Name: | ansible-freeipa |
---|---|
Version: | 0.1.12 |
Release: | 6.el8 |
Architecture: | noarch |
Group: | Unspecified |
Size: | 1387451 |
License: | GPLv3+ |
RPM: | ansible-freeipa-0.1.12-6.el8.noarch.rpm |
Source RPM: | ansible-freeipa-0.1.12-6.el8.src.rpm |
Build Date: | Thu Nov 05 2020 |
Build Host: | jenkins-172-17-0-2-878cedf2-0083-42d1-9f5b-d4e0ca1a935e.blddevtest1iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | https://github.com/freeipa/ansible-freeipa |
Summary: | Roles and playbooks to deploy FreeIPA servers, replicas and clients |
Description: | ansible-freeipa provides Ansible roles and playbooks to install and uninstall FreeIPA servers, replicas and clients. Also modules for group, host, topology and user management. Note: The ansible playbooks and roles require a configured ansible environment where the ansible nodes are reachable and are properly set up to have an IP address and a working package manager. Features - Server, replica and client deployment - Cluster deployments: Server, replicas and clients in one playbook - One-time-password (OTP) support for client installation - Repair mode for clients - Modules for dns forwarder management - Modules for dns record management - Modules for dns zone management - Modules for group management - Modules for hbacrule management - Modules for hbacsvc management - Modules for hbacsvcgroup management - Modules for host management - Modules for hostgroup management - Modules for pwpolicy management - Modules for service management - Modules for sudocmd management - Modules for sudocmdgroup management - Modules for sudorule management - Modules for topology management - Modules for user management - Modules for vault management Supported FreeIPA Versions FreeIPA versions 4.6 and up are supported by all roles. The client role supports versions 4.4 and up, the server role is working with versions 4.5 and up, the replica role is currently only working with versions 4.6 and up. Supported Distributions - RHEL/CentOS 7.4+ - Fedora 26+ - Ubuntu - Debian 10+ (ipaclient only, no server or replica!) Requirements Controller - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection) /usr/bin/kinit is required on the controller if a one time password (OTP) is used - python3-gssapi is required on the controller if a one time password (OTP) is used with keytab to install the client. Node - Supported FreeIPA version (see above) - Supported distribution (needed for package installation only, see above) Limitations External signed CA is now supported. But the currently needed two step process is an issue for the processing in a simple playbook. Work is planned to have a new method to handle CSR for external signed CAs in a separate step before starting the server installation. |
- Allow to manage multiple dnszone entries Resolves: RHBZ#1845058 - Fixed error msgs on FreeIPABaseModule subclasses Resolves: RHBZ#1845051 - Fix `allow_create_keytab_host` in service module Resolves: RHBZ#1868020 - Modified return value for ipavault module Resolves: RHBZ#1867909 - Add support for option `name_from_ip` in ipadnszone module Resolves: RHBZ#1845056 - Fixe password behavior on Vault module Resolves: RHBZ#1839200
- ipareplica: Fix failure while deploying KRA Resolves: RHBZ#1855299
- ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less Resolves: RHBZ#1853284
- action_plugins/ipaclient_get_otp: Discovered python needed in task_vars Resolves: RHBZ#1852714
- Fixes service disable when service has no certificates attached Resolves: RHBZ#1836294 - Add suppport for changing password of symmetric vaults Resolves: RHBZ#1839197 - Fix forwardzone issues Resolves: RHBZ#1843826 Resolves: RHBZ#1843828 Resolves: RHBZ#1843829 Resolves: RHBZ#1843830 Resolves: RHBZ#1843831 - ipa[host]group: Fix membermanager unknow user issue Resolves: RHBZ#1848426 - ipa[user,host]: Fail on duplucate names in the users and hosts lists Resolves: RHBZ#1822683
- Update to version 0.1.12 bug fix only release Related: RHBZ#1818768
- Update to version 0.1.11 Related: RHBZ#1818768
- Update to version 0.1.10: - ipaclient: Not delete keytab when ipaclient_on_master is true - New module to manage dns forwarder zones in ipa - Enhancements of sudorule module tests - Gracefully handle RuntimeError raised during parameter validation in fail_jso - ipareplica_prepare: Fix module DOCUMENTATION - ipa[server,replica,client]: setup_logging wrapper for standard_logging_setup - Created FreeIPABaseModule class to facilitate creation of new modules - New IPADNSZone module - Add admin password to the ipadnsconfig module tests - Added alias module arguments in dnszone module - Fixed a bug in AnsibleFreeIPAParams - utils/build-galaxy-release: Do not add release tag to version for galaxy - ipaserver docs: Calm down module linter - galaxy.yml: Add system tag - ipareplica_setup_kra: Remove unused ccache parameter - ipareplica_setup_krb: krb is assigned to but never used - utils/galaxy: Make galaxy scripts more generic - galaxyfy-playbook.py: Fixed script name Related: RHBZ#1818768
- ipahost: Do not fail on missing DNS or zone when no IP address given Resolves: RHBZ#1804838
- Updated RPM description for ansible-freeipa 0.1.8 Related: RHBZ#1748986 - ipahost: Fix choices of auth_ind parameter, allow to reset parameter Resolves: RHBZ#1783992 - ipauser: Allow reset of userauthtype, do not depend on first,last for mod Resolves: RHBZ#1784474 - ipahost: Enhanced failure msg for member params used without member action Resolves: RHBZ#1783948 - Add missing attributes to ipasudorule Resolves: RHBZ#1788168 Resolves: RHBZ#1788035 Resolves: RHBZ#1788024 - ipapwpolicy: Use global_policy if name is not set Resolves: RHBZ#1797532 - ipahbacrule: Fix handing of members with action hbacrule Resolves: RHBZ#1787996 - ansible_freeipa_module: Fix comparison of bool parameters in compare_args_isa Resolves: RHBZ#1784514 - ipahost: Add support for several IP addresses and also to change them Resolves: RHBZ#1783979 Resolves: RHBZ#1783976 - ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag Resolves: RHBZ#1803026