rpms/ansible-freeipa
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import ansible-freeipa-0.3.6-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2021-06-17 04:19:40 +00:00 committed by Stepan Oksanichenko
parent 96b951fdde
commit 195fcf7466
5 changed files with 153 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ansible-freeipa.metadata
View File

@ -1 +1 @@
7c66c505597de97501d68c81fc1495aa4d627879 SOURCES/ansible-freeipa-0.3.2.tar.gz 9837a725299f3c9e22c944f940645841fa06e54e SOURCES/ansible-freeipa-0.3.6.tar.gz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/ansible-freeipa-0.3.2.tar.gz SOURCES/ansible-freeipa-0.3.6.tar.gz

39
SOURCES/ansible-freeipa-0.3.2-ipaclient-Do-not-fail-on-rmkeytab-error-7_rhbz#1931381.patch
View File

@ -1,39 +0,0 @@
From 976cd1baa70b3ac1a271a362163e469b8d54d04a Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 22 Feb 2021 13:28:04 +0100
Subject: [PATCH] ipaclient: Do not fail on rmkeytab error #7
Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check
return value of krb5_kt_(start|end)_seq_get) in IPA 4.9.2 there is a new
error reported for ipa-rmkeytab in case of a non existing keytab file.
Using ipa-rmkeytab now results in the error #7 in this case.
The client role is using ipa-rmkeytab and needs to ignore error #7 also.
Fixes: #510 (ipa-client installation with OTP is failed with error code 7
(keytab: /usr/sbin/ipa-rmkeytab returned 7))
---
roles/ipaclient/tasks/install.yml | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index fccc72e..23f9529 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -181,8 +181,12 @@
# Do not fail on error codes 3 and 5:
# 3 - Unable to open keytab
# 5 - Principal name or realm not found in keytab
+ # 7 - Failed to set cursor, typically when errcode
+ # would be issued in past
failed_when: result_ipa_rmkeytab.rc != 0 and
- result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
+ result_ipa_rmkeytab.rc != 3 and
+ result_ipa_rmkeytab.rc != 5 and
+ result_ipa_rmkeytab.rc != 7
when: (ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool
- name: Install - Backup and set hostname
--
2.29.2

115
SOURCES/ansible-freeipa-0.3.6-ipabackup-Use-module-to-get-IPA_BACKUP_DIR-from-ipap_rhbz#1969847.patch Normal file
View File

@ -0,0 +1,115 @@
From db208bd6c11afda738b254b4d21b3cfb5307a3fd Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 9 Jun 2021 10:53:34 +0200
Subject: [PATCH] ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
Up to now a python snippet was used to get IPA_BACKUP_DIR from ipaplatform
but this was not working when ansible_facts was false due to not getting
ansible_python_interpreter set.
The module version is also working if gather_facts is turned off.
---
.../library/ipabackup_get_backup_dir.py | 69 +++++++++++++++++++
roles/ipabackup/tasks/get_ipabackup_dir.yml | 12 ++--
2 files changed, 73 insertions(+), 8 deletions(-)
create mode 100644 roles/ipabackup/library/ipabackup_get_backup_dir.py
diff --git a/roles/ipabackup/library/ipabackup_get_backup_dir.py b/roles/ipabackup/library/ipabackup_get_backup_dir.py
new file mode 100644
index 0000000..b76d01d
--- /dev/null
+++ b/roles/ipabackup/library/ipabackup_get_backup_dir.py
@@ -0,0 +1,69 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Copyright (C) 2021 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipabackup_get_backup_dir
+short description:
+ Get IPA_BACKUP_DIR from ipaplatform
+description:
+ Get IPA_BACKUP_DIR from ipaplatform
+options:
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+# Get IPA_BACKUP_DIR from ipaplatform
+- name: ipabackup_get_backup_dir:
+ register result
+'''
+
+RETURN = '''
+backup_dir:
+ description: IPA_BACKUP_DIR from ipaplatform
+ returned: always
+ type: str
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ipaplatform.paths import paths
+
+
+def main():
+ module = AnsibleModule(
+ argument_spec=dict(),
+ supports_check_mode=True,
+ )
+
+ module.exit_json(changed=False,
+ backup_dir=paths.IPA_BACKUP_DIR)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipabackup/tasks/get_ipabackup_dir.yml b/roles/ipabackup/tasks/get_ipabackup_dir.yml
index 45cb48a..a7cb29d 100644
--- a/roles/ipabackup/tasks/get_ipabackup_dir.yml
+++ b/roles/ipabackup/tasks/get_ipabackup_dir.yml
@@ -1,12 +1,8 @@
---
-- name: Get IPA_BACKUP_DIR dir from ipaplatform
- command: "{{ ansible_python_interpreter | default('/usr/bin/python') }}"
- args:
- stdin: |
- from ipaplatform.paths import paths
- print(paths.IPA_BACKUP_DIR)
- register: result_ipaplatform_backup_dir
+- name: Get IPA_BACKUP_DIR from ipaplatform
+ ipabackup_get_backup_dir:
+ register: result_ipabackup_get_backup_dir
- name: Set IPA backup dir
set_fact:
- ipabackup_dir: "{{ result_ipaplatform_backup_dir.stdout_lines | first }}"
+ ipabackup_dir: "{{ result_ipabackup_get_backup_dir.backup_dir }}"
--
2.31.1

55
SPECS/ansible-freeipa.spec
View File

@ -7,23 +7,18 @@
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
Name: ansible-freeipa Name: ansible-freeipa
Version: 0.3.2 Version: 0.3.6
Release: 2%{?dist} Release: 3%{?dist}
URL: https://github.com/freeipa/ansible-freeipa URL: https://github.com/freeipa/ansible-freeipa
License: GPLv3+ License: GPLv3+
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch0: ansible-freeipa-0.3.2-ipaclient-Do-not-fail-on-rmkeytab-error-7_rhbz#1931381.patch Patch1: ansible-freeipa-0.3.6-ipabackup-Use-module-to-get-IPA_BACKUP_DIR-from-ipap_rhbz#1969847.patch
BuildArch: noarch BuildArch: noarch
%description %description
ansible-freeipa provides Ansible roles and playbooks to install and uninstall Ansible roles and playbooks to install and uninstall FreeIPA servers, replicas and clients. Also modules for group, host, topology and user management.
FreeIPA servers, replicas and clients. Also modules for management.
Note: The ansible playbooks and roles require a configured ansible environment
where the ansible nodes are reachable and are properly set up to have an IP
address and a working package manager.
Note: The Ansible playbooks and roles require a configured Ansible environment where the Ansible nodes are reachable and are properly set up to have an IP address and a working package manager.
Features Features
- Server, replica and client deployment - Server, replica and client deployment
@ -31,6 +26,7 @@ Features
- One-time-password (OTP) support for client installation - One-time-password (OTP) support for client installation
- Repair mode for clients - Repair mode for clients
- Backup and restore, also to and from controller - Backup and restore, also to and from controller
- Modules for automembership rule management
- Modules for config management - Modules for config management
- Modules for delegation management - Modules for delegation management
- Modules for dns config management - Modules for dns config management
@ -49,12 +45,13 @@ Features
- Modules for pwpolicy management - Modules for pwpolicy management
- Modules for role management - Modules for role management
- Modules for self service management - Modules for self service management
- Modules for server management
- Modules for service management - Modules for service management
- Modules for sudocmd management - Modules for sudocmd management
- Modules for sudocmdgroup management - Modules for sudocmdgroup management
- Modules for sudorule management - Modules for sudorule management
- Modules for topology management - Modules for topology management
- Modules fot trust management - Modules for trust management
- Modules for user management - Modules for user management
- Modules for vault management - Modules for vault management
@ -62,10 +59,7 @@ Supported FreeIPA Versions
FreeIPA versions 4.6 and up are supported by all roles. FreeIPA versions 4.6 and up are supported by all roles.
The client role supports versions 4.4 and up, the server role is working with The client role supports versions 4.4 and up, the server role is working with versions 4.5 and up, the replica role is currently only working with versions 4.6 and up.
versions 4.5 and up, the replica role is currently only working with versions
4.6 and up.
Supported Distributions Supported Distributions
- RHEL/CentOS 7.4+ - RHEL/CentOS 7.4+
@ -109,8 +103,8 @@ to get the needed requrements to run the tests.
%prep %prep
%setup -q %setup -q
%patch0 -p1
# Do not create backup files with patches # Do not create backup files with patches
%patch1 -p1
# Fix python modules and module utils: # Fix python modules and module utils:
# - Remove shebang # - Remove shebang
@ -167,9 +161,32 @@ cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
%{_datadir}/ansible-freeipa/requirements-tests.txt %{_datadir}/ansible-freeipa/requirements-tests.txt
%changelog %changelog
* Thu Mar 4 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.2-2 * Wed Jun 9 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-3
- Fix ipaclient: Do not fail on rmkeytab error 7 - Apply fix for ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
Resolves: RHBZ#1931381 Related: RRBZ#1969847
* Wed Jun 9 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-2
- ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
Resolves: RRBZ#1969847
* Mon Jun 7 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
- Update to version 0.3.6
https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
Resolves: RHBZ#1959875
- ansible-freeipa-tests not in the compose
Resolves: RHBZ#1936869
- Remove unsupported parameter for (ipapermission) module: perm_rights from
permission-present.yml
Resolves: RHBZ#1921654
- Sample playbook included for selfservice module is incorrect
Resolves: RHBZ#1922060
- ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab
returned 7)
Resolves: RHBZ#1935123
- New management module ipaserver
Resolves: RHBZ#1966493
- New management module ipaautomember
Resolves: RHBZ#1966496
* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.2-1 * Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.2-1
- Update to version 0.3.2 - Update to version 0.3.2