subject:"\[Freeipa\-users\] Re\: ansible ipa

[Freeipa-users] Re: ansible ipa_group failure

2020-03-10 Thread None via FreeIPA-users

Thank you for the PR.
Should I open a big on ansible's within for the fact that it fails with 
external=false on an existing non external group?
Monkey
 Message d'origine 
> De : Thomas Woerner via FreeIPA-users 
> À : FreeIPA users list 
> Sujet : [Freeipa-users] Re: ansible ipa_group failure
> Date : 09/03/2020 10:34:31 Europe/Brussels
> Copie à : Monkey Bizness ;
>   Thomas Woerner 
> 
> Hello,
> 
> On 3/7/20 10:21 AM, Monkey Bizness via FreeIPA-users wrote:
> > Solved it.
> that is great.
> 
> > So it appears that external: False generates the error.
> > If I omit this parameter, the role works as expected.
> > "external" is of type flag in the documentation. What is the specificity 
> of 
> > flag type?
> > The type should be bool. We also had type flag in README-group.md in 
> ansible-freeipa - I have opened a PR to fix this: 
> https://github.com/freeipa/ansible-freeipa/pull/223
> 
> > Regards
> > Monkey
> > 
> 
> Regards,
> Thomas
> 
> > On Fri, 2020-03-06 at 14:45 -0300, Rafael Jeffman via FreeIPA-users 
> wrote:
> >> Hello,
> >>
> >> There is an open issue about this: 
> >> https://github.com/ansible/ansible/issues/25660
> >>
> >> You can try ansible-freeipa (https://github.com/freeipa/ansible-freeipa), 
> 
> >> that has an idempotent ipagroup module.
> >>
> >> Regards,
> >>
> >> Rafael
> >>
> >> On Wed, Mar 4, 2020 at 9:54 AM Monkey Bizness via FreeIPA-users 
> >>  >> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
> >>> Hello,
> >>>
> >>> I am working to automate my freeipa configuration (parts of it at least) 
> and 
> >>> I hit a strange behavior.
> >>> I'm not sure if it's a bug or if i'm doing it wrong.
> >>>
> >>> When creating a user group with the ipa_group ansible role (ansible 
> 2.9.5) 
> >>> it works fine if the there are some modifications to perform or if the 
> group 
> >>> doesn't exist.
> >>> But if I run it another time, the task fails with the message "msg": 
> >>> "response group_mod: no modifications to be performed"
> >>>
> >>> It looks like the task sends a modification request with nothing to 
> modify...
> >>>
> >>> I do not see the same behavior for external groups. The tasks does 
> nothing 
> >>> as expected.
> >>>
> >>> Is it a known issue? Is there a workaround? Am I doing it wrong?
> >>>
> >>> Here is a sample of code that generates the error.
> >>> ---
> >>> - name: Playbook to configure IPA clients with username/password
> >>> hosts: localhost
> >>> become: true
> >>>
> >>> tasks:
> >>> - name: "Create IPA user group"
> >>> ipa_group:
> >>> cn: "ipagroup"
> >>> external: False
> >>> state: present
> >>> validate_certs: False
> >>> ipa_host: "{{ ipaserver_host }}"
> >>> ipa_user: "{{ ipaadmin_principal }}"
> >>> ipa_pass: "{{ ipaadmin_password }}"
> >>> ...
> >>>
> >>> Thank you
> >>> Monkey
> >>> ___
> >>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 
> >>> <mailto:freeipa-users@lists.fedorahosted.org>
> >>> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.or
> g 
> >>> <mailto:freeipa-users-le...@lists.fedorahosted.org>
> >>> Fedora Code of Conduct: 
> >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> >>> List Archives: 
> >>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho
> sted.org
> >>
> >>
> >> ___
> >> FreeIPA-users mailing list --
> >> freeipa-users@lists.fedorahosted.org
> >>  <mailto:freeipa-users@lists.fedorahosted.org>
> >>
> >> To unsubscribe send an email to
> >> freeipa-users-le...@lists.fedorahosted.org
> >>  <mailto:freeipa-users-le...@lists.fedorahosted.org>
> >>
> >> Fedora Code of Conduct:
> >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >>
> >> List Guidel

[Freeipa-users] Re: ansible ipa_group failure

2020-03-09 Thread Thomas Woerner via FreeIPA-users


Hello,

On 3/7/20 10:21 AM, Monkey Bizness via FreeIPA-users wrote:

Solved it.

that is great.


So it appears that external: False generates the error.
If I omit this parameter, the role works as expected.
"external" is of type flag in the documentation. What is the specificity of 
flag type?
The type should be bool. We also had type flag in README-group.md in 
ansible-freeipa - I have opened a PR to fix this: 
https://github.com/freeipa/ansible-freeipa/pull/223



Regards
Monkey



Regards,
Thomas


On Fri, 2020-03-06 at 14:45 -0300, Rafael Jeffman via FreeIPA-users wrote:

Hello,

There is an open issue about this: 
https://github.com/ansible/ansible/issues/25660


You can try ansible-freeipa (https://github.com/freeipa/ansible-freeipa), 
that has an idempotent ipagroup module.


Regards,

Rafael

On Wed, Mar 4, 2020 at 9:54 AM Monkey Bizness via FreeIPA-users 
> wrote:

Hello,

I am working to automate my freeipa configuration (parts of it at least) and 
I hit a strange behavior.

I'm not sure if it's a bug or if i'm doing it wrong.

When creating a user group with the ipa_group ansible role (ansible 2.9.5) 
it works fine if the there are some modifications to perform or if the group 
doesn't exist.
But if I run it another time, the task fails with the message "msg": 
"response group_mod: no modifications to be performed"


It looks like the task sends a modification request with nothing to modify...

I do not see the same behavior for external groups. The tasks does nothing 
as expected.


Is it a known issue? Is there a workaround? Am I doing it wrong?

Here is a sample of code that generates the error.
---
- name: Playbook to configure IPA clients with username/password
hosts: localhost
become: true

tasks:
- name: "Create IPA user group"
ipa_group:
cn: "ipagroup"
external: False
state: present
validate_certs: False
ipa_host: "{{ ipaserver_host }}"
ipa_user: "{{ ipaadmin_principal }}"
ipa_pass: "{{ ipaadmin_password }}"
...

Thank you
Monkey
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org 

To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org 

Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org



___
FreeIPA-users mailing list --
freeipa-users@lists.fedorahosted.org
 

To unsubscribe send an email to
freeipa-users-le...@lists.fedorahosted.org
 

Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org



___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org


___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: ansible ipa_group failure

2020-03-07 Thread Rafael Jeffman via FreeIPA-users

A flag is simply a boolean (True/False, Yes/No) value. In this case, it
marks the group as external, which would accept users from trusted domains,
or not.

The error message you were receiving means that you try to modify a group
with the same configuration the group already has. This case, IMHO, should
be handled by the Ansible module.

Oh... as they did here https://github.com/ansible/ansible/pull/26282/files
and just now I realized that while the issue is open, looks like the fix
has already been merged.

Rafael

On Sat, Mar 7, 2020 at 6:23 AM Monkey Bizness via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Solved it.
> So it appears that external: False generates the error.
> If I omit this parameter, the role works as expected.
> "external" is of type flag in the documentation. What is the specificity
> of flag type?
>
> Regards
> Monkey
>
> On Fri, 2020-03-06 at 14:45 -0300, Rafael Jeffman via FreeIPA-users wrote:
>
> Hello,
>
> There is an open issue about this:
> https://github.com/ansible/ansible/issues/25660
>
> You can try ansible-freeipa (https://github.com/freeipa/ansible-freeipa),
> that has an idempotent ipagroup module.
>
> Regards,
>
> Rafael
>
> On Wed, Mar 4, 2020 at 9:54 AM Monkey Bizness via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
>
> Hello,
>
> I am working to automate my freeipa configuration (parts of it at least)
> and I hit a strange behavior.
> I'm not sure if it's a bug or if i'm doing it wrong.
>
> When creating a user group with the ipa_group ansible role (ansible 2.9.5)
> it works fine if the there are some modifications to perform or if the
> group doesn't exist.
> But if I run it another time, the task fails with the message "msg":
> "response group_mod: no modifications to be performed"
>
> It looks like the task sends a modification request with nothing to
> modify...
>
> I do not see the same behavior for external groups. The tasks does nothing
> as expected.
>
> Is it a known issue? Is there a workaround? Am I doing it wrong?
>
> Here is a sample of code that generates the error.
> ---
> - name: Playbook to configure IPA clients with username/password
> hosts: localhost
> become: true
>
> tasks:
> - name: "Create IPA user group"
> ipa_group:
> cn: "ipagroup"
> external: False
> state: present
> validate_certs: False
> ipa_host: "{{ ipaserver_host }}"
> ipa_user: "{{ ipaadmin_principal }}"
> ipa_pass: "{{ ipaadmin_password }}"
> ...
>
> Thank you
> Monkey
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
>
>
> ___
>
> FreeIPA-users mailing list --
>
> freeipa-users@lists.fedorahosted.org
>
>
> To unsubscribe send an email to
>
> freeipa-users-le...@lists.fedorahosted.org
>
>
> Fedora Code of Conduct:
>
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>
>
> List Guidelines:
>
> https://fedoraproject.org/wiki/Mailing_list_guidelines
>
>
> List Archives:
>
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>
>
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>


-- 
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: ansible ipa_group failure

2020-03-07 Thread Monkey Bizness via FreeIPA-users

Solved it.So it appears that external: False generates the error.If I
omit this parameter, the role works as expected."external" is of type
flag in the documentation. What is the specificity of flag type?
RegardsMonkey
On Fri, 2020-03-06 at 14:45 -0300, Rafael Jeffman via FreeIPA-users
wrote:
> Hello,
> 
> There is an open issue about this: 
> https://github.com/ansible/ansible/issues/25660
> 
> You can try ansible-freeipa (
> https://github.com/freeipa/ansible-freeipa), that has an idempotent
> ipagroup module.
> 
> Regards,
> 
> Rafael
> 
> 
> On Wed, Mar 4, 2020 at 9:54 AM Monkey Bizness via FreeIPA-users <
> freeipa-users@lists.fedorahosted.org> wrote:
> > Hello,
> > 
> > I am working to automate my freeipa configuration (parts of it at
> > least) and I hit a strange behavior.
> > I'm not sure if it's a bug or if i'm doing it wrong.
> > 
> > When creating a user group with the ipa_group ansible role (ansible
> > 2.9.5) it works fine if the there are some modifications to perform
> > or if the group doesn't exist.
> > But if I run it another time, the task fails with the
> > message  "msg": "response group_mod: no modifications to be
> > performed"
> > 
> > It looks like the task sends a modification request with nothing to
> > modify...
> > 
> > I do not see the same behavior for external groups. The tasks does
> > nothing as expected.
> > 
> > Is it a known issue? Is there a workaround? Am I doing it wrong?
> > 
> > Here is a sample of code that generates the error.
> > ---
> > - name: Playbook to configure IPA clients with username/password
> >   hosts: localhost
> >   become: true
> > 
> >   tasks:
> >   - name: "Create IPA user group"
> > ipa_group:
> >   cn: "ipagroup"
> >   external: False
> >   state: present
> >   validate_certs: False
> >   ipa_host: "{{ ipaserver_host }}"
> >   ipa_user: "{{ ipaadmin_principal }}"
> >   ipa_pass: "{{ ipaadmin_password }}"
> > ...
> > 
> > Thank you
> > Monkey
> > ___
> > 
> > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> > 
> > To unsubscribe send an email to 
> > freeipa-users-le...@lists.fedorahosted.org
> > 
> > Fedora Code of Conduct: 
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > 
> > List Guidelines: 
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > 
> > List Archives: 
> > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> > 
> 
> 
> ___FreeIPA-users mailing
> list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to 
> freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: 
> https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: ansible ipa_group failure

2020-03-06 Thread Rafael Jeffman via FreeIPA-users

Hello,

There is an open issue about this:
https://github.com/ansible/ansible/issues/25660

You can try ansible-freeipa (https://github.com/freeipa/ansible-freeipa),
that has an idempotent ipagroup module.

Regards,

Rafael

On Wed, Mar 4, 2020 at 9:54 AM Monkey Bizness via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hello,
>
> I am working to automate my freeipa configuration (parts of it at least)
> and I hit a strange behavior.
> I'm not sure if it's a bug or if i'm doing it wrong.
>
> When creating a user group with the ipa_group ansible role (ansible 2.9.5)
> it works fine if the there are some modifications to perform or if the
> group doesn't exist.
> But if I run it another time, the task fails with the message "msg":
> "response group_mod: no modifications to be performed"
>
> It looks like the task sends a modification request with nothing to
> modify...
>
> I do not see the same behavior for external groups. The tasks does nothing
> as expected.
>
> Is it a known issue? Is there a workaround? Am I doing it wrong?
>
> Here is a sample of code that generates the error.
> ---
> - name: Playbook to configure IPA clients with username/password
> hosts: localhost
> become: true
>
> tasks:
> - name: "Create IPA user group"
> ipa_group:
> cn: "ipagroup"
> external: False
> state: present
> validate_certs: False
> ipa_host: "{{ ipaserver_host }}"
> ipa_user: "{{ ipaadmin_principal }}"
> ipa_pass: "{{ ipaadmin_password }}"
> ...
>
> Thank you
> Monkey
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>


-- 
Rafael Guterres Jeffman
Senior Software Engineer
FreeIPA - Red Hat
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: ansible ipa_group failure

[Freeipa-users] Re: ansible ipa_group failure

[Freeipa-users] Re: ansible ipa_group failure

[Freeipa-users] Re: ansible ipa_group failure

[Freeipa-users] Re: ansible ipa_group failure

5 matches

Site Navigation

Mail list logo

Footer information