ansible-freeipa
ansible-freeipa copied to clipboard
freeipa
Add ipaclient support for Amazon Linux 2
Amazon Linux 2 is a RedHat-7 based distro, but reports its major version as '2'. This varfiles allows installation of the correct packages and enrollment using the ipaclient role.
The vars file for Ansible Linux 2 should not be named RedHat-2,yml. Please create a link for Ansible-2.yml pointing to RedHat-7.yml instead. Why have you set ansible_python_interpreter? Is that really needed?
Yes, unfortunately AL2 doesn't provide the ipapython python3 module in its repos. Updated the filename to the more proper name
RHEL-7 is also not providing the Python 3 IPA bindings. Only Python 2 bindings for IPA are there.
Why not only create a link from RedHat-7.yml to Amazon-2.yml?
This worked for me.
I'll be honest, I don't understand how it's supposed to work without switching to python2 if the python3 module is not available. Since the python3 module is not available in AL2's repos and the role installs the modules using yum rather than pip this role cannot work unless it's running in python2, can it?. If I remove the ansible_python_interpreter line or link it to RHEL-7.yml, it fails with ModuleNotFoundError: No module named 'ipapython', as expected. @rjeffman, did you test on a clean AL2 installation?
I would also prefer to abandon python2 for good, but I haven't been able to get this role to run in python3 on a fresh, up to date AL2 installation even with manual intervention.
Ansible should automatically use Python2 for all RHEL-7 based distributions. If this is not the case for Amazon Linux 2, then we really need that extra line and file.
Indeed, the Ansible python interpreter discovery uses /usr/bin/python3.7 on Amazon Linux 2.
@Drugantibus yes, I tested on a clean AL2 installation. What I did was:
- download AL2 cloud image
- configure IP address to static (due to my environment)
- dnf updated the distro
- deployed ipaclient
I ran it locally, with KVM/libvirt, not on Amazon cloud.