timorunge / ansible-freeipa-server Goto Github PK
View Code? Open in Web Editor NEWFreeIPA Identity Management Server provisioning.
License: BSD 3-Clause "New" or "Revised" License
FreeIPA Identity Management Server provisioning.
License: BSD 3-Clause "New" or "Revised" License
If I'm honest I'm not entirely sure that this an issue with the playbook per se but I'm curious if anyone has run into this issue as well.
When running the 'Run the FreeIPA Server installer' task it keeps failing on this error. I've already tried to reinstall the python DNS package both using PIP and source but the issue remains. Does anyone have any idea why this might happen?
" from dns.exception import DNSException", " File \"/usr/lib/python2.7/site-packages/dns/exception.py\", line 141", " raise self.exception_class(str(exc_val)) from exc_val", " ^", "SyntaxError: invalid syntax"
Hello!
Thanks for role!
I try install freeipa to CentOS 7
Playbook
- hosts: freeipa
become: true
roles:
- timorunge.freeipa_server
Inventory
all:
children:
freeipa:
hosts:
"freeipa":
ansible_host: "xxxxx"
vars:
ansible_user: centos
Error
TASK [timorunge.freeipa_server : Install FreeIPA server pip dependencies] **************************************************************************************************************
Wednesday 30 March 2022 11:57:22 +0600 (0:03:01.297) 0:03:53.988 *******
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (3 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (2 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (1 retries left).
fatal: [freeipa]: FAILED! => changed=false
attempts: 3
cmd:
- /bin/pip2
- install
- custodia
- ipapython
- jwcrypto
- pyasn1-modules
- pyopenssl
- python-ldap
msg: |-
stdout: Requirement already satisfied (use --upgrade to upgrade): custodia in /usr/lib/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): ipapython in /usr/lib/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): jwcrypto in /usr/lib/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): pyasn1-modules in /usr/lib/python2.7/site-packages
Collecting pyopenssl
Using cached https://files.pythonhosted.org/packages/d5/9f/9c0e3288b85f907a008f9d31318b0e4de31b2f67724a8745e633741f609c/pyOpenSSL-22.0.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): python-ldap in /usr/lib64/python2.7/site-packages
Requirement already satisfied (use --upgrade to upgrade): cryptography in /usr/lib64/python2.7/site-packages (from custodia)
Requirement already satisfied (use --upgrade to upgrade): six in /usr/lib/python2.7/site-packages (from custodia)
Requirement already satisfied (use --upgrade to upgrade): requests in /usr/lib/python2.7/site-packages (from custodia)
Requirement already satisfied (use --upgrade to upgrade): cffi in /usr/lib64/python2.7/site-packages (from ipapython)
Collecting dnspython>=1.15 (from ipapython)
Using cached https://files.pythonhosted.org/packages/99/fb/e7cd35bba24295ad41abfdff30f6b4c271fd6ac70d20132fa503c3e768e0/dnspython-2.2.1.tar.gz
Complete output from command python setup.py egg_info:
/usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'
warnings.warn(msg)
error in dnspython setup command: Invalid environment marker: python_full_version >= "3.6.2"
----------------------------------------
:stderr: Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bH8zkw/dnspython/
You are using pip version 8.1.2, however version 22.0.4 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
By default, PIP is not installed on EL7 and therefore the role fails:
TASK [timorunge.freeipa_server : Install FreeIPA server pip dependencies] ******
FAILED - RETRYING: Install FreeIPA server pip dependencies (3 retries left).
FAILED - RETRYING: Install FreeIPA server pip dependencies (2 retries left).
FAILED - RETRYING: Install FreeIPA server pip dependencies (1 retries left).
fatal: [centos-7]: FAILED! => {"attempts": 3, "changed": false, "msg": "Unable to find any of pip2, pip to use. pip needs to be installed."}
My suggestion is to add python2-pip
to vars/RedHat.yml
as Python 2.x is the system-wide default for EL7, Fedora 27 and 28.
I created the PR #9 for this.
Can't install server, it seems to fail at setting the name:
fatal: [keymaster]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: float object has no element 0\n\nThe error appears to have been in '/Users/till/.ansible/roles/timorunge.freeipa_server/tasks/dependencies.yml': line 8, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n when: freeipa_server_manage_host\n- name: Add FreeIPA host entry\n ^ here\n"}
Hello! Thanks for role!
I try install and get error
Playbook
- hosts: freeipa
become: true
roles:
- timorunge.freeipa_server
Inventory
all:
children:
freeipa:
hosts:
"freeipa":
ansible_host: "xxxxx"
vars:
ansible_user: ubuntu
Error
TASK [timorunge.freeipa_server : Install FreeIPA server pip dependencies] **************************************************************************************************************
Wednesday 30 March 2022 12:16:51 +0600 (0:03:05.462) 0:04:06.222 *******
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (3 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (2 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (1 retries left).
fatal: [freeipa]: FAILED! => changed=false
attempts: 3
msg: Unable to find any of pip3 to use. pip needs to be installed.
Version
ansible [core 2.12.2]
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
Server where ansible
cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
Remote server
cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"
On systems without installed EPEL GPG key, the role aborts with the following error:
TASK [timorunge.freeipa_server : Install FreeIPA server packages] **************
FAILED - RETRYING: Install FreeIPA server packages (3 retries left).
FAILED - RETRYING: Install FreeIPA server packages (2 retries left).
FAILED - RETRYING: Install FreeIPA server packages (1 retries left).
fatal: [centos-7]: FAILED! => {"attempts": 3, "changed": false, "changes": {"installed": ["bind", "bind-dyndb-ldap", "ipa-server", "ipa-server-common", "ipa-server-dns", "ipa-server-trust-ad"]}, "msg": "\nYou have enabled checking of packages via GPG keys. This is a good thing. \nHowever, you do not have any GPG public keys installed. You need to download\nthe keys for packages you wish to install and install them.\nYou can do that by running the command:\n rpm --import public.gpg.key\n\n\nAlternatively you can specify the url to the key you would like to use\nfor a repository in the 'gpgkey' option in a repository section and yum \nwill install it for you.\n\nFor more information contact your distribution or package provider.\n\nProblem repository: epel\n", "rc": 1, "results": ["Loaded plugins: fastestmirror\n"]}
To fix this, I suggest adding a task to add the EPEL GPG key before installing the dependency packages. I created the Pull request #7 for this.
After this fix, the playbook proceeded for the CentOS 7 Vagrant box:
TASK [timorunge.freeipa_server : Add EPEL repository] **************************
ok: [centos-7]
TASK [timorunge.freeipa_server : Add EPEL GPG key] *****************************
changed: [centos-7]
TASK [timorunge.freeipa_server : Install FreeIPA server dependency packages] ***
changed: [centos-7]
...
Additional note:
Since the latest release of your Ansible role there were several commits to your master branch. Maybe creating a new release would be a good idea. :)
It would be nice to also have the option to create a CA replica, currently this needs to be done manually by leveraging the ipa-ca-install
command.
I would like to install ipa replicas using this role following the guidance here:
https://www.freeipa.org/page/V4/Replica_Setup
which says it should be possible to install a replica on an already joined machine without needing the admin credentials as long as the machine has been added to the ipaservers group already.
The current code does not allow this as the install task is skipped when /etc/ipa/default.conf is already there. It would be good to be able to override this creates check.
Tasks Install FreeIPA server dependency packages
and Install FreeIPA server packages
fail with
Version comparison: '<' not supported between instances of 'str' and 'int'
Using ansible_version.string
instead of ansible_version
fixes this.
If you like, I can make a PR
Ansible version: 2.9.13
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.