f04c90f4db690ec0c8bff5d6208018aaad365280 to 72453399348de5bd91f0a214bb82848719be5e4c · Mirror / Ansible FreeIPA

Commits on Source 11

Fix CA certificates iteration · 34dc7580

Alexander Bokovoy authored Mar 30, 2025

FreeIPA fix for https://pagure.io/freeipa/issue/9652

 now produces five
elements tuple when iterating over CA certificate list, the last element
being the serial number. We do not need it, so extract only the first
four elements (certificate, nickname, trusted, EKU).

The regression was introduced by FreeIPA commit
f91b677ada376034b25d50e78475237c5976770e.

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>

34dc7580

ipareplica: Don't rely on pkg_resources whenever possible · b1328ba7

Rafael Guterres Jeffman authored Apr 08, 2025

Python's module "pkg_resources" API has been deprecated in Python 3.12
and will be removed in a future release, and recent FreeIPA versions
provide a replacement for pkg_resources.parse_version.

To remove ansible-freeipa dependency on pkg_resources and not add a
dependency on the 'packaging' module, which is not available in the
standard Python distribution, we'll try to import the funcion used in
FreeIPA to parse versions, and fallback to pkg_resources when it fails.

As an equivalent class is needed, a fallback function is not provided
and execution will fail if neither the FreeIPA nor the pkg_resources
parse_version function are available.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>

b1328ba7

infra/image/shcontainer: Fix log message in container_tee · 66c0be06

Rafael Guterres Jeffman authored Apr 16, 2025



Fix a log message in function container_tee and quote the temporary
filename.

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>

66c0be06

Merge pull request #1355 from freeipa/fix_container_tee_message · 329c16f7
Thomas Woerner authored Apr 17, 2025
```
infra/image/shcontainer: Fix log message in container_tee
```
329c16f7

test container: Add DAC_READ_SEARCH capability · 2d3da2d7

Rafael Guterres Jeffman authored Apr 11, 2025

SSSD 2.10+ runs under non-privileged user 'sssd' and relies on system
capabilities to get access to certain resources like /etc/krb5.keytab.
Not having these capabilities result in SSSD not starting.

Podman has reduced the capabilities granted to containers, and to be
able to start SSSD it is needed to add DAC_READ_SEARCH back.

This patch adds file infra/images/shdefaults to store the defaults used
by ansible-freeipa shell utilities in a contral location.

See: https://github.com/containers/podman/discussions/24904#discussioncomment-11718823

Signed-off-by: Rafael Guterres Jeffman <rjeffman@redhat.com>

2d3da2d7

Merge pull request #1348 from abbra/fix-cert-iteration · edbdd3af
Thomas Woerner authored Apr 17, 2025
```
Fix CA certificates iteration
```
edbdd3af
Merge pull request #1352 from freeipa/fix_sssd_on_test_container · d1857c18
Thomas Woerner authored Apr 17, 2025
```
test container: Add DAC_READ_SEARCH capability
```
d1857c18
Merge pull request #1350 from freeipa/remove_pkg_resources · 86701caf
Thomas Woerner authored Apr 17, 2025
```
ipareplica: Don't rely on pkg_resources whenever possible
```
86701caf

infra/image/shdefaults: Add SYS_PTRACE to CAP_DEFAULTS · 43237652

Thomas Woerner authored Apr 09, 2025

Debugging is now enabled by default in the containers that are
generated with container_create. "+SYS_PTRACE" has been added to
CAP_DEFAULTS in shdefaults for this.

43237652

infra/image/shcontainer: Fix processing of multi item CAP_DEFAULTS · 638422e1

Thomas Woerner authored Apr 17, 2025

readarray expects to get an item per line to be added to the array.

Printing one item per line with printf fixes this to get the proper
formatting for "${CAP_DEFAULTS[@]}" as a valid input for readarray.

638422e1

Merge pull request #1351 from t-woerner/infra_image_start_debug · 72453399
Rafael Guterres Jeffman authored Apr 17, 2025
```
infra/image/shdefaults: Add SYS_PTRACE to CAP_DEFAULTS
```
72453399