Coder Social home page Coder Social logo

timorunge / ansible-freeipa-server Goto Github PK

View Code? Open in Web Editor NEW
18.0 2.0 7.0 56 KB

FreeIPA Identity Management Server provisioning.

License: BSD 3-Clause "New" or "Revised" License

Shell 84.33% Python 15.67%
dns freeipa freeipa-server identity idm kerberos kerberos-server ldap ntp sso

ansible-freeipa-server's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

alxsey kenmoini sportsru hayer stdevel captainwasabi

ansible-freeipa-server's Issues

Python DNS issue stops installer task

If I'm honest I'm not entirely sure that this an issue with the playbook per se but I'm curious if anyone has run into this issue as well.

When running the 'Run the FreeIPA Server installer' task it keeps failing on this error. I've already tried to reinstall the python DNS package both using PIP and source but the issue remains. Does anyone have any idea why this might happen?

" from dns.exception import DNSException", " File \"/usr/lib/python2.7/site-packages/dns/exception.py\", line 141", " raise self.exception_class(str(exc_val)) from exc_val", " ^", "SyntaxError: invalid syntax"

error in dnspython setup command: Invalid environment marker: python_full_version >= "3.6.2"

Hello!
Thanks for role!
I try install freeipa to CentOS 7

Playbook

  - hosts: freeipa
    become: true
    roles:
      - timorunge.freeipa_server

Inventory

all:
  children:
    freeipa:
      hosts:
        "freeipa":
          ansible_host: "xxxxx"
  vars:
    ansible_user:  centos

Error

TASK [timorunge.freeipa_server : Install FreeIPA server pip dependencies] **************************************************************************************************************
Wednesday 30 March 2022  11:57:22 +0600 (0:03:01.297)       0:03:53.988 *******
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (3 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (2 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (1 retries left).
fatal: [freeipa]: FAILED! => changed=false
  attempts: 3
  cmd:
  - /bin/pip2
  - install
  - custodia
  - ipapython
  - jwcrypto
  - pyasn1-modules
  - pyopenssl
  - python-ldap
  msg: |-
    stdout: Requirement already satisfied (use --upgrade to upgrade): custodia in /usr/lib/python2.7/site-packages
    Requirement already satisfied (use --upgrade to upgrade): ipapython in /usr/lib/python2.7/site-packages
    Requirement already satisfied (use --upgrade to upgrade): jwcrypto in /usr/lib/python2.7/site-packages
    Requirement already satisfied (use --upgrade to upgrade): pyasn1-modules in /usr/lib/python2.7/site-packages
    Collecting pyopenssl
      Using cached https://files.pythonhosted.org/packages/d5/9f/9c0e3288b85f907a008f9d31318b0e4de31b2f67724a8745e633741f609c/pyOpenSSL-22.0.0-py2.py3-none-any.whl
    Requirement already satisfied (use --upgrade to upgrade): python-ldap in /usr/lib64/python2.7/site-packages
    Requirement already satisfied (use --upgrade to upgrade): cryptography in /usr/lib64/python2.7/site-packages (from custodia)
    Requirement already satisfied (use --upgrade to upgrade): six in /usr/lib/python2.7/site-packages (from custodia)
    Requirement already satisfied (use --upgrade to upgrade): requests in /usr/lib/python2.7/site-packages (from custodia)
    Requirement already satisfied (use --upgrade to upgrade): cffi in /usr/lib64/python2.7/site-packages (from ipapython)
    Collecting dnspython>=1.15 (from ipapython)
      Using cached https://files.pythonhosted.org/packages/99/fb/e7cd35bba24295ad41abfdff30f6b4c271fd6ac70d20132fa503c3e768e0/dnspython-2.2.1.tar.gz
        Complete output from command python setup.py egg_info:
        /usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'
          warnings.warn(msg)
        error in dnspython setup command: Invalid environment marker: python_full_version >= "3.6.2"

        ----------------------------------------

    :stderr: Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-bH8zkw/dnspython/
    You are using pip version 8.1.2, however version 22.0.4 is available.
    You should consider upgrading via the 'pip install --upgrade pip' command.

Python PIP is missing

By default, PIP is not installed on EL7 and therefore the role fails:

    TASK [timorunge.freeipa_server : Install FreeIPA server pip dependencies] ******
    FAILED - RETRYING: Install FreeIPA server pip dependencies (3 retries left).
    FAILED - RETRYING: Install FreeIPA server pip dependencies (2 retries left).
    FAILED - RETRYING: Install FreeIPA server pip dependencies (1 retries left).
fatal: [centos-7]: FAILED! => {"attempts": 3, "changed": false, "msg": "Unable to find any of pip2, pip to use.  pip needs to be installed."}

My suggestion is to add python2-pip to vars/RedHat.yml as Python 2.x is the system-wide default for EL7, Fedora 27 and 28.

I created the PR #9 for this.

Task fails

Can't install server, it seems to fail at setting the name:

fatal: [keymaster]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: float object has no element 0\n\nThe error appears to have been in '/Users/till/.ansible/roles/timorunge.freeipa_server/tasks/dependencies.yml': line 8, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n  when: freeipa_server_manage_host\n- name: Add FreeIPA host entry\n  ^ here\n"}

Unable to find any of pip3 to use. pip needs to be installed when use ansible 2.12

Hello! Thanks for role!
I try install and get error

Playbook

  - hosts: freeipa
    become: true
    roles:
      - timorunge.freeipa_server

Inventory

all:
  children:
    freeipa:
      hosts:
        "freeipa":
          ansible_host: "xxxxx"
  vars:
    ansible_user:  ubuntu

Error

TASK [timorunge.freeipa_server : Install FreeIPA server pip dependencies] **************************************************************************************************************
Wednesday 30 March 2022  12:16:51 +0600 (0:03:05.462)       0:04:06.222 *******
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (3 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (2 retries left).
FAILED - RETRYING: [freeipa]: Install FreeIPA server pip dependencies (1 retries left).
fatal: [freeipa]: FAILED! => changed=false
  attempts: 3
  msg: Unable to find any of pip3 to use.  pip needs to be installed.

Version

ansible [core 2.12.2]
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]

Server where ansible

cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"

Remote server

cat /etc/*release*
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.3 LTS"
NAME="Ubuntu"
VERSION="20.04.3 LTS (Focal Fossa)"

EPEL GPG key is not added

On systems without installed EPEL GPG key, the role aborts with the following error:

TASK [timorunge.freeipa_server : Install FreeIPA server packages] **************
FAILED - RETRYING: Install FreeIPA server packages (3 retries left).
FAILED - RETRYING: Install FreeIPA server packages (2 retries left).
FAILED - RETRYING: Install FreeIPA server packages (1 retries left).
fatal: [centos-7]: FAILED! => {"attempts": 3, "changed": false, "changes": {"installed": ["bind", "bind-dyndb-ldap", "ipa-server", "ipa-server-common", "ipa-server-dns", "ipa-server-trust-ad"]}, "msg": "\nYou have enabled checking of packages via GPG keys. This is a good thing. \nHowever, you do not have any GPG public keys installed. You need to download\nthe keys for packages you wish to install and install them.\nYou can do that by running the command:\n    rpm --import public.gpg.key\n\n\nAlternatively you can specify the url to the key you would like to use\nfor a repository in the 'gpgkey' option in a repository section and yum \nwill install it for you.\n\nFor more information contact your distribution or package provider.\n\nProblem repository: epel\n", "rc": 1, "results": ["Loaded plugins: fastestmirror\n"]}

To fix this, I suggest adding a task to add the EPEL GPG key before installing the dependency packages. I created the Pull request #7 for this.

After this fix, the playbook proceeded for the CentOS 7 Vagrant box:

TASK [timorunge.freeipa_server : Add EPEL repository] **************************
ok: [centos-7]

TASK [timorunge.freeipa_server : Add EPEL GPG key] *****************************
changed: [centos-7]

TASK [timorunge.freeipa_server : Install FreeIPA server dependency packages] ***
changed: [centos-7]
...

Additional note:
Since the latest release of your Ansible role there were several commits to your master branch. Maybe creating a new release would be a good idea. :)

Add CA replica option

It would be nice to also have the option to create a CA replica, currently this needs to be done manually by leveraging the ipa-ca-install command.

Not possible to install an ipa replica on an already joined machine as /etc/ipa/default.conf already exists

I would like to install ipa replicas using this role following the guidance here:
https://www.freeipa.org/page/V4/Replica_Setup
which says it should be possible to install a replica on an already joined machine without needing the admin credentials as long as the machine has been added to the ipaservers group already.

The current code does not allow this as the install task is skipped when /etc/ipa/default.conf is already there. It would be good to be able to override this creates check.

ansible version compare fails

Tasks Install FreeIPA server dependency packages and Install FreeIPA server packages fail with

Version comparison: '<' not supported between instances of 'str' and 'int'

Using ansible_version.string instead of ansible_version fixes this.

If you like, I can make a PR

Ansible version: 2.9.13

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.