rpms/ansible-freeipa
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import ansible-freeipa-0.1.6-4.el8

Browse Source
This commit is contained in:
CentOS Sources 2019-11-05 14:44:16 -05:00 committed by Stepan Oksanichenko
commit 961430aca3
7 changed files with 375 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.ansible-freeipa.metadata Normal file
View File

@ -0,0 +1 @@
4dcce87f3b09e7c53760980e6687de575a44ee4e SOURCES/ansible-freeipa-0.1.6.tar.gz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/ansible-freeipa-0.1.6.tar.gz

51
SOURCES/ansible-freeipa-0.1.6-ansible_ipa_client_Drop_import_of_configure_nsswitch_database_rhbz#1748905.patch Normal file
View File

@ -0,0 +1,51 @@
From 5bb44245c6c43d752c1e066ebdc6cb3eb0253d98 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 4 Sep 2019 14:40:46 +0200
Subject: [PATCH] ansible_ipa_client: Drop import of
configure_nsswitch_database
configure_nsswitch_database has been removed with the freeipa commit
https://github.com/freeipa/freeipa/commit/41ef8fba31ddbb32e2e5b7cccdc9b582a0809111
The 4.4 compatibility hack leads to a ALREADY installed error in
ipaclient_test because of the removal. This affects ipaclient and
ipareplica roles and also the ipaclient deployment part in ipaserver.
configure_nsswitch_database is not used any more in ipaclient role modules
and therefore simply can be removed from ansible_ipa_client.
---
roles/ipaclient/module_utils/ansible_ipa_client.py | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/roles/ipaclient/module_utils/ansible_ipa_client.py b/roles/ipaclient/module_utils/ansible_ipa_client.py
index 30b8d42..d45171b 100644
--- a/roles/ipaclient/module_utils/ansible_ipa_client.py
+++ b/roles/ipaclient/module_utils/ansible_ipa_client.py
@@ -35,7 +35,7 @@
"configure_sssd_conf", "realm_to_suffix", "run", "timeconf",
"serialization", "configure_krb5_conf", "get_ca_certs",
"SECURE_PATH", "get_server_connection_interface",
- "configure_nsswitch_database", "disable_ra", "client_dns",
+ "disable_ra", "client_dns",
"configure_certmonger", "update_ssh_keys",
"configure_openldap_conf", "hardcode_ldap_server",
"get_certs_from_ldap", "save_state", "create_ipa_nssdb",
@@ -143,7 +143,7 @@ def knobs(self):
try:
from ipaclient.install.client import configure_krb5_conf, \
get_ca_certs, SECURE_PATH, get_server_connection_interface, \
- configure_nsswitch_database, disable_ra, client_dns, \
+ disable_ra, client_dns, \
configure_certmonger, update_ssh_keys, configure_openldap_conf, \
hardcode_ldap_server, get_certs_from_ldap, save_state, \
create_ipa_nssdb, configure_ssh_config, configure_sshd_config, \
@@ -204,8 +204,6 @@ def configure_krb5_conf(
get_server_connection_interface = \
ipa_client_install.get_server_connection_interface
- configure_nsswitch_database = \
- ipa_client_install.configure_nsswitch_database
disable_ra = ipa_client_install.disable_ra
client_dns = ipa_client_install.client_dns
configure_certmonger = ipa_client_install.configure_certmonger

13
SOURCES/ansible-freeipa-0.1.6-gen_module_docs-drop-key-dirserv_cert_files.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up ansible-freeipa-0.1.6/utils/gen_module_docs.py.remove-key-dirserv_cert_files ansible-freeipa-0.1.6/utils/gen_module_docs.py
--- ansible-freeipa-0.1.6/utils/gen_module_docs.py.gen_module_docs-drop-key-dirserv_cert_files 2019-07-23 10:01:59.000000000 +0200
+++ ansible-freeipa-0.1.6/utils/gen_module_docs.py 2019-07-23 11:27:12.921162481 +0200
@@ -47,9 +47,6 @@ param_docs = {
"setup_ca": "Configure a dogtag CA",
"setup_kra": "Configure a dogtag KRA",
"setup_dns": "Configure bind with our zone",
- "dirserv_cert_files": [
- "File containing the Directory Server SSL certificate and private key"
- ],
"force_join": "Force client enrollment even if already enrolled",
"subject_base": [
"The certificate subject base (default O=<realm-name>).",

62
SOURCES/ansible-freeipa-0.1.6-ipatopologysegment-command-suffix-e4497c18_rhbz#1733547.patch Normal file
View File

@ -0,0 +1,62 @@
From e4497c18e9fb39b4e8c022eb0898060005cf6af6 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 26 Jul 2019 18:33:41 +0200
Subject: [PATCH] ipatopologysegment: Store suffix for commands in command list
With adding the domain and ca suffixes with `suffix: domain+ca` only ca
has been added as the suffix was only used from the last command. The
suffix is now stored together with the command and the argument. This
will fix this error.
Fixes: #106 (Last suffix adding twice in the list of topology segments)
---
plugins/modules/ipatopologysegment.py | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/plugins/modules/ipatopologysegment.py b/plugins/modules/ipatopologysegment.py
index d64c7be..e768f72 100644
--- a/plugins/modules/ipatopologysegment.py
+++ b/plugins/modules/ipatopologysegment.py
@@ -256,12 +256,12 @@ def main():
del args[key]
if len(args) > 1:
# cn needs to be in args always
- commands.append(["topologysegment_mod", args])
+ commands.append(["topologysegment_mod", args, suffix])
# else: Nothing to change
else:
if name is None:
args["cn"] = to_text("%s-to-%s" % (left, right))
- commands.append(["topologysegment_add", args])
+ commands.append(["topologysegment_add", args, suffix])
elif state in ["absent", "disabled"]:
# Make sure topology segment does not exist
@@ -274,7 +274,7 @@ def main():
args = {
"cn": res_find["cn"][0]
}
- commands.append(["topologysegment_del", args])
+ commands.append(["topologysegment_del", args, suffix])
elif state == "checked":
# Check if topology segment does exists
@@ -309,14 +309,15 @@ def main():
elif direction == "right-to-left":
args["right"] = True
- commands.append(["topologysegment_reinitialize", args])
+ commands.append(["topologysegment_reinitialize", args,
+ suffix])
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)
# Execute command
- for command, args in commands:
- api_command(ansible_module, command, to_text(suffix), args)
+ for command, args, _suffix in commands:
+ api_command(ansible_module, command, to_text(_suffix), args)
changed = True
except Exception as e:

38
SOURCES/ansible-freeipa-0.1.6-ipatopologysegment-reinitialized-c212b435_rhbz#1733559.patch Normal file
View File

@ -0,0 +1,38 @@
From c212b43516cb870bbaa86c607dde33f373768043 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Fri, 26 Jul 2019 19:30:11 +0200
Subject: [PATCH] ipatopologysegment: Fail for missing entry with reinitialized
Currently it is ignored if the entry for reinitialized can not be found if
the name or left and right are not correct. Now there is a failure in this
case.
Fixes: #107 (Reinitialize are failed to find the node in ipatopology ..)
Signed-off-by: Thomas Woerner <twoerner@redhat.com>
---
plugins/modules/ipatopologysegment.py | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/plugins/modules/ipatopologysegment.py b/plugins/modules/ipatopologysegment.py
index e768f72..e506b53 100644
--- a/plugins/modules/ipatopologysegment.py
+++ b/plugins/modules/ipatopologysegment.py
@@ -311,6 +311,18 @@ def main():
commands.append(["topologysegment_reinitialize", args,
suffix])
+ else:
+ params = []
+ if name is not None:
+ params.append("name=%s" % name)
+ if left is not None:
+ params.append("left=%s" % left)
+ if right is not None:
+ params.append("right=%s" % right)
+ ansible_module.fail_json(
+ msg="No entry '%s' for suffix '%s'" %
+ (",".join(params), suffix))
+
else:
ansible_module.fail_json(msg="Unkown state '%s'" % state)

209
SPECS/ansible-freeipa.spec Normal file
View File

@ -0,0 +1,209 @@
# Turn off automatic python byte compilation because these are Ansible
# roles and the files are transferred to the node and compiled there with
# the python verison used in the node
%define __brp_python_bytecompile %{nil}
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
Name: ansible-freeipa
Version: 0.1.6
Release: 4%{?dist}
URL: https://github.com/freeipa/ansible-freeipa
License: GPLv3+
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch1: ansible-freeipa-0.1.6-gen_module_docs-drop-key-dirserv_cert_files.patch
Patch2: ansible-freeipa-0.1.6-ipatopologysegment-command-suffix-e4497c18_rhbz#1733547.patch
Patch3: ansible-freeipa-0.1.6-ipatopologysegment-reinitialized-c212b435_rhbz#1733559.patch
Patch4: ansible-freeipa-0.1.6-ansible_ipa_client_Drop_import_of_configure_nsswitch_database_rhbz#1748905.patch
BuildArch: noarch
#Requires: ansible
%description
ansible-freeipa provides Ansible roles and playbooks to install and uninstall
FreeIPA servers, replicas and clients.
Note: The ansible playbooks and roles require a configured ansible environment
where the ansible nodes are reachable and are properly set up to have an IP
address and a working package manager.
Features
- Server, replica and client deployment
- Cluster deployments: Server, replicas and clients in one playbook
- One-time-password (OTP) support for client installation
- Repair mode for clients
Supported FreeIPA Versions
FreeIPA versions 4.6 and up are supported by all roles.
The client role supports versions 4.4 and up, the server role is working with
versions 4.5 and up, the replica role is currently only working with versions
4.6 and up.
Supported Distributions
- RHEL/CentOS 7.4+
- Fedora 26+
- Ubuntu
Requirements
Controller
- Ansible version: 2.5+
- python3-gssapi is required on the controller if a one time password (OTP)
is used to install the client.
Node
- Supported FreeIPA version (see above)
- Supported distribution (needed for package installation only, see above)
Limitations
External CA support is not supported or working. The currently needed two step
process is an issue for the processing in the role. The configuration of the
server is partly done already and needs to be continued after the CSR has been
handled. This is for example breaking the deployment of a server with replicas
or clients in one playbook.
%prep
%setup -q
# Do not create backup files with patches
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
# Fix python modules and module utils:
# - Remove shebang
# - Remove execute flag
for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
sed -i '/\/usr\/bin\/python*/d' $i
chmod a-x $i
done
# Add execute flag to py3test.py scripts
chmod a+x roles/ipa*/files/py3test.py
%build
%install
install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
cp -rp roles/ipaserver/README.md README-server.md
cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
cp -rp roles/ipareplica/README.md README-replica.md
cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
cp -rp roles/ipaclient/README.md README-client.md
install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
%files
%license COPYING
%{_datadir}/ansible/roles/ipaserver
%{_datadir}/ansible/roles/ipareplica
%{_datadir}/ansible/roles/ipaclient
%{_datadir}/ansible/plugins/module_utils
%{_datadir}/ansible/plugins/modules
%doc README.md
%doc README-topology.md
%doc README-server.md
%doc README-replica.md
%doc README-client.md
%doc playbooks
%changelog
* Fri Sep 6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-4
- ansible_ipa_client: Drop import of configure_nsswitch_database
(RHBZ#1748905)
* Wed Jul 31 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-3
- ipatopologysegment: Store suffix for commands in command list (RHBZ#1733547)
- ipatopologysegment: Fail for missing entry with reinitialized (RHBZ#1733559)
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-2
- Drop dirserv_cert_files key from utils/gen_module_docs.py for covscan
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
- update to version 0.1.6
- Lots of documentation updates in READMEs and modules
- library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
- Flake8 and pylint reated fixes
- Fixed wrong path to CheckedIPAddress class in ipareplica_test
- Remove unused ipaserver/library/ipaserver.py
- No not use wildcard imports for modules
- ipareplica: Add support for pki_config_override
- ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
- ipareplica_prepare: Properly initialize pin and cert_name variables
- ipareplica: Fail with proper error messages
- ipaserver: Properly set settings related to pkcs12 files
- ipaclient: RawConfigParser is not always provided by six.moves.configparser
- ipaclient_setup_nss: paths.GETENT is not available before
freeipa-4.6.90.pre1
- ipaserver_test: Initialize value from options.zonemgr
- ipareplica_setup_custodia: create_replica only available in newer releases
- ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
- ipa[server,replica]: Set _packages_adtrust for Ubuntu
- New build script for galaxy release
- New utils script to update module docs
- Changes from ansible-freeipa-0.1.5
- Support for IPA 4.8.0
- New user management module
- New group management module
- ipaserver: Support external signed CA
- RHEL-8 specific vars files to be able to install needed modules
automatically
- ipareplica: Fixes for certmonger and kra setup
- New tests folder
- OTP related updates to README files
* Thu Jul 4 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-2
- ansible_ipa_client: Always set options.unattended (RHBZ#1726645)
- ipaserver_prepare: Properly report error, do show trace back (RHBZ#1726668)
- ipa[server,replica,client]: RHEL-8 specific vars files (RHBZ#1727095)
- ipatopology modules: Use ipaadmin_ prefix for principal and password
(RHBZ#1727101)
* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-1
- update to version 0.1.4
- ipatopologysegment: Use commands, not command
* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.3-1
- update to version 0.1.3
- ipaclient_test: Fix Python2 decode use with Python3
- Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
- ipaclient_get_otp: Remove ansible_python_interpreter handling
- ipaclient: Use omit (None) for password, keytab, no string length checks
- ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
- ipaclient: Report error message if ipaclient_get_otp failed
- Fixes #17 Improve how tasks manage package installation
- ipareplica: The dm password is not needed for ipareplica_master_password
- ipareplica: Use ipareplica_server if set
- ipatopologysegment: Allow domain+ca suffix, new state: checked
- Documentation updates
- Cleanups
* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-3
- bump release for functional test
* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-2
- bump release for functional test
* Fri Jun 7 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-1
- update to version 0.1.2
- Now a new Ansible Collection
- Fix gssapi requirement for OTP: It is only needed if keytab is used with
OTP now.
- Fix wrong ansible argument types
- Do not fail on textwrap for replica deployments with CA
- Ansible lint and galaxy fixes
- Disable automatic removal of replication agreements in uninstall
- Enable freeipa-trust service if adtrust is enabled
- Add support for hidden replica
- New topology managament modules
- Add support for pki_config_override
- Fix host name setup in server deployment
- Fix errors when ipaservers variable is not set
- Fix ipaclient install role length typo
- Cleanups
* Mon May 6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
- Initial package