diff --git a/.ansible-freeipa.metadata b/.ansible-freeipa.metadata new file mode 100644 index 0000000..f9fa4df --- /dev/null +++ b/.ansible-freeipa.metadata @@ -0,0 +1 @@ +8b916e74fdfd8cb11b55e401fc752d30b2a6ee09 SOURCES/ansible-freeipa-0.1.4.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a578cdd --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ansible-freeipa-0.1.4.tar.gz diff --git a/SPECS/ansible-freeipa.spec b/SPECS/ansible-freeipa.spec new file mode 100644 index 0000000..f73ab1d --- /dev/null +++ b/SPECS/ansible-freeipa.spec @@ -0,0 +1,149 @@ +# Turn off automatic python byte compilation because these are Ansible +# roles and the files are transferred to the node and compiled there with +# the python verison used in the node +%define __brp_python_bytecompile %{nil} + +Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients +Name: ansible-freeipa +Version: 0.1.4 +Release: 1%{?dist} +URL: https://github.com/freeipa/ansible-freeipa +License: GPLv3+ +Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +BuildArch: noarch + +#Requires: ansible + +%description +ansible-freeipa provides Ansible roles and playbooks to install and uninstall +FreeIPA servers, replicas and clients. + +Note: The ansible playbooks and roles require a configured ansible environment +where the ansible nodes are reachable and are properly set up to have an IP +address and a working package manager. + +Features + +- Server, replica and client deployment +- Cluster deployments: Server, replicas and clients in one playbook +- One-time-password (OTP) support for client installation +- Repair mode for clients + +Supported FreeIPA Versions + +FreeIPA versions 4.6 and up are supported by all roles. + +The client role supports versions 4.4 and up, the server role is working with +versions 4.5 and up, the replica role is currently only working with versions +4.6 and up. + +Supported Distributions + +- RHEL/CentOS 7.4+ +- Fedora 26+ +- Ubuntu + +Requirements + + Controller + - Ansible version: 2.5+ + - python3-gssapi is required on the controller if a one time password (OTP) + is used to install the client. + + Node + - Supported FreeIPA version (see above) + - Supported distribution (needed for package installation only, see above) + +Limitations + +External CA support is not supported or working. The currently needed two step +process is an issue for the processing in the role. The configuration of the +server is partly done already and needs to be continued after the CSR has been +handled. This is for example breaking the deployment of a server with replicas +or clients in one playbook. + +%prep +%setup -q +# Fix python modules and module utils: +# - Remove shebang +# - Remove execute flag +for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do + sed -i '/\/usr\/bin\/python*/d' $i + chmod a-x $i +done +# Add execute flag to py3test.py scripts +chmod a+x roles/ipa*/files/py3test.py + +%build + +%install +install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipaserver/README.md README-server.md +cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipareplica/README.md README-replica.md +cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipaclient/README.md README-client.md +install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/ +cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/ + +%files +%license COPYING +%{_datadir}/ansible/roles/ipaserver +%{_datadir}/ansible/roles/ipareplica +%{_datadir}/ansible/roles/ipaclient +%{_datadir}/ansible/plugins/module_utils +%{_datadir}/ansible/plugins/modules +%doc README.md +%doc README-topology.md +%doc README-server.md +%doc README-replica.md +%doc README-client.md +%doc playbooks + +%changelog +* Mon Jun 17 2019 Thomas Woerner - 0.1.4-1 +- update to version 0.1.4 + - ipatopologysegment: Use commands, not command + +* Mon Jun 17 2019 Thomas Woerner - 0.1.3-1 +- update to version 0.1.3 + - ipaclient_test: Fix Python2 decode use with Python3 + - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode') + - ipaclient_get_otp: Remove ansible_python_interpreter handling + - ipaclient: Use omit (None) for password, keytab, no string length checks + - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp + - ipaclient: Report error message if ipaclient_get_otp failed + - Fixes #17 Improve how tasks manage package installation + - ipareplica: The dm password is not needed for ipareplica_master_password + - ipareplica: Use ipareplica_server if set + - ipatopologysegment: Allow domain+ca suffix, new state: checked + - Documentation updates + - Cleanups + +* Tue Jun 11 2019 Thomas Woerner - 0.1.2-3 +- bump release for functional test + +* Tue Jun 11 2019 Thomas Woerner - 0.1.2-2 +- bump release for functional test + +* Fri Jun 7 2019 Thomas Woerner - 0.1.2-1 +- update to version 0.1.2 + - Now a new Ansible Collection + - Fix gssapi requirement for OTP: It is only needed if keytab is used with + OTP now. + - Fix wrong ansible argument types + - Do not fail on textwrap for replica deployments with CA + - Ansible lint and galaxy fixes + - Disable automatic removal of replication agreements in uninstall + - Enable freeipa-trust service if adtrust is enabled + - Add support for hidden replica + - New topology managament modules + - Add support for pki_config_override + - Fix host name setup in server deployment + - Fix errors when ipaservers variable is not set + - Fix ipaclient install role length typo + - Cleanups + +* Mon May 6 2019 Thomas Woerner - 0.1.1-1 +- Initial package