[ol8_appstream] ansible-freeipa-0.1.8-3.el8.noarch

ansible-freeipa provides Ansible roles and playbooks to install and uninstall
FreeIPA servers, replicas and clients also modules for management.

Note: The ansible playbooks and roles require a configured ansible environment
where the ansible nodes are reachable and are properly set up to have an IP
address and a working package manager.

Features

- Server, replica and client deployment
- Cluster deployments: Server, replicas and clients in one playbook
- One-time-password (OTP) support for client installation
- Repair mode for clients
- Modules for group management
- Modules for hbacrule management
- Modules for hbacsvc management
- Modules for hbacsvcgroup management
- Modules for host management
- Modules for hostgroup management
- Modules for pwpolicy management
- Modules for sudocmd management
- Modules for sudocmdgroup management
- Modules for sudorule management
- Modules for topology management
- Modules for user management

Supported FreeIPA Versions

FreeIPA versions 4.6 and up are supported by all roles.

The client role supports versions 4.4 and up, the server role is working with
versions 4.5 and up, the replica role is currently only working with versions
4.6 and up.

Supported Distributions

- RHEL/CentOS 7.4+
- Fedora 26+
- Ubuntu
- Debian 10+ (ipaclient only, no server or replica!)

Requirements

  Controller
  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
  - /usr/bin/kinit is required on the controller if a one time password (OTP)
    is used
  - python3-gssapi is required on the controller if a one time password (OTP)
    is used with keytab to install the client.

  Node
  - Supported FreeIPA version (see above)
  - Supported distribution (needed for package installation only, see above)

Limitations

External CA support is not supported or working. The currently needed two step
process is an issue for the processing in the role. The configuration of the
server is partly done already and needs to be continued after the CSR has been
handled. This is for example breaking the deployment of a server with replicas
or clients in one playbook.

Changelog (Show File list) (Show related packages)

• Thu Feb 20 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-3

  - ipahost: Do not fail on missing DNS or zone when no IP address given
    Resolves: RHBZ#1804838

• Fri Feb 14 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-2

  - Updated RPM description for ansible-freeipa 0.1.8
    Related: RHBZ#1748986
  - ipahost: Fix choices of auth_ind parameter, allow to reset parameter
    Resolves: RHBZ#1783992
  - ipauser: Allow reset of userauthtype, do not depend on first,last for mod
    Resolves: RHBZ#1784474
  - ipahost: Enhanced failure msg for member params used without member action
    Resolves: RHBZ#1783948
  - Add missing attributes to ipasudorule
    Resolves: RHBZ#1788168
    Resolves: RHBZ#1788035
    Resolves: RHBZ#1788024
  - ipapwpolicy: Use global_policy if name is not set
    Resolves: RHBZ#1797532
  - ipahbacrule: Fix handing of members with action hbacrule
    Resolves: RHBZ#1787996
  - ansible_freeipa_module: Fix comparison of bool parameters in compare_args_isa
    Resolves: RHBZ#1784514
  - ipahost: Add support for several IP addresses and also to change them
    Resolves: RHBZ#1783979
    Resolves: RHBZ#1783976
  - ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
    Resolves: RHBZ#1803026

• Sat Dec 14 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1

  - Update to version 0.1.8 (bug fix release)
    - roles/ipaclient/README.md: Add information about ipaclient_otp
    - Install and enable firewalld if it is configured for ipaserver and
      ipareplica roles
    - ipaserver_test: Do not use zone_overlap_check for domain name validation
    - Allow execution of API commands that do not require a name
    - Update README-host: Drop options from allow_*keytab parameters docs
    - ipauser: Extend email addresses with default email domain if no domain is
      given
      Resolves: RHBZ#1747413
    Related: RHBZ#1748986

• Mon Dec 02 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.7-1

  - Update to version 0.1.7
    - Add debian support for ipaclient
    - Added support for predefining client OTP using ipaclient_otp
    - ipatopologysegment: Store suffix for commands in command list
    - ipatopologysegment: Fail for missing entry with reinitialized
    - Utils scripts: ansible-ipa-[server,replica,client]-install
    - ipaserver_test,ipareplica_prepare: Do not return _pkcs12_file settings
    - ansible_freeipa_module: Add support for GSSAPI
    - ansible_ipa_client: Drop import of configure_nsswitch_database
    - New host management module
    - New hostgroup management module
    - ipagroup: Remove unused member_[present,absent] states
    - external-ca tests: Fix typo in inventory files
    - tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
    - ipagroup: Rework to use same mechanisms as ipahostgroup module
    - ansible_freeipa_module: api_command should not have extra try clause
    - ansible_freeipa_module: compare_args_ipa needs to compare lists orderless
    - ansible_freeipa_module: New function api_check_param
    - ansible_freeipa_module: New functions module_params_get and _afm_convert
    - ansible_freeipa_module: Add missing to_text import for _afm_convert
    - ansible_freeipa_module: Convert tuple to list in compare_args_ipa
    - ansible_freeipa_module: New function api_get_realm
    - ipauser: User module extension
    - New sudocmd management module
    - New sudocmdgroup management module
    - ansible_freeipa_module: Convert int to string in compare_args_ipa
    - New pwpolicy management module
    - New hbacsvc (HBAC Service) management module
    - New hbacsvcgroup (HBAC Service Group) management module
    - ipagroup: Properly support IPA versions 4.6 and RHEL-7
    - ipagroup: Fix changed flag, new test cases
    - ipauser: Add info about version limitation of passwordexpiration
    - New hbacrule (HBAC Rule) management module
    - ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
    - New sudorule (Sudo Rule) management module
    - ipauser: Support 'sn' alias of 'last' for surname
    - Update galaxy.yml: Update description, drop empty dependencies
    - Update ipauser.py: Fix typo in users.name description
    - ipaclient: Fix misspelled sssd options
    - ipauser: Return generated random password
    - ipahost: Return generated random password
    - Added context configuration to api_connect
    - ansible_freeipa_module: Better support for KRB5CCNAME environment variable
    - ipa[server,replica,client]: Add support for CentOS-8
    - ipahost: Extension to be able handle several hosts and all settings
    - Flake8 fixes
    - Documentation updates
    - Cleanup
    Resolves: RHBZ#1748986

• Fri Sep 06 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-4

  - ansible_ipa_client: Drop import of configure_nsswitch_database
    (RHBZ#1748905)

• Wed Jul 31 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-3

  - ipatopologysegment: Store suffix for commands in command list (RHBZ#1733547)
  - ipatopologysegment: Fail for missing entry with reinitialized (RHBZ#1733559)

• Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-2

  - Drop dirserv_cert_files key from utils/gen_module_docs.py for covscan

• Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1

  - update to version 0.1.6
    - Lots of documentation updates in READMEs and modules
    - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
    - Flake8 and pylint reated fixes
    - Fixed wrong path to CheckedIPAddress class in ipareplica_test
    - Remove unused ipaserver/library/ipaserver.py
    - No not use wildcard imports for modules
    - ipareplica: Add support for pki_config_override
    - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
    - ipareplica_prepare: Properly initialize pin and cert_name variables
    - ipareplica: Fail with proper error messages
    - ipaserver: Properly set settings related to pkcs12 files
    - ipaclient: RawConfigParser is not always provided by six.moves.configparser
    - ipaclient_setup_nss: paths.GETENT is not available before
      freeipa-4.6.90.pre1
    - ipaserver_test: Initialize value from options.zonemgr
    - ipareplica_setup_custodia: create_replica only available in newer releases
    - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
    - ipa[server,replica]: Set _packages_adtrust for Ubuntu
    - New build script for galaxy release
    - New utils script to update module docs
  - Changes from ansible-freeipa-0.1.5
    - Support for IPA 4.8.0
    - New user management module
    - New group management module
    - ipaserver: Support external signed CA
    - RHEL-8 specific vars files to be able to install needed modules
      automatically
    - ipareplica: Fixes for certmonger and kra setup
    - New tests folder
    - OTP related updates to README files

• Thu Jul 04 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-2

  - ansible_ipa_client: Always set options.unattended (RHBZ#1726645)
  - ipaserver_prepare: Properly report error, do show trace back (RHBZ#1726668)
  - ipa[server,replica,client]: RHEL-8 specific vars files (RHBZ#1727095)
  - ipatopology modules: Use ipaadmin_ prefix for principal and password
    (RHBZ#1727101)

• Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-1

  - update to version 0.1.4
    - ipatopologysegment: Use commands, not command