Blame SPECS/ansible-freeipa.spec

aa04dd
# Turn off automatic python byte compilation because these are Ansible
aa04dd
# roles and the files are transferred to the node and compiled there with
aa04dd
# the python version used in the node
aa04dd
%define __brp_python_bytecompile %{nil}
aa04dd
aa04dd
%global python %{__python3}
aa04dd
aa04dd
Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients
aa04dd
Name: ansible-freeipa
5f58d4
Version: 0.4.0
5f58d4
Release: 1%{?dist}
aa04dd
URL: https://github.com/freeipa/ansible-freeipa
aa04dd
License: GPLv3+
aa04dd
Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
aa04dd
BuildArch: noarch
aa04dd
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
aa04dd
Requires: ansible-core
aa04dd
%endif
aa04dd
aa04dd
%description
aa04dd
Ansible roles and playbooks to install and uninstall FreeIPA servers, replicas and clients. Also modules for group, host, topology and user management.
aa04dd
aa04dd
Note: The Ansible playbooks and roles require a configured Ansible environment where the Ansible nodes are reachable and are properly set up to have an IP address and a working package manager.
aa04dd
Features
aa04dd
aa04dd
- Server, replica and client deployment
aa04dd
- Cluster deployments: Server, replicas and clients in one playbook
aa04dd
- One-time-password (OTP) support for client installation
aa04dd
- Repair mode for clients
aa04dd
- Backup and restore, also to and from controller
aa04dd
- Modules for automembership rule management
aa04dd
- Modules for config management
aa04dd
- Modules for delegation management
aa04dd
- Modules for dns config management
aa04dd
- Modules for dns forwarder management
aa04dd
- Modules for dns record management
aa04dd
- Modules for dns zone management
aa04dd
- Modules for group management
aa04dd
- Modules for hbacrule management
aa04dd
- Modules for hbacsvc management
aa04dd
- Modules for hbacsvcgroup management
aa04dd
- Modules for host management
aa04dd
- Modules for hostgroup management
aa04dd
- Modules for location management
aa04dd
- Modules for permission management
aa04dd
- Modules for privilege management
aa04dd
- Modules for pwpolicy management
aa04dd
- Modules for role management
aa04dd
- Modules for self service management
aa04dd
- Modules for server management
aa04dd
- Modules for service management
aa04dd
- Modules for sudocmd management
aa04dd
- Modules for sudocmdgroup management
aa04dd
- Modules for sudorule management
aa04dd
- Modules for topology management
aa04dd
- Modules for trust management
aa04dd
- Modules for user management
aa04dd
- Modules for vault management
aa04dd
aa04dd
Supported FreeIPA Versions
aa04dd
aa04dd
FreeIPA versions 4.6 and up are supported by all roles.
aa04dd
aa04dd
The client role supports versions 4.4 and up, the server role is working with versions 4.5 and up, the replica role is currently only working with versions 4.6 and up.
aa04dd
Supported Distributions
aa04dd
aa04dd
- RHEL/CentOS 7.4+
aa04dd
- Fedora 26+
aa04dd
- Ubuntu
aa04dd
- Debian 10+ (ipaclient only, no server or replica!)
aa04dd
aa04dd
Requirements
aa04dd
aa04dd
  Controller
aa04dd
aa04dd
  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)
aa04dd
    /usr/bin/kinit is required on the controller if a one time password (OTP)
aa04dd
    is used
aa04dd
  - python3-gssapi is required on the controller if a one time password (OTP)
aa04dd
    is used with keytab to install the client.
aa04dd
aa04dd
  Node
aa04dd
aa04dd
  - Supported FreeIPA version (see above)
aa04dd
  - Supported distribution (needed for package installation only, see above)
aa04dd
aa04dd
Limitations
aa04dd
aa04dd
External signed CA is now supported. But the currently needed two step process
aa04dd
is an issue for the processing in a simple playbook.
aa04dd
Work is planned to have a new method to handle CSR for external signed CAs in
aa04dd
a separate step before starting the server installation.
aa04dd
aa04dd
aa04dd
%package tests
aa04dd
Summary: ansible-freeipa tests
aa04dd
Requires: %{name} = %{version}-%{release}
aa04dd
aa04dd
%description tests
aa04dd
ansible-freeipa tests.
aa04dd
aa04dd
Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt
aa04dd
to get the needed requrements to run the tests.
aa04dd
aa04dd
aa04dd
%prep
aa04dd
%setup -q
aa04dd
# Do not create backup files with patches
aa04dd
aa04dd
# Fix python modules and module utils:
aa04dd
# - Remove shebang
aa04dd
# - Remove execute flag
aa04dd
for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
aa04dd
    sed -i '1{/\/usr\/bin\/python*/d;}' $i
aa04dd
    chmod a-x $i
aa04dd
done
aa04dd
aa04dd
for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \
aa04dd
         utils/changelog utils/ansible-doc-test;
aa04dd
do
aa04dd
    sed -i '{s@/usr/bin/python*@%{python}@}' $i
aa04dd
done
aa04dd
aa04dd
aa04dd
%build
aa04dd
aa04dd
%install
aa04dd
install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/
aa04dd
cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/
aa04dd
cp -rp roles/ipaserver/README.md README-server.md
aa04dd
cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/
aa04dd
cp -rp roles/ipareplica/README.md README-replica.md
aa04dd
cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/
aa04dd
cp -rp roles/ipaclient/README.md README-client.md
aa04dd
cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/
aa04dd
cp -rp roles/ipabackup/README.md README-backup.md
aa04dd
install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/
aa04dd
cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/
aa04dd
aa04dd
install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa
aa04dd
cp requirements*.txt %{buildroot}%{_datadir}/ansible-freeipa/
aa04dd
cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/
aa04dd
install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests
aa04dd
cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/
aa04dd
aa04dd
%files
aa04dd
%license COPYING
aa04dd
%{_datadir}/ansible/roles/ipaserver
aa04dd
%{_datadir}/ansible/roles/ipareplica
aa04dd
%{_datadir}/ansible/roles/ipaclient
aa04dd
%{_datadir}/ansible/roles/ipabackup
5f58d4
%{_datadir}/ansible/plugins/doc_fragments
aa04dd
%{_datadir}/ansible/plugins/module_utils
aa04dd
%{_datadir}/ansible/plugins/modules
aa04dd
%doc README*.md
aa04dd
%doc playbooks
aa04dd
%{_datadir}/ansible-freeipa/requirements.txt
aa04dd
%{_datadir}/ansible-freeipa/requirements-dev.txt
aa04dd
%{_datadir}/ansible-freeipa/utils
aa04dd
aa04dd
%files tests
aa04dd
%{_datadir}/ansible-freeipa/tests
aa04dd
%{_datadir}/ansible-freeipa/requirements-tests.txt
aa04dd
aa04dd
%changelog
5f58d4
* Tue Oct  5 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1
5f58d4
- Update to version 0.4.0
5f58d4
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0
5f58d4
  Resolves: RHBZ#2010622
5f58d4
- Add ability to run modules remotely
5f58d4
  Resolves: RHBZ#2010633
5f58d4
- New management module ipaautomountlocation
5f58d4
  Resolves: RHBZ#2010643
5f58d4
aa04dd
* Mon Aug 16 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-3
aa04dd
- Add requirement for ansible-core
aa04dd
  Resolves: RHBZ#1993857
aa04dd
- Remove python3, pip and ansible installation from sanity test
aa04dd
  Related: RHBZ#1993857
aa04dd
- Replace json_query in tests/user/test_users_absent.yml
aa04dd
  Resolves: RHBZ#1992997
aa04dd
aa04dd
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.8-2
aa04dd
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
aa04dd
  Related: rhbz#1991688
aa04dd
aa04dd
* Thu Jul 15 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1
aa04dd
- Update to version 0.3.7 and 0.3.8
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8
aa04dd
  Related: RHBZ#1972178
aa04dd
- automember: Verify condition keys
aa04dd
  Resolves: RHBZ#1981713
aa04dd
- automember: Fix result["failed"] issues with conditions
aa04dd
  Resolves: RHBZ#1981713
aa04dd
- automember: Fix action to be automember or member, not service
aa04dd
  Resolves: RHBZ#1981711
aa04dd
aa04dd
* Thu Jun 17 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-3
aa04dd
- Apply fix for ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform
aa04dd
  Resolves: RRBZ#1973173
aa04dd
aa04dd
* Mon Jun  7 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1
aa04dd
- Update to version 0.3.6
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6
aa04dd
  Resolves: RHBZ#1972178
aa04dd
- ansible-freeipa-tests not in the compose
aa04dd
  Resolves: RHBZ#1940014
aa04dd
- Remove unsupported parameter for (ipapermission) module: perm_rights from
aa04dd
  permission-present.yml
aa04dd
  Resolves: RHBZ#1973167
aa04dd
- Sample playbook included for selfservice module is incorrect
aa04dd
  Resolves: RHBZ#1973166
aa04dd
- ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab
aa04dd
  returned 7)
aa04dd
  Resolves: RHBZ#1973169
aa04dd
- New management module ipaserver
aa04dd
  Resolves: RHBZ#1973171
aa04dd
- New management module ipaautomember
aa04dd
  Resolves: RHBZ#1973172
aa04dd
aa04dd
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.5-2
aa04dd
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
aa04dd
aa04dd
* Wed Mar  3 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.5-1
aa04dd
- Update to version 0.3.5
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5
aa04dd
aa04dd
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-2
aa04dd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
aa04dd
aa04dd
* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.4-1
aa04dd
- Update to version 0.3.4
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.4
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.3
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2
aa04dd
aa04dd
* Wed Dec  2 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.1-1
aa04dd
- Update to version 0.3.1
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1
aa04dd
- ipabackup: Fix undefined vars for conditions in shell tasks without else
aa04dd
aa04dd
* Tue Dec  1 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-2
aa04dd
- Ship ipabackup role for backup and restore
aa04dd
aa04dd
* Thu Nov 26 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-1
aa04dd
- Update to version 0.3.0
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0
aa04dd
aa04dd
* Fri Oct 09 2020 Thomas Woerner <twoerner@redhat.com> - 0.2.1-1
aa04dd
- Update to version 0.2.1
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.1
aa04dd
- Update to version 0.2.0
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.0
aa04dd
- New tests sub package providing upstream tests
aa04dd
- Utils in /usr/share/ansible-freeipa/utils
aa04dd
aa04dd
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.12-2
aa04dd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
aa04dd
aa04dd
* Mon Jun 15 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-1
aa04dd
- Update to version 0.1.12 bug fix only release
aa04dd
aa04dd
* Thu Jun 11 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.11-1
aa04dd
- Update to version 0.1.11
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.11
aa04dd
aa04dd
* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1
aa04dd
- Update to version 0.1.10 with fixes and additional modules
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10
aa04dd
aa04dd
* Mon Mar 16 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.9-1
aa04dd
- Update to version 0.1.8 with lots of fixes and additional modules
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.9
aa04dd
aa04dd
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2
aa04dd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
aa04dd
aa04dd
* Fri Dec 20 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1
aa04dd
- Update to version 0.1.8 with lots of fixes and additional modules
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.8
aa04dd
  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.7
aa04dd
aa04dd
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.6-2
aa04dd
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
aa04dd
aa04dd
* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1
aa04dd
- Update to version 0.1.6
aa04dd
  - Lots of documentation updates in READMEs and modules
aa04dd
  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)
aa04dd
  - Flake8 and pylint reated fixes
aa04dd
  - Fixed wrong path to CheckedIPAddress class in ipareplica_test
aa04dd
  - Remove unused ipaserver/library/ipaserver.py
aa04dd
  - No not use wildcard imports for modules
aa04dd
  - ipareplica: Add support for pki_config_override
aa04dd
  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup
aa04dd
  - ipareplica_prepare: Properly initialize pin and cert_name variables
aa04dd
  - ipareplica: Fail with proper error messages
aa04dd
  - ipaserver: Properly set settings related to pkcs12 files
aa04dd
  - ipaclient: RawConfigParser is not always provided by six.moves.configparser
aa04dd
  - ipaclient_setup_nss: paths.GETENT is not available before
aa04dd
    freeipa-4.6.90.pre1
aa04dd
  - ipaserver_test: Initialize value from options.zonemgr
aa04dd
  - ipareplica_setup_custodia: create_replica only available in newer releases
aa04dd
  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss
aa04dd
  - ipa[server,replica]: Set _packages_adtrust for Ubuntu
aa04dd
  - New build script for galaxy release
aa04dd
  - New utils script to update module docs
aa04dd
aa04dd
* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-2
aa04dd
- Update README-user.md: Fixed examples, new example
aa04dd
- ipauser example playbooks: Fixed actions, new example
aa04dd
aa04dd
* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-1
aa04dd
- Update to version 0.1.5
aa04dd
  - Support for IPA 4.8.0
aa04dd
  - New user management module
aa04dd
  - New group management module
aa04dd
  - ipaserver: Support external signed CA
aa04dd
  - RHEL-8 specific vars files to be able to install needed modules
aa04dd
    automatically
aa04dd
  - ipareplica: Fixes for certmonger and kra setup
aa04dd
  - New tests folder
aa04dd
  - OTP related updates to README files
aa04dd
- Updates of version 0.1.4
aa04dd
  - ipatopologysegment: Use commands, not command
aa04dd
- Updates of version 0.1.3
aa04dd
  - ipaclient_test: Fix Python2 decode use with Python3
aa04dd
  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')
aa04dd
  - ipaclient_get_otp: Remove ansible_python_interpreter handling
aa04dd
  - ipaclient: Use omit (None) for password, keytab, no string length checks
aa04dd
  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp
aa04dd
  - ipaclient: Report error message if ipaclient_get_otp failed
aa04dd
  - Fixes #17 Improve how tasks manage package installation
aa04dd
  - ipareplica: The dm password is not needed for ipareplica_master_password
aa04dd
  - ipareplica: Use ipareplica_server if set
aa04dd
  - ipatopologysegment: Allow domain+ca suffix, new state: checked
aa04dd
  - Documentation updates
aa04dd
  - Cleanups
aa04dd
- Update of version 0.1.2
aa04dd
  - Now a new Ansible Collection
aa04dd
  - Fix gssapi requirement for OTP: It is only needed if keytab is used with
aa04dd
    OTP now.
aa04dd
  - Fix wrong ansible argument types
aa04dd
  - Do not fail on textwrap for replica deployments with CA
aa04dd
  - Ansible lint and galaxy fixes
aa04dd
  - Disable automatic removal of replication agreements in uninstall
aa04dd
  - Enable freeipa-trust service if adtrust is enabled
aa04dd
  - Add support for hidden replica
aa04dd
  - New topology managament modules
aa04dd
  - Add support for pki_config_override
aa04dd
  - Fix host name setup in server deployment
aa04dd
  - Fix errors when ipaservers variable is not set
aa04dd
  - Fix ipaclient install role length typo
aa04dd
  - Cleanups
aa04dd
aa04dd
* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1
aa04dd
- Initial package