Open Aethylred opened 3 days ago
Using the playbook to create a noexpire policy with a 10 year expiry period it fails with the error
noexpire
` "pwpolicy_add: noexpire: 'cospriority' is required"``
Updadint the global_policy succeeds:
global_policy
TASK [Create password policies] ******************************************************************************************************************************Tuesday 29 October 2024 03:22:59 +0000 (0:00:08.307) 0:00:14.595 ******* failed: [ipa01] (item={'name': 'noexpire', 'maxlife': 3652, 'history': 4, 'minlength': 12, 'maxfail': 5, 'failinterval': 300, 'lockouttime': 900, 'maxrepeat': 2, 'maxsequence': 2, 'usercheck': True, 'cospriority': 10}) => {"ansible_loop_var": "item", "changed": false, "item": {"cospriority": 10, "failinterval": 300, "history": 4, "lockouttime": 900, "maxfail": 5, "maxlife": 3652, "maxrepeat": 2, "maxsequence": 2, "minlength": 12, "name": "noexpire", "usercheck": true}, "msg": "pwpolicy_add: noexpire: 'cospriority' is required"} ok: [ipa01] => (item={'name': 'global_policy', 'maxlife': 730, 'history': 4, 'minlength': 12, 'maxfail': 5, 'failinterval': 300, 'lockouttime': 900, 'maxrepeat': 2, 'maxsequence': 2, 'usercheck': True})
The variable being set:
ipa_pwpolicies: - name: noexpire maxlife: 3652 history: 4 minlength: 12 maxfail: 5 failinterval: 300 lockouttime: 900 maxrepeat: 2 maxsequence: 2 usercheck: true priority: 10 - name: global_policy maxlife: 730 history: 4 minlength: 12 maxfail: 5 failinterval: 300 lockouttime: 900 maxrepeat: 2 maxsequence: 2 usercheck: true
The task being executed:
- name: Create password policies # noqa: run-once[task] freeipa.ansible_freeipa.ipapwpolicy: name: "{{ item.name }}" maxlife: "{{ item.maxlife | default(omit) }}" minlife: "{{ item.minlife | default(omit) }}" history: "{{ item.history | default(omit) }}" minlength: "{{ item.minlength | default(omit) }}" minclasses: "{{ item.minclasses | default(omit) }}" failinterval: "{{ item.failinterval | default(omit) }}" lockouttime: "{{ item.lockouttime | default(omit) }}" maxrepeat: "{{ item.maxrepeat | default(omit) }}" maxsequence: "{{ item.maxsequence | default(omit) }}" dictcheck: "{{ item.dictcheck | default(omit) }}" usercheck: "{{ item.usercheck | default(omit) }}" gracelimit: "{{ item.gracelimit | default(omit) }}" state: "{{ item.state | default(omit) }}" ipaadmin_password: "{{ vault_ipa_admin_password }}" run_once: true loop: "{{ ipa_pwpolicies }}" when: ipa_pwpolicies is defined
Ansible version:
(ansible) [super@admin01 oversite-bootstrap]$ ansible --version ansible [core 2.15.12] config file = /localhome/super/oversite-bootstrap/ansible.cfg configured module search path = ['/localhome/super/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /localhome/super/oversite-bootstrap/venvs/ansible/lib64/python3.9/site-packages/ansible ansible collection location = /localhome/super/oversite-bootstrap/ignore/collections executable location = /localhome/super/oversite-bootstrap/venvs/ansible/bin/ansible python version = 3.9.18 (main, Aug 23 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/localhome/super/oversite-bootstrap/venvs/ansible/bin/python) jinja version = 3.1.4 libyaml = True
Red Hat IdM version:
[root@ipa02 ~]# ipa --version VERSION: 4.11.0, API_VERSION: 2.253
ok, my error here, I was not passing the priority variable through to the task.
However, the documentation for ipapwpolicy does not say that the priority is a required variable.
ipapwpolicy
priority
Using the playbook to create a
noexpire
policy with a 10 year expiry period it fails with the error` "pwpolicy_add: noexpire: 'cospriority' is required"``
Updadint the
global_policy
succeeds:The variable being set:
The task being executed:
Ansible version:
Red Hat IdM version: