From 8099a75427a87503dbede431a4a92e23997ee2a6 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Mar 10 2021 08:10:48 +0000 Subject: import ansible-freeipa-0.3.2-2.el8 --- diff --git a/SOURCES/ansible-freeipa-0.3.2-ipaclient-Do-not-fail-on-rmkeytab-error-7_rhbz#1931381.patch b/SOURCES/ansible-freeipa-0.3.2-ipaclient-Do-not-fail-on-rmkeytab-error-7_rhbz#1931381.patch new file mode 100644 index 0000000..6c3cfc7 --- /dev/null +++ b/SOURCES/ansible-freeipa-0.3.2-ipaclient-Do-not-fail-on-rmkeytab-error-7_rhbz#1931381.patch @@ -0,0 +1,39 @@ +From 976cd1baa70b3ac1a271a362163e469b8d54d04a Mon Sep 17 00:00:00 2001 +From: Thomas Woerner +Date: Mon, 22 Feb 2021 13:28:04 +0100 +Subject: [PATCH] ipaclient: Do not fail on rmkeytab error #7 + +Due to commit f3f9672d527008dc741ac90aa465bac842eea08d (ipa-rmkeytab: Check +return value of krb5_kt_(start|end)_seq_get) in IPA 4.9.2 there is a new +error reported for ipa-rmkeytab in case of a non existing keytab file. +Using ipa-rmkeytab now results in the error #7 in this case. + +The client role is using ipa-rmkeytab and needs to ignore error #7 also. + +Fixes: #510 (ipa-client installation with OTP is failed with error code 7 + (keytab: /usr/sbin/ipa-rmkeytab returned 7)) +--- + roles/ipaclient/tasks/install.yml | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml +index fccc72e..23f9529 100644 +--- a/roles/ipaclient/tasks/install.yml ++++ b/roles/ipaclient/tasks/install.yml +@@ -181,8 +181,12 @@ + # Do not fail on error codes 3 and 5: + # 3 - Unable to open keytab + # 5 - Principal name or realm not found in keytab ++ # 7 - Failed to set cursor, typically when errcode ++ # would be issued in past + failed_when: result_ipa_rmkeytab.rc != 0 and +- result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5 ++ result_ipa_rmkeytab.rc != 3 and ++ result_ipa_rmkeytab.rc != 5 and ++ result_ipa_rmkeytab.rc != 7 + when: (ipaclient_use_otp | bool or ipaclient_force_join | bool) and not ipaclient_on_master | bool + + - name: Install - Backup and set hostname +-- +2.29.2 + diff --git a/SPECS/ansible-freeipa.spec b/SPECS/ansible-freeipa.spec index 461de1c..68aeec4 100644 --- a/SPECS/ansible-freeipa.spec +++ b/SPECS/ansible-freeipa.spec @@ -8,10 +8,11 @@ Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients Name: ansible-freeipa Version: 0.3.2 -Release: 1%{?dist} +Release: 2%{?dist} URL: https://github.com/freeipa/ansible-freeipa License: GPLv3+ Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch0: ansible-freeipa-0.3.2-ipaclient-Do-not-fail-on-rmkeytab-error-7_rhbz#1931381.patch BuildArch: noarch %description @@ -108,6 +109,7 @@ to get the needed requrements to run the tests. %prep %setup -q +%patch0 -p1 # Do not create backup files with patches # Fix python modules and module utils: @@ -165,6 +167,10 @@ cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/ %{_datadir}/ansible-freeipa/requirements-tests.txt %changelog +* Thu Mar 4 2021 Thomas Woerner - 0.3.2-2 +- Fix ipaclient: Do not fail on rmkeytab error 7 + Resolves: RHBZ#1931381 + * Mon Jan 18 2021 Thomas Woerner - 0.3.2-1 - Update to version 0.3.2 https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2