Bug 2121161
| Summary: | Creating a POSIX trust agreement using 'range_type: ipa-ad-trust-posix' in ansible playbook is not honoring 'range_type' | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Alok Sharma <alsharma> | |
| Component: | ansible-freeipa | Assignee: | Thomas Woerner <twoerner> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Varun Mylaraiah <mvarun> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 8.6 | CC: | ftrivino, mjurasek, mvarun, rjeffman, tejones | |
| Target Milestone: | rc | Keywords: | Triaged, ZStream | |
| Target Release: | --- | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | Unspecified | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 2132781 2132967 (view as bug list) | Environment: | ||
| Last Closed: | 2022-10-24 07:51:47 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 2132781, 2132967 | |||
Upstream PRs: https://github.com/freeipa/ansible-freeipa/pull/808 - ipatrust: Set valid choices for trust_type. https://github.com/freeipa/ansible-freeipa/pull/810 - ipatrust: fix range_type and test enhancement. |
Description of problem: Creating a POSIX trust agreement using 'range_type: ipa-ad-trust-posix' in ansible playbook is not honoring 'range_type'. Version-Release number of selected component (if applicable): ansible-freeipa-1.6.3-1.el8.noarch ansible-core-2.12.2-4.el8_6.x86_64 How reproducible: Setting up a trust agreement using Ansible in IPA Steps to Reproduce: 1] Playbook: =========== [alok@iparh8 ansible]$ cat ad-trust.yml --- - name: Playbook to create a trust hosts: ipaserver become: true tasks: - name: ensure the trust is present ipatrust: ipaadmin_password: admin@123 realm: gsslab1.idm.global server: ad1.gsslab1.idm.global admin: Administrator password: RedHat1! range_type: ipa-ad-trust-posix state: present ============== 2. Run the playbook: ~~~~~ # ansible-playbook -v -i inventory add-trust.yml ~~~~~ Actual results: From my testbox: ======================= - With ansible: It is not honoring the posix (range_type) ----------- [alok@iparh8 ansible]$ sudo ansible-playbook ad-trust.yml -i inventory -K -k SSH password: BECOME password[defaults to SSH password]: PLAY [Playbook to create a trust] **************************************************************************************************************** TASK [Gathering Facts] *************************************************************************************************************************** ok: [10.x.y.z] TASK [ensure the trust is present] *************************************************************************************************************** changed: [10.x.y.z] PLAY RECAP *************************************************************************************************************************************** 10.x.y.z : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 [alok@iparh8 ansible]$ ipa idrange-find ---------------- 4 ranges matched ---------------- Range name: CHILD1.GSSLAB1.IDM.GLOBAL_id_range First Posix ID of the range: 1683400000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-3045475326-3888855959-3788818281 Range type: Active Directory domain range <======== Range name: GSSLAB1.IDM.GLOBAL_id_range First Posix ID of the range: 974000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 0 Domain SID of the trusted domain: S-1-5-21-1085376446-3207835317-365312986 Range type: Active Directory domain range <====== Range name: TEST8.ALOK_id_range First Posix ID of the range: 1272000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range Range name: TEST8.ALOK_subid_range First Posix ID of the range: 2147483648 Number of IDs in the range: 2147352576 First RID of the corresponding RID range: 2147283648 Domain SID of the trusted domain: S-1-5-21-738065-838566-3669934003 Range type: Active Directory domain range ---------------------------- Number of entries returned 4 ---------------------------- [alok@iparh8 ansible]$ ----------- - Manual: honoring the posix (range_type) ----------- [alok@iparh8 ansible]$ ipa trust-add --type=ad gsslab1.idm.global --admin Administrator --password --range-type=ipa-ad-trust-posix Active Directory domain administrator's password: ----------------------------------------------------------- Added Active Directory trust for realm "gsslab1.idm.global" ----------------------------------------------------------- Realm name: gsslab1.idm.global Domain NetBIOS name: IDM1 Domain Security Identifier: S-1-5-21-1085376446-3207835317-365312986 Trust direction: Trusting forest Trust type: Active Directory domain Trust status: Established and verified [alok@iparh8 ansible]$ ipa idrange-find ---------------- 3 ranges matched ---------------- Range name: GSSLAB1.IDM.GLOBAL_id_range First Posix ID of the range: 974000000 Number of IDs in the range: 200000 Domain SID of the trusted domain: S-1-5-21-1085376446-3207835317-365312986 Range type: Active Directory trust range with POSIX attributes <======= Range name: TEST8.ALOK_id_range First Posix ID of the range: 1272000000 Number of IDs in the range: 200000 First RID of the corresponding RID range: 1000 First RID of the secondary RID range: 100000000 Range type: local domain range Range name: TEST8.ALOK_subid_range First Posix ID of the range: 2147483648 Number of IDs in the range: 2147352576 First RID of the corresponding RID range: 2147283648 Domain SID of the trusted domain: S-1-5-21-738065-838566-3669934003 Range type: Active Directory domain range ---------------------------- Number of entries returned 3 ---------------------------- ----------- ======================= Expected results: Create successfully a POSIX trust agreement using ansible i.e 'range_type: ipa-ad-trust-posix'. Range type: Active Directory trust range with POSIX attributes Additional info: