Blame SPECS/ansible-freeipa.spec

7d56d3
# Turn off automatic python byte compilation because these are Ansible
7d56d3
# roles and the files are transferred to the node and compiled there with
9c6245
# the python version used in the node
7d56d3
%define __brp_python_bytecompile %{nil}
7d56d3
9c6245
%global python %{__python3}
9c6245
7d56d3
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
7d56d3
Name: ansible-freeipa
a19130
Version: 1.9.2
8d53ed
Release: 1%{?dist}
7d56d3
URL: https://github.com/freeipa/ansible-freeipa
7d56d3
License: GPLv3+
7d56d3
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
7d56d3
BuildArch: noarch
7d56d3
7d56d3
%description
e97786
Ansible roles to install and uninstall FreeIPA servers, replicas and clients,
e97786
roles for backups and SmartCard configuration, modules for management and also
e97786
playbooks for all roles and modules.
0c0a64
0c0a64
Note: The Ansible playbooks and roles require a configured Ansible environment
0c0a64
where the Ansible nodes are reachable and are properly set up to have an IP
0c0a64
address and a working package manager.
7d56d3
7d56d3
Features
7d56d3
7d56d3
- Server, replica and client deployment
7d56d3
- Cluster deployments: Server, replicas and clients in one playbook
7d56d3
- One-time-password (OTP) support for client installation
7d56d3
- Repair mode for clients
9c6245
- Backup and restore, also to and from controller
ee70a9
- Smartcard setup for servers and clients
5a21bc
- Modules for automembership rule management
1930ec
- Modules for automount key management
0c0a64
- Modules for automount location management
1930ec
- Modules for automount map management
9c6245
- Modules for config management
9c6245
- Modules for delegation management
9c6245
- Modules for dns config management
9b7d12
- Modules for dns forwarder management
fb9e9a
- Modules for dns record management
9b7d12
- Modules for dns zone management
7d56d3
- Modules for group management
7d56d3
- Modules for hbacrule management
7d56d3
- Modules for hbacsvc management
7d56d3
- Modules for hbacsvcgroup management
7d56d3
- Modules for host management
7d56d3
- Modules for hostgroup management
13f2a4
- Modules for idrange management
9c6245
- Modules for location management
2ccee6
- Modules for netgroup management
9c6245
- Modules for permission management
9c6245
- Modules for privilege management
7d56d3
- Modules for pwpolicy management
9c6245
- Modules for role management
9c6245
- Modules for self service management
5a21bc
- Modules for server management
9b7d12
- Modules for service management
13f2a4
- Modules for service delegation rule management
13f2a4
- Modules for service delegation target management
7d56d3
- Modules for sudocmd management
7d56d3
- Modules for sudocmdgroup management
7d56d3
- Modules for sudorule management
7d56d3
- Modules for topology management
5a21bc
- Modules for trust management
7d56d3
- Modules for user management
9b7d12
- Modules for vault management
7d56d3
7d56d3
Supported FreeIPA Versions
7d56d3
7d56d3
FreeIPA versions 4.6 and up are supported by all roles.
7d56d3
0c0a64
The client role supports versions 4.4 and up, the server role is working with
0c0a64
versions 4.5 and up, the replica role is currently only working with versions
0c0a64
4.6 and up.
0c0a64
7d56d3
Supported Distributions
7d56d3
7d56d3
- RHEL/CentOS 7.4+
7d56d3
- Fedora 26+
7d56d3
- Ubuntu
7d56d3
- Debian 10+ (ipaclient only, no server or replica!)
7d56d3
7d56d3
Requirements
7d56d3
7d56d3
  Controller
7d56d3
  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
7d56d3
7d56d3
  Node
7d56d3
  - Supported FreeIPA version (see above)
7d56d3
  - Supported distribution (needed for package installation only, see above)
7d56d3
7d56d3
Limitations
7d56d3
9b7d12
External signed CA is now supported. But the currently needed two step process
9b7d12
is an issue for the processing in a simple playbook.
9b7d12
Work is planned to have a new method to handle CSR for external signed CAs in
9b7d12
a separate step before starting the server installation.
9b7d12
7d56d3
9c6245
%package tests
9c6245
Summary: ansible-freeipa tests
9c6245
Requires: %{name} = %{version}-%{release}
9c6245
9c6245
%description tests
9c6245
ansible-freeipa tests.
9c6245
9c6245
Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt
9c6245
to get the needed requrements to run the tests.
9c6245
9c6245
7d56d3
%prep
7d56d3
%setup -q
7d56d3
# Do not create backup files with patches
9c6245
7d56d3
# Fix python modules and module utils:
7d56d3
# - Remove shebang
7d56d3
# - Remove execute flag
2ccee6
for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py;
2ccee6
do
9c6245
    sed -i '1{/\/usr\/bin\/python*/d;}' $i
7d56d3
    chmod a-x $i
7d56d3
done
9c6245
2ccee6
for i in utils/*.py utils/new_module utils/changelog utils/ansible-doc-test;
9c6245
do
9c6245
    sed -i '{s@/usr/bin/python*@%{python}@}' $i
9c6245
done
9c6245
7d56d3
7d56d3
%build
7d56d3
7d56d3
%install
7d56d3
install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
7d56d3
cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
7d56d3
cp -rp roles/ipaserver/README.md README-server.md
7d56d3
cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
7d56d3
cp -rp roles/ipareplica/README.md README-replica.md
7d56d3
cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
7d56d3
cp -rp roles/ipaclient/README.md README-client.md
9c6245
cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/
9c6245
cp -rp roles/ipabackup/README.md README-backup.md
ee70a9
cp -rp roles/ipasmartcard_server %{buildroot}%{_datadir}/ansible/roles/
ee70a9
cp -rp roles/ipasmartcard_server/README.md README-smartcard_server.md
ee70a9
cp -rp roles/ipasmartcard_client %{buildroot}%{_datadir}/ansible/roles/
ee70a9
cp -rp roles/ipasmartcard_client/README.md README-smartcard_client.md
7d56d3
install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
7d56d3
cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
7d56d3
9c6245
install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa
9c6245
cp requirements*.txt %{buildroot}%{_datadir}/ansible-freeipa/
9c6245
cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/
9c6245
install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests
9c6245
cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
9c6245
7d56d3
%files
7d56d3
%license COPYING
7d56d3
%{_datadir}/ansible/roles/ipaserver
7d56d3
%{_datadir}/ansible/roles/ipareplica
7d56d3
%{_datadir}/ansible/roles/ipaclient
9c6245
%{_datadir}/ansible/roles/ipabackup
ee70a9
%{_datadir}/ansible/roles/ipasmartcard_server
ee70a9
%{_datadir}/ansible/roles/ipasmartcard_client
ef7172
%{_datadir}/ansible/plugins/doc_fragments
7d56d3
%{_datadir}/ansible/plugins/module_utils
7d56d3
%{_datadir}/ansible/plugins/modules
9b7d12
%doc README*.md
7d56d3
%doc playbooks
9c6245
%{_datadir}/ansible-freeipa/requirements.txt
9c6245
%{_datadir}/ansible-freeipa/requirements-dev.txt
9c6245
%{_datadir}/ansible-freeipa/utils
9c6245
9c6245
%files tests
9c6245
%{_datadir}/ansible-freeipa/tests
9c6245
%{_datadir}/ansible-freeipa/requirements-tests.txt
7d56d3
7d56d3
%changelog
a19130
* Tue Jan 31 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.2-1
a19130
- Update to version 1.9.2
a19130
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.2
a19130
  Resolves: RHBZ#2125591
a19130
- ipabackup: Use ipabackup_item again in copy_backup_to_server
a19130
  Resolves: RHBZ#2165951
a19130
a19130
* Mon Jan 30 2023 Thomas Woerner <twoerner@redhat.com> - 1.9.1-1
a19130
- Update to version 1.9.1
a19130
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.1
a19130
  Resolves: RHBZ#2125591
a19130
- pwpolicy: Allow clearing policy values
a19130
  Resolves: RHBZ#2150332
a19130
- Use netgroup_find instead of netgroup_show to workaround IPA bug
a19130
  Resolves: RHBZ#2144724
a19130
2ccee6
* Wed Dec  7 2022 Thomas Woerner <twoerner@redhat.com> - 1.9.0-1
2ccee6
- Update to version 1.9.0
2ccee6
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.9.0
2ccee6
  Related: RHBZ#2125591
2ccee6
- pwpolicy: Add support for password check and grace limit
2ccee6
  Resolves: RHBZ#2015288
2ccee6
- ipaconfig: Do not allow enable_sid set to False
2ccee6
  Resolves: RHBZ#2127447
2ccee6
- ipaclient: No kinit on controller for deployment using OTP
2ccee6
  Resolves: RHBZ#2127885
2ccee6
- ipaclient: Configure DNS resolver
2ccee6
  Resolves: RHBZ#2127894
2ccee6
- New netgroup management module
2ccee6
  Resolves: RHBZ#2127908
2ccee6
- sudorule: Add support for 'hostmask' parameter
2ccee6
  Resolves: RHBZ#2127912
2ccee6
- ipaconfig: Fix fail_json calls
2ccee6
  Resolves: RHBZ#2128460
2ccee6
- ipaconfig: Do not require enable_sid for add_sids or netbios_name
2ccee6
  Resolves: RHBZ#2134530
2ccee6
- ipaserver: Add missing idstart check
2ccee6
  Resolves: RHBZ#2132729
2ccee6
e97786
* Mon Sep 12 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.4-1
e97786
- Update to version 1.8.4
e97786
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.4
e97786
  Resolves: RHBZ#2125591
e97786
- 'ansible-doc' -l lists most idm modules as 'UNDOCUMENTED'
e97786
  Resolves: RHBZ#2121362
e97786
- ansible-freeipa Replica Install Setup DNS fails
e97786
  Resolves: RHBZ#2120415
e97786
- ipaconfig does not support SID and netbios attributes
e97786
  Resolves: RHBZ#2069174
e97786
52561e
* Tue Aug 16 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.3-1
52561e
- Update to version 1.8.3
52561e
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.3
52561e
  Related: RHBZ#2080321
52561e
- Fixes replica deployment issue for domains without SID support.
52561e
  Related: RHBZ#2110491
52561e
025ba5
* Thu Jul 28 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.2-1
025ba5
- Update to version 1.8.2
025ba5
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.2
025ba5
  Related: RHBZ#2080321
025ba5
- SIDs are always generated for server and replica deployments
025ba5
  Resolves: RHBZ#2110491
025ba5
- Random Serial Numbers are not enabled by default any more
025ba5
  Resolves: RHBZ#2110526
025ba5
- Fixes comparison of bool values in IPA 4.9.10+ for ipadnsconfig
025ba5
  Resolves: RHBZ#2110539
025ba5
ee70a9
* Thu Jul  7 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.1-1
ee70a9
- Update to version 1.8.1
ee70a9
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.8.1
ee70a9
  Related: RHBZ#2080321
ee70a9
- ipa server deploys failing with latest IPA compose
ee70a9
  Resolves: RHBZ#2103928
ee70a9
- ipaserver_external_cert_files failes to copy with ansible 2.13
ee70a9
  Resolves: RHBZ#2104842
ee70a9
ee70a9
* Fri Jun 24 2022 Thomas Woerner <twoerner@redhat.com> - 1.8.0-1
ee70a9
- idrange: Fix usage of dom_name when idrange doesn't exist.
ee70a9
  Resolves: RHBZ#2086993
ee70a9
- smartcard roles for ansible-freeipa
ee70a9
  Resolves: RHBZ#2076554
ee70a9
13f2a4
* Fri Apr 29 2022 Thomas Woerner <twoerner@redhat.com> - 1.7.0-1
13f2a4
- Update to version 1.7.0
13f2a4
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.7.0
13f2a4
  Resolves: RHBZ#2080321
13f2a4
- New idrange management module.
13f2a4
  Resolves: RHBZ#1921545
13f2a4
- Not able to update empty descriptions in automount maps.a
13f2a4
  Resolves: RHBZ#2048552
13f2a4
- New servicedelegationrule management module.
13f2a4
  Resolves: RHBZ#2069170
13f2a4
- New servicedelegationtarget management module.
13f2a4
  Resolves: RHBZ#2069172
13f2a4
- Add support for managing idoverrideusers in ipagroup.
13f2a4
  Resolves: RHBZ#2069173
13f2a4
1930ec
* Thu Jan 27 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.3-1
1930ec
- Update to version 1.6.3
1930ec
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3
1930ec
  Related: RHBZ#2010621
1930ec
1930ec
* Wed Jan 26 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.2-1
1930ec
- Update to version 1.6.2
1930ec
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2
1930ec
  Related: RHBZ#2010621
1930ec
1930ec
* Fri Jan 21 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
1930ec
- Update to version 1.6.1
1930ec
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1
1930ec
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0
1930ec
  Related: RHBZ#2010621
1930ec
- Add module to manage automount maps
1930ec
  Resolves: RHBZ#2040462
1930ec
- Add module to manage automount keys
1930ec
  Resolves: RHBZ#2040464
1930ec
- Client deploy failing with ipaadmin keytab and OTP due to latest ansible
1930ec
  version
1930ec
  Resolves: RHBZ#2041753
1930ec
0c0a64
* Wed Dec 29 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.3-1
0c0a64
- Update to version 1.5.3
0c0a64
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3
0c0a64
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2
0c0a64
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1
0c0a64
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0
0c0a64
  Related: RHBZ#2010621
0c0a64
- automember set default group/hostgroup is missing from the automember module
0c0a64
  Resolves: RHBZ#1999912
0c0a64
- automember remove default group/hostgroup is missing from the automember
0c0a64
  module
0c0a64
  Resolves: RHBZ#1999913
0c0a64
- automember rebuild is missing from the automember module
0c0a64
  Resolves: RHBZ#1999915
0c0a64
- automember remove orphans group/hostgroup is missing from the automember
0c0a64
  module
0c0a64
  Resolves: RHBZ#1999916
0c0a64
- Not able to update existing automember rule description
0c0a64
  Resolves: RHBZ#2021393
0c0a64
ef7172
* Tue Oct  5 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
ef7172
- Update to version 0.4.0
ef7172
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0
ef7172
  Resolves: RHBZ#2010621
ef7172
- Add ability to run modules remotely
ef7172
  Resolves: RHBZ#1918025
ef7172
- New management module ipaautomountlocation
ef7172
  Resolves: RHBZ#2010639
ef7172
8d53ed
* Tue Jul 13 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1
8d53ed
- Update to version 0.3.8
8d53ed
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8
8d53ed
  Related: RHBZ#1959875
8d53ed
- automember: Verify condition keys
8d53ed
  Related: RHBZ#1976926
8d53ed
8d53ed
* Tue Jul 13 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.7-1
8d53ed
- Update to version 0.3.7
8d53ed
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7
8d53ed
  Related: RHBZ#1959875
8d53ed
- automember: Fix action to be automember or member, not service
8d53ed
  Resolves: RRBZ#1976923
8d53ed
- automember: Fix result["failed"] issues with conditions
8d53ed
  Resolves: RRBZ#1976926
8d53ed
5a21bc
* Wed Jun  9 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-3
5a21bc
- Apply fix for ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
5a21bc
  Related: RRBZ#1969847
5a21bc
5a21bc
* Wed Jun  9 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-2
5a21bc
- ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
5a21bc
  Resolves: RRBZ#1969847
5a21bc
5a21bc
* Mon Jun  7 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
5a21bc
- Update to version 0.3.6
5a21bc
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
5a21bc
  Resolves: RHBZ#1959875
5a21bc
- ansible-freeipa-tests not in the compose
5a21bc
  Resolves: RHBZ#1936869
5a21bc
- Remove unsupported parameter for (ipapermission) module: perm_rights from
5a21bc
  permission-present.yml
5a21bc
  Resolves: RHBZ#1921654
5a21bc
- Sample playbook included for selfservice module is incorrect
5a21bc
  Resolves: RHBZ#1922060
5a21bc
- ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab
5a21bc
  returned 7)
5a21bc
  Resolves: RHBZ#1935123
5a21bc
- New management module ipaserver
5a21bc
  Resolves: RHBZ#1966493
5a21bc
- New management module ipaautomember
5a21bc
  Resolves: RHBZ#1966496
8099a7
232c98
* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.2-1
232c98
- Update to version 0.3.2
232c98
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2
232c98
  Related: RHBZ#1891826
232c98
- Not able to add additional privileges with existing privilege in role module
232c98
  Resolves: RHBZ#1893678
232c98
- Required error message while adding non-existing members in role handling
232c98
  Resolves: RHBZ#1893679
232c98
- Not able to add new members with existing members role handling
232c98
  Resolves: RHBZ#1893684
232c98
- service members are removed while updating other members in role handling
232c98
  Resolves: RHBZ#1893685
232c98
- after changing the vault type from standard to symmetric, Salt is missing
232c98
  Resolves: RHBZ#1880367
232c98
- After changing the vault type from symmetric to asymmetric, Salt is present
232c98
  in the asymmetric vault
232c98
  Resolves: RHBZ#1880377
232c98
- After changing the vault type from asymmetric to the standard vault, the
232c98
  Public key is present in the standard vault
232c98
  Resolves: RHBZ#1880378
232c98
- Not able to replace public-key-file to the public-key in asymmetric vault
232c98
  type
232c98
  Resolves: RHBZ#1880862
232c98
- ipauser module does not seem to support --check flag to ansible-playbook
232c98
  Resolves: RHBZ#1893675
232c98
- Not able to add additional attributes with existing attributes in permission
232c98
  handling
232c98
  Resolves: RHBZ#1893687
232c98
- Privilege variable is removed from permission handling
232c98
  Resolves: RHBZ#1893688
232c98
232c98
* Wed Dec  2 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.1-1
9c6245
- Update to version 0.3.1
9c6245
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1
9c6245
  Related: RHBZ#1891826
9c6245
- ipabackup: Fix undefined vars for conditions in shell tasks without else
9c6245
  Related: RHBZ#1894494
9c6245
9c6245
* Tue Dec  1 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-2
9c6245
- Ship ipabackup role for backup and restore
9c6245
  Related: RHBZ#1894494
9c6245
9c6245
* Thu Nov 26 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-1
9c6245
- Update to version 0.3.0
9c6245
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0
9c6245
  With tests sub package
9c6245
  Resolves: RHBZ#1891826
9c6245
- Support for firewalld zone in ipaserver and ipareplica roles 
9c6245
  Resolves: RHBZ#1894488
9c6245
- ipagroup: Add support for the IPA CLI option `posix`
9c6245
  Resolves: RHBZ#1894493
9c6245
- New ipabackup role for backup and restore
9c6245
  Resolves: RHBZ#1894494
9c6245
- New management module ipadelegation
9c6245
  Resolves: RHBZ#1894496
9c6245
- New management module ipalocation
9c6245
  Resolves: RHBZ#1894497
9c6245
- New management module ipaprivilege
9c6245
  Resolves: RHBZ#1894498
9c6245
- New management module ipapermission
9c6245
  Resolves: RHBZ#1894499
9c6245
- New management module iparole
9c6245
  Resolves: RHBZ#1894500
9c6245
- New management module ipaselfservice
9c6245
  Resolves: RHBZ#1894501
9c6245
- New management module ipatrust
9c6245
  Resolves: RHBZ#1894502
9c6245
- Fixed log of vault data return when retrieving to a file
9c6245
  Resolves: RHBZ#1875378
9c6245
- ipadnszone: Fix modification o SOA serial with other attributes
9c6245
  Resolves: RHBZ#1876896
9c6245
- Fix symmetric vault password change when using password_files
9c6245
  Resolves: RHBZ#1879004
9c6245
- ipadnsrecord: fix record modification behavior
9c6245
  Resolves: RHBZ#1880409
9c6245
  Resolves: RHBZ#1881452
9c6245
- ipadnsrecord: fix record update when multiple records exist
9c6245
  Resolves: RHBZ#1881436
9c6245
c235c4
* Tue Aug 18 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-6
c235c4
- Allow to manage multiple dnszone entries
c235c4
  Resolves: RHBZ#1845058
c235c4
- Fixed error msgs on FreeIPABaseModule subclasses
c235c4
  Resolves: RHBZ#1845051
c235c4
- Fix `allow_create_keytab_host` in service module
c235c4
  Resolves: RHBZ#1868020
c235c4
- Modified return value for ipavault module
c235c4
  Resolves: RHBZ#1867909
c235c4
- Add support for option `name_from_ip` in ipadnszone module
c235c4
  Resolves: RHBZ#1845056
c235c4
- Fixe password behavior on Vault module
c235c4
  Resolves: RHBZ#1839200
c235c4
b64e77
* Tue Jul 14 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-5
b64e77
- ipareplica: Fix failure while deploying KRA
b64e77
  Resolves: RHBZ#1855299
b64e77
fb9e9a
* Thu Jul 02 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-4
fb9e9a
- ipa[server,replica]: Fix pkcs12 info regressions introduced with CA-less
fb9e9a
  Resolves: RHBZ#1853284
fb9e9a
fb9e9a
* Wed Jul 01 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-3
fb9e9a
- action_plugins/ipaclient_get_otp: Discovered python needed in task_vars
fb9e9a
  Resolves: RHBZ#1852714
fb9e9a
fb9e9a
* Mon Jun 29 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-2
fb9e9a
- Fixes service disable when service has no certificates attached
fb9e9a
  Resolves: RHBZ#1836294
fb9e9a
- Add suppport for changing password of symmetric vaults
fb9e9a
  Resolves: RHBZ#1839197
fb9e9a
- Fix forwardzone issues
fb9e9a
  Resolves: RHBZ#1843826
fb9e9a
  Resolves: RHBZ#1843828
fb9e9a
  Resolves: RHBZ#1843829
fb9e9a
  Resolves: RHBZ#1843830
fb9e9a
  Resolves: RHBZ#1843831
fb9e9a
- ipa[host]group: Fix membermanager unknow user issue
fb9e9a
  Resolves: RHBZ#1848426
fb9e9a
- ipa[user,host]: Fail on duplucate names in the users and hosts lists
fb9e9a
  Resolves: RHBZ#1822683
fb9e9a
fb9e9a
* Mon Jun 15 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-1
fb9e9a
- Update to version 0.1.12 bug fix only release
fb9e9a
  Related: RHBZ#1818768
fb9e9a
fb9e9a
* Thu Jun 11 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.11-1
fb9e9a
- Update to version 0.1.11
fb9e9a
  Related: RHBZ#1818768
fb9e9a
9b7d12
* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1
9b7d12
- Update to version 0.1.10:
9b7d12
  - ipaclient: Not delete keytab when ipaclient_on_master is true
9b7d12
  - New module to manage dns forwarder zones in ipa
9b7d12
  - Enhancements of sudorule module tests
9b7d12
  - Gracefully handle RuntimeError raised during parameter validation in
9b7d12
    fail_jso
9b7d12
  - ipareplica_prepare: Fix module DOCUMENTATION
9b7d12
  - ipa[server,replica,client]: setup_logging wrapper for
9b7d12
    standard_logging_setup
9b7d12
  - Created FreeIPABaseModule class to facilitate creation of new modules
9b7d12
  - New IPADNSZone module
9b7d12
  - Add admin password to the ipadnsconfig module tests
9b7d12
  - Added alias module arguments in dnszone module
9b7d12
  - Fixed a bug in AnsibleFreeIPAParams
9b7d12
  - utils/build-galaxy-release: Do not add release tag to version for galaxy
9b7d12
  - ipaserver docs: Calm down module linter
9b7d12
  - galaxy.yml: Add system tag
9b7d12
  - ipareplica_setup_kra: Remove unused ccache parameter
9b7d12
  - ipareplica_setup_krb: krb is assigned to but never used
9b7d12
  - utils/galaxy: Make galaxy scripts more generic
9b7d12
  - galaxyfy-playbook.py: Fixed script name
9b7d12
  Related: RHBZ#1818768
9b7d12
7d56d3
* Thu Feb 20 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-3
7d56d3
- ipahost: Do not fail on missing DNS or zone when no IP address given
7d56d3
  Resolves: RHBZ#1804838
7d56d3
7d56d3
* Fri Feb 14 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.8-2
7d56d3
- Updated RPM description for ansible-freeipa 0.1.8
7d56d3
  Related: RHBZ#1748986
7d56d3
- ipahost: Fix choices of auth_ind parameter, allow to reset parameter
7d56d3
  Resolves: RHBZ#1783992
7d56d3
- ipauser: Allow reset of userauthtype, do not depend on first,last for mod
7d56d3
  Resolves: RHBZ#1784474
7d56d3
- ipahost: Enhanced failure msg for member params used without member action
7d56d3
  Resolves: RHBZ#1783948
7d56d3
- Add missing attributes to ipasudorule
7d56d3
  Resolves: RHBZ#1788168
7d56d3
  Resolves: RHBZ#1788035
7d56d3
  Resolves: RHBZ#1788024
7d56d3
- ipapwpolicy: Use global_policy if name is not set
7d56d3
  Resolves: RHBZ#1797532
7d56d3
- ipahbacrule: Fix handing of members with action hbacrule
7d56d3
  Resolves: RHBZ#1787996
7d56d3
- ansible_freeipa_module: Fix comparison of bool parameters in compare_args_isa
7d56d3
  Resolves: RHBZ#1784514
7d56d3
- ipahost: Add support for several IP addresses and also to change them
7d56d3
  Resolves: RHBZ#1783979
7d56d3
  Resolves: RHBZ#1783976
7d56d3
- ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag
7d56d3
  Resolves: RHBZ#1803026
7d56d3
7d56d3
* Sat Dec 14 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
7d56d3
- Update to version 0.1.8 (bug fix release)
7d56d3
  - roles/ipaclient/README.md: Add information about ipaclient_otp
7d56d3
  - Install and enable firewalld if it is configured for ipaserver and
7d56d3
    ipareplica roles
7d56d3
  - ipaserver_test: Do not use zone_overlap_check for domain name validation
7d56d3
  - Allow execution of API commands that do not require a name
7d56d3
  - Update README-host: Drop options from allow_*keytab parameters docs
7d56d3
  - ipauser: Extend email addresses with default email domain if no domain is
7d56d3
    given
7d56d3
    Resolves: RHBZ#1747413
7d56d3
  Related: RHBZ#1748986
7d56d3
7d56d3
* Mon Dec  2 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.7-1
7d56d3
- Update to version 0.1.7
7d56d3
  - Add debian support for ipaclient
7d56d3
  - Added support for predefining client OTP using ipaclient_otp
7d56d3
  - ipatopologysegment: Store suffix for commands in command list
7d56d3
  - ipatopologysegment: Fail for missing entry with reinitialized
7d56d3
  - Utils scripts: ansible-ipa-[server,replica,client]-install
7d56d3
  - ipaserver_test,ipareplica_prepare: Do not return _pkcs12_file settings
7d56d3
  - ansible_freeipa_module: Add support for GSSAPI
7d56d3
  - ansible_ipa_client: Drop import of configure_nsswitch_database
7d56d3
  - New host management module
7d56d3
  - New hostgroup management module
7d56d3
  - ipagroup: Remove unused member_[present,absent] states
7d56d3
  - external-ca tests: Fix typo in inventory files
7d56d3
  - tests/external-signed-ca tests: Fix external-ca.sh to use proper serials
7d56d3
  - ipagroup: Rework to use same mechanisms as ipahostgroup module
7d56d3
  - ansible_freeipa_module: api_command should not have extra try clause
7d56d3
  - ansible_freeipa_module: compare_args_ipa needs to compare lists orderless
7d56d3
  - ansible_freeipa_module: New function api_check_param
7d56d3
  - ansible_freeipa_module: New functions module_params_get and _afm_convert
7d56d3
  - ansible_freeipa_module: Add missing to_text import for _afm_convert
7d56d3
  - ansible_freeipa_module: Convert tuple to list in compare_args_ipa
7d56d3
  - ansible_freeipa_module: New function api_get_realm
7d56d3
  - ipauser: User module extension
7d56d3
  - New sudocmd management module
7d56d3
  - New sudocmdgroup management module
7d56d3
  - ansible_freeipa_module: Convert int to string in compare_args_ipa
7d56d3
  - New pwpolicy management module
7d56d3
  - New hbacsvc (HBAC Service) management module
7d56d3
  - New hbacsvcgroup (HBAC Service Group) management module
7d56d3
  - ipagroup: Properly support IPA versions 4.6 and RHEL-7
7d56d3
  - ipagroup: Fix changed flag, new test cases
7d56d3
  - ipauser: Add info about version limitation of passwordexpiration
7d56d3
  - New hbacrule (HBAC Rule) management module
7d56d3
  - ipahostgroup: Fix changed flag, support IPA 4.6 on RHEL-7, new test cases
7d56d3
  - New sudorule (Sudo Rule) management module
7d56d3
  - ipauser: Support 'sn' alias of 'last' for surname
7d56d3
  - Update galaxy.yml: Update description, drop empty dependencies
7d56d3
  - Update ipauser.py: Fix typo in users.name description
7d56d3
  - ipaclient: Fix misspelled sssd options
7d56d3
  - ipauser: Return generated random password
7d56d3
  - ipahost: Return generated random password
7d56d3
  - Added context configuration to api_connect
7d56d3
  - ansible_freeipa_module: Better support for KRB5CCNAME environment variable
7d56d3
  - ipa[server,replica,client]: Add support for CentOS-8
7d56d3
  - ipahost: Extension to be able handle several hosts and all settings
7d56d3
  - Flake8 fixes
7d56d3
  - Documentation updates
7d56d3
  - Cleanup
7d56d3
  Resolves: RHBZ#1748986
7d56d3
7d56d3
* Fri Sep  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-4
7d56d3
- ansible_ipa_client: Drop import of configure_nsswitch_database
7d56d3
  (RHBZ#1748905)
7d56d3
7d56d3
* Wed Jul 31 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-3
7d56d3
- ipatopologysegment: Store suffix for commands in command list (RHBZ#1733547)
7d56d3
- ipatopologysegment: Fail for missing entry with reinitialized (RHBZ#1733559)
7d56d3
7d56d3
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-2
7d56d3
- Drop dirserv_cert_files key from utils/gen_module_docs.py for covscan
7d56d3
7d56d3
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
7d56d3
- update to version 0.1.6
7d56d3
  - Lots of documentation updates in READMEs and modules
7d56d3
  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
7d56d3
  - Flake8 and pylint reated fixes
7d56d3
  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
7d56d3
  - Remove unused ipaserver/library/ipaserver.py
7d56d3
  - No not use wildcard imports for modules
7d56d3
  - ipareplica: Add support for pki_config_override
7d56d3
  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
7d56d3
  - ipareplica_prepare: Properly initialize pin and cert_name variables
7d56d3
  - ipareplica: Fail with proper error messages
7d56d3
  - ipaserver: Properly set settings related to pkcs12 files
7d56d3
  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
7d56d3
  - ipaclient_setup_nss: paths.GETENT is not available before
7d56d3
    freeipa-4.6.90.pre1
7d56d3
  - ipaserver_test: Initialize value from options.zonemgr
7d56d3
  - ipareplica_setup_custodia: create_replica only available in newer releases
7d56d3
  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
7d56d3
  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
7d56d3
  - New build script for galaxy release
7d56d3
  - New utils script to update module docs
7d56d3
- Changes from ansible-freeipa-0.1.5
7d56d3
  - Support for IPA 4.8.0
7d56d3
  - New user management module
7d56d3
  - New group management module
7d56d3
  - ipaserver: Support external signed CA
7d56d3
  - RHEL-8 specific vars files to be able to install needed modules
7d56d3
    automatically
7d56d3
  - ipareplica: Fixes for certmonger and kra setup
7d56d3
  - New tests folder
7d56d3
  - OTP related updates to README files
7d56d3
7d56d3
* Thu Jul  4 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-2
7d56d3
- ansible_ipa_client: Always set options.unattended (RHBZ#1726645)
7d56d3
- ipaserver_prepare: Properly report error, do show trace back (RHBZ#1726668)
7d56d3
- ipa[server,replica,client]: RHEL-8 specific vars files (RHBZ#1727095)
7d56d3
- ipatopology modules: Use ipaadmin_ prefix for principal and password
7d56d3
  (RHBZ#1727101)
7d56d3
7d56d3
* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.4-1
7d56d3
- update to version 0.1.4
7d56d3
  - ipatopologysegment: Use commands, not command
7d56d3
7d56d3
* Mon Jun 17 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.3-1
7d56d3
- update to version 0.1.3
7d56d3
  - ipaclient_test: Fix Python2 decode use with Python3
7d56d3
  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
7d56d3
  - ipaclient_get_otp: Remove ansible_python_interpreter handling
7d56d3
  - ipaclient: Use omit (None) for password, keytab, no string length checks
7d56d3
  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
7d56d3
  - ipaclient: Report error message if ipaclient_get_otp failed
7d56d3
  - Fixes #17 Improve how tasks manage package installation
7d56d3
  - ipareplica: The dm password is not needed for ipareplica_master_password
7d56d3
  - ipareplica: Use ipareplica_server if set
7d56d3
  - ipatopologysegment: Allow domain+ca suffix, new state: checked
7d56d3
  - Documentation updates
7d56d3
  - Cleanups
7d56d3
7d56d3
* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-3
7d56d3
- bump release for functional test
7d56d3
7d56d3
* Tue Jun 11 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-2
7d56d3
- bump release for functional test
7d56d3
7d56d3
* Fri Jun  7 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.2-1
7d56d3
- update to version 0.1.2
7d56d3
  - Now a new Ansible Collection
7d56d3
  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
7d56d3
    OTP now.
7d56d3
  - Fix wrong ansible argument types
7d56d3
  - Do not fail on textwrap for replica deployments with CA
7d56d3
  - Ansible lint and galaxy fixes
7d56d3
  - Disable automatic removal of replication agreements in uninstall
7d56d3
  - Enable freeipa-trust service if adtrust is enabled
7d56d3
  - Add support for hidden replica
7d56d3
  - New topology managament modules
7d56d3
  - Add support for pki_config_override
7d56d3
  - Fix host name setup in server deployment
7d56d3
  - Fix errors when ipaservers variable is not set
7d56d3
  - Fix ipaclient install role length typo
7d56d3
  - Cleanups
7d56d3
  
7d56d3
* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
7d56d3
- Initial package