Closed aph3rson closed 3 months ago
Manually overwriting ipaserver_packages
and friends in my ipaserver
role args helps. 4.11.1 does not have the HSM functionality present.
I'm installing on Fedora 40, package name might differ on a different OS. See the name
arg here. I also am not installing adtrust, there's a similar variable for that that needs to be modified.
- name: Install and configure FreeIPA role
vars:
# ...
# TODO: Remove after https://github.com/freeipa/ansible-freeipa/issues/1245 is fixed.
ipaserver_packages:
- freeipa-server-4.11.1
ipaserver_packages_dns:
- freeipa-server-dns-4.11.1
ansible.builtin.include_role:
name: freeipa.ansible_freeipa.ipaserver
Yes, this is known. @t-woerner is working on a fix.
@abbra @t-woerner is there another issue I should be following, then? I searched here (and in freeipa/freeipa), didn't see anything for this specific problem.
There is IPA issue https://pagure.io/freeipa/issue/9603 about part of the problem but since some changes on the ansible-freeipa also needed, I think we can use the issue you created for tracking this work.
This should be fixed with version 1.13.2.
The PR https://github.com/freeipa/ansible-freeipa/pull/1246 is part of it.
Attempting to deploy the
freeipa.ansible_freeipa.ipaserver
role fails as-of FreeIPA 4.12.0.The following exception gets caught in the debugger during installation:
When we call the
install_check
function, theoptions
arg now expects some new parameters, which appear to be related to this commit: https://github.com/freeipa/freeipa/commit/82c0b19acce147b3f82183b561883c7ca9137403. This adds HSM-related options to the FreeIPA installer, which ansible-freeipa does not have support for.Fixes here would likely involve surfacing these arguments into the role, or setting
options.token_name
toNone
. Arguably, FreeIPA could better-handleoptions
being malformed here, but I don't know if that function is intended to be called by things that aren't FreeIPA.