source-git / ansible-freeipa

Clone
Source Code
GIT

Blame SPECS/ansible-freeipa.spec

c8 c8s master
  1.   d0e2d137f210fbb67f6fde4407846a4ec3a7c316
  2.   SPECS
  3.   ansible-freeipa.spec
Blob History Raw
Packit d0e2d1 
# Turn off automatic python byte compilation because these are Ansible
Packit d0e2d1 
# roles and the files are transferred to the node and compiled there with
Packit d0e2d1 
# the python verison used in the node
Packit d0e2d1 
%define __brp_python_bytecompile %{nil}
Packit d0e2d1
Packit d0e2d1 
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
Packit d0e2d1 
Name: ansible-freeipa
Packit d0e2d1 
Version: 0.1.8
Packit d0e2d1 
Release: 3%{?dist}
Packit d0e2d1 
URL: https://github.com/freeipa/ansible-freeipa
Packit d0e2d1 
License: GPLv3+
Packit d0e2d1 
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Packit d0e2d1 
Patch1: ansible-freeipa-0.1.8-ipahost-Fix-choices-of-auth_ind-parameter-allow-to-reset-parameter_rhbz#1783992.patch
Packit d0e2d1 
Patch2: ansible-freeipa-0.1.8-ipauser-Allow-reset-of-userauthtype-do-not-depend-on-first-last-for-mod_rhbz#1784474.patch
Packit d0e2d1 
Patch3: ansible-freeipa-0.1.8-ipahost-Enhanced-failure-msg-for-member-params-used-without-member-action_rhbz#1783948.patch
Packit d0e2d1 
Patch4: ansible-freeipa-0.1.8-Add-missing-attributes-to-ipasudorule_rhbz#1788168,1788035,1788024.patch
Packit d0e2d1 
Patch5: ansible-freeipa-0.1.8-ipapwpolicy-Use-global_policy-if-name-is-not-set_rhbz#1797532.patch
Packit d0e2d1 
Patch6: ansible-freeipa-0.1.8-ipahbacrule-Fix-handing-of-members-with-action-hbacrule_rhbz#1787996.patch
Packit d0e2d1 
Patch7: ansible-freeipa-0.1.8-ansible_freeipa_module-Fix-comparison-of-bool-parameters-in-compare_args_ipa_rhbz#1784514.patch
Packit d0e2d1 
Patch8: ansible-freeipa-ipahost-Add-support-for-several-IP-addresses-and-also-to-change-them_rhbz#1783979,1783976.patch
Packit d0e2d1 
Patch9: ansible-freeipa-0.1.8-ipahost-Fail-on-action-member-for-new-hosts-fix-dnsrecord_add-reverse-flag_rhbz#1803026.patch
Packit d0e2d1 
Patch10: ansible-freeipa-0.1.8-ipahost-Do-not-fail-on-missing-DNS-or-zone-when-no-IP-address-given_rhbz#1804838.patch
Packit d0e2d1 
BuildArch: noarch
Packit d0e2d1
Packit d0e2d1 
#Requires: ansible
Packit d0e2d1
Packit d0e2d1 
%description
Packit d0e2d1 
ansible-freeipa provides Ansible roles and playbooks to install and uninstall
Packit d0e2d1 
FreeIPA servers, replicas and clients also modules for management.
Packit d0e2d1
Packit d0e2d1 
Note: The ansible playbooks and roles require a configured ansible environment
Packit d0e2d1 
where the ansible nodes are reachable and are properly set up to have an IP
Packit d0e2d1 
address and a working package manager.
Packit d0e2d1
Packit d0e2d1 
Features
Packit d0e2d1
Packit d0e2d1 
- Server, replica and client deployment
Packit d0e2d1 
- Cluster deployments: Server, replicas and clients in one playbook
Packit d0e2d1 
- One-time-password (OTP) support for client installation
Packit d0e2d1 
- Repair mode for clients
Packit d0e2d1 
- Modules for group management
Packit d0e2d1 
- Modules for hbacrule management
Packit d0e2d1 
- Modules for hbacsvc management
Packit d0e2d1 
- Modules for hbacsvcgroup management
Packit d0e2d1 
- Modules for host management
Packit d0e2d1 
- Modules for hostgroup management
Packit d0e2d1 
- Modules for pwpolicy management
Packit d0e2d1 
- Modules for sudocmd management
Packit d0e2d1 
- Modules for sudocmdgroup management
Packit d0e2d1 
- Modules for sudorule management
Packit d0e2d1 
- Modules for topology management
Packit d0e2d1 
- Modules for user management
Packit d0e2d1
Packit d0e2d1 
Supported FreeIPA Versions
Packit d0e2d1
Packit d0e2d1 
FreeIPA versions 4.6 and up are supported by all roles.
Packit d0e2d1
Packit d0e2d1 
The client role supports versions 4.4 and up, the server role is working with
Packit d0e2d1 
versions 4.5 and up, the replica role is currently only working with versions
Packit d0e2d1 
4.6 and up.
Packit d0e2d1
Packit d0e2d1 
Supported Distributions
Packit d0e2d1
Packit d0e2d1 
- RHEL/CentOS 7.4+
Packit d0e2d1 
- Fedora 26+
Packit d0e2d1 
- Ubuntu
Packit d0e2d1 
- Debian 10+ (ipaclient only, no server or replica!)
Packit d0e2d1
Packit d0e2d1 
Requirements
Packit d0e2d1
Packit d0e2d1 
  Controller
Packit d0e2d1 
  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
Packit d0e2d1 
  - /usr/bin/kinit is required on the controller if a one time password (OTP)
Packit d0e2d1 
    is used
Packit d0e2d1 
  - python3-gssapi is required on the controller if a one time password (OTP)
Packit d0e2d1 
    is used with keytab to install the client.
Packit d0e2d1
Packit d0e2d1 
  Node
Packit d0e2d1 
  - Supported FreeIPA version (see above)
Packit d0e2d1 
  - Supported distribution (needed for package installation only, see above)
Packit d0e2d1
Packit d0e2d1 
Limitations
Packit d0e2d1
Packit d0e2d1 
External CA support is not supported or working. The currently needed two step
Packit d0e2d1 
process is an issue for the processing in the role. The configuration of the
Packit d0e2d1 
server is partly done already and needs to be continued after the CSR has been
Packit d0e2d1 
handled. This is for example breaking the deployment of a server with replicas
Packit d0e2d1 
or clients in one playbook.
Packit d0e2d1
Packit d0e2d1 
%prep
Packit d0e2d1 
%setup -q
Packit d0e2d1 
# Do not create backup files with patches
Packit d0e2d1 
%patch1 -p1
Packit d0e2d1 
%patch2 -p1
Packit d0e2d1 
%patch3 -p1
Packit d0e2d1 
%patch4 -p1
Packit d0e2d1 
%patch5 -p1
Packit d0e2d1 
%patch6 -p1
Packit d0e2d1 
%patch7 -p1
Packit d0e2d1 
%patch8 -p1
Packit d0e2d1 
%patch9 -p1
Packit d0e2d1 
%patch10 -p1
Packit d0e2d1 
# Fix python modules and module utils:
Packit d0e2d1 
# - Remove shebang
Packit d0e2d1 
# - Remove execute flag
Packit d0e2d1 
for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
Packit d0e2d1 
    sed -i '/\/usr\/bin\/python*/d' $i
Packit d0e2d1 
    chmod a-x $i
Packit d0e2d1 
done
Packit d0e2d1 
# Add execute flag to py3test.py scripts
Packit d0e2d1 
chmod a+x roles/ipa*/files/py3test.py
Packit d0e2d1
Packit d0e2d1 
%build
Packit d0e2d1
Packit d0e2d1 
%install
Packit d0e2d1 
install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
Packit d0e2d1 
cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
Packit d0e2d1 
cp -rp roles/ipaserver/README.md README-server.md
Packit d0e2d1 
cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
Packit d0e2d1 
cp -rp roles/ipareplica/README.md README-replica.md
Packit d0e2d1 
cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
Packit d0e2d1 
cp -rp roles/ipaclient/README.md README-client.md
Packit d0e2d1 
install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
Packit d0e2d1 
cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
Packit d0e2d1
Packit d0e2d1 
%files
Packit d0e2d1 
%license COPYING
Packit d0e2d1 
%{_datadir}/ansible/roles/ipaserver
Packit d0e2d1 
%{_datadir}/ansible/roles/ipareplica
Packit d0e2d1 
%{_datadir}/ansible/roles/ipaclient
Packit d0e2d1 
%{_datadir}/ansible/plugins/module_utils
Packit d0e2d1 
%{_datadir}/ansible/plugins/modules
Packit d0e2d1 
%doc README.md
Packit d0e2d1 
%doc README-*.md
Packit d0e2d1 
%doc playbooks
Packit d0e2d1
Packit d0e2d1 
%changelog
Packit d0e2d1 
* Thu Feb 20 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-3
Packit d0e2d1 
- ipahost: Do not fail on missing DNS or zone when no IP address given
Packit d0e2d1 
  Resolves: RHBZ#1804838
Packit d0e2d1
Packit d0e2d1 
* Fri Feb 14 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-2
Packit d0e2d1 
- Updated RPM description for ansible-freeipa 0.1.8
Packit d0e2d1 
  Related: RHBZ#1748986
Packit d0e2d1 
- ipahost: Fix choices of auth_ind parameter, allow to reset parameter
Packit d0e2d1 
  Resolves: RHBZ#1783992
Packit d0e2d1 
- ipauser: Allow reset of userauthtype, do not depend on first,last for mod
Packit d0e2d1 
  Resolves: RHBZ#1784474
Packit d0e2d1 
- ipahost: Enhanced failure msg for member params used without member action
Packit d0e2d1 
  Resolves: RHBZ#1783948
Packit d0e2d1 
- Add missing attributes to ipasudorule
Packit d0e2d1 
  Resolves: RHBZ#1788168
Packit d0e2d1 
  Resolves: RHBZ#1788035
Packit d0e2d1 
  Resolves: RHBZ#1788024
Packit d0e2d1 
- ipapwpolicy: Use global_policy if name is not set
Packit d0e2d1 
  Resolves: RHBZ#1797532
Packit d0e2d1 
- ipahbacrule: Fix handing of members with action hbacrule
Packit d0e2d1 
  Resolves: RHBZ#1787996
Packit d0e2d1 
- ansible_freeipa_module: Fix comparison of bool parameters in compare_args_isa
Packit d0e2d1 
  Resolves: RHBZ#1784514
Packit d0e2d1 
- ipahost: Add support for several IP addresses and also to change them
Packit d0e2d1 
  Resolves: RHBZ#1783979
Packit d0e2d1 
  Resolves: RHBZ#1783976
Packit d0e2d1 
- ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
Packit d0e2d1 
  Resolves: RHBZ#1803026
Packit d0e2d1
Packit d0e2d1 
* Sat Dec 14 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
Packit d0e2d1 
- Update to version 0.1.8 (bug fix release)
Packit d0e2d1 
  - roles/ipaclient/README.md: Add information about ipaclient_otp
Packit d0e2d1 
  - Install and enable firewalld if it is configured for ipaserver and
Packit d0e2d1 
    ipareplica roles
Packit d0e2d1 
  - ipaserver_test: Do not use zone_overlap_check for domain name validation
Packit d0e2d1 
  - Allow execution of API commands that do not require a name
Packit d0e2d1 
  - Update README-host: Drop options from allow_*keytab parameters docs
Packit d0e2d1 
  - ipauser: Extend email addresses with default email domain if no domain is
Packit d0e2d1 
    given
Packit d0e2d1 
    Resolves: RHBZ#1747413
Packit d0e2d1 
  Related: RHBZ#1748986
Packit d0e2d1
Packit d0e2d1 
* Mon Dec  2 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.7-1
Packit d0e2d1 
- Update to version 0.1.7
Packit d0e2d1 
  - Add debian support for ipaclient
Packit d0e2d1 
  - Added support for predefining client OTP using ipaclient_otp
Packit d0e2d1 
  - ipatopologysegment: Store suffix for commands in command list
Packit d0e2d1 
  - ipatopologysegment: Fail for missing entry with reinitialized
Packit d0e2d1 
  - Utils scripts: ansible-ipa-[server,replica,client]-install
Packit d0e2d1 
  - ipaserver_test,ipareplica_prepare: Do not return _pkcs12_file settings
Packit d0e2d1 
  - ansible_freeipa_module: Add support for GSSAPI
Packit d0e2d1 
  - ansible_ipa_client: Drop import of configure_nsswitch_database
Packit d0e2d1 
  - New host management module
Packit d0e2d1 
  - New hostgroup management module
Packit d0e2d1 
  - ipagroup: Remove unused member_[present,absent] states
Packit d0e2d1 
  - external-ca tests: Fix typo in inventory files
Packit d0e2d1 
  - tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
Packit d0e2d1 
  - ipagroup: Rework to use same mechanisms as ipahostgroup module
Packit d0e2d1 
  - ansible_freeipa_module: api_command should not have extra try clause
Packit d0e2d1 
  - ansible_freeipa_module: compare_args_ipa needs to compare lists orderless
Packit d0e2d1 
  - ansible_freeipa_module: New function api_check_param
Packit d0e2d1 
  - ansible_freeipa_module: New functions module_params_get and _afm_convert
Packit d0e2d1 
  - ansible_freeipa_module: Add missing to_text import for _afm_convert
Packit d0e2d1 
  - ansible_freeipa_module: Convert tuple to list in compare_args_ipa
Packit d0e2d1 
  - ansible_freeipa_module: New function api_get_realm
Packit d0e2d1 
  - ipauser: User module extension
Packit d0e2d1 
  - New sudocmd management module
Packit d0e2d1 
  - New sudocmdgroup management module
Packit d0e2d1 
  - ansible_freeipa_module: Convert int to string in compare_args_ipa
Packit d0e2d1 
  - New pwpolicy management module
Packit d0e2d1 
  - New hbacsvc (HBAC Service) management module
Packit d0e2d1 
  - New hbacsvcgroup (HBAC Service Group) management module
Packit d0e2d1 
  - ipagroup: Properly support IPA versions 4.6 and RHEL-7
Packit d0e2d1 
  - ipagroup: Fix changed flag, new test cases
Packit d0e2d1 
  - ipauser: Add info about version limitation of passwordexpiration
Packit d0e2d1 
  - New hbacrule (HBAC Rule) management module
Packit d0e2d1 
  - ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
Packit d0e2d1 
  - New sudorule (Sudo Rule) management module
Packit d0e2d1 
  - ipauser: Support 'sn' alias of 'last' for surname
Packit d0e2d1 
  - Update galaxy.yml: Update description, drop empty dependencies
Packit d0e2d1 
  - Update ipauser.py: Fix typo in users.name description
Packit d0e2d1 
  - ipaclient: Fix misspelled sssd options
Packit d0e2d1 
  - ipauser: Return generated random password
Packit d0e2d1 
  - ipahost: Return generated random password
Packit d0e2d1 
  - Added context configuration to api_connect
Packit d0e2d1 
  - ansible_freeipa_module: Better support for KRB5CCNAME environment variable
Packit d0e2d1 
  - ipa[server,replica,client]: Add support for CentOS-8
Packit d0e2d1 
  - ipahost: Extension to be able handle several hosts and all settings
Packit d0e2d1 
  - Flake8 fixes
Packit d0e2d1 
  - Documentation updates
Packit d0e2d1 
  - Cleanup
Packit d0e2d1 
  Resolves: RHBZ#1748986
Packit d0e2d1
Packit d0e2d1 
* Fri Sep  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-4
Packit d0e2d1 
- ansible_ipa_client: Drop import of configure_nsswitch_database
Packit d0e2d1 
  (RHBZ#1748905)
Packit d0e2d1
Packit d0e2d1 
* Wed Jul 31 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-3
Packit d0e2d1 
- ipatopologysegment: Store suffix for commands in command list (RHBZ#1733547)
Packit d0e2d1 
- ipatopologysegment: Fail for missing entry with reinitialized (RHBZ#1733559)
Packit d0e2d1
Packit d0e2d1 
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-2
Packit d0e2d1 
- Drop dirserv_cert_files key from utils/gen_module_docs.py for covscan
Packit d0e2d1
Packit d0e2d1 
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
Packit d0e2d1 
- update to version 0.1.6
Packit d0e2d1 
  - Lots of documentation updates in READMEs and modules
Packit d0e2d1 
  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
Packit d0e2d1 
  - Flake8 and pylint reated fixes
Packit d0e2d1 
  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
Packit d0e2d1 
  - Remove unused ipaserver/library/ipaserver.py
Packit d0e2d1 
  - No not use wildcard imports for modules
Packit d0e2d1 
  - ipareplica: Add support for pki_config_override
Packit d0e2d1 
  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
Packit d0e2d1 
  - ipareplica_prepare: Properly initialize pin and cert_name variables
Packit d0e2d1 
  - ipareplica: Fail with proper error messages
Packit d0e2d1 
  - ipaserver: Properly set settings related to pkcs12 files
Packit d0e2d1 
  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
Packit d0e2d1 
  - ipaclient_setup_nss: paths.GETENT is not available before
Packit d0e2d1 
    freeipa-4.6.90.pre1
Packit d0e2d1 
  - ipaserver_test: Initialize value from options.zonemgr
Packit d0e2d1 
  - ipareplica_setup_custodia: create_replica only available in newer releases
Packit d0e2d1 
  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
Packit d0e2d1 
  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
Packit d0e2d1 
  - New build script for galaxy release
Packit d0e2d1 
  - New utils script to update module docs
Packit d0e2d1 
- Changes from ansible-freeipa-0.1.5
Packit d0e2d1 
  - Support for IPA 4.8.0
Packit d0e2d1 
  - New user management module
Packit d0e2d1 
  - New group management module
Packit d0e2d1 
  - ipaserver: Support external signed CA
Packit d0e2d1 
  - RHEL-8 specific vars files to be able to install needed modules
Packit d0e2d1 
    automatically
Packit d0e2d1 
  - ipareplica: Fixes for certmonger and kra setup
Packit d0e2d1 
  - New tests folder
Packit d0e2d1 
  - OTP related updates to README files
Packit d0e2d1
Packit d0e2d1 
* Thu Jul  4 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-2
Packit d0e2d1 
- ansible_ipa_client: Always set options.unattended (RHBZ#1726645)
Packit d0e2d1 
- ipaserver_prepare: Properly report error, do show trace back (RHBZ#1726668)
Packit d0e2d1 
- ipa[server,replica,client]: RHEL-8 specific vars files (RHBZ#1727095)
Packit d0e2d1 
- ipatopology modules: Use ipaadmin_ prefix for principal and password
Packit d0e2d1 
  (RHBZ#1727101)
Packit d0e2d1
Packit d0e2d1 
* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-1
Packit d0e2d1 
- update to version 0.1.4
Packit d0e2d1 
  - ipatopologysegment: Use commands, not command
Packit d0e2d1
Packit d0e2d1 
* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.3-1
Packit d0e2d1 
- update to version 0.1.3
Packit d0e2d1 
  - ipaclient_test: Fix Python2 decode use with Python3
Packit d0e2d1 
  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
Packit d0e2d1 
  - ipaclient_get_otp: Remove ansible_python_interpreter handling
Packit d0e2d1 
  - ipaclient: Use omit (None) for password, keytab, no string length checks
Packit d0e2d1 
  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
Packit d0e2d1 
  - ipaclient: Report error message if ipaclient_get_otp failed
Packit d0e2d1 
  - Fixes #17 Improve how tasks manage package installation
Packit d0e2d1 
  - ipareplica: The dm password is not needed for ipareplica_master_password
Packit d0e2d1 
  - ipareplica: Use ipareplica_server if set
Packit d0e2d1 
  - ipatopologysegment: Allow domain+ca suffix, new state: checked
Packit d0e2d1 
  - Documentation updates
Packit d0e2d1 
  - Cleanups
Packit d0e2d1
Packit d0e2d1 
* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-3
Packit d0e2d1 
- bump release for functional test
Packit d0e2d1
Packit d0e2d1 
* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-2
Packit d0e2d1 
- bump release for functional test
Packit d0e2d1
Packit d0e2d1 
* Fri Jun  7 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-1
Packit d0e2d1 
- update to version 0.1.2
Packit d0e2d1 
  - Now a new Ansible Collection
Packit d0e2d1 
  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
Packit d0e2d1 
    OTP now.
Packit d0e2d1 
  - Fix wrong ansible argument types
Packit d0e2d1 
  - Do not fail on textwrap for replica deployments with CA
Packit d0e2d1 
  - Ansible lint and galaxy fixes
Packit d0e2d1 
  - Disable automatic removal of replication agreements in uninstall
Packit d0e2d1 
  - Enable freeipa-trust service if adtrust is enabled
Packit d0e2d1 
  - Add support for hidden replica
Packit d0e2d1 
  - New topology managament modules
Packit d0e2d1 
  - Add support for pki_config_override
Packit d0e2d1 
  - Fix host name setup in server deployment
Packit d0e2d1 
  - Fix errors when ipaservers variable is not set
Packit d0e2d1 
  - Fix ipaclient install role length typo
Packit d0e2d1 
  - Cleanups
Packit d0e2d1
Packit d0e2d1 
* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
Packit d0e2d1 
- Initial package

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation