cd5c56f
# Turn off automatic python byte compilation because these are Ansible
cd5c56f
# roles and the files are transferred to the node and compiled there with
9fefeb5
# the python version used in the node
cd5c56f
%define __brp_python_bytecompile %{nil}
cd5c56f
9fefeb5
%global python %{__python3}
9fefeb5
cd5c56f
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
cd5c56f
Name: ansible-freeipa
c3553e3
Version: 1.6.2
8fa1af9
Release: 1%{?dist}
cd5c56f
URL: https://github.com/freeipa/ansible-freeipa
cd5c56f
License: GPLv3+
cd5c56f
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
cd5c56f
BuildArch: noarch
cd5c56f
cd5c56f
%description
6dbf263
Ansible roles and playbooks to install and uninstall FreeIPA servers, replicas
6dbf263
and clients. Also modules management.
6dbf263
6dbf263
Note: The Ansible playbooks and roles require a configured Ansible environment
6dbf263
where the Ansible nodes are reachable and are properly set up to have an IP
6dbf263
address and a working package manager.
cd5c56f
cd5c56f
Features
cd5c56f
cd5c56f
- Server, replica and client deployment
cd5c56f
- Cluster deployments: Server, replicas and clients in one playbook
cd5c56f
- One-time-password (OTP) support for client installation
cd5c56f
- Repair mode for clients
edbdb24
- Backup and restore, also to and from controller
413e486
- Modules for automembership rule management
8fa1af9
- Modules for automount key management
d655a34
- Modules for automount location management
8fa1af9
- Modules for automount map management
9fefeb5
- Modules for config management
9fefeb5
- Modules for delegation management
9fefeb5
- Modules for dns config management
6aa7191
- Modules for dns forwarder management
5231d76
- Modules for dns record management
6aa7191
- Modules for dns zone management
6aa7191
- Modules for group management
6aa7191
- Modules for hbacrule management
6aa7191
- Modules for hbacsvc management
6aa7191
- Modules for hbacsvcgroup management
6aa7191
- Modules for host management
6aa7191
- Modules for hostgroup management
9fefeb5
- Modules for location management
edbdb24
- Modules for permission management
9fefeb5
- Modules for privilege management
6aa7191
- Modules for pwpolicy management
9fefeb5
- Modules for role management
9fefeb5
- Modules for self service management
413e486
- Modules for server management
6aa7191
- Modules for service management
6aa7191
- Modules for sudocmd management
6aa7191
- Modules for sudocmdgroup management
6aa7191
- Modules for sudorule management
6aa7191
- Modules for topology management
413e486
- Modules for trust management
6aa7191
- Modules for user management
6aa7191
- Modules for vault management
cd5c56f
cd5c56f
Supported FreeIPA Versions
cd5c56f
cd5c56f
FreeIPA versions 4.6 and up are supported by all roles.
cd5c56f
6dbf263
The client role supports versions 4.4 and up, the server role is working with
6dbf263
versions 4.5 and up, the replica role is currently only working with versions
6dbf263
4.6 and up.
6dbf263
cd5c56f
Supported Distributions
cd5c56f
cd5c56f
- RHEL/CentOS 7.4+
cd5c56f
- Fedora 26+
cd5c56f
- Ubuntu
6aa7191
- Debian 10+ (ipaclient only, no server or replica!)
cd5c56f
cd5c56f
Requirements
cd5c56f
cd5c56f
  Controller
6aa7191
  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
6dbf263
  - /usr/bin/kinit is required on the controller if a one time password (OTP)
6aa7191
    is used
cd5c56f
cd5c56f
  Node
cd5c56f
  - Supported FreeIPA version (see above)
cd5c56f
  - Supported distribution (needed for package installation only, see above)
cd5c56f
cd5c56f
Limitations
cd5c56f
6aa7191
External signed CA is now supported. But the currently needed two step process
6aa7191
is an issue for the processing in a simple playbook.
6aa7191
Work is planned to have a new method to handle CSR for external signed CAs in
6aa7191
a separate step before starting the server installation.
6aa7191
cd5c56f
9fefeb5
%package tests
9fefeb5
Summary: ansible-freeipa tests
9fefeb5
Requires: %{name} = %{version}-%{release}
9fefeb5
9fefeb5
%description tests
9fefeb5
ansible-freeipa tests.
9fefeb5
9fefeb5
Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt
9fefeb5
to get the needed requrements to run the tests.
9fefeb5
9fefeb5
cd5c56f
%prep
cd5c56f
%setup -q
1904aa2
# Do not create backup files with patches
86977de
cd5c56f
# Fix python modules and module utils:
cd5c56f
# - Remove shebang
cd5c56f
# - Remove execute flag
abce4d1
for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
9fefeb5
    sed -i '1{/\/usr\/bin\/python*/d;}' $i
cd5c56f
    chmod a-x $i
cd5c56f
done
9fefeb5
edbdb24
for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \
edbdb24
         utils/changelog utils/ansible-doc-test;
edbdb24
do
9fefeb5
    sed -i '{s@/usr/bin/python*@%{python}@}' $i
9fefeb5
done
cd5c56f
86977de
cd5c56f
%build
cd5c56f
cd5c56f
%install
cd5c56f
install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
cd5c56f
cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
abce4d1
cp -rp roles/ipaserver/README.md README-server.md
cd5c56f
cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
abce4d1
cp -rp roles/ipareplica/README.md README-replica.md
cd5c56f
cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
abce4d1
cp -rp roles/ipaclient/README.md README-client.md
9a5502c
cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/
9a5502c
cp -rp roles/ipabackup/README.md README-backup.md
abce4d1
install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
abce4d1
cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
cd5c56f
9fefeb5
install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa
9fefeb5
cp requirements*.txt %{buildroot}%{_datadir}/ansible-freeipa/
9fefeb5
cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/
9fefeb5
install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests
9fefeb5
cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
9fefeb5
cd5c56f
%files
cd5c56f
%license COPYING
cd5c56f
%{_datadir}/ansible/roles/ipaserver
cd5c56f
%{_datadir}/ansible/roles/ipareplica
cd5c56f
%{_datadir}/ansible/roles/ipaclient
9a5502c
%{_datadir}/ansible/roles/ipabackup
f80e5c9
%{_datadir}/ansible/plugins/doc_fragments
abce4d1
%{_datadir}/ansible/plugins/module_utils
abce4d1
%{_datadir}/ansible/plugins/modules
abce4d1
%doc README*.md
abce4d1
%doc playbooks
9fefeb5
%{_datadir}/ansible-freeipa/requirements.txt
9fefeb5
%{_datadir}/ansible-freeipa/requirements-dev.txt
9fefeb5
%{_datadir}/ansible-freeipa/utils
9fefeb5
9fefeb5
%files tests
9fefeb5
%{_datadir}/ansible-freeipa/tests
9fefeb5
%{_datadir}/ansible-freeipa/requirements-tests.txt
cd5c56f
cd5c56f
%changelog
c3553e3
* Wed Jan 26 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.2-1
c3553e3
- Update to version 1.6.2
c3553e3
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2
c3553e3
8fa1af9
* Fri Jan 21 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1
8fa1af9
- Update to version 1.6.1
8fa1af9
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1
8fa1af9
- Update to version 1.6.0
8fa1af9
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0
8fa1af9
82ba8fb
* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.3-2
82ba8fb
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
82ba8fb
d655a34
* Tue Dec 28 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.3-1
d655a34
- Update to version 1.5.3
d655a34
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3
d655a34
- Update to version 1.5.2
d655a34
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2
d655a34
- Update to version 1.5.1
d655a34
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1
d655a34
6dbf263
* Tue Dec  7 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.0-1
6dbf263
- Update to version 1.5.0
6dbf263
  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0
6dbf263
f80e5c9
* Wed Oct  6 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
f80e5c9
- Update to version 0.4.0
f80e5c9
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0
f80e5c9
70be9ed
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.8-2
70be9ed
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
70be9ed
2924b90
* Wed Jul 14 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1
2924b90
- Update to version 0.3.8
2924b90
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8
2924b90
- Update to version 0.3.7
2924b90
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7
2924b90
413e486
* Tue Jun  1 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
413e486
- Update to version 0.3.6
413e486
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
413e486
efb0974
* Wed Mar  3 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.5-1
efb0974
- Update to version 0.3.5
efb0974
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5
efb0974
efdef08
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-2
efdef08
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
efdef08
6ec4a52
* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.4-1
6ec4a52
- Update to version 0.3.4
6ec4a52
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.4
6ec4a52
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.3
6ec4a52
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2
6ec4a52
86977de
* Wed Dec  2 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.1-1
86977de
- Update to version 0.3.1
86977de
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1
86977de
- ipabackup: Fix undefined vars for conditions in shell tasks without else
86977de
9a5502c
* Tue Dec  1 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-2
9a5502c
- Ship ipabackup role for backup and restore
9a5502c
edbdb24
* Thu Nov 26 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-1
edbdb24
- Update to version 0.3.0
edbdb24
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0
edbdb24
9fefeb5
* Fri Oct 09 2020 Thomas Woerner <twoerner@redhat.com> - 0.2.1-1
9fefeb5
- Update to version 0.2.1
9fefeb5
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.1
9fefeb5
- Update to version 0.2.0
9fefeb5
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.0
9fefeb5
- New tests sub package providing upstream tests
9fefeb5
- Utils in /usr/share/ansible-freeipa/utils
9fefeb5
7cebb5e
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.12-2
7cebb5e
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
7cebb5e
3063f6f
* Mon Jun 15 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-1
3063f6f
- Update to version 0.1.12 bug fix only release
3063f6f
5231d76
* Thu Jun 11 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.11-1
5231d76
- Update to version 0.1.11
5231d76
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.11
5231d76
6aa7191
* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1
6aa7191
- Update to version 0.1.10 with fixes and additional modules
6aa7191
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10
6aa7191
29119f6
* Mon Mar 16 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.9-1
29119f6
- Update to version 0.1.8 with lots of fixes and additional modules
29119f6
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.9
29119f6
d016874
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
d016874
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
d016874
93e5d7e
* Fri Dec 20 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
93e5d7e
- Update to version 0.1.8 with lots of fixes and additional modules
93e5d7e
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.8
93e5d7e
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.7
93e5d7e
bb9dd4b
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.6-2
bb9dd4b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
bb9dd4b
13bf858
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
13bf858
- Update to version 0.1.6
13bf858
  - Lots of documentation updates in READMEs and modules
13bf858
  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
13bf858
  - Flake8 and pylint reated fixes
13bf858
  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
13bf858
  - Remove unused ipaserver/library/ipaserver.py
13bf858
  - No not use wildcard imports for modules
13bf858
  - ipareplica: Add support for pki_config_override
13bf858
  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
13bf858
  - ipareplica_prepare: Properly initialize pin and cert_name variables
13bf858
  - ipareplica: Fail with proper error messages
13bf858
  - ipaserver: Properly set settings related to pkcs12 files
13bf858
  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
13bf858
  - ipaclient_setup_nss: paths.GETENT is not available before
13bf858
    freeipa-4.6.90.pre1
13bf858
  - ipaserver_test: Initialize value from options.zonemgr
13bf858
  - ipareplica_setup_custodia: create_replica only available in newer releases
13bf858
  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
13bf858
  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
13bf858
  - New build script for galaxy release
13bf858
  - New utils script to update module docs
13bf858
1904aa2
* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-2
1904aa2
- Update README-user.md: Fixed examples, new example
1904aa2
- ipauser example playbooks: Fixed actions, new example
1904aa2
abce4d1
* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-1
abce4d1
- Update to version 0.1.5
abce4d1
  - Support for IPA 4.8.0
abce4d1
  - New user management module
abce4d1
  - New group management module
abce4d1
  - ipaserver: Support external signed CA
abce4d1
  - RHEL-8 specific vars files to be able to install needed modules
abce4d1
    automatically
abce4d1
  - ipareplica: Fixes for certmonger and kra setup
abce4d1
  - New tests folder
abce4d1
  - OTP related updates to README files
abce4d1
- Updates of version 0.1.4
abce4d1
  - ipatopologysegment: Use commands, not command
abce4d1
- Updates of version 0.1.3
abce4d1
  - ipaclient_test: Fix Python2 decode use with Python3
abce4d1
  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
abce4d1
  - ipaclient_get_otp: Remove ansible_python_interpreter handling
abce4d1
  - ipaclient: Use omit (None) for password, keytab, no string length checks
abce4d1
  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
abce4d1
  - ipaclient: Report error message if ipaclient_get_otp failed
abce4d1
  - Fixes #17 Improve how tasks manage package installation
abce4d1
  - ipareplica: The dm password is not needed for ipareplica_master_password
abce4d1
  - ipareplica: Use ipareplica_server if set
abce4d1
  - ipatopologysegment: Allow domain+ca suffix, new state: checked
abce4d1
  - Documentation updates
abce4d1
  - Cleanups
abce4d1
- Update of version 0.1.2
abce4d1
  - Now a new Ansible Collection
abce4d1
  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
abce4d1
    OTP now.
abce4d1
  - Fix wrong ansible argument types
abce4d1
  - Do not fail on textwrap for replica deployments with CA
abce4d1
  - Ansible lint and galaxy fixes
abce4d1
  - Disable automatic removal of replication agreements in uninstall
abce4d1
  - Enable freeipa-trust service if adtrust is enabled
abce4d1
  - Add support for hidden replica
abce4d1
  - New topology managament modules
abce4d1
  - Add support for pki_config_override
abce4d1
  - Fix host name setup in server deployment
abce4d1
  - Fix errors when ipaservers variable is not set
abce4d1
  - Fix ipaclient install role length typo
abce4d1
  - Cleanups
abce4d1
cd5c56f
* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
cd5c56f
- Initial package