all tests are scheduled to execution, even those that are
not executed due to being absent from the list of enabled tests
configured in the IPA_ENABLED_* variables. The tests that are not
executed are marked 'skipped'.

This patch change this behavior by not scheduling tests that are not
configured to be executed. It means that tests not the IPA_DISABLED_*
lists are not skipped anymore, but not scheduled to be executed. If
any test is in IPA_ENABLED_* lists, only those tests are marked for
execution. A side effect is that there is no visual feedback on which
tests were not executed, as disabled tests are not evaluated anymore.

Also, when IPA_SERVER_HOST was not set, all tests were skipped, but
an error should raised in this case, as there are no hosts to run the
tests against.

This patch modifies this behavior to fail the test with an exception if
IPA_SERVER_HOST is not set.
 2022-08-24 16:22:39 -03:00
Rafael Guterres Jeffman
edccf70bf6 upstream ci: Add support for distro specific test configuration. 
Sometimes, mostly due do differences in package versions, there are
some tests that fail on a single distribution which cannot be fixed
by ansible-freeipa, requiring that the offending package is fixed.

To keep tests running succesfully we have options to disable the
failing tests, but this changes are globally applied, meaning that, by
disabling a test, it is disable in all tested distributions.

This patch allows tests to be enabled or disabled for a specific
distribution, by setting the configuration on the 'variable' template
for the specific testing scenario.
 2022-08-24 16:22:39 -03:00
Thomas Woerner
fd79f95f9b Merge pull request #887 from rjeffman/doc_fix_ipasudorule 
ipasudorule: Fix usage of 'action' and 'state' in examples.
 2022-08-24 10:15:52 +02:00
Rafael Guterres Jeffman
e2fcd7767e ipasudorule: Fix usage of 'action' and 'state' in examples. 
Some examples in ipasudorule were using `action: enabled` when it
should've been `state: enabled`. The examples were fixed.
 2022-08-23 12:31:54 -03:00
Thomas Woerner
5a14f78d44 ipareplica: Do not overwrite ipaclient_no_ntp for client part deployment 
The NTP server chrony was always enabled and set up due to overwriting
the parameter ipaclient_no_ntp for the client part deployment.

For IPA deployments up to 4.6 no_ntp was always used for the client
part deployment in ipa-replica-install. But afterwards ntp was
configured in the replica deployment part if no_ntp was not set.

The ipareplica roles always relied on the client for setting up the NTP
server but overwrote the setting for the client deployment part. This
did not result in a failure to enable the chrony server in RHEL and Fedora
based distributions as NTP server was always required by the ipa-server
package.

Fixes: #871 (ipa-replica-install with no-ntp is ignored)
 2022-08-18 15:55:02 +02:00
Varun Mylaraiah
a3a7ecd817 Merge pull request #880 from t-woerner/flake8_ipavault_fix 
ipavault: Fix missing whitespace after keyword issue
 2022-08-16 17:34:32 +05:30
Varun Mylaraiah
63f016226c Merge pull request #877 from t-woerner/ipareplica_fix_ipaNTFlatName_update_issue 
ipareplica: ipareplica_setup_adtrust fails while updating ipaNTFlatName
 2022-08-16 17:31:40 +05:30
Thomas Woerner
a58f61792b ipavault: Fix missing whitespace after keyword issue 
flake8 reports an issue in ipavault:

  plugins/modules/ipavault.py:528:20: E275 missing whitespace after keyword

The missing whitespace has been added: "and not(" -> "and not ("
 2022-08-16 10:18:03 +02:00
Thomas Woerner
641c550cc3 ipareplica: ipareplica_setup_adtrust fails while updating ipaNTFlatName 
The internal parameter sid_generation_always is generated in
ipareplica_test to enable SID generation if ipareplica_setup_adtrust is
not enabled.

This parameter was not used for ipareplica_prepare though, therefore
adtrust.install_check was not executed and did not set the attribute
adtrust.netbios_name. As a result adtrust.netbios_name was None and the
try to use this as the new NetBIOS domain name failed with an
INVALID_SYNTAX error in adtrustinstance while executing
ipareplica_setup_adtrust.

This issue only occurs if SIDs are not enabled in the domain yet for
example with an old deployment.
 2022-08-15 16:17:57 +02:00
133 changed files with 2119 additions and 191 deletions
Expand all files Collapse all files

2
.ansible-lint
View File

@@ -10,6 +10,8 @@ exclude_paths:
- molecule/
- tests/azure/
- meta/runtime.yml
- requirements-docker.yml
- requirements-podman.yml
kinds:
- playbook: '**/tests/**/test_*.yml'

42
README-config.md
View File

@@ -65,6 +65,9 @@ Example playbook to read config options:
maxusername: 64
```
Example playbook to set global configuration options:
```yaml
---
- name: Playbook to ensure some config options are set
@@ -79,6 +82,40 @@ Example playbook to read config options:
```
Example playbook to enable SID and generate users and groups SIDs:
```yaml
---
- name: Playbook to ensure SIDs are enabled and users and groups have SIDs
hosts: ipaserver
become: no
gather_facts: no
tasks:
- name: Enable SID and generate users and groups SIDS
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
add_sids: yes
```
Example playbook to change IPA domain NetBIOS name:
```yaml
---
- name: Playbook to change IPA domain netbios name
hosts: ipaserver
become: no
gather_facts: no
tasks:
- name: Set IPA domain netbios name
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
netbios_name: IPADOM
```
Variables
=========
@@ -111,6 +148,9 @@ Variable | Description | Required
`user_auth_type` \| `ipauserauthtype` | set default types of supported user authentication (choices: `password`, `radius`, `otp`, `disabled`). Use `""` to clear this variable. | no
`domain_resolution_order` \| `ipadomainresolutionorder` | Set list of domains used for short name qualification | no
`ca_renewal_master_server` \| `ipacarenewalmasterserver`| Renewal master for IPA certificate authority. | no
`enable_sid` | New users and groups automatically get a SID assigned. Requires IPA 4.9.8+. (bool) | no
`netbios_name` | NetBIOS name of the IPA domain. Requires IPA 4.9.8+ and 'enable_sid: yes'. | no
`add_sids` | Add SIDs for existing users and groups. Requires IPA 4.9.8+ and 'enable_sid: yes'. (bool) | no
Return Values
@@ -140,6 +180,8 @@ Variable | Description | Returned When
&nbsp; | `user_auth_type` | &nbsp;
&nbsp; | `domain_resolution_order` | &nbsp;
&nbsp; | `ca_renewal_master_server` | &nbsp;
&nbsp; | `enable_sid` | &nbsp;
&nbsp; | `netbios_name` | &nbsp;
All returned fields take the same form as their namesake input parameters

4
README-user.md
View File

@@ -381,8 +381,8 @@ Variable | Description | Required
Variable | Description | Required
-------- | ----------- | --------
`first` \| `givenname` | The first name string. | no
`last` \| `sn` | The last name string. | no
`first` \| `givenname` | The first name string. Required if user does not exist. | no
`last` \| `sn` | The last name string. Required if user does not exist. | no
`fullname` \| `cn` | The full name string. | no
`displayname` | The display name string. | no
`homedir` | The home directory string. | no

12
playbooks/config/change-ipa-domain-netbios-name.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Playbook to change IPA domain netbios name
hosts: ipaserver
become: no
gather_facts: no
tasks:
- name: Set IPA domain netbios name
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
netbios_name: IPADOM

12
playbooks/config/generate-users-groups-sids.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Playbook to ensure SIDs are enabled and users and groups have SIDs
hosts: ipaserver
become: no
gather_facts: no
tasks:
- name: Enable SID and generate users and groups SIDS
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
add_sids: yes

2
playbooks/config/retrieve-config.yml
View File

@@ -1,5 +1,5 @@
---
- name: Playbook to handle global DNS configuration
- name: Playbook to handle global IPA configuration
hosts: ipaserver
become: no
gather_facts: no

2
playbooks/config/set-ca-renewal-master-server.yml
View File

@@ -1,5 +1,5 @@
---
- name: Playbook to handle global DNS configuration
- name: Playbook to handle global IPA configuration
hosts: ipaserver
become: no
gather_facts: no

2
plugins/modules/ipaautomember.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaautomember
short description: Add and delete FreeIPA Auto Membership Rules.
short_description: Add and delete FreeIPA Auto Membership Rules.
description: Add, modify and delete an IPA Auto Membership Rules.
extends_documentation_fragment:
- ipamodule_base_docs

120
plugins/modules/ipaconfig.py
View File

@@ -148,6 +148,24 @@ options:
required: false
type: list
aliases: ["ipadomainresolutionorder"]
enable_sid:
description: >
New users and groups automatically get a SID assigned.
Requires IPA 4.9.8+.
required: false
type: bool
netbios_name:
description: >
NetBIOS name of the IPA domain.
Requires IPA 4.9.8+ and 'enable_sid: yes'.
required: false
type: string
add_sids:
description: >
Add SIDs for existing users and groups.
Requires IPA 4.9.8+ and 'enable_sid: yes'.
required: false
type: bool
'''
EXAMPLES = '''
@@ -169,6 +187,24 @@ EXAMPLES = '''
ipaadmin_password: SomeADMINpassword
defaultshell: /bin/bash
maxusername: 64
- name: Playbook to enable SID and generate users and groups SIDs
hosts: ipaserver
tasks:
- name: Enable SID and generate users and groups SIDS
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
add_sids: yes
- name: Playbook to change IPA domain netbios name
hosts: ipaserver
tasks:
- name: Enable SID and generate users and groups SIDS
ipaconfig:
ipaadmin_password: SomeADMINpassword
enable_sid: yes
netbios_name: IPADOM
'''
RETURN = '''
@@ -247,6 +283,14 @@ config:
domain_resolution_order:
description: list of domains used for short name qualification
returned: always
enable_sid:
description: >
new users and groups automatically get a SID assigned.
Requires IPA 4.9.8+.
returned: always
netbios_name:
description: NetBIOS name of the IPA domain. Requires IPA 4.9.8+.
returned: if enable_sid is True
'''
@@ -260,6 +304,28 @@ def config_show(module):
return _result["result"]
def get_netbios_name(module):
try:
_result = module.ipa_command_no_name("trustconfig_show", {"all": True})
except Exception: # pylint: disable=broad-except
return None
else:
return _result["result"]["ipantflatname"][0]
def is_enable_sid(module):
"""When 'enable-sid' is true admin user and admins group have SID set."""
_result = module.ipa_command("user_show", "admin", {"all": True})
sid = _result["result"].get("ipantsecurityidentifier", [""])
if not sid[0].endswith("-500"):
return False
_result = module.ipa_command("group_show", "admins", {"all": True})
sid = _result["result"].get("ipantsecurityidentifier", [""])
if not sid[0].endswith("-512"):
return False
return True
def main():
ansible_module = IPAAnsibleModule(
argument_spec=dict(
@@ -313,7 +379,10 @@ def main():
aliases=["ipauserauthtype"]),
ca_renewal_master_server=dict(type="str", required=False),
domain_resolution_order=dict(type="list", required=False,
aliases=["ipadomainresolutionorder"])
aliases=["ipadomainresolutionorder"]),
enable_sid=dict(type="bool", required=False),
add_sids=dict(type="bool", required=False),
netbios_name=dict(type="str", required=False),
),
supports_check_mode=True,
)
@@ -344,7 +413,10 @@ def main():
"pac_type": "ipakrbauthzdata",
"user_auth_type": "ipauserauthtype",
"ca_renewal_master_server": "ca_renewal_master_server",
"domain_resolution_order": "ipadomainresolutionorder"
"domain_resolution_order": "ipadomainresolutionorder",
"enable_sid": "enable_sid",
"netbios_name": "netbios_name",
"add_sids": "add_sids",
}
allow_empty_string = ["pac_type", "user_auth_type", "configstring"]
reverse_field_map = {v: k for k, v in field_map.items()}
@@ -394,11 +466,47 @@ def main():
changed = False
exit_args = {}
# Connect to IPA API
with ansible_module.ipa_connect():
# Connect to IPA API (enable-sid requires context == 'client')
with ansible_module.ipa_connect(context="client"):
has_enable_sid = ansible_module.ipa_command_param_exists(
"config_mod", "enable_sid")
result = config_show(ansible_module)
if params:
netbios_name = params.get("netbios_name")
if netbios_name:
netbios_name = netbios_name.upper()
add_sids = params.get("add_sids")
enable_sid = params.get("enable_sid")
required_sid = any([netbios_name, add_sids])
if required_sid and not enable_sid:
ansible_module.fail_json(
"'enable-sid: yes' required for 'netbios_name' "
"and 'add-sids'."
)
if enable_sid:
if not has_enable_sid:
ansible_module.fail_json(
"This version of IPA does not support 'enable-sid'.")
if (
netbios_name
and netbios_name == get_netbios_name(ansible_module)
):
del params["netbios_name"]
netbios_name = None
if not add_sids and "add_sids" in params:
del params["add_sids"]
if (
not any([netbios_name, add_sids])
and is_enable_sid(ansible_module)
):
del params["enable_sid"]
else:
for param in ["enable_sid", "netbios_name", "add_sids"]:
if param in params:
del params[params]
params = {
k: v for k, v in params.items()
if k not in result or result[k] != v
@@ -458,6 +566,10 @@ def main():
# Add empty domain_resolution_order if it is not set
if "domain_resolution_order" not in exit_args:
exit_args["domain_resolution_order"] = []
# Set enable_sid
if has_enable_sid:
exit_args["enable_sid"] = is_enable_sid(ansible_module)
exit_args["netbios_name"] = get_netbios_name(ansible_module)
# Done
ansible_module.exit_json(changed=changed, config=exit_args)

2
plugins/modules/ipadelegation.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipadelegation
short description: Manage FreeIPA delegations
short_description: Manage FreeIPA delegations
description: Manage FreeIPA delegations and delegation attributes
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipadnsconfig.py
View File

@@ -33,7 +33,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipadnsconfig
short description: Manage FreeIPA dnsconfig
short_description: Manage FreeIPA dnsconfig
description: Manage FreeIPA dnsconfig
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipadnsrecord.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipadnsrecord
short description: Manage FreeIPA DNS records
short_description: Manage FreeIPA DNS records
description: Manage FreeIPA DNS records
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipadnszone.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipadnszone
short description: Manage FreeIPA dnszone
short_description: Manage FreeIPA dnszone
description: Manage FreeIPA dnszone
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipagroup.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipagroup
short description: Manage FreeIPA groups
short_description: Manage FreeIPA groups
description: Manage FreeIPA groups
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipahbacrule.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipahbacrule
short description: Manage FreeIPA HBAC rules
short_description: Manage FreeIPA HBAC rules
description: Manage FreeIPA HBAC rules
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipahbacsvc.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipahbacsvc
short description: Manage FreeIPA HBAC Services
short_description: Manage FreeIPA HBAC Services
description: Manage FreeIPA HBAC Services
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipahbacsvcgroup.py
View File

@@ -33,7 +33,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipahbacsvcgroup
short description: Manage FreeIPA hbacsvcgroups
short_description: Manage FreeIPA hbacsvcgroups
description: Manage FreeIPA hbacsvcgroups
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipahost.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipahost
short description: Manage FreeIPA hosts
short_description: Manage FreeIPA hosts
description: Manage FreeIPA hosts
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipahostgroup.py
View File

@@ -33,7 +33,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipahostgroup
short description: Manage FreeIPA hostgroups
short_description: Manage FreeIPA hostgroups
description: Manage FreeIPA hostgroups
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipaidrange.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaidrange
short description: Manage FreeIPA idrange
short_description: Manage FreeIPA idrange
description: Manage FreeIPA idrange
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipalocation.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipalocation
short description: Manage FreeIPA location
short_description: Manage FreeIPA location
description: Manage FreeIPA location
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipapermission.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipapermission
short description: Manage FreeIPA permission
short_description: Manage FreeIPA permission
description: Manage FreeIPA permission and permission members
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipaprivilege.py
View File

@@ -35,7 +35,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaprivilege
short description: Manage FreeIPA privilege
short_description: Manage FreeIPA privilege
description: Manage FreeIPA privilege and privilege members
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipapwpolicy.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipapwpolicy
short description: Manage FreeIPA pwpolicies
short_description: Manage FreeIPA pwpolicies
description: Manage FreeIPA pwpolicies
options:
ipaadmin_principal:

2
plugins/modules/iparole.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: iparole
short description: Manage FreeIPA role
short_description: Manage FreeIPA role
description: Manage FreeIPA role
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipaselfservice.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaselfservice
short description: Manage FreeIPA selfservices
short_description: Manage FreeIPA selfservices
description: Manage FreeIPA selfservices and selfservice attributes
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipaserver.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaserver
short description: Manage FreeIPA server
short_description: Manage FreeIPA server
description: Manage FreeIPA server
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipaservice.py
View File

@@ -33,7 +33,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaservice
short description: Manage FreeIPA service
short_description: Manage FreeIPA service
description: Manage FreeIPA service
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipaservicedelegationrule.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaservicedelegationrule
short description: Manage FreeIPA servicedelegationrule
short_description: Manage FreeIPA servicedelegationrule
description: |
Manage FreeIPA servicedelegationrule and servicedelegationrule members
extends_documentation_fragment:

2
plugins/modules/ipaservicedelegationtarget.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipaservicedelegationtarget
short description: Manage FreeIPA servicedelegationtarget
short_description: Manage FreeIPA servicedelegationtarget
description: |
Manage FreeIPA servicedelegationtarget and servicedelegationtarget members
extends_documentation_fragment:

2
plugins/modules/ipasudocmd.py
View File

@@ -33,7 +33,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipasudocmd
short description: Manage FreeIPA sudo command
short_description: Manage FreeIPA sudo command
description: Manage FreeIPA sudo command
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipasudocmdgroup.py
View File

@@ -33,7 +33,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipasudocmdgroup
short description: Manage FreeIPA sudocmd groups
short_description: Manage FreeIPA sudocmd groups
description: Manage FreeIPA sudocmd groups
extends_documentation_fragment:
- ipamodule_base_docs

10
plugins/modules/ipasudorule.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipasudorule
short description: Manage FreeIPA sudo rules
short_description: Manage FreeIPA sudo rules
description: Manage FreeIPA sudo rules
extends_documentation_fragment:
- ipamodule_base_docs
@@ -162,19 +162,19 @@ EXAMPLES = """
hostgroup: cluster
action: member
# Ensure sudo rule for usercategory "all"
# Ensure sudo rule for usercategory "all" is enabled
- ipasudorule:
ipaadmin_password: SomeADMINpassword
name: allusers
usercategory: all
action: enabled
state: enabled
# Ensure sudo rule for hostcategory "all"
# Ensure sudo rule for hostcategory "all" is enabled
- ipasudorule:
ipaadmin_password: SomeADMINpassword
name: allhosts
hostcategory: all
action: enabled
state: enabled
# Ensure Sudo Rule tesrule1 is absent
- ipasudorule:

2
plugins/modules/ipatopologysegment.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipatopologysegment
short description: Manage FreeIPA topology segments
short_description: Manage FreeIPA topology segments
description: Manage FreeIPA topology segments
extends_documentation_fragment:
- ipamodule_base_docs

2
plugins/modules/ipatopologysuffix.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipatopologysuffix
short description: Verify FreeIPA topology suffix
short_description: Verify FreeIPA topology suffix
description: Verify FreeIPA topology suffix
extends_documentation_fragment:
- ipamodule_base_docs

10
plugins/modules/ipauser.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipauser
short description: Manage FreeIPA users
short_description: Manage FreeIPA users
description: Manage FreeIPA users
extends_documentation_fragment:
- ipamodule_base_docs
@@ -47,11 +47,11 @@ options:
description: The user (internally uid).
required: true
first:
description: The first name
description: The first name. Required if user does not exist.
required: false
aliases: ["givenname"]
last:
description: The last name
description: The last name. Required if user doesnot exst.
required: false
aliases: ["sn"]
fullname:
@@ -212,11 +212,11 @@ options:
type: bool
required: false
first:
description: The first name
description: The first name. Required if user does not exist.
required: false
aliases: ["givenname"]
last:
description: The last name
description: The last name. Required if user does not exist.
required: false
aliases: ["sn"]
fullname:

4
plugins/modules/ipavault.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = """
---
module: ipavault
short description: Manage vaults and secret vaults.
short_description: Manage vaults and secret vaults.
description: Manage vaults and secret vaults. KRA service must be enabled.
extends_documentation_fragment:
- ipamodule_base_docs
@@ -525,7 +525,7 @@ def check_encryption_params( # pylint: disable=unused-argument
if (
salt is not None
and not(
and not (
any([password, password_file])
and any([new_password, new_password_file])
)

3
requirements-docker.yml Normal file
View File

@@ -0,0 +1,3 @@
---
collections:
- name: community.docker

3
requirements-podman.yml Normal file
View File

@@ -0,0 +1,3 @@
---
collections:
- name: containers.podman

3
requirements-tests.txt
View File

@@ -1,6 +1,7 @@
-r requirements.txt
pytest>=2.7
pytest-sourceorder>=0.5
pytest-split-tests>=1.0.3
pytest-split>=0.8.0
pytest-custom_exit_code>=0.3.0
pytest-testinfra>=5.0
pyyaml>=3

2
roles/ipabackup/library/ipabackup_get_backup_dir.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipabackup_get_backup_dir
short description:
short_description:
Get IPA_BACKUP_DIR from ipaplatform
description:
Get IPA_BACKUP_DIR from ipaplatform

12
roles/ipabackup/tasks/main.yml
View File

@@ -26,6 +26,12 @@
fail: msg="ipabackup_from_controller and ipabackup_to_controller are set"
when: ipabackup_from_controller | bool and ipabackup_to_controller | bool
- name: Fail for given ipabackup_name if state is not copied, restored or absent
fail: msg="ipabackup_name is given and state is not copied, restored or absent"
when: state is not defined or
(state != "copied" and state != "restored" and state != "absent") and
ipabackup_name is defined
- name: Get ipabackup_dir from IPA installation
include_tasks: "{{ role_path }}/tasks/get_ipabackup_dir.yml"
@@ -33,12 +39,6 @@
include_tasks: "{{ role_path }}/tasks/backup.yml"
when: state|default("present") == "present"
- name: Fail for given ipabackup_name if state is not copied, restored or absent
fail: msg="ipabackup_name is given and state is not copied, restored or absent"
when: state is not defined or
(state != "copied" and state != "restored" and state != "absent") and
ipabackup_name is defined
- name: Fail on missing ipabackup_name
fail: msg="ipabackup_name is not set"
when: (ipabackup_name is not defined or not ipabackup_name) and

2
roles/ipaclient/library/ipaclient_api.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
module: ipaclient_api
short description:
short_description:
Create temporary NSS database, call IPA API for remaining enrollment parts
description:
Create temporary NSS database, call IPA API for remaining enrollment parts

2
roles/ipaclient/library/ipaclient_fix_ca.py
View File

@@ -32,7 +32,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
module: ipaclient_fix_ca
short description: Fix IPA ca certificate
short_description: Fix IPA ca certificate
description: Repair Fix IPA ca certificate
options:
servers:

2
roles/ipaclient/library/ipaclient_fstore.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_fstore
short description: Backup files using IPA client sysrestore
short_description: Backup files using IPA client sysrestore
description: Backup files using IPA client sysrestore
options:
backup:

2
roles/ipaclient/library/ipaclient_get_facts.py
View File

@@ -7,7 +7,7 @@ __metaclass__ = type
DOCUMENTATION = """
---
module: ipaclient_get_facts
short description: Get facts about IPA client and server configuration.
short_description: Get facts about IPA client and server configuration.
description: Get facts about IPA client and server configuration.
author:
- Thomas Woerner

2
roles/ipaclient/library/ipaclient_get_otp.py
View File

@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
module: ipaclient_get_otp
short description: Manage IPA hosts
short_description: Manage IPA hosts
description:
Manage hosts in a IPA domain.
The operation needs to be authenticated with Kerberos either by providing

2
roles/ipaclient/library/ipaclient_ipa_conf.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_ipa_conf
short description: Configure ipa.conf
short_description: Configure ipa.conf
description:
Configure ipa.conf
options:

2
roles/ipaclient/library/ipaclient_join.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_join
short description:
short_description:
Join a machine to an IPA realm and get a keytab for the host service
principal
description:

2
roles/ipaclient/library/ipaclient_set_hostname.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_set_hostname
short description: Backup and set hostname
short_description: Backup and set hostname
description:
Backup and set hostname
options:

2
roles/ipaclient/library/ipaclient_setup_automount.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_automount
short description: Setup automount for IPA client
short_description: Setup automount for IPA client
description:
Setup automount for IPA client
options:

2
roles/ipaclient/library/ipaclient_setup_firefox.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_firefox
short description: Setup firefox for IPA client
short_description: Setup firefox for IPA client
description:
Setup firefox for IPA client
options:

2
roles/ipaclient/library/ipaclient_setup_krb5.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_krb5
short description: Setup krb5 for IPA client
short_description: Setup krb5 for IPA client
description:
Setup krb5 for IPA client
options:

2
roles/ipaclient/library/ipaclient_setup_nis.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_nis
short description: Setup NIS for IPA client
short_description: Setup NIS for IPA client
description:
Setup NIS for IPA client
options:

2
roles/ipaclient/library/ipaclient_setup_nss.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_nss
short description: Create IPA client NSS database
short_description: Create IPA client NSS database
description: Create IPA NSS database
options:
servers:

2
roles/ipaclient/library/ipaclient_setup_ntp.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_ntp
short description: Setup NTP for IPA client
short_description: Setup NTP for IPA client
description:
Setup NTP for IPA client
options:

2
roles/ipaclient/library/ipaclient_setup_ssh.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_ssh
short description: Configure ssh and sshd for IPA client
short_description: Configure ssh and sshd for IPA client
description:
Configure ssh and sshd for IPA client
options:

2
roles/ipaclient/library/ipaclient_setup_sssd.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_setup_ssd
short description: Setup sssd for IPA client
short_description: Setup sssd for IPA client
description:
Setup sssd for IPA client
options:

2
roles/ipaclient/library/ipaclient_test.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_test
short description: Tries to discover IPA server
short_description: Tries to discover IPA server
description:
Tries to discover IPA server using DNS or host name
options:

2
roles/ipaclient/library/ipaclient_test_keytab.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaclient_test_keytab
short description:
short_description:
Test if the krb5.keytab on the machine is valid and can be used.
description:
Test if the krb5.keytab on the machine is valid and can be used.

2
roles/ipareplica/library/ipareplica_add_to_ipaservers.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_add_to_ipaservers
short description: Add to ipaservers
short_description: Add to ipaservers
description:
Add to ipaservers
options:

2
roles/ipareplica/library/ipareplica_create_ipa_conf.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_create_ipa_conf
short description: Create ipa.conf
short_description: Create ipa.conf
description:
Create ipa.conf
options:

2
roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_custodia_import_dm_password
short description: Import dm password into custodia
short_description: Import dm password into custodia
description:
Import dm password into custodia
options:

2
roles/ipareplica/library/ipareplica_ds_apply_updates.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_ds_apply_updates
short description: DS apply updates
short_description: DS apply updates
description:
DS apply updates
options:

2
roles/ipareplica/library/ipareplica_ds_enable_ssl.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_ds_enable_ssl
short description: DS enable SSL
short_description: DS enable SSL
description:
DS enable SSL
options:

2
roles/ipareplica/library/ipareplica_enable_ipa.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_enable_ipa
short description: Enable IPA
short_description: Enable IPA
description: Enable IPA
Enable IPA
options:

2
roles/ipareplica/library/ipareplica_install_ca_certs.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_install_ca_cert
short description: Install CA certs
short_description: Install CA certs
description:
Install CA certs
options:

2
roles/ipareplica/library/ipareplica_krb_enable_ssl.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_krb_enable_ssl
short description: KRB enable SSL
short_description: KRB enable SSL
description:
KRB enable SSL
options:

2
roles/ipareplica/library/ipareplica_master_password.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_master_password
short description: Generate kerberos master password if not given
short_description: Generate kerberos master password if not given
description:
Generate kerberos master password if not given
options:

2
roles/ipareplica/library/ipareplica_prepare.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_prepare
short description: Prepare ipa replica installation
short_description: Prepare ipa replica installation
description: |
Prepare ipa replica installation: Create IPA configuration file, run install
checks again and also update the host name and the hosts file if needed.

2
roles/ipareplica/library/ipareplica_promote_openldap_conf.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_promote_openldap_conf
short description: Promote openldap.conf
short_description: Promote openldap.conf
description:
Promote openldap.conf
options:

2
roles/ipareplica/library/ipareplica_promote_sssd.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_promote_sssd
short description: Promote sssd
short_description: Promote sssd
description:
Promote sssd
options:

2
roles/ipareplica/library/ipareplica_restart_kdc.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_restart_kdc
short description: Restart KDC
short_description: Restart KDC
description:
Restart KDC
options:

2
roles/ipareplica/library/ipareplica_setup_adtrust.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_adtrust
short description: Setup adtrust
short_description: Setup adtrust
description:
Setup adtrust
options:

2
roles/ipareplica/library/ipareplica_setup_ca.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_ca
short description: Setup CA
short_description: Setup CA
description:
Setup CA
options:

2
roles/ipareplica/library/ipareplica_setup_certmonger.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_certmonger
short description: Setup certmonger
short_description: Setup certmonger
description:
Setup certmonger
options:

2
roles/ipareplica/library/ipareplica_setup_custodia.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_custodia
short description: Setup custodia
short_description: Setup custodia
description:
Setup custodia
options:

2
roles/ipareplica/library/ipareplica_setup_dns.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_dns
short description: Setup DNS
short_description: Setup DNS
description:
Setup DNS
options:

2
roles/ipareplica/library/ipareplica_setup_ds.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_ds
short description: Setup DS
short_description: Setup DS
description:
Setup DS
options:

2
roles/ipareplica/library/ipareplica_setup_http.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_http
short description: Setup HTTP
short_description: Setup HTTP
description:
Setup HTTP
options:

2
roles/ipareplica/library/ipareplica_setup_kra.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_kra
short description: Setup KRA
short_description: Setup KRA
description:
Setup KRA
options:

2
roles/ipareplica/library/ipareplica_setup_krb.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_krb
short description: Setup KRB
short_description: Setup KRB
description:
Setup KRB
options:

2
roles/ipareplica/library/ipareplica_setup_otpd.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_setup_otpd
short description: Setup OTPD
short_description: Setup OTPD
description:
Setup OTPD
options:

2
roles/ipareplica/library/ipareplica_test.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipareplica_test
short description: IPA replica deployment tests
short_description: IPA replica deployment tests
description: IPA replica deployment tests
options:
ip_addresses:

4
roles/ipareplica/module_utils/ansible_ipa_replica.py
View File

@@ -222,6 +222,10 @@ else:
def info(self, msg):
self.module.debug(msg)
@staticmethod
def isatty():
return False
def write(self, msg):
self.module.debug(msg)
# self.module.warn(msg)

3
roles/ipareplica/tasks/install.yml
View File

@@ -116,8 +116,6 @@
ipaclient_realm: "{{ result_ipareplica_test.realm | default(omit) }}"
ipaclient_servers: "{{ ipareplica_servers | default(omit) }}"
ipaclient_hostname: "{{ result_ipareplica_test.hostname }}"
ipaclient_no_ntp: "{{ result_ipareplica_test.ipa_python_version
< 40690 }}"
ipaclient_install_packages: "{{ ipareplica_install_packages }}"
when: not result_ipareplica_test.client_enrolled
@@ -201,6 +199,7 @@
### additional ###
server: "{{ result_ipareplica_test.server }}"
skip_conncheck: "{{ ipareplica_skip_conncheck }}"
sid_generation_always: "{{ result_ipareplica_test.sid_generation_always }}"
register: result_ipareplica_prepare
- name: Install - Add to ipaservers

2
roles/ipaserver/library/ipaserver_enable_ipa.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_enable_ipa
short description: Enable IPA
short_description: Enable IPA
description: Enable IPA
options:
hostname:

2
roles/ipaserver/library/ipaserver_load_cache.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_load_cache
short description: Load cache file
short_description: Load cache file
description: Load cache file
options:
dm_password:

2
roles/ipaserver/library/ipaserver_master_password.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_master_password
short description: Generate kerberos master password if not given
short_description: Generate kerberos master password if not given
description:
Generate kerberos master password if not given
options:

2
roles/ipaserver/library/ipaserver_prepare.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_prepare
short description: Prepare IPA server deployment
short_description: Prepare IPA server deployment
description: Prepare IPA server deployment
options:
force:

2
roles/ipaserver/library/ipaserver_set_ds_password.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_set_ds_password
short description: Set DS password
short_description: Set DS password
description: Set DS password
options:
dm_password:

2
roles/ipaserver/library/ipaserver_setup_adtrust.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_adtrust
short description: Setup trust ad
short_description: Setup trust ad
description: Setup trust ad
options:
hostname:

2
roles/ipaserver/library/ipaserver_setup_ca.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ca
short description: Setup CA
short_description: Setup CA
description: Setup CA
options:
dm_password:

2
roles/ipaserver/library/ipaserver_setup_custodia.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_custodia
short description: Setup custodia
short_description: Setup custodia
description: Setup custodia
options:
realm:

2
roles/ipaserver/library/ipaserver_setup_dns.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_dns
short description: Setup DNS
short_description: Setup DNS
description: Setup DNS
options:
ip_addresses:

2
roles/ipaserver/library/ipaserver_setup_ds.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ds
short description: Configure directory server
short_description: Configure directory server
description: Configure directory server
options:
dm_password:

2
roles/ipaserver/library/ipaserver_setup_http.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_http
short description: Setup HTTP
short_description: Setup HTTP
description: Setup HTTP
options:
dm_password:

2
roles/ipaserver/library/ipaserver_setup_kra.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_kra
short description: Setup KRA
short_description: Setup KRA
description: Setup KRA
options:
dm_password:

2
roles/ipaserver/library/ipaserver_setup_krb.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_krb
short description: Setup KRB
short_description: Setup KRB
description: Setup KRB
options:
dm_password:

2
roles/ipaserver/library/ipaserver_setup_ntp.py
View File

@@ -34,7 +34,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
module: ipaserver_setup_ntp
short description: Setup NTP
short_description: Setup NTP
description: Setup NTP
options:
ntp_servers:

Some files were not shown because too many files have changed in this diff Show More