On 08/02/2017 01:36 PM, Florence Blanc-Renaud via FreeIPA-devel
wrote:
Hi
all,
The first version of a new design document is available
at https://www.freeipa.org/page/V4/ClientInstallationWithAnsible
The feature will allow to deploy IPA clients using
Ansible. Please feel free to send your comments, suggestions or
concerns.
Thanks,
Flo
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-leave@lists.fedorahosted.org
Hi!
Thanks for the design. I'd like to share some thoughts.
1. I find it confusing that ipaclient module will just check the
domain and realm if it is already configured. I can imagine a
situation where an admin modifies the installargs, re-runs the
playbook and expects the changes to be applied. Unfortunately, I
can't think of a good solution for this. I wouldn't expect this
behavior as a user of this module. At the very least, this should
be very well documented.
2a. I think ipaclient role should support at least Fedora, RHEL
and Debian. Do we know about any distribution specifics besides
the different package names?
2b. Since the packages names are different and we have to have
distro-specific code anyway, is there any advantage to using the
`package` module instead of `dnf`, `yum` and `apt` modules?
3. The ipaclient role state=absent could uninstall the packages by
default, but provide a variable to override this behavior.
4. I'd appreciate to see comprehensive documentation of all the
options for the modules -- similar to Ansible documentation for
modules (e.g. [1]). Some options were mentioned in the text and
examples, but I'm not sure whether the list is exhaustive and an
overview of all options would be nice.
5. Regarding the minimum version of ipa-client-install: 4.4+ has
to be supported, as that's the version in current Fedora and also
in Debian. It might be worth investigating how difficult would it
be to support the version of ipa-client-install that's in RHEL
6.9. If the complexity is high, I wouldn't support it.
[1] - http://docs.ansible.com/ansible/latest/service_module.html
--
Tomas Krizek
PGP: 4A8B A48C 2AED 933B D495 C509 A1FB A5F7 EF8C 4869