diff --git a/.ansible-freeipa.metadata b/.ansible-freeipa.metadata new file mode 100644 index 0000000..5601de3 --- /dev/null +++ b/.ansible-freeipa.metadata @@ -0,0 +1 @@ +7f143f7b2263b6de41c41bba9aea905d17242efb SOURCES/ansible-freeipa-1.6.3.tar.gz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..408ad4f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/ansible-freeipa-1.6.3.tar.gz diff --git a/SPECS/ansible-freeipa.spec b/SPECS/ansible-freeipa.spec new file mode 100644 index 0000000..005ca88 --- /dev/null +++ b/SPECS/ansible-freeipa.spec @@ -0,0 +1,404 @@ +# Turn off automatic python byte compilation because these are Ansible +# roles and the files are transferred to the node and compiled there with +# the python version used in the node +%define __brp_python_bytecompile %{nil} + +%global python %{__python3} + +Summary: Roles and playbooks to deploy FreeIPA servers, replicas and clients +Name: ansible-freeipa +Version: 1.6.3 +Release: 1%{?dist} +URL: https://github.com/freeipa/ansible-freeipa +License: GPLv3+ +Source: https://github.com/freeipa/ansible-freeipa/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +BuildArch: noarch +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 +Requires: ansible-core +%endif + +%description +Ansible roles and playbooks to install and uninstall FreeIPA servers, replicas +and clients. Also modules management. + +Note: The Ansible playbooks and roles require a configured Ansible environment +where the Ansible nodes are reachable and are properly set up to have an IP +address and a working package manager. + +Features + +- Server, replica and client deployment +- Cluster deployments: Server, replicas and clients in one playbook +- One-time-password (OTP) support for client installation +- Repair mode for clients +- Backup and restore, also to and from controller +- Modules for automembership rule management +- Modules for automount key management +- Modules for automount location management +- Modules for automount map management +- Modules for config management +- Modules for delegation management +- Modules for dns config management +- Modules for dns forwarder management +- Modules for dns record management +- Modules for dns zone management +- Modules for group management +- Modules for hbacrule management +- Modules for hbacsvc management +- Modules for hbacsvcgroup management +- Modules for host management +- Modules for hostgroup management +- Modules for location management +- Modules for permission management +- Modules for privilege management +- Modules for pwpolicy management +- Modules for role management +- Modules for self service management +- Modules for server management +- Modules for service management +- Modules for sudocmd management +- Modules for sudocmdgroup management +- Modules for sudorule management +- Modules for topology management +- Modules for trust management +- Modules for user management +- Modules for vault management + +Supported FreeIPA Versions + +FreeIPA versions 4.6 and up are supported by all roles. + +The client role supports versions 4.4 and up, the server role is working with +versions 4.5 and up, the replica role is currently only working with versions +4.6 and up. + +Supported Distributions + +- RHEL/CentOS 7.4+ +- Fedora 26+ +- Ubuntu +- Debian 10+ (ipaclient only, no server or replica!) + +Requirements + + Controller + - Ansible version: 2.8+ (ansible-freeipa is an Ansible Collection) + - /usr/bin/kinit is required on the controller if a one time password (OTP) + is used + + Node + - Supported FreeIPA version (see above) + - Supported distribution (needed for package installation only, see above) + +Limitations + +External signed CA is now supported. But the currently needed two step process +is an issue for the processing in a simple playbook. +Work is planned to have a new method to handle CSR for external signed CAs in +a separate step before starting the server installation. + + +%package tests +Summary: ansible-freeipa tests +Requires: %{name} = %{version}-%{release} + +%description tests +ansible-freeipa tests. + +Please have a look at %{_datadir}/ansible-freeipa/requirements-tests.txt +to get the needed requrements to run the tests. + + +%prep +%setup -q +# Do not create backup files with patches + +# Fix python modules and module utils: +# - Remove shebang +# - Remove execute flag +for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do + sed -i '1{/\/usr\/bin\/python*/d;}' $i + chmod a-x $i +done + +for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \ + utils/changelog utils/ansible-doc-test; +do + sed -i '{s@/usr/bin/python*@%{python}@}' $i +done + + +%build + +%install +install -m 755 -d %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipaserver %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipaserver/README.md README-server.md +cp -rp roles/ipareplica %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipareplica/README.md README-replica.md +cp -rp roles/ipaclient %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipaclient/README.md README-client.md +cp -rp roles/ipabackup %{buildroot}%{_datadir}/ansible/roles/ +cp -rp roles/ipabackup/README.md README-backup.md +install -m 755 -d %{buildroot}%{_datadir}/ansible/plugins/ +cp -rp plugins/* %{buildroot}%{_datadir}/ansible/plugins/ + +install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa +cp requirements*.txt %{buildroot}%{_datadir}/ansible-freeipa/ +cp -rp utils %{buildroot}%{_datadir}/ansible-freeipa/ +install -m 755 -d %{buildroot}%{_datadir}/ansible-freeipa/tests +cp -rp tests %{buildroot}%{_datadir}/ansible-freeipa/ + +%files +%license COPYING +%{_datadir}/ansible/roles/ipaserver +%{_datadir}/ansible/roles/ipareplica +%{_datadir}/ansible/roles/ipaclient +%{_datadir}/ansible/roles/ipabackup +%{_datadir}/ansible/plugins/doc_fragments +%{_datadir}/ansible/plugins/module_utils +%{_datadir}/ansible/plugins/modules +%doc README*.md +%doc playbooks +%{_datadir}/ansible-freeipa/requirements.txt +%{_datadir}/ansible-freeipa/requirements-dev.txt +%{_datadir}/ansible-freeipa/utils + +%files tests +%{_datadir}/ansible-freeipa/tests +%{_datadir}/ansible-freeipa/requirements-tests.txt + +%changelog +* Thu Jan 27 2022 Thomas Woerner - 1.6.3-1 +- Update to version 1.6.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.3 + Related: RHBZ#2010622 + +* Wed Jan 26 2022 Thomas Woerner - 1.6.2-1 +- Update to version 1.6.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.2 + Related: RHBZ#2010622 + +* Fri Jan 21 2022 Thomas Woerner - 1.6.1-1 +- Update to version 1.6.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.6.0 + Related: RHBZ#2010622 +- Add module to manage automount maps + Resolves: RHBZ#2040701 +- Add module to manage automount keys + Resolves: RHBZ#2040702 + +* Wed Dec 29 2021 Thomas Woerner - 1.5.3-1 +- Update to version 1.5.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.2 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v1.5.0 + Related: RHBZ#2010622 +- automember set default group/hostgroup is missing from the automember module + Resolves: RHBZ#2021947 +- automember remove default group/hostgroup is missing from the automember + module + Resolves: RHBZ#2021952 +- automember rebuild is missing from the automember module + Resolves: RHBZ#2021954 +- automember remove orphans group/hostgroup is missing from the automember + module + Resolves: RHBZ#2021955 +- Not able to update existing automember rule description + Resolves: RHBZ#1976922 + +* Tue Oct 5 2021 Thomas Woerner - 0.4.0-1 +- Update to version 0.4.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.4.0 + Resolves: RHBZ#2010622 +- Add ability to run modules remotely + Resolves: RHBZ#2010633 +- New management module ipaautomountlocation + Resolves: RHBZ#2010643 + +* Mon Aug 16 2021 Thomas Woerner - 0.3.8-3 +- Add requirement for ansible-core + Resolves: RHBZ#1993857 +- Remove python3, pip and ansible installation from sanity test + Related: RHBZ#1993857 +- Replace json_query in tests/user/test_users_absent.yml + Resolves: RHBZ#1992997 + +* Mon Aug 09 2021 Mohan Boddu - 0.3.8-2 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Jul 15 2021 Thomas Woerner - 0.3.8-1 +- Update to version 0.3.7 and 0.3.8 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.7 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.8 + Related: RHBZ#1972178 +- automember: Verify condition keys + Resolves: RHBZ#1981713 +- automember: Fix result["failed"] issues with conditions + Resolves: RHBZ#1981713 +- automember: Fix action to be automember or member, not service + Resolves: RHBZ#1981711 + +* Thu Jun 17 2021 Thomas Woerner - 0.3.6-3 +- Apply fix for ipabackup: Use module to get IPA_BACKUP_DIR from ipaplatform + Resolves: RRBZ#1973173 + +* Mon Jun 7 2021 Thomas Woerner - 0.3.6-1 +- Update to version 0.3.6 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.6 + Resolves: RHBZ#1972178 +- ansible-freeipa-tests not in the compose + Resolves: RHBZ#1940014 +- Remove unsupported parameter for (ipapermission) module: perm_rights from + permission-present.yml + Resolves: RHBZ#1973167 +- Sample playbook included for selfservice module is incorrect + Resolves: RHBZ#1973166 +- ipa-client-install failing with error code 7(keytab: /usr/sbin/ipa-rmkeytab + returned 7) + Resolves: RHBZ#1973169 +- New management module ipaserver + Resolves: RHBZ#1973171 +- New management module ipaautomember + Resolves: RHBZ#1973172 + +* Thu Apr 15 2021 Mohan Boddu - 0.3.5-2 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Wed Mar 3 2021 Thomas Woerner - 0.3.5-1 +- Update to version 0.3.5 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.5 + +* Tue Jan 26 2021 Fedora Release Engineering - 0.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Mon Jan 18 2021 Thomas Woerner - 0.3.4-1 +- Update to version 0.3.4 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.4 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.3 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.2 + +* Wed Dec 2 2020 Thomas Woerner - 0.3.1-1 +- Update to version 0.3.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.1 +- ipabackup: Fix undefined vars for conditions in shell tasks without else + +* Tue Dec 1 2020 Thomas Woerner - 0.3.0-2 +- Ship ipabackup role for backup and restore + +* Thu Nov 26 2020 Thomas Woerner - 0.3.0-1 +- Update to version 0.3.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.3.0 + +* Fri Oct 09 2020 Thomas Woerner - 0.2.1-1 +- Update to version 0.2.1 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.1 +- Update to version 0.2.0 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.2.0 +- New tests sub package providing upstream tests +- Utils in /usr/share/ansible-freeipa/utils + +* Mon Jul 27 2020 Fedora Release Engineering - 0.1.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon Jun 15 2020 Thomas Woerner - 0.1.12-1 +- Update to version 0.1.12 bug fix only release + +* Thu Jun 11 2020 Thomas Woerner - 0.1.11-1 +- Update to version 0.1.11 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.11 + +* Mon Apr 27 2020 Thomas Woerner - 0.1.10-1 +- Update to version 0.1.10 with fixes and additional modules + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.10 + +* Mon Mar 16 2020 Thomas Woerner - 0.1.9-1 +- Update to version 0.1.8 with lots of fixes and additional modules + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.9 + +* Tue Jan 28 2020 Fedora Release Engineering - 0.1.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Dec 20 2019 Thomas Woerner - 0.1.8-1 +- Update to version 0.1.8 with lots of fixes and additional modules + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.8 + https://github.com/freeipa/ansible-freeipa/releases/tag/v0.1.7 + +* Wed Jul 24 2019 Fedora Release Engineering - 0.1.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jul 23 2019 Thomas Woerner - 0.1.6-1 +- Update to version 0.1.6 + - Lots of documentation updates in READMEs and modules + - library/ipaclient_get_otp: Enable force mode for host_add call (fixes #74) + - Flake8 and pylint reated fixes + - Fixed wrong path to CheckedIPAddress class in ipareplica_test + - Remove unused ipaserver/library/ipaserver.py + - No not use wildcard imports for modules + - ipareplica: Add support for pki_config_override + - ipareplica: Initialize dns.ip_addresses and dns.reverse_zones for dns setup + - ipareplica_prepare: Properly initialize pin and cert_name variables + - ipareplica: Fail with proper error messages + - ipaserver: Properly set settings related to pkcs12 files + - ipaclient: RawConfigParser is not always provided by six.moves.configparser + - ipaclient_setup_nss: paths.GETENT is not available before + freeipa-4.6.90.pre1 + - ipaserver_test: Initialize value from options.zonemgr + - ipareplica_setup_custodia: create_replica only available in newer releases + - ipaclient: Fix typo in dnsok assignment for ipaclient_setup_nss + - ipa[server,replica]: Set _packages_adtrust for Ubuntu + - New build script for galaxy release + - New utils script to update module docs + +* Tue Jul 9 2019 Thomas Woerner - 0.1.5-2 +- Update README-user.md: Fixed examples, new example +- ipauser example playbooks: Fixed actions, new example + +* Tue Jul 9 2019 Thomas Woerner - 0.1.5-1 +- Update to version 0.1.5 + - Support for IPA 4.8.0 + - New user management module + - New group management module + - ipaserver: Support external signed CA + - RHEL-8 specific vars files to be able to install needed modules + automatically + - ipareplica: Fixes for certmonger and kra setup + - New tests folder + - OTP related updates to README files +- Updates of version 0.1.4 + - ipatopologysegment: Use commands, not command +- Updates of version 0.1.3 + - ipaclient_test: Fix Python2 decode use with Python3 + - Fixed: #86 (AttributeError: 'str' object has no attribute 'decode') + - ipaclient_get_otp: Remove ansible_python_interpreter handling + - ipaclient: Use omit (None) for password, keytab, no string length checks + - ipaclient_join: Support to use ipaadmin_keytab without ipaclient_use_otp + - ipaclient: Report error message if ipaclient_get_otp failed + - Fixes #17 Improve how tasks manage package installation + - ipareplica: The dm password is not needed for ipareplica_master_password + - ipareplica: Use ipareplica_server if set + - ipatopologysegment: Allow domain+ca suffix, new state: checked + - Documentation updates + - Cleanups +- Update of version 0.1.2 + - Now a new Ansible Collection + - Fix gssapi requirement for OTP: It is only needed if keytab is used with + OTP now. + - Fix wrong ansible argument types + - Do not fail on textwrap for replica deployments with CA + - Ansible lint and galaxy fixes + - Disable automatic removal of replication agreements in uninstall + - Enable freeipa-trust service if adtrust is enabled + - Add support for hidden replica + - New topology managament modules + - Add support for pki_config_override + - Fix host name setup in server deployment + - Fix errors when ipaservers variable is not set + - Fix ipaclient install role length typo + - Cleanups + +* Mon May 6 2019 Thomas Woerner - 0.1.1-1 +- Initial package