Comments (10)
cjeanner
commented on August 15, 2024
So, I've added a small snippet in order to get some debug:
- name: debug result_ipaserver_test
debug:
var: result_ipaserver_testResult is "nice":
"result_ipserver_test": {
"changed": false,
"dns_zone_exists": true,
"failed": false
}So I suspect something changed with ansible 2.7.1....
Care to have a look ? That would really be helpful - I'd rather avoid deploying my freeIPA by hand if there's an ansible way...
Thanks!
from ansible-freeipa.
t-woerner
commented on August 15, 2024
Have you changes files in the ansible-freeipa repository?
from ansible-freeipa.
cjeanner
commented on August 15, 2024
Nope, nothing - it's just a git pull right after your revert for the max_concurrent thingy.
from ansible-freeipa.
t-woerner
commented on August 15, 2024
result_ipserver_test is ok when there is a zone overlap in the given zone (domain name). But there is a check in roles/ipaserver/tasks/install.yml to end playbook processing in this case:
- meta: end_play
when: not result_ipaserver_test.changed and (result_ipaserver_test.dns_zone_exists is defined or result_ipaserver_test.client_already_configured is defined or result_ipaserver_test.server_already_configured is defined)
I do not understand why the playbook processing does not end for you. It ends for me also using ansible 2.7.1.
from ansible-freeipa.
t-woerner
commented on August 15, 2024
I will transform this end_play into a fail in this case - this is the normal installer behavior.
from ansible-freeipa.
cjeanner
commented on August 15, 2024
ok - still.... there are some issues with the way "domain" is set, apparently. I'd take the variables aren't taken at all, and this is sad, because that makes the whole role unusable if we want to integrate it in another playbook with variables set in some external files.
from ansible-freeipa.
nkinder
commented on August 15, 2024
I believe this is because you are using "example.com", which fails because that is a real domain that exists in the wild. Try using "example.test" and see if that is successful. I believe I encountered this in the past and was able to figure out that it fails because "dns_zone_exists" is true. This boolean means that the chosen DNS zone already can be found in DNS, so the install bails.
from ansible-freeipa.
nkinder
commented on August 15, 2024
@t-woerner The commit to make it fail is a good change, but it would be nice if there is a way to get a more useful failure message that explains what "dns_zone_exists: true" means. The user should be told to set an option to allow zone overlaps with options.allow_zone_overlap or to choose a different domain/realm name.
from ansible-freeipa.
cjeanner
commented on August 15, 2024
@nkinder hmm nope, I was using one of my domains that exists. In the end I ended up with my own playbook, and it's working just fine. That was easier that way, especially since I need the infra now.
And I had to pass the option to allow averlaps, of course. But there the error message was pretty clear.
Cheers,
C.
from ansible-freeipa.
t-woerner
commented on August 15, 2024
A lot of addtional tests for ipaserver_test have been added. The role is providing the same error messages as the command line installer since version 0.1.5.
from ansible-freeipa.
Related Issues (20)
- Invalid version tag in galaxy.yml HOT 3
- Ipaserver installation failed HOT 21
- ipatopologysuffix checked not working HOT 3
- `ipaidp` idempotency fails HOT 1
- [RFE] Support for monitoring certificates HOT 1
- msg: cannot import name 'kinit_password' from 'ipapython.ipautil HOT 7
- ipaclient: Configure DNS resolver always reports as changed HOT 1
- batch command support HOT 2
- [Install - Setup CA] Error
- ipareplica - the variable ipareplica_auto_forwarders=yes does not work
- ipareplica: Does not pass ipareplica_ip_addresses to client
- ipaserver: FreeIPA >= 4.12.0 fails to install HOT 5
- Bug in ipauser.py module related to certmap data HOT 1
- [ipaserver] Role does not handle company-signed LDAPS and HTTPS services
- [ipasmartcard_server] Role does not include configuration of SSLOCSPEnable and SSLProtocol in ssl.conf HOT 1
- [ipasmartcard_client] Role does not include configuration of the PAM SSH agent
- [ipasmartcard_client] Role does not enable smart card auth in cockpit configuration
- Key length - how to change HOT 3
- ipapermission gives invalid changed status in check mode and fails in execute mode
- FreeIPA server in docker container unable to use ipauser module HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-freeipa.