cd5c56f
# Turn off automatic python byte compilation because these are Ansible
cd5c56f
# roles and the files are transferred to the node and compiled there with
cd5c56f
# the python verison used in the node
cd5c56f
%define __brp_python_bytecompile %{nil}
cd5c56f
cd5c56f
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
cd5c56f
Name: ansible-freeipa
e12eefc
Version: 0.1.10
26ad014
Release: 1%{?dist}
cd5c56f
URL: https://github.com/freeipa/ansible-freeipa
cd5c56f
License: GPLv3+
cd5c56f
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
cd5c56f
BuildArch: noarch
cd5c56f
cd5c56f
#Requires: ansible
cd5c56f
cd5c56f
%description
cd5c56f
ansible-freeipa provides Ansible roles and playbooks to install and uninstall
e12eefc
FreeIPA servers, replicas and clients. Also modules for group, host, topology
e12eefc
and user management.
cd5c56f
cd5c56f
Note: The ansible playbooks and roles require a configured ansible environment
cd5c56f
where the ansible nodes are reachable and are properly set up to have an IP
cd5c56f
address and a working package manager.
cd5c56f
cd5c56f
Features
cd5c56f
cd5c56f
- Server, replica and client deployment
cd5c56f
- Cluster deployments: Server, replicas and clients in one playbook
cd5c56f
- One-time-password (OTP) support for client installation
cd5c56f
- Repair mode for clients
e12eefc
- Modules for dns forwarder management
e12eefc
- Modules for dns zone management
e12eefc
- Modules for group management
e12eefc
- Modules for hbacrule management
e12eefc
- Modules for hbacsvc management
e12eefc
- Modules for hbacsvcgroup management
e12eefc
- Modules for host management
e12eefc
- Modules for hostgroup management
e12eefc
- Modules for pwpolicy management
e12eefc
- Modules for service management
e12eefc
- Modules for sudocmd management
e12eefc
- Modules for sudocmdgroup management
e12eefc
- Modules for sudorule management
e12eefc
- Modules for topology management
e12eefc
- Modules for user management
e12eefc
- Modules for vault management
cd5c56f
cd5c56f
Supported FreeIPA Versions
cd5c56f
cd5c56f
FreeIPA versions 4.6 and up are supported by all roles.
cd5c56f
cd5c56f
The client role supports versions 4.4 and up, the server role is working with
cd5c56f
versions 4.5 and up, the replica role is currently only working with versions
cd5c56f
4.6 and up.
cd5c56f
cd5c56f
Supported Distributions
cd5c56f
cd5c56f
- RHEL/CentOS 7.4+
cd5c56f
- Fedora 26+
cd5c56f
- Ubuntu
e12eefc
- Debian 10+ (ipaclient only, no server or replica!)
cd5c56f
cd5c56f
Requirements
cd5c56f
cd5c56f
  Controller
e12eefc
e12eefc
  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
e12eefc
    /usr/bin/kinit is required on the controller if a one time password (OTP)
e12eefc
    is used
cd5c56f
  - python3-gssapi is required on the controller if a one time password (OTP)
e12eefc
    is used with keytab to install the client.
cd5c56f
cd5c56f
  Node
e12eefc
cd5c56f
  - Supported FreeIPA version (see above)
cd5c56f
  - Supported distribution (needed for package installation only, see above)
cd5c56f
cd5c56f
Limitations
cd5c56f
e12eefc
External signed CA is now supported. But the currently needed two step process
e12eefc
is an issue for the processing in a simple playbook.
e12eefc
Work is planned to have a new method to handle CSR for external signed CAs in
e12eefc
a separate step before starting the server installation.
e12eefc
cd5c56f
cd5c56f
%prep
cd5c56f
%setup -q
2de2390
# Do not create backup files with patches
cd5c56f
# Fix python modules and module utils:
cd5c56f
# - Remove shebang
cd5c56f
# - Remove execute flag
2ca0ec8
for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
cd5c56f
    sed -i '/\/usr\/bin\/python*/d' $i
cd5c56f
    chmod a-x $i
cd5c56f
done
cd5c56f
# Add execute flag to py3test.py scripts
cd5c56f
chmod a+x roles/ipa*/files/py3test.py
cd5c56f
cd5c56f
%build
cd5c56f
cd5c56f
%install
cd5c56f
install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
cd5c56f
cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
2ca0ec8
cp -rp roles/ipaserver/README.md README-server.md
cd5c56f
cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
2ca0ec8
cp -rp roles/ipareplica/README.md README-replica.md
cd5c56f
cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
2ca0ec8
cp -rp roles/ipaclient/README.md README-client.md
2ca0ec8
install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
2ca0ec8
cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
cd5c56f
cd5c56f
%files
cd5c56f
%license COPYING
cd5c56f
%{_datadir}/ansible/roles/ipaserver
cd5c56f
%{_datadir}/ansible/roles/ipareplica
cd5c56f
%{_datadir}/ansible/roles/ipaclient
2ca0ec8
%{_datadir}/ansible/plugins/module_utils
2ca0ec8
%{_datadir}/ansible/plugins/modules
2ca0ec8
%doc README*.md
2ca0ec8
%doc playbooks
cd5c56f
cd5c56f
%changelog
e12eefc
* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1
e12eefc
- Update to version 0.1.10 with fixes and additional modules
e12eefc
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10
e12eefc
78e2813
* Mon Mar 16 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.9-1
78e2813
- Update to version 0.1.8 with lots of fixes and additional modules
78e2813
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.9
78e2813
650dc33
* Fri Dec 20 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
5274399
- Update to version 0.1.8 with lots of fixes and additional modules
5274399
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.8
5274399
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.7
5274399
26ad014
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
26ad014
- Update to version 0.1.6
26ad014
  - Lots of documentation updates in READMEs and modules
26ad014
  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
26ad014
  - Flake8 and pylint reated fixes
26ad014
  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
26ad014
  - Remove unused ipaserver/library/ipaserver.py
26ad014
  - No not use wildcard imports for modules
26ad014
  - ipareplica: Add support for pki_config_override
26ad014
  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
26ad014
  - ipareplica_prepare: Properly initialize pin and cert_name variables
26ad014
  - ipareplica: Fail with proper error messages
26ad014
  - ipaserver: Properly set settings related to pkcs12 files
26ad014
  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
26ad014
  - ipaclient_setup_nss: paths.GETENT is not available before
26ad014
    freeipa-4.6.90.pre1
26ad014
  - ipaserver_test: Initialize value from options.zonemgr
26ad014
  - ipareplica_setup_custodia: create_replica only available in newer releases
26ad014
  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
26ad014
  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
26ad014
  - New build script for galaxy release
26ad014
  - New utils script to update module docs
26ad014
2de2390
* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-2
2de2390
- Update README-user.md: Fixed examples, new example
2de2390
- ipauser example playbooks: Fixed actions, new example
2de2390
2ca0ec8
* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-1
2ca0ec8
- Update to version 0.1.5
2ca0ec8
  - Support for IPA 4.8.0
2ca0ec8
  - New user management module
2ca0ec8
  - New group management module
2ca0ec8
  - ipaserver: Support external signed CA
2ca0ec8
  - RHEL-8 specific vars files to be able to install needed modules
2ca0ec8
    automatically
2ca0ec8
  - ipareplica: Fixes for certmonger and kra setup
2ca0ec8
  - New tests folder
2ca0ec8
  - OTP related updates to README files
2ca0ec8
- Updates of version 0.1.4
2ca0ec8
  - ipatopologysegment: Use commands, not command
2ca0ec8
- Updates of version 0.1.3
2ca0ec8
  - ipaclient_test: Fix Python2 decode use with Python3
2ca0ec8
  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
2ca0ec8
  - ipaclient_get_otp: Remove ansible_python_interpreter handling
2ca0ec8
  - ipaclient: Use omit (None) for password, keytab, no string length checks
2ca0ec8
  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
2ca0ec8
  - ipaclient: Report error message if ipaclient_get_otp failed
2ca0ec8
  - Fixes #17 Improve how tasks manage package installation
2ca0ec8
  - ipareplica: The dm password is not needed for ipareplica_master_password
2ca0ec8
  - ipareplica: Use ipareplica_server if set
2ca0ec8
  - ipatopologysegment: Allow domain+ca suffix, new state: checked
2ca0ec8
  - Documentation updates
2ca0ec8
  - Cleanups
2ca0ec8
- Update of version 0.1.2
2ca0ec8
  - Now a new Ansible Collection
2ca0ec8
  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
2ca0ec8
    OTP now.
2ca0ec8
  - Fix wrong ansible argument types
2ca0ec8
  - Do not fail on textwrap for replica deployments with CA
2ca0ec8
  - Ansible lint and galaxy fixes
2ca0ec8
  - Disable automatic removal of replication agreements in uninstall
2ca0ec8
  - Enable freeipa-trust service if adtrust is enabled
2ca0ec8
  - Add support for hidden replica
2ca0ec8
  - New topology managament modules
2ca0ec8
  - Add support for pki_config_override
2ca0ec8
  - Fix host name setup in server deployment
2ca0ec8
  - Fix errors when ipaservers variable is not set
2ca0ec8
  - Fix ipaclient install role length typo
2ca0ec8
  - Cleanups
2ca0ec8
cd5c56f
* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
cd5c56f
- Initial package