On 08/02/2017 01:36 PM, Florence Blanc-Renaud via FreeIPA-devel wrote:
Hi all,
The first version of a new design document is available at
https://www.freeipa.org/page/V4/ClientInstallationWithAnsible
The feature will allow to deploy IPA clients using Ansible. Please
feel free to send your comments, suggestions or concerns.
Thanks,
Flo
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel(a)lists.fedorahosted.org
To unsubscribe send an email to
freeipa-devel-leave(a)lists.fedorahosted.org
Hi!
Thanks for the design. I'd like to share some thoughts.
1. I find it confusing that ipaclient module will just check the domain
and realm if it is already configured. I can imagine a situation where
an admin modifies the installargs, re-runs the playbook and expects the
changes to be applied. Unfortunately, I can't think of a good solution
for this. I wouldn't expect this behavior as a user of this module. At
the very least, this should be very well documented.
2a. I think ipaclient role should support at least Fedora, RHEL and
Debian. Do we know about any distribution specifics besides the
different package names?
2b. Since the packages names are different and we have to have
distro-specific code anyway, is there any advantage to using the
`package` module instead of `dnf`, `yum` and `apt` modules?
3. The ipaclient role state=absent could uninstall the packages by
default, but provide a variable to override this behavior.
4. I'd appreciate to see comprehensive documentation of all the options
for the modules -- similar to Ansible documentation for modules (e.g.
[1]). Some options were mentioned in the text and examples, but I'm not
sure whether the list is exhaustive and an overview of all options would
be nice.
5. Regarding the minimum version of ipa-client-install: 4.4+ has to be
supported, as that's the version in current Fedora and also in Debian.
It might be worth investigating how difficult would it be to support the
version of ipa-client-install that's in RHEL 6.9. If the complexity is
high, I wouldn't support it.
[1] -
http://docs.ansible.com/ansible/latest/service_module.html
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869