# Turn off automatic python byte compilation because these are Ansible

# roles and the files are transferred to the node and compiled there with

# the python version used in the node

%define __brp_python_bytecompile %{nil}

%global python %{__python3}

Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients

Name: ansible-freeipa

Version: 1.6.3

Release: 1%{?dist}

URL: https://github.com/freeipa/ansible-freeipa

License: GPLv3+

Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz

BuildArch: noarch

%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9

Requires: ansible-core

%endif

%description

Ansible roles and playbooks to install and uninstall FreeIPA servers, replicas

and clients. Also modules management.

Note: The Ansible playbooks and roles require a configured Ansible environment

where the Ansible nodes are reachable and are properly set up to have an IP

address and a working package manager.

Features

- Server, replica and client deployment

- Cluster deployments: Server, replicas and clients in one playbook

- One-time-password (OTP) support for client installation

- Repair mode for clients

- Backup and restore, also to and from controller

- Modules for automembership rule management

- Modules for automount key management

- Modules for automount location management

- Modules for automount map management

- Modules for config management

- Modules for delegation management

- Modules for dns config management

- Modules for dns forwarder management

- Modules for dns record management

- Modules for dns zone management

- Modules for group management

- Modules for hbacrule management

- Modules for hbacsvc management

- Modules for hbacsvcgroup management

- Modules for host management

- Modules for hostgroup management

- Modules for location management

- Modules for permission management

- Modules for privilege management

- Modules for pwpolicy management

- Modules for role management

- Modules for self service management

- Modules for server management

- Modules for service management

- Modules for sudocmd management

- Modules for sudocmdgroup management

- Modules for sudorule management

- Modules for topology management

- Modules for trust management

- Modules for user management

- Modules for vault management

Supported FreeIPA Versions

FreeIPA versions 4.6 and up are supported by all roles.

The client role supports versions 4.4 and up, the server role is working with

versions 4.5 and up, the replica role is currently only working with versions

4.6 and up.

Supported Distributions

- RHEL/CentOS 7.4+

- Fedora 26+

- Ubuntu

- Debian 10+ (ipaclient only, no server or replica!)

Requirements

  Controller

  - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection)

  - /usr/bin/kinit is required on the controller if a one time password (OTP)

    is used

  Node

  - Supported FreeIPA version (see above)

  - Supported distribution (needed for package installation only, see above)

Limitations

External signed CA is now supported. But the currently needed two step process

is an issue for the processing in a simple playbook.

Work is planned to have a new method to handle CSR for external signed CAs in

a separate step before starting the server installation.

%package tests

Summary: ansible-freeipa tests

Requires: %{name} = %{version}-%{release}

%description tests

ansible-freeipa tests.

Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt

to get the needed requrements to run the tests.

%prep

%setup -q

# Do not create backup files with patches

# Fix python modules and module utils:

# - Remove shebang

# - Remove execute flag

for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do

    sed -i '1{/\/usr\/bin\/python*/d;}' $i

    chmod a-x $i

done

for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \

         utils/changelog utils/ansible-doc-test;

do

    sed -i '{s@/usr/bin/python*@%{python}@}' $i

done

%build

%install

install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/

cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/

cp -rp roles/ipaserver/README.md README-server.md

cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/

cp -rp roles/ipareplica/README.md README-replica.md

cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/

cp -rp roles/ipaclient/README.md README-client.md

cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/

cp -rp roles/ipabackup/README.md README-backup.md

install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/

cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/

install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa

cp requirements*.txt %{buildroot}%{_datadir}/ansible-freeipa/

cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/

install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests

cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/

%files

%license COPYING

%{_datadir}/ansible/roles/ipaserver

%{_datadir}/ansible/roles/ipareplica

%{_datadir}/ansible/roles/ipaclient

%{_datadir}/ansible/roles/ipabackup

%{_datadir}/ansible/plugins/doc_fragments

%{_datadir}/ansible/plugins/module_utils

%{_datadir}/ansible/plugins/modules

%doc README*.md

%doc playbooks

%{_datadir}/ansible-freeipa/requirements.txt

%{_datadir}/ansible-freeipa/requirements-dev.txt

%{_datadir}/ansible-freeipa/utils

%files tests

%{_datadir}/ansible-freeipa/tests

%{_datadir}/ansible-freeipa/requirements-tests.txt

%changelog

* Thu Jan 27 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.3-1

- Update to version 1.6.3

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3

  Related: RHBZ#2010622

* Wed Jan 26 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.2-1

- Update to version 1.6.2

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2

  Related: RHBZ#2010622

* Fri Jan 21 2022 Thomas Woerner <twoerner@redhat.com> - 1.6.1-1

- Update to version 1.6.1

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0

  Related: RHBZ#2010622

- Add module to manage automount maps

  Resolves: RHBZ#2040701

- Add module to manage automount keys

  Resolves: RHBZ#2040702

* Wed Dec 29 2021 Thomas Woerner <twoerner@redhat.com> - 1.5.3-1

- Update to version 1.5.3

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1

  https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0

  Related: RHBZ#2010622

- automember set default group/hostgroup is missing from the automember module

  Resolves: RHBZ#2021947

- automember remove default group/hostgroup is missing from the automember

  module

  Resolves: RHBZ#2021952

- automember rebuild is missing from the automember module

  Resolves: RHBZ#2021954

- automember remove orphans group/hostgroup is missing from the automember

  module

  Resolves: RHBZ#2021955

- Not able to update existing automember rule description

  Resolves: RHBZ#1976922

* Tue Oct  5 2021 Thomas Woerner <twoerner@redhat.com> - 0.4.0-1

- Update to version 0.4.0

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0

  Resolves: RHBZ#2010622

- Add ability to run modules remotely

  Resolves: RHBZ#2010633

- New management module ipaautomountlocation

  Resolves: RHBZ#2010643

* Mon Aug 16 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-3

- Add requirement for ansible-core

  Resolves: RHBZ#1993857

- Remove python3, pip and ansible installation from sanity test

  Related: RHBZ#1993857

- Replace json_query in tests/user/test_users_absent.yml

  Resolves: RHBZ#1992997

* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.8-2

- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags

  Related: rhbz#1991688

* Thu Jul 15 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.8-1

- Update to version 0.3.7 and 0.3.8

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8

  Related: RHBZ#1972178

- automember: Verify condition keys

  Resolves: RHBZ#1981713

- automember: Fix result["failed"] issues with conditions

  Resolves: RHBZ#1981713

- automember: Fix action to be automember or member, not service

  Resolves: RHBZ#1981711

* Thu Jun 17 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-3

- Apply fix for ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform

  Resolves: RRBZ#1973173

* Mon Jun  7 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.6-1

- Update to version 0.3.6

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6

  Resolves: RHBZ#1972178

- ansible-freeipa-tests not in the compose

  Resolves: RHBZ#1940014

- Remove unsupported parameter for (ipapermission) module: perm_rights from

  permission-present.yml

  Resolves: RHBZ#1973167

- Sample playbook included for selfservice module is incorrect

  Resolves: RHBZ#1973166

- ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab

  returned 7)

  Resolves: RHBZ#1973169

- New management module ipaserver

  Resolves: RHBZ#1973171

- New management module ipaautomember

  Resolves: RHBZ#1973172

* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.5-2

- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

* Wed Mar  3 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.5-1

- Update to version 0.3.5

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5

* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.4-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Mon Jan 18 2021 Thomas Woerner <twoerner@redhat.com> - 0.3.4-1

- Update to version 0.3.4

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.4

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.3

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2

* Wed Dec  2 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.1-1

- Update to version 0.3.1

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1

- ipabackup: Fix undefined vars for conditions in shell tasks without else

* Tue Dec  1 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-2

- Ship ipabackup role for backup and restore

* Thu Nov 26 2020 Thomas Woerner <twoerner@redhat.com> - 0.3.0-1

- Update to version 0.3.0

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0

* Fri Oct 09 2020 Thomas Woerner <twoerner@redhat.com> - 0.2.1-1

- Update to version 0.2.1

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.1

- Update to version 0.2.0

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.0

- New tests sub package providing upstream tests

- Utils in /usr/share/ansible-freeipa/utils

* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.12-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon Jun 15 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.12-1

- Update to version 0.1.12 bug fix only release

* Thu Jun 11 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.11-1

- Update to version 0.1.11

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.11

* Mon Apr 27 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.10-1

- Update to version 0.1.10 with fixes and additional modules

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10

* Mon Mar 16 2020 Thomas Woerner <twoerner@redhat.com> - 0.1.9-1

- Update to version 0.1.8 with lots of fixes and additional modules

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.9

* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.8-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Fri Dec 20 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.8-1

- Update to version 0.1.8 with lots of fixes and additional modules

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.8

  https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.7

* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.1.6-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Tue Jul 23 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.6-1

- Update to version 0.1.6

  - Lots of documentation updates in READMEs and modules

  - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74)

  - Flake8 and pylint reated fixes

  - Fixed wrong path to CheckedIPAddress class in ipareplica_test

  - Remove unused ipaserver/library/ipaserver.py

  - No not use wildcard imports for modules

  - ipareplica: Add support for pki_config_override

  - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup

  - ipareplica_prepare: Properly initialize pin and cert_name variables

  - ipareplica: Fail with proper error messages

  - ipaserver: Properly set settings related to pkcs12 files

  - ipaclient: RawConfigParser is not always provided by six.moves.configparser

  - ipaclient_setup_nss: paths.GETENT is not available before

    freeipa-4.6.90.pre1

  - ipaserver_test: Initialize value from options.zonemgr

  - ipareplica_setup_custodia: create_replica only available in newer releases

  - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss

  - ipa[server,replica]: Set _packages_adtrust for Ubuntu

  - New build script for galaxy release

  - New utils script to update module docs

* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-2

- Update README-user.md: Fixed examples, new example

- ipauser example playbooks: Fixed actions, new example

* Tue Jul  9 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.5-1

- Update to version 0.1.5

  - Support for IPA 4.8.0

  - New user management module

  - New group management module

  - ipaserver: Support external signed CA

  - RHEL-8 specific vars files to be able to install needed modules

    automatically

  - ipareplica: Fixes for certmonger and kra setup

  - New tests folder

  - OTP related updates to README files

- Updates of version 0.1.4

  - ipatopologysegment: Use commands, not command

- Updates of version 0.1.3

  - ipaclient_test: Fix Python2 decode use with Python3

  - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode')

  - ipaclient_get_otp: Remove ansible_python_interpreter handling

  - ipaclient: Use omit (None) for password, keytab, no string length checks

  - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp

  - ipaclient: Report error message if ipaclient_get_otp failed

  - Fixes #17 Improve how tasks manage package installation

  - ipareplica: The dm password is not needed for ipareplica_master_password

  - ipareplica: Use ipareplica_server if set

  - ipatopologysegment: Allow domain+ca suffix, new state: checked

  - Documentation updates

  - Cleanups

- Update of version 0.1.2

  - Now a new Ansible Collection

  - Fix gssapi requirement for OTP: It is only needed if keytab is used with

    OTP now.

  - Fix wrong ansible argument types

  - Do not fail on textwrap for replica deployments with CA

  - Ansible lint and galaxy fixes

  - Disable automatic removal of replication agreements in uninstall

  - Enable freeipa-trust service if adtrust is enabled

  - Add support for hidden replica

  - New topology managament modules

  - Add support for pki_config_override

  - Fix host name setup in server deployment

  - Fix errors when ipaservers variable is not set

  - Fix ipaclient install role length typo

  - Cleanups

* Mon May  6 2019 Thomas Woerner <twoerner@redhat.com> - 0.1.1-1

- Initial package