diff --git a/.ansible-freeipa.metadata b/.ansible-freeipa.metadata index d534268..c58e727 100644 --- a/.ansible-freeipa.metadata +++ b/.ansible-freeipa.metadata @@ -1 +1 @@ -583ac570c030eb68a2026a506054f2f93587beb4 SOURCES/ansible-freeipa-0.1.8.tar.gz +5d09d3b590e8568d04edb288c9c515e308f3168f SOURCES/ansible-freeipa-0.1.12.tar.gz diff --git a/.gitignore b/.gitignore index b19cd6f..7591236 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/ansible-freeipa-0.1.8.tar.gz +SOURCES/ansible-freeipa-0.1.12.tar.gz diff --git a/SPECS/ansible-freeipa.spec b/SPECS/ansible-freeipa.spec index 7edd1f3..211f159 100644 --- a/SPECS/ansible-freeipa.spec +++ b/SPECS/ansible-freeipa.spec @@ -5,7 +5,7 @@ Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients Name: ansible-freeipa -Version: 0.1.8 +Version: 0.1.12 Release: 1%{?dist} URL: https://github.com/freeipa/ansible-freeipa License: GPLv3+ @@ -16,7 +16,8 @@ BuildArch: noarch %description ansible-freeipa provides Ansible roles and playbooks to install and uninstall -FreeIPA servers, replicas and clients. +FreeIPA servers, replicas and clients. Also modules for group, host, topology +and user management. Note: The ansible playbooks and roles require a configured ansible environment where the ansible nodes are reachable and are properly set up to have an IP @@ -28,6 +29,23 @@ Features - Cluster deployments: Server, replicas and clients in one playbook - One-time-password (OTP) support for client installation - Repair mode for clients +- Modules for dns forwarder management +- Modules for dns record management +- Modules for dns zone management +- Modules for group management +- Modules for hbacrule management +- Modules for hbacsvc management +- Modules for hbacsvcgroup management +- Modules for host management +- Modules for hostgroup management +- Modules for pwpolicy management +- Modules for service management +- Modules for sudocmd management +- Modules for sudocmdgroup management +- Modules for sudorule management +- Modules for topology management +- Modules for user management +- Modules for vault management Supported FreeIPA Versions @@ -42,25 +60,30 @@ Supported Distributions - RHEL/CentOS 7.4+ - Fedora 26+ - Ubuntu +- Debian 10+ (ipaclient only, no server or replica!) Requirements Controller - - Ansible version: 2.5+ + + - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection) + /usr/bin/kinit is required on the controller if a one time password (OTP) + is used - python3-gssapi is required on the controller if a one time password (OTP) - is used to install the client. + is used with keytab to install the client. Node + - Supported FreeIPA version (see above) - Supported distribution (needed for package installation only, see above) Limitations -External CA support is not supported or working. The currently needed two step -process is an issue for the processing in the role. The configuration of the -server is partly done already and needs to be continued after the CSR has been -handled. This is for example breaking the deployment of a server with replicas -or clients in one playbook. +External signed CA is now supported. But the currently needed two step process +is an issue for the processing in a simple playbook. +Work is planned to have a new method to handle CSR for external signed CAs in +a separate step before starting the server installation. + %prep %setup -q @@ -95,11 +118,71 @@ cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/ %{_datadir}/ansible/roles/ipaclient %{_datadir}/ansible/plugins/module_utils %{_datadir}/ansible/plugins/modules -%doc README.md -%doc README-*.md +%doc README*.md %doc playbooks %changelog +* Mon Jun 15 2020 Thomas Woerner - 0.1.12-1 +- Update to version 0.1.12 bug fix only release + Related: RHBZ#1818768 + +* Thu Jun 11 2020 Thomas Woerner - 0.1.11-1 +- Update to version 0.1.11 + Related: RHBZ#1818768 + +* Mon Apr 27 2020 Thomas Woerner - 0.1.10-1 +- Update to version 0.1.10: + - ipaclient: Not delete keytab when ipaclient_on_master is true + - New module to manage dns forwarder zones in ipa + - Enhancements of sudorule module tests + - Gracefully handle RuntimeError raised during parameter validation in + fail_jso + - ipareplica_prepare: Fix module DOCUMENTATION + - ipa[server,replica,client]: setup_logging wrapper for + standard_logging_setup + - Created FreeIPABaseModule class to facilitate creation of new modules + - New IPADNSZone module + - Add admin password to the ipadnsconfig module tests + - Added alias module arguments in dnszone module + - Fixed a bug in AnsibleFreeIPAParams + - utils/build-galaxy-release: Do not add release tag to version for galaxy + - ipaserver docs: Calm down module linter + - galaxy.yml: Add system tag + - ipareplica_setup_kra: Remove unused ccache parameter + - ipareplica_setup_krb: krb is assigned to but never used + - utils/galaxy: Make galaxy scripts more generic + - galaxyfy-playbook.py: Fixed script name + Related: RHBZ#1818768 + +* Thu Feb 20 2020 Thomas Woerner - 0.1.8-3 +- ipahost: Do not fail on missing DNS or zone when no IP address given + Resolves: RHBZ#1804838 + +* Fri Feb 14 2020 Thomas Woerner - 0.1.8-2 +- Updated RPM description for ansible-freeipa 0.1.8 + Related: RHBZ#1748986 +- ipahost: Fix choices of auth_ind parameter, allow to reset parameter + Resolves: RHBZ#1783992 +- ipauser: Allow reset of userauthtype, do not depend on first,last for mod + Resolves: RHBZ#1784474 +- ipahost: Enhanced failure msg for member params used without member action + Resolves: RHBZ#1783948 +- Add missing attributes to ipasudorule + Resolves: RHBZ#1788168 + Resolves: RHBZ#1788035 + Resolves: RHBZ#1788024 +- ipapwpolicy: Use global_policy if name is not set + Resolves: RHBZ#1797532 +- ipahbacrule: Fix handing of members with action hbacrule + Resolves: RHBZ#1787996 +- ansible_freeipa_module: Fix comparison of bool parameters in compare_args_isa + Resolves: RHBZ#1784514 +- ipahost: Add support for several IP addresses and also to change them + Resolves: RHBZ#1783979 + Resolves: RHBZ#1783976 +- ipahost: Fail on action member for new hosts, fix dnsrecord_add reverse flag + Resolves: RHBZ#1803026 + * Sat Dec 14 2019 Thomas Woerner - 0.1.8-1 - Update to version 0.1.8 (bug fix release) - roles/ipaclient/README.md: Add information about ipaclient_otp