.gitignore

@@ -1 +1,36 @@
-SOURCES/ansible-freeipa-1.12.1.tar.gz
+/ansible-freeipa-0.1.1.tar.gz
+/ansible-freeipa-0.1.5.tar.gz
+/ansible-freeipa-0.1.6.tar.gz
+/ansible-freeipa-0.1.8.tar.gz
+/ansible-freeipa-0.1.9.tar.gz
+/ansible-freeipa-0.1.10.tar.gz
+/ansible-freeipa-0.1.11.tar.gz
+/ansible-freeipa-0.1.12.tar.gz
+/ansible-freeipa-0.2.1.tar.gz
+/ansible-freeipa-0.3.0.tar.gz
+/ansible-freeipa-0.3.1.tar.gz
+/ansible-freeipa-0.3.4.tar.gz
+/ansible-freeipa-0.3.5.tar.gz
+/ansible-freeipa-0.3.6.tar.gz
+/ansible-freeipa-0.3.8.tar.gz
+/ansible-freeipa-0.4.0.tar.gz
+/ansible-freeipa-1.5.0.tar.gz
+/ansible-freeipa-1.5.3.tar.gz
+/ansible-freeipa-1.6.2.tar.gz
+/ansible-freeipa-1.7.0.tar.gz
+/ansible-freeipa-1.8.0.tar.gz
+/ansible-freeipa-1.8.1.tar.gz
+/ansible-freeipa-1.8.2.tar.gz
+/ansible-freeipa-1.8.3.tar.gz
+/ansible-freeipa-1.8.4.tar.gz
+/ansible-freeipa-1.9.0.tar.gz
+/ansible-freeipa-1.9.1.tar.gz
+/ansible-freeipa-1.9.2.tar.gz
+/ansible-freeipa-1.10.0.tar.gz
+/ansible-freeipa-1.11.0.tar.gz
+/ansible-freeipa-1.11.1.tar.gz
+/ansible-freeipa-1.12.0.tar.gz
+/ansible-freeipa-1.12.1.tar.gz
+/ansible-freeipa-1.14.0.tar.gz
+/ansible-freeipa-1.14.1.tar.gz
+/ansible-freeipa-1.14.2.tar.gz

README.md

@@ -0,0 +1,3 @@
+# ansible-freeipa
+
+The ansible-freeipa package

SPECS/ansible-freeipa.spec

@@ -1,813 +0,0 @@
-# Turn off automatic python byte compilation because these are Ansible
-# roles and the files are transferred to the node and compiled there with
-# the python version used in the node
-%define __brp_python_bytecompile %{nil}
-
-%global python %{__python3}
-
-Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
-Name: ansible-freeipa
-Version: 1.12.1
-Release: 1%{?dist}
-URL: https://github.com/freeipa/ansible-freeipa
-License: GPL-3.0-or-later
-Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-BuildArch: noarch
-
-%description
-Ansible roles to install and uninstall FreeIPA servers, replicas and clients,
-roles for backups and SmartCard configuration, modules for management and also
-playbooks for all roles and modules.
-
-Note: The Ansible playbooks and roles require a configured Ansible environment
-where the Ansible nodes are reachable and are properly set up to have an IP
-address and a working package manager.
-
-Features
-
-- Server, replica and client deployment
-- Cluster deployments: Server, replicas and clients in one playbook
-- One-time-password (OTP) support for client installation
-- Repair mode for clients
-- Backup and restore, also to and from controller
-- Smartcard setup for servers and clients
-- Modules for automembership rule management
-- Modules for automount key management
-- Modules for automount location management
-- Modules for automount map management
-- Modules for certificate management
-- Modules for config management
-- Modules for delegation management
-- Modules for dns config management
-- Modules for dns forwarder management
-- Modules for dns record management
-- Modules for dns zone management
-- Modules for group management
-- Modules for hbacrule management
-- Modules for hbacsvc management
-- Modules for hbacsvcgroup management
-- Modules for host management
-- Modules for hostgroup management
-- Modules for idoverridegroup management
-- Modules for idoverrideuser management
-- Modules for idp management
-- Modules for idrange management
-- Modules for idview management
-- Modules for location management
-- Modules for netgroup management
-- Modules for permission management
-- Modules for privilege management
-- Modules for pwpolicy management
-- Modules for role management
-- Modules for self service management
-- Modules for server management
-- Modules for service management
-- Modules for service delegation rule management
-- Modules for service delegation target management
-- Modules for sudocmd management
-- Modules for sudocmdgroup management
-- Modules for sudorule management
-- Modules for topology management
-- Modules for trust management
-- Modules for user management
-- Modules for vault management
-
-Supported FreeIPA Versions
-
-FreeIPA versions 4.6 and up are supported by all roles.
-
-The client role supports versions 4.4 and up, the server role is working with
-versions 4.5 and up, the replica role is currently only working with versions
-4.6 and up.
-
-Supported Distributions
-
-- RHEL/CentOS 7.4+
-- Fedora 26+
-- Ubuntu
-- Debian 10+ (ipaclient only, no server or replica!)
-
-Requirements
-
-  Controller
-  - Ansible version: 2.13+
-
-  Node
-  - Supported FreeIPA version (see above)
-  - Supported distribution (needed for package installation only, see above)
-
-Limitations
-
-External signed CA is now supported. But the currently needed two step process
-is an issue for the processing in a simple playbook.
-Work is planned to have a new method to handle CSR for external signed CAs in
-a separate step before starting the server installation.
-
-
-%package tests
-Summary: ansible-freeipa tests
-Requires: %{name} = %{version}-%{release}
-
-%description tests
-ansible-freeipa tests.
-
-Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt
-to get the needed requrements to run the tests.
-
-
-%prep
-%setup -q
-# Do not create backup files with patches
-
-# Fix python modules and module utils:
-# - Remove shebang
-# - Remove execute flag
-for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py;
-do
-    sed -i '1{/\/usr\/bin\/python*/d;}' $i
-    sed -i '1{/\/usr\/bin\/env python*/d;}' $i
-    chmod a-x $i
-done
-
-for i in utils/*.py utils/new_module utils/changelog utils/ansible-doc-test;
-do
-    sed -i '{s@/usr/bin/python*@%{python}@}' $i
-    sed -i '{s@/usr/bin/env python*@%{python}@}' $i
-done
-
-
-%build
-
-%install
-install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipaserver/README.md README-server.md
-cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipareplica/README.md README-replica.md
-cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipaclient/README.md README-client.md
-cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipabackup/README.md README-backup.md
-cp -rp roles/ipasmartcard_server %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipasmartcard_server/README.md README-smartcard_server.md
-cp -rp roles/ipasmartcard_client %{buildroot}%{_datadir}/ansible/roles/
-cp -rp roles/ipasmartcard_client/README.md README-smartcard_client.md
-install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
-cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
-
-install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa
-cp requirements*.txt %{buildroot}%{_datadir}/ansible-freeipa/
-cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/
-install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests
-cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
-
-%files
-%license COPYING
-%{_datadir}/ansible/roles/ipaserver
-%{_datadir}/ansible/roles/ipareplica
-%{_datadir}/ansible/roles/ipaclient
-%{_datadir}/ansible/roles/ipabackup
-%{_datadir}/ansible/roles/ipasmartcard_server
-%{_datadir}/ansible/roles/ipasmartcard_client
-%{_datadir}/ansible/plugins/doc_fragments
-%{_datadir}/ansible/plugins/module_utils
-%{_datadir}/ansible/plugins/modules
-%doc README*.md
-%doc playbooks
-%{_datadir}/ansible-freeipa/requirements.txt
-%{_datadir}/ansible-freeipa/requirements-dev.txt
-%{_datadir}/ansible-freeipa/utils
-
-%files tests
-%{_datadir}/ansible-freeipa/tests
-%{_datadir}/ansible-freeipa/requirements-tests.txt
-
-%changelog
-* Mon Feb 12 2024 Thomas Woerner <twoerner@redhat.com> - 1.12.1-1
-- Update to version 1.12.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.1
-  Resolves: RHEL-13746
-- ipauser module lacks the "rename" field.
-  Resolves: RHEL-4963
-- Add missing support for rename in ipagroup module
-  Resolves: RHEL-13759
-- The IDP module does not support the modification of IDP options
-  Resolves: RHEL-17955
-- The IDP module does not support resetting IDP options
-  Resolves: RHEL-17958
-- ipauser is not idempotent when random is defined
-  Resolves: RHEL-4934
-- ipasudorule: Allow setting groups for runasuser
-  Resolves: RHEL-19129
-- Idempotency fixes
-  Resolves: RHEL-13755
-- ipadnszone: Add support for per-zone privilege delegation
-  Resolves: RHEL-19133
-- Handle data type or empty string in module_utils
-  Resolves: RHEL-19135
-- ipa-server installation failing
-  Resolves: RHEL-23633
-
-* Tue Nov 28 2023 Thomas Woerner <twoerner@redhat.com> - 1.12.0-2
-- Fix test_pwpolicy for https://pagure.io/freeipa/issue/9297
-  Related: RHEL-13746
-
-* Mon Nov 27 2023 Thomas Woerner <twoerner@redhat.com> - 1.12.0-1
-- Update to version 1.12.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.0
-  Resolves: RHEL-13746
-- New idoverridegroup management module.
-  Resolves: RHEL-16935
-- New idoverrideuser management module.
-  Resolves: RHEL-16941
-- New idview management module.
-  Resolves: RHEL-16933
-- New idp management module.
-  Resolves: RHEL-16938
-- idoverride{user,group}: Fix delete_continue with state absent
-  Resolves: RHEL-16682
-
-* Mon Jul 24 2023 Thomas Woerner <twoerner@redhat.com> - 1.11.1-1
-- Update to version 1.11.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.1
-  Resolves: RHBZ#2170371
-- ipaautomountmap: add support for indirect maps
-  Resolves: RHBZ#2050158
-- ipauser: Add support to modify GECOS field
-  Resolves: RHBZ#2168022
-- ipauser: Add support for parameter "street"
-  Resolves: RHBZ#2215532
-- ipauser: Add support for SMB attributes
-  Resolves: RHBZ#2215534
-- ipauser: Support for External IdP attributes
-  Resolves: RHBZ#2215539
-- Fix handling of ipapwpolicy attributes usercheck and dictcheck
-  Resolves: RHBZ#2215543
-- Update authtypes authind
-  Resolves: RHBZ#2215540
-
-* Mon Jun 12 2023 Thomas Woerner <twoerner@redhat.com> - 1.11.0-1
-- Update to version 1.11.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.0
-  Resolves: RHBZ#2170371
-- Multiple service management
-  Resolves: RHBZ#2175769
-- New ipacert module
-  Resolves: RHBZ#2127906
-- Fix maxsequence handling in ipapwpolicy module
-  Resolves: RHBZ#2214295
-
-* Wed Apr  5 2023 Thomas Woerner <twoerner@redhat.com> - 1.10.0-1
-- Update to version 1.10.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.10.0
-  Resolves: RHBZ#2170371
-- ipareplica/server: Enable removal from domain with undeployment
-  Resolves: RHBZ#2127901
-- ipagroup: Allow multiple group management
-  Resolves: RHBZ#2175762
-- ipaserver: Allow deployments with random serial numbers
-  Resolves: RHBZ#2127904
-- ipagroup: Fix ensuring external group members (without trust-ad)
-  Resolves: RHBZ#2183820
-- ipaclient: Add subid option to select the sssd profile with-subid
-  Resolves: RHBZ#2175766
-- ipaclient: Fix allow_repair with removed krb5.conf and DNS lookup
-  Resolves: RHBZ#1759785
-- ipaclient: Keep server affinity while deploying as long as possible
-  Resolves: RHBZ#2175755
-
-* Tue Jan 31 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.2-1
-- Update to version 1.9.2
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.2
-  Resolves: RHBZ#2125591
-- ipabackup: Use ipabackup_item again in copy_backup_to_server
-  Resolves: RHBZ#2165951
-
-* Mon Jan 30 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.1-1
-- Update to version 1.9.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.1
-  Resolves: RHBZ#2125591
-- pwpolicy: Allow clearing policy values
-  Resolves: RHBZ#2150332
-- Use netgroup_find instead of netgroup_show to workaround IPA bug
-  Resolves: RHBZ#2144724
-
-* Wed Dec  7 2022 Thomas Woerner <twoerner@redhat.com> - 1.9.0-1
-- Update to version 1.9.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.0
-  Related: RHBZ#2125591
-- pwpolicy: Add support for password check and grace limit
-  Resolves: RHBZ#2015288
-- ipaconfig: Do not allow enable_sid set to False
-  Resolves: RHBZ#2127447
-- ipaclient: No kinit on controller for deployment using OTP
-  Resolves: RHBZ#2127885
-- ipaclient: Configure DNS resolver
-  Resolves: RHBZ#2127894
-- New netgroup management module
-  Resolves: RHBZ#2127908
-- sudorule: Add support for 'hostmask' parameter
-  Resolves: RHBZ#2127912
-- ipaconfig: Fix fail_json calls
-  Resolves: RHBZ#2128460
-- ipaconfig: Do not require enable_sid for add_sids or netbios_name
-  Resolves: RHBZ#2134530
-- ipaserver: Add missing idstart check
-  Resolves: RHBZ#2132729
-
-* Mon Sep 12 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.4-1
-- Update to version 1.8.4
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.4
-  Resolves: RHBZ#2125591
-- 'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
-  Resolves: RHBZ#2121362
-- ansible-freeipa Replica Install Setup DNS fails
-  Resolves: RHBZ#2120415
-- ipaconfig does not support SID and netbios attributes
-  Resolves: RHBZ#2069174
-
-* Tue Aug 16 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.3-1
-- Update to version 1.8.3
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.3
-  Related: RHBZ#2080321
-- Fixes replica deployment issue for domains without SID support.
-  Related: RHBZ#2110491
-
-* Thu Jul 28 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.2-1
-- Update to version 1.8.2
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.2
-  Related: RHBZ#2080321
-- SIDs are always generated for server and replica deployments
-  Resolves: RHBZ#2110491
-- Random Serial Numbers are not enabled by default any more
-  Resolves: RHBZ#2110526
-- Fixes comparison of bool values in IPA 4.9.10+ for ipadnsconfig
-  Resolves: RHBZ#2110539
-
-* Thu Jul  7 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.1-1
-- Update to version 1.8.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.1
-  Related: RHBZ#2080321
-- ipa server deploys failing with latest IPA compose
-  Resolves: RHBZ#2103928
-- ipaserver_external_cert_files failes to copy with ansible 2.13
-  Resolves: RHBZ#2104842
-
-* Fri Jun 24 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.0-1
-- idrange: Fix usage of dom_name when idrange doesn't exist.
-  Resolves: RHBZ#2086993
-- smartcard roles for ansible-freeipa
-  Resolves: RHBZ#2076554
-
-* Fri Apr 29 2022 Thomas Woerner <twoerner@redhat.com> - 1.7.0-1
-- Update to version 1.7.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.7.0
-  Resolves: RHBZ#2080321
-- New idrange management module.
-  Resolves: RHBZ#1921545
-- Not able to update empty descriptions in automount maps.a
-  Resolves: RHBZ#2048552
-- New servicedelegationrule management module.
-  Resolves: RHBZ#2069170
-- New servicedelegationtarget management module.
-  Resolves: RHBZ#2069172
-- Add support for managing idoverrideusers in ipagroup.
-  Resolves: RHBZ#2069173
-
-* Thu Jan 27 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.3-1
-- Update to version 1.6.3
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3
-  Related: RHBZ#2010621
-
-* Wed Jan 26 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.2-1
-- Update to version 1.6.2
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2
-  Related: RHBZ#2010621
-
-* Fri Jan 21 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
-- Update to version 1.6.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0
-  Related: RHBZ#2010621
-- Add module to manage automount maps
-  Resolves: RHBZ#2040462
-- Add module to manage automount keys
-  Resolves: RHBZ#2040464
-- Client deploy failing with ipaadmin keytab and OTP due to latest ansible
-  version
-  Resolves: RHBZ#2041753
-
-* Wed Dec 29 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.3-1
-- Update to version 1.5.3
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0
-  Related: RHBZ#2010621
-- automember set default group/hostgroup is missing from the automember module
-  Resolves: RHBZ#1999912
-- automember remove default group/hostgroup is missing from the automember
-  module
-  Resolves: RHBZ#1999913
-- automember rebuild is missing from the automember module
-  Resolves: RHBZ#1999915
-- automember remove orphans group/hostgroup is missing from the automember
-  module
-  Resolves: RHBZ#1999916
-- Not able to update existing automember rule description
-  Resolves: RHBZ#2021393
-
-* Tue Oct  5 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
-- Update to version 0.4.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0
-  Resolves: RHBZ#2010621
-- Add ability to run modules remotely
-  Resolves: RHBZ#1918025
-- New management module ipaautomountlocation
-  Resolves: RHBZ#2010639
-
-* Tue Jul 13 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1
-- Update to version 0.3.8
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8
-  Related: RHBZ#1959875
-- automember: Verify condition keys
-  Related: RHBZ#1976926
-
-* Tue Jul 13 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.7-1
-- Update to version 0.3.7
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7
-  Related: RHBZ#1959875
-- automember: Fix action to be automember or member, not service
-  Resolves: RRBZ#1976923
-- automember: Fix result["failed"] issues with conditions
-  Resolves: RRBZ#1976926
-
-* Wed Jun  9 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-3
-- Apply fix for ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
-  Related: RRBZ#1969847
-
-* Wed Jun  9 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-2
-- ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
-  Resolves: RRBZ#1969847
-
-* Mon Jun  7 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
-- Update to version 0.3.6
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
-  Resolves: RHBZ#1959875
-- ansible-freeipa-tests not in the compose
-  Resolves: RHBZ#1936869
-- Remove unsupported parameter for (ipapermission) module: perm_rights from
-  permission-present.yml
-  Resolves: RHBZ#1921654
-- Sample playbook included for selfservice module is incorrect
-  Resolves: RHBZ#1922060
-- ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab
-  returned 7)
-  Resolves: RHBZ#1935123
-- New management module ipaserver
-  Resolves: RHBZ#1966493
-- New management module ipaautomember
-  Resolves: RHBZ#1966496
-
-* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.2-1
-- Update to version 0.3.2
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2
-  Related: RHBZ#1891826
-- Not able to add additional privileges with existing privilege in role module
-  Resolves: RHBZ#1893678
-- Required error message while adding non-existing members in role handling
-  Resolves: RHBZ#1893679
-- Not able to add new members with existing members role handling
-  Resolves: RHBZ#1893684
-- service members are removed while updating other members in role handling
-  Resolves: RHBZ#1893685
-- after changing the vault type from standard to symmetric, Salt is missing
-  Resolves: RHBZ#1880367
-- After changing the vault type from symmetric to asymmetric, Salt is present
-  in the asymmetric vault
-  Resolves: RHBZ#1880377
-- After changing the vault type from asymmetric to the standard vault, the
-  Public key is present in the standard vault
-  Resolves: RHBZ#1880378
-- Not able to replace public-key-file to the public-key in asymmetric vault
-  type
-  Resolves: RHBZ#1880862
-- ipauser module does not seem to support --check flag to ansible-playbook
-  Resolves: RHBZ#1893675
-- Not able to add additional attributes with existing attributes in permission
-  handling
-  Resolves: RHBZ#1893687
-- Privilege variable is removed from permission handling
-  Resolves: RHBZ#1893688
-
-* Wed Dec  2 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.1-1
-- Update to version 0.3.1
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1
-  Related: RHBZ#1891826
-- ipabackup: Fix undefined vars for conditions in shell tasks without else
-  Related: RHBZ#1894494
-
-* Tue Dec  1 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-2
-- Ship ipabackup role for backup and restore
-  Related: RHBZ#1894494
-
-* Thu Nov 26 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-1
-- Update to version 0.3.0
-  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0
-  With tests sub package
-  Resolves: RHBZ#1891826
-- Support for firewalld zone in ipaserver and ipareplica roles 
-  Resolves: RHBZ#1894488
-- ipagroup: Add support for the IPA CLI option `posix`
-  Resolves: RHBZ#1894493
-- New ipabackup role for backup and restore
-  Resolves: RHBZ#1894494
-- New management module ipadelegation
-  Resolves: RHBZ#1894496
-- New management module ipalocation
-  Resolves: RHBZ#1894497
-- New management module ipaprivilege
-  Resolves: RHBZ#1894498
-- New management module ipapermission
-  Resolves: RHBZ#1894499
-- New management module iparole
-  Resolves: RHBZ#1894500
-- New management module ipaselfservice
-  Resolves: RHBZ#1894501
-- New management module ipatrust
-  Resolves: RHBZ#1894502
-- Fixed log of vault data return when retrieving to a file
-  Resolves: RHBZ#1875378
-- ipadnszone: Fix modification o SOA serial with other attributes
-  Resolves: RHBZ#1876896
-- Fix symmetric vault password change when using password_files
-  Resolves: RHBZ#1879004
-- ipadnsrecord: fix record modification behavior
-  Resolves: RHBZ#1880409
-  Resolves: RHBZ#1881452
-- ipadnsrecord: fix record update when multiple records exist
-  Resolves: RHBZ#1881436
-
-* Tue Aug 18 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-6
-- Allow to manage multiple dnszone entries
-  Resolves: RHBZ#1845058
-- Fixed error msgs on FreeIPABaseModule subclasses
-  Resolves: RHBZ#1845051
-- Fix `allow_create_keytab_host` in service module
-  Resolves: RHBZ#1868020
-- Modified return value for ipavault module
-  Resolves: RHBZ#1867909
-- Add support for option `name_from_ip` in ipadnszone module
-  Resolves: RHBZ#1845056
-- Fixe password behavior on Vault module
-  Resolves: RHBZ#1839200
-
-* Tue Jul 14 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-5
-- ipareplica: Fix failure while deploying KRA
-  Resolves: RHBZ#1855299
-
-* Thu Jul 02 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-4
-- ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less
-  Resolves: RHBZ#1853284
-
-* Wed Jul 01 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-3
-- action_plugins/ipaclient_get_otp: Discovered python needed in task_vars
-  Resolves: RHBZ#1852714
-
-* Mon Jun 29 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-2
-- Fixes service disable when service has no certificates attached
-  Resolves: RHBZ#1836294
-- Add suppport for changing password of symmetric vaults
-  Resolves: RHBZ#1839197
-- Fix forwardzone issues
-  Resolves: RHBZ#1843826
-  Resolves: RHBZ#1843828
-  Resolves: RHBZ#1843829
-  Resolves: RHBZ#1843830
-  Resolves: RHBZ#1843831
-- ipa[host]group: Fix membermanager unknow user issue
-  Resolves: RHBZ#1848426
-- ipa[user,host]: Fail on duplucate names in the users and hosts lists
-  Resolves: RHBZ#1822683
-
-* Mon Jun 15 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-1
-- Update to version 0.1.12 bug fix only release
-  Related: RHBZ#1818768
-
-* Thu Jun 11 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.11-1
-- Update to version 0.1.11
-  Related: RHBZ#1818768
-
-* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1
-- Update to version 0.1.10:
-  - ipaclient: Not delete keytab when ipaclient_on_master is true
-  - New module to manage dns forwarder zones in ipa
-  - Enhancements of sudorule module tests
-  - Gracefully handle RuntimeError raised during parameter validation in
-    fail_jso
-  - ipareplica_prepare: Fix module DOCUMENTATION
-  - ipa[server,replica,client]: setup_logging wrapper for
-    standard_logging_setup
-  - Created FreeIPABaseModule class to facilitate creation of new modules
-  - New IPADNSZone module
-  - Add admin password to the ipadnsconfig module tests
-  - Added alias module arguments in dnszone module
-  - Fixed a bug in AnsibleFreeIPAParams
-  - utils/build-galaxy-release: Do not add release tag to version for galaxy
-  - ipaserver docs: Calm down module linter
-  - galaxy.yml: Add system tag
-  - ipareplica_setup_kra: Remove unused ccache parameter
-  - ipareplica_setup_krb: krb is assigned to but never used
-  - utils/galaxy: Make galaxy scripts more generic
-  - galaxyfy-playbook.py: Fixed script name
-  Related: RHBZ#1818768
-
-* Thu Feb 20 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-3
-- ipahost: Do not fail on missing DNS or zone when no IP address given
-  Resolves: RHBZ#1804838
-
-* Fri Feb 14 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-2
-- Updated RPM description for ansible-freeipa 0.1.8
-  Related: RHBZ#1748986
-- ipahost: Fix choices of auth_ind parameter, allow to reset parameter
-  Resolves: RHBZ#1783992
-- ipauser: Allow reset of userauthtype, do not depend on first,last for mod
-  Resolves: RHBZ#1784474
-- ipahost: Enhanced failure msg for member params used without member action
-  Resolves: RHBZ#1783948
-- Add missing attributes to ipasudorule
-  Resolves: RHBZ#1788168
-  Resolves: RHBZ#1788035
-  Resolves: RHBZ#1788024
-- ipapwpolicy: Use global_policy if name is not set
-  Resolves: RHBZ#1797532
-- ipahbacrule: Fix handing of members with action hbacrule
-  Resolves: RHBZ#1787996
-- ansible_freeipa_module: Fix comparison of bool parameters in compare_args_isa
-  Resolves: RHBZ#1784514
-- ipahost: Add support for several IP addresses and also to change them
-  Resolves: RHBZ#1783979
-  Resolves: RHBZ#1783976
-- ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
-  Resolves: RHBZ#1803026
-
-* Sat Dec 14 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
-- Update to version 0.1.8 (bug fix release)
-  - roles/ipaclient/README.md: Add information about ipaclient_otp
-  - Install and enable firewalld if it is configured for ipaserver and
-    ipareplica roles
-  - ipaserver_test: Do not use zone_overlap_check for domain name validation
-  - Allow execution of API commands that do not require a name
-  - Update README-host: Drop options from allow_*keytab parameters docs
-  - ipauser: Extend email addresses with default email domain if no domain is
-    given
-    Resolves: RHBZ#1747413
-  Related: RHBZ#1748986
-
-* Mon Dec  2 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.7-1
-- Update to version 0.1.7
-  - Add debian support for ipaclient
-  - Added support for predefining client OTP using ipaclient_otp
-  - ipatopologysegment: Store suffix for commands in command list
-  - ipatopologysegment: Fail for missing entry with reinitialized
-  - Utils scripts: ansible-ipa-[server,replica,client]-install
-  - ipaserver_test,ipareplica_prepare: Do not return _pkcs12_file settings
-  - ansible_freeipa_module: Add support for GSSAPI
-  - ansible_ipa_client: Drop import of configure_nsswitch_database
-  - New host management module
-  - New hostgroup management module
-  - ipagroup: Remove unused member_[present,absent] states
-  - external-ca tests: Fix typo in inventory files
-  - tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
-  - ipagroup: Rework to use same mechanisms as ipahostgroup module
-  - ansible_freeipa_module: api_command should not have extra try clause
-  - ansible_freeipa_module: compare_args_ipa needs to compare lists orderless
-  - ansible_freeipa_module: New function api_check_param
-  - ansible_freeipa_module: New functions module_params_get and _afm_convert
-  - ansible_freeipa_module: Add missing to_text import for _afm_convert
-  - ansible_freeipa_module: Convert tuple to list in compare_args_ipa
-  - ansible_freeipa_module: New function api_get_realm
-  - ipauser: User module extension
-  - New sudocmd management module
-  - New sudocmdgroup management module
-  - ansible_freeipa_module: Convert int to string in compare_args_ipa
-  - New pwpolicy management module
-  - New hbacsvc (HBAC Service) management module
-  - New hbacsvcgroup (HBAC Service Group) management module
-  - ipagroup: Properly support IPA versions 4.6 and RHEL-7
-  - ipagroup: Fix changed flag, new test cases
-  - ipauser: Add info about version limitation of passwordexpiration
-  - New hbacrule (HBAC Rule) management module
-  - ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
-  - New sudorule (Sudo Rule) management module
-  - ipauser: Support 'sn' alias of 'last' for surname
-  - Update galaxy.yml: Update description, drop empty dependencies
-  - Update ipauser.py: Fix typo in users.name description
-  - ipaclient: Fix misspelled sssd options
-  - ipauser: Return generated random password
-  - ipahost: Return generated random password
-  - Added context configuration to api_connect
-  - ansible_freeipa_module: Better support for KRB5CCNAME environment variable
-  - ipa[server,replica,client]: Add support for CentOS-8
-  - ipahost: Extension to be able handle several hosts and all settings
-  - Flake8 fixes
-  - Documentation updates
-  - Cleanup
-  Resolves: RHBZ#1748986
-
-* Fri Sep  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-4
-- ansible_ipa_client: Drop import of configure_nsswitch_database
-  (RHBZ#1748905)
-
-* Wed Jul 31 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-3
-- ipatopologysegment: Store suffix for commands in command list (RHBZ#1733547)
-- ipatopologysegment: Fail for missing entry with reinitialized (RHBZ#1733559)
-
-* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-2
-- Drop dirserv_cert_files key from utils/gen_module_docs.py for covscan
-
-* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
-- update to version 0.1.6
-  - Lots of documentation updates in READMEs and modules
-  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
-  - Flake8 and pylint reated fixes
-  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
-  - Remove unused ipaserver/library/ipaserver.py
-  - No not use wildcard imports for modules
-  - ipareplica: Add support for pki_config_override
-  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
-  - ipareplica_prepare: Properly initialize pin and cert_name variables
-  - ipareplica: Fail with proper error messages
-  - ipaserver: Properly set settings related to pkcs12 files
-  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
-  - ipaclient_setup_nss: paths.GETENT is not available before
-    freeipa-4.6.90.pre1
-  - ipaserver_test: Initialize value from options.zonemgr
-  - ipareplica_setup_custodia: create_replica only available in newer releases
-  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
-  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
-  - New build script for galaxy release
-  - New utils script to update module docs
-- Changes from ansible-freeipa-0.1.5
-  - Support for IPA 4.8.0
-  - New user management module
-  - New group management module
-  - ipaserver: Support external signed CA
-  - RHEL-8 specific vars files to be able to install needed modules
-    automatically
-  - ipareplica: Fixes for certmonger and kra setup
-  - New tests folder
-  - OTP related updates to README files
-
-* Thu Jul  4 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-2
-- ansible_ipa_client: Always set options.unattended (RHBZ#1726645)
-- ipaserver_prepare: Properly report error, do show trace back (RHBZ#1726668)
-- ipa[server,replica,client]: RHEL-8 specific vars files (RHBZ#1727095)
-- ipatopology modules: Use ipaadmin_ prefix for principal and password
-  (RHBZ#1727101)
-
-* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-1
-- update to version 0.1.4
-  - ipatopologysegment: Use commands, not command
-
-* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.3-1
-- update to version 0.1.3
-  - ipaclient_test: Fix Python2 decode use with Python3
-  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
-  - ipaclient_get_otp: Remove ansible_python_interpreter handling
-  - ipaclient: Use omit (None) for password, keytab, no string length checks
-  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
-  - ipaclient: Report error message if ipaclient_get_otp failed
-  - Fixes #17 Improve how tasks manage package installation
-  - ipareplica: The dm password is not needed for ipareplica_master_password
-  - ipareplica: Use ipareplica_server if set
-  - ipatopologysegment: Allow domain+ca suffix, new state: checked
-  - Documentation updates
-  - Cleanups
-
-* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-3
-- bump release for functional test
-
-* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-2
-- bump release for functional test
-
-* Fri Jun  7 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-1
-- update to version 0.1.2
-  - Now a new Ansible Collection
-  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
-    OTP now.
-  - Fix wrong ansible argument types
-  - Do not fail on textwrap for replica deployments with CA
-  - Ansible lint and galaxy fixes
-  - Disable automatic removal of replication agreements in uninstall
-  - Enable freeipa-trust service if adtrust is enabled
-  - Add support for hidden replica
-  - New topology managament modules
-  - Add support for pki_config_override
-  - Fix host name setup in server deployment
-  - Fix errors when ipaservers variable is not set
-  - Fix ipaclient install role length typo
-  - Cleanups
-  
-* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
-- Initial package

ansible-freeipa.spec

@@ -0,0 +1,527 @@
+# Turn off automatic python byte compilation because these are Ansible
+# roles and the files are transferred to the node and compiled there with
+# the python version used in the node
+%define __brp_python_bytecompile %{nil}
+
+%global python %{__python3}
+
+%global collection_namespace freeipa
+%global collection_name ansible_freeipa
+%global ansible_collections_dir %{_datadir}/ansible/collections/ansible_collections
+
+Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
+Name: ansible-freeipa
+Version: 1.14.2
+Release: 2%{?dist}
+URL: https://github.com/freeipa/ansible-freeipa
+License: GPL-3.0-or-later
+Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+BuildArch: noarch
+Requires: ansible-core >= 1:2.14.0
+BuildRequires: ansible-core >= 1:2.14.0
+BuildRequires: python
+Provides: ansible-collection-%{collection_namespace}-%{collection_name} = %{version}-%{release}
+Provides: ansible-freeipa-tests
+Obsoletes: ansible-freeipa-tests <= %{version}
+Provides: ansible-freeipa-collection
+Obsoletes: ansible-freeipa-collection <= %{version}
+
+%description
+Ansible collection %{collection_namespace}.%{collection_name} providing
+roles to install and uninstall FreeIPA servers, replicas and clients, roles
+for backups and SmartCard configuration, modules for management and also
+playbooks for all roles and modules.
+
+Note: The Ansible playbooks and roles require a configured Ansible environment
+where the Ansible nodes are reachable and are properly set up to have an IP
+address and a working package manager.
+
+Features
+
+- Server, replica and client deployment
+- Cluster deployments: Server, replicas and clients in one playbook
+- One-time-password (OTP) support for client installation
+- Repair mode for clients
+- Backup and restore, also to and from controller
+- Smartcard setup for servers and clients
+- Inventory plugin freeipa
+- Modules for automembership rule management
+- Modules for automount key management
+- Modules for automount location management
+- Modules for automount map management
+- Modules for certificate management
+- Modules for config management
+- Modules for delegation management
+- Modules for dns config management
+- Modules for dns forwarder management
+- Modules for dns record management
+- Modules for dns zone management
+- Modules for group management
+- Modules for hbacrule management
+- Modules for hbacsvc management
+- Modules for hbacsvcgroup management
+- Modules for host management
+- Modules for hostgroup management
+- Modules for idoverridegroup management
+- Modules for idoverrideuser management
+- Modules for idp management
+- Modules for idrange management
+- Modules for idview management
+- Modules for location management
+- Modules for netgroup management
+- Modules for permission management
+- Modules for privilege management
+- Modules for pwpolicy management
+- Modules for role management
+- Modules for self service management
+- Modules for server management
+- Modules for service management
+- Modules for service delegation rule management
+- Modules for service delegation target management
+- Modules for sudocmd management
+- Modules for sudocmdgroup management
+- Modules for sudorule management
+- Modules for topology management
+- Modules for trust management
+- Modules for user management
+- Modules for vault management
+
+Supported FreeIPA Versions
+
+FreeIPA versions 4.6 and up are supported by all roles.
+
+The client role supports versions 4.4 and up, the server role is working with
+versions 4.5 and up, the replica role is currently only working with versions
+4.6 and up.
+
+Supported Distributions
+
+- RHEL/CentOS 7.4+
+- Fedora 26+
+- Ubuntu
+- Debian 10+ (ipaclient only, no server or replica!)
+
+Requirements
+
+  Controller
+  - Ansible version: 2.13+
+
+  Node
+  - Supported FreeIPA version (see above)
+  - Supported distribution (needed for package installation only, see above)
+
+Limitations
+
+External signed CA is now supported. But the currently needed two step process
+is an issue for the processing in a simple playbook.
+Work is planned to have a new method to handle CSR for external signed CAs in
+a separate step before starting the server installation.
+
+
+%prep
+%setup -q
+# Do not create backup files with patches
+
+# Fix python modules and module utils:
+# - Remove shebang
+# - Remove execute flag
+for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py;
+do
+    sed -i '1{/\/usr\/bin\/python*/d;}' $i
+    sed -i '1{/\/usr\/bin\/env python*/d;}' $i
+    chmod a-x $i
+done
+
+for i in utils/*.py utils/new_module utils/changelog utils/ansible-doc-test;
+do
+    sed -i '{s@/usr/bin/python*@%{python}@}' $i
+    sed -i '{s@/usr/bin/env python*@%{python}@}' $i
+done
+
+
+%build
+
+%install
+# Create collection and install to %{buildroot}%{ansible_collections_dir}
+# ansible-galaxy collection install creates ansible_collections directory
+# automatically in given path, therefore /..
+utils/build-galaxy-release.sh -o "%{version}" -p %{buildroot}%{ansible_collections_dir}/.. %{collection_namespace} %{collection_name}
+
+cp %{buildroot}/%{ansible_collections_dir}/%{collection_namespace}/%{collection_name}/README.md .
+
+%files
+%license COPYING
+%doc README.md
+%dir %{ansible_collections_dir}/%{collection_namespace}
+%{ansible_collections_dir}/%{collection_namespace}/%{collection_name}
+
+%changelog
+* Fri Dec 13 2024 Thomas Woerner <twoerner@redhat.com> - 1.14.2-2
+- Fix version of obsoletes for collection and tests sub package
+  Resolves: RHEL-67567
+
+* Fri Dec 13 2024 Thomas Woerner <twoerner@redhat.com> - 1.14.2-1
+- Update to version 1.14.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.14.2
+  Resolves: RHEL-67567
+- ipareplica: Pass ipareplica_ip_addresses to ipaclient
+  Resolves: RHEL-40228
+- ipagroup: Correctly handle externalmember in member actions
+  Resolves: RHEL-70023
+- ipasudorule: Evaluate all members related to hosts and users
+  Resolves: RHEL-68441
+- ipacert: Correctly handle removFromCRL revocation
+  Resolves: RHEL-70021
+- Collection: No more role module duplication
+  Resolves: RHEL-71124
+
+* Wed Nov 27 2024 Thomas Woerner <twoerner@redhat.com> - 1.14.1-1
+- Update to version 1.14.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.14.1
+  Resolves: RHEL-67567
+- Fix requirements for ansible-core
+  Resolves: RHEL-68648
+
+* Fri Nov 22 2024 Thomas Woerner <twoerner@redhat.com> - 1.14.0-2
+- Fix update and wrong ansible-core build requirement
+  Resolves: RHEL-68648
+
+* Fri Nov 22 2024 Thomas Woerner <twoerner@redhat.com> - 1.14.0-1
+- Update to version 1.14.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.14.0
+  Resolves: RHEL-67567
+- Multi sudorule management with the ipasudorule module
+  Resolves: RHEL-61433
+
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.13.2-2
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Mon Jul  1 2024 Thomas Woerner <twoerner@redhat.com> - 1.13.2-1
+- Update to version 1.13.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.2
+  Resolves: RHEL-35566
+- Convert input certificates
+  Resolves: RHEL-44616
+- Fix rolesdeployment with IPA 4.12
+  Resolves: RHEL-40870
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.13.1-2
+- Bump release for June 2024 mass rebuild
+
+* Tue May 28 2024 Thomas Woerner <twoerner@redhat.com> - 1.13.1-1
+- Update to version 1.13.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.13.1
+  Resolves: RHEL-35566
+- New inventory plugin
+  Resolves: RHEL-38947
+- Enable batch command as backend
+  Resolves: RHEL-38944
+- New collection sub package
+  Resolves: RHEL-38930
+
+* Thu Apr  4 2024 Thomas Woerner <twoerner@redhat.com> - 1.12.1-2
+- The package now provides the Ansible collection freeipa.ansible_freeipa
+- New build requires for ansible-core and python
+- The tests are part of the collection, new provides and obsoletes for the
+  -tests sub package
+
+* Mon Feb 12 2024 Thomas Woerner <twoerner@redhat.com> - 1.12.1-1
+- Update to version 1.12.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.1
+  Highlights:
+  - Fix ipaserver deployment on CentOS 8 Stream
+  - Fix ipaclient deployment with automount
+  - Fix ipaclient OTP error reporting
+  - Add missing support for renaming groups and users
+  - Idempotency fixes in several modules
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.12.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Nov 27 2023 Thomas Woerner <twoerner@redhat.com> - 1.12.0-1
+- Update to version 1.12.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.12.0
+  Highlights:
+  - New idoverridegroup management module.
+  - New idoverrideuser management module.
+  - New idview management module.
+  - New idp management module.
+  - Bug fixes and CI improvements.
+
+* Mon Jul 24 2023 Thomas Woerner <twoerner@redhat.com> - 1.11.1-1
+- Update to version 1.11.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.1
+  Highlights:
+  - Support for GECOS, street, smb and idp attributes in ipauser module
+  - Support for indirect maps in ipaautomountmap module
+  - Update of user_auth_type choices in ipaconfig and ipauser modules
+  - Update of auth_ind choices in ipahost and ipaservice modules
+  - Upstream test and environment enhancements
+  - Documentation updates
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Mon Jun 12 2023 Thomas Woerner <twoerner@redhat.com> - 1.11.0-1
+- Update to version 1.11.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.11.0
+  Highlights:
+  - Multiple service management with ipaservice module
+  - New ipacert module for certificate management
+  - Action group support for the Ansible collections on Ansible Galaxy and
+    Ansible AutomationHub
+  - Fixed maxsequence handling in ipapwpolicy module
+  - Even more Ansible lint driven changes
+
+* Wed Apr  5 2023 Thomas Woerner <twoerner@redhat.com> - 1.10.0-1
+- Update to version 1.10.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.10.0
+  Highlights:
+  - ipagroup: Allow multiple group management.
+  - ipaclient: Add subid option to select the sssd profile with-subid.
+  - ipaclient: Fix allow_repair with removed krb5.conf and DNS lookup.
+  - ipaclient: Keep server affinity while deploying by deferring the
+    creation the final krb5.conf.
+  - ipaserver: Allow deployments with random serial numbers.
+  - ipareplica/server: Enable removal from domain with undeployment.
+  - More Ansible lint fixes.
+
+* Fri Mar 10 2023 Rafael Jeffman <rjeffman@redhat.com> - 1.9.2-2
+- Migrate to SPDX license
+
+* Tue Jan 31 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.2-1
+- Update to version 1.9.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.2
+
+* Mon Jan 30 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.1-1
+- Update to version 1.9.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.1
+  Highlights:
+  - Ansible 2.14 test and lint fixes
+  - pwpolicy: Allow clearing policy values
+  - More bug fixes
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Dec  6 2022 Thomas Woerner <twoerner@redhat.com> - 1.9.0-1
+- Update to version 1.9.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.0
+  Highlights:
+  - New netgroup management module
+  - sudorule: Add support for 'hostmask' parameter
+  - pwpolicy: Add support for password check and grace limit
+  - ipaclient: No kinit on controller for deployment using OTP
+  - ipaclient: Configure DNS resolver
+  - Support for ansible-core 2.14 tests
+
+* Mon Sep 12 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.4-1
+- Update to version 1.8.4
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.4
+
+* Tue Aug 16 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.3-1
+- Update to version 1.8.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.3
+
+* Thu Jul 28 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.2-1
+- Update to version 1.8.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.2
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Thu Jul  7 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.1-1
+- Update to version 1.8.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.1
+
+* Fri Jun 24 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.0-1
+- Update to version 1.8.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.0
+
+* Fri Apr 29 2022 Thomas Woerner <twoerner@redhat.com> - 1.7.0-1
+- Update to version 1.7.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.7.0
+- Update to version 1.6.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3
+
+* Wed Jan 26 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.2-1
+- Update to version 1.6.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2
+
+* Fri Jan 21 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
+- Update to version 1.6.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1
+- Update to version 1.6.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Dec 28 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.3-1
+- Update to version 1.5.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3
+- Update to version 1.5.2
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2
+- Update to version 1.5.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1
+
+* Tue Dec  7 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.0-1
+- Update to version 1.5.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0
+
+* Wed Oct  6 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
+- Update to version 0.4.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Wed Jul 14 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1
+- Update to version 0.3.8
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8
+- Update to version 0.3.7
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7
+
+* Tue Jun  1 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
+- Update to version 0.3.6
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
+
+* Wed Mar  3 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.5-1
+- Update to version 0.3.5
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.4-1
+- Update to version 0.3.4
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.4
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.3
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2
+
+* Wed Dec  2 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.1-1
+- Update to version 0.3.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1
+- ipabackup: Fix undefined vars for conditions in shell tasks without else
+
+* Tue Dec  1 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-2
+- Ship ipabackup role for backup and restore
+
+* Thu Nov 26 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-1
+- Update to version 0.3.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0
+
+* Fri Oct 09 2020 Thomas Woerner <twoerner@redhat.com> - 0.2.1-1
+- Update to version 0.2.1
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.1
+- Update to version 0.2.0
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.0
+- New tests sub package providing upstream tests
+- Utils in /usr/share/ansible-freeipa/utils
+
+* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.12-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jun 15 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-1
+- Update to version 0.1.12 bug fix only release
+
+* Thu Jun 11 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.11-1
+- Update to version 0.1.11
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.11
+
+* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1
+- Update to version 0.1.10 with fixes and additional modules
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10
+
+* Mon Mar 16 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.9-1
+- Update to version 0.1.8 with lots of fixes and additional modules
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.9
+
+* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Dec 20 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
+- Update to version 0.1.8 with lots of fixes and additional modules
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.8
+  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.7
+
+* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
+- Update to version 0.1.6
+  - Lots of documentation updates in READMEs and modules
+  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
+  - Flake8 and pylint reated fixes
+  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
+  - Remove unused ipaserver/library/ipaserver.py
+  - No not use wildcard imports for modules
+  - ipareplica: Add support for pki_config_override
+  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
+  - ipareplica_prepare: Properly initialize pin and cert_name variables
+  - ipareplica: Fail with proper error messages
+  - ipaserver: Properly set settings related to pkcs12 files
+  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
+  - ipaclient_setup_nss: paths.GETENT is not available before
+    freeipa-4.6.90.pre1
+  - ipaserver_test: Initialize value from options.zonemgr
+  - ipareplica_setup_custodia: create_replica only available in newer releases
+  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
+  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
+  - New build script for galaxy release
+  - New utils script to update module docs
+
+* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-2
+- Update README-user.md: Fixed examples, new example
+- ipauser example playbooks: Fixed actions, new example
+
+* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-1
+- Update to version 0.1.5
+  - Support for IPA 4.8.0
+  - New user management module
+  - New group management module
+  - ipaserver: Support external signed CA
+  - RHEL-8 specific vars files to be able to install needed modules
+    automatically
+  - ipareplica: Fixes for certmonger and kra setup
+  - New tests folder
+  - OTP related updates to README files
+- Updates of version 0.1.4
+  - ipatopologysegment: Use commands, not command
+- Updates of version 0.1.3
+  - ipaclient_test: Fix Python2 decode use with Python3
+  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
+  - ipaclient_get_otp: Remove ansible_python_interpreter handling
+  - ipaclient: Use omit (None) for password, keytab, no string length checks
+  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
+  - ipaclient: Report error message if ipaclient_get_otp failed
+  - Fixes #17 Improve how tasks manage package installation
+  - ipareplica: The dm password is not needed for ipareplica_master_password
+  - ipareplica: Use ipareplica_server if set
+  - ipatopologysegment: Allow domain+ca suffix, new state: checked
+  - Documentation updates
+  - Cleanups
+- Update of version 0.1.2
+  - Now a new Ansible Collection
+  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
+    OTP now.
+  - Fix wrong ansible argument types
+  - Do not fail on textwrap for replica deployments with CA
+  - Ansible lint and galaxy fixes
+  - Disable automatic removal of replication agreements in uninstall
+  - Enable freeipa-trust service if adtrust is enabled
+  - Add support for hidden replica
+  - New topology managament modules
+  - Add support for pki_config_override
+  - Fix host name setup in server deployment
+  - Fix errors when ipaservers variable is not set
+  - Fix ipaclient install role length typo
+  - Cleanups
+
+* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
+- Initial package

gating.yaml

@@ -0,0 +1,8 @@
+# recipients: abokovoy, frenaud, kaleem, ftrivino
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: idm-ci.brew-build.tier1.functional}

sources

@@ -0,0 +1 @@
+SHA512 (ansible-freeipa-1.14.2.tar.gz) = 5f8bd79ac28632d0eef82afaf22e4ce0120050347b41e44a1ccb9b9aad81803a3cc8e1a7f96b9f7a5618538e992ee93ebe4593a0b5bdf6e6efae2ea726a18893

tests/provision.fmf

@@ -0,0 +1,5 @@
+---
+
+standard-inventory-qcow2:
+  qemu:
+    m: 3G

tests/sanity/install-server.yml

@@ -0,0 +1,8 @@
+---
+- name: Playbook to configure IPA servers
+  hosts: ipaserver
+  become: true
+
+  roles:
+  - role: freeipa.ansible_freeipa.ipaserver
+    state: present

tests/sanity/inventory

@@ -0,0 +1,10 @@
+[ipaserver]
+localhost
+
+[ipaserver:vars]
+ipaserver_domain=example.test
+ipaserver_realm=EXAMPLE.TEST
+ipaserver_setup_dns=yes
+ipaserver_auto_forwarders=yes
+ipaadmin_password=Secret123
+ipadm_password=Secret123

tests/sanity/runtest.sh

@@ -0,0 +1,3 @@
+#!/bin/sh -eux
+ 
+ansible-playbook -i inventory install-server.yml -v --connection=local

tests/tests.yml

@@ -0,0 +1,14 @@
+---
+- hosts: localhost
+  tags:
+  - classic
+  roles:
+  - role: standard-test-basic
+    required_packages:
+    - firewalld
+    # pip3 is used to install ansible 2.8+
+    #- ansible
+    required_services:
+    - firewalld
+    tests:
+    - sanity