collection: Allow playbooks to be executed using collection

When available in a collection 'playbooks' directory, playbooks can be
directly accessed as roles and modules: 'namespace.collection.playbook'.
This allows, for example the deployment roles to be executed with the
provided ansible-freeipa playbooks requiring minimal effort from the
user part.

In order to be accessible, though, the playbooks must not use dash ("-")
on the file names, as they are replaced by underscorse ("_") during
Ansible processing and then, the files are not found.

By renaming the playbooks that, currently, do not set any variable as an
usage example, replacing "-" by "_", we allow the FreeIPA collection
playbooks to be executed without the user having to search for the
correct file, like:

  $ ansible-playbook -i inventory freeipa.ansible_freeipa.install_server

plugins/module_utils/ansible_freeipa_module.py

@@ -33,7 +33,7 @@ __all__ = ["DEBUG_COMMAND_ALL", "DEBUG_COMMAND_LIST",
            "paths", "tasks", "get_credentials_if_valid", "Encoding",
            "DNSName", "getargspec", "certificate_loader",
            "write_certificate_list", "boolean", "template_str",
-           "urlparse", "normalize_sshpubkey", "Email"]
+           "urlparse", "normalize_sshpubkey"]
 
 DEBUG_COMMAND_ALL = 0b1111
 # Print the while command list:
@@ -116,7 +116,6 @@ try:
     from ipalib.krb_utils import get_credentials_if_valid
     from ipapython.dnsutil import DNSName
     from ipapython import kerberos
-    from ipapython.ipavalidate import Email
 
     try:
         from ipalib.x509 import Encoding

plugins/modules/ipaconfig.py

@@ -344,7 +344,7 @@ config:
 
 
 from ansible.module_utils.ansible_freeipa_module import \
-    IPAAnsibleModule, compare_args_ipa, ipalib_errors, Email
+    IPAAnsibleModule, compare_args_ipa, ipalib_errors
 
 
 def config_show(module):
@@ -515,13 +515,6 @@ def main():
                 msg="Argument '%s' must be between %d and %d."
                     % (arg, minimum, maximum))
 
-    # verify email domain
-    emaildomain = params.get("ipadefaultemaildomain", None)
-    if emaildomain:
-        if not Email("test@{0}".format(emaildomain)):
-            ansible_module.fail_json(
-                msg="Invalid 'emaildomain' value: %s" % emaildomain)
-
     changed = False
     exit_args = {}
 

roles/ipaclient/library/ipaclient_setup_nss.py

@@ -279,6 +279,7 @@ def main():
     options.no_sssd = False
     options.sssd = not options.no_sssd
     options.no_ac = False
+    options.dns_over_tls = False
     nosssd_files = module.params.get('nosssd_files')
     selinux_works = module.params.get('selinux_works')
     krb_name = module.params.get('krb_name')
@@ -376,6 +377,11 @@ def main():
             ssh_config_dir = paths.SSH_CONFIG_DIR
         else:
             ssh_config_dir = services.knownservices.sshd.get_config_dir()
+        argspec_update_ssh_keys = getargspec(update_ssh_keys)
+        # Hotfix for https://github.com/freeipa/freeipa/pull/7343
+        if "options" in argspec_update_ssh_keys.args:
+            update_ssh_keys(hostname, ssh_config_dir, options, cli_server[0])
+        else:
             update_ssh_keys(hostname, ssh_config_dir, options.create_sshfp)
 
         try:

roles/ipareplica/module_utils/ansible_ipa_replica.py

@@ -331,6 +331,13 @@ options.add_agents = False
 # ServerReplicaInstall
 options.subject_base = None
 options.ca_subject = None
+
+# Hotfix for https://github.com/freeipa/freeipa/pull/7343
+options.dns_over_tls = False
+options.dns_over_tls_key = None
+options.dns_over_tls_cert = None
+options.dot_forwarders = None
+options.dns_policy = None
 # pylint: enable=attribute-defined-outside-init
 
 

roles/ipaserver/module_utils/ansible_ipa_server.py

@@ -354,6 +354,13 @@ options.add_agents = False
 # no_msdcs is deprecated
 options.no_msdcs = False
 
+# Hotfix for https://github.com/freeipa/freeipa/pull/7343
+options.dns_over_tls = False
+options.dns_over_tls_key = None
+options.dns_over_tls_cert = None
+options.dot_forwarders = None
+options.dns_policy = None
+
 # For pylint
 options.external_cert_files = None
 options.dirsrv_cert_files = None

tests/config/test_config.yml

@@ -34,16 +34,6 @@
           ipaapi_context: "{{ ipa_context | default(omit) }}"
           emaildomain: ipa.test
 
-      - name: Ensure the default e-mail domain cannot be set to an invalid email domain.
-        ipaconfig:
-          ipaadmin_password: SomeADMINpassword
-          ipaapi_context: "{{ ipa_context | default(omit) }}"
-          emaildomain: invalid@emaildomain
-        register: invalid_emaildomain
-        failed_when:
-          invalid_emaildomain.changed
-          or not (invalid_emaildomain.failed and "Invalid 'emaildomain' value:" in invalid_emaildomain.msg)
-
       - name: Set default shell to '/bin/sh'
         ipaconfig:
           ipaadmin_password: SomeADMINpassword