puppet-freeipa issueshttps://gitlab.adullact.net/adullact/puppet-freeipa/-/issues2019-01-29T22:34:20+01:00https://gitlab.adullact.net/adullact/puppet-freeipa/-/issues/13be able to define topology2019-01-29T22:34:20+01:00Fabien Combernousbe able to define topologyCurrently, the behavior is a replicate is bind to the master. If the master is lost, the informations will not by replicated.
```mermaid
graph TD;
Master-->Replicate_1;
Master-->Replicate_2;
```
We should be able to define rep...Currently, the behavior is a replicate is bind to the master. If the master is lost, the informations will not by replicated.
```mermaid
graph TD;
Master-->Replicate_1;
Master-->Replicate_2;
```
We should be able to define replicate architecture.
```mermaid
graph TD;
Master-->Replicate_1;
Master-->Replicate_2;
Replicate_1-->Replicate_2;
```not-yet-planed-releasehttps://gitlab.adullact.net/adullact/puppet-freeipa/-/issues/25do not use master role with function hosts_as()2018-11-18T15:04:47+01:00Fabien Combernousdo not use master role with function hosts_as()Better to define following roles into nodeset :
* `ipaservera` and `master` for the SUT ipa master.
* `ipaserverb` and `agent` for the SUT ipa replica.
* `ipaclientcentos` and `agent` for SUT ipa client running centos7
* `ipaclientub...Better to define following roles into nodeset :
* `ipaservera` and `master` for the SUT ipa master.
* `ipaserverb` and `agent` for the SUT ipa replica.
* `ipaclientcentos` and `agent` for SUT ipa client running centos7
* `ipaclientubuntu` and `agent` for SUT ipa client running ubuntu1604
Then use roles `ipaservera`, `ipaserverb`, `ipaclientcentos` and ipaclientubuntu` with function `hosts_as()`.not-yet-planed-releasehttps://gitlab.adullact.net/adullact/puppet-freeipa/-/issues/50be able to promote replica as master2018-11-23T10:32:17+01:00Fabien Combernousbe able to promote replica as masterThis is usefull when master is crashed.
We need to brain storm to find the better solution to manage admin password in a secure manner This is usefull when master is crashed.
We need to brain storm to find the better solution to manage admin password in a secure manner not-yet-planed-releasehttps://gitlab.adullact.net/adullact/puppet-freeipa/-/issues/52ensure only admin defined by IAC are enabled in freeipa.2019-11-15T11:39:54+01:00Fabien Combernousensure only admin defined by IAC are enabled in freeipa.An administrator account created in GUI must be disabled during puppet run.
Only, administrators accounts defined by IAC must be enabled in freeipa node.
Perhaps the lib [python-freeipa](https://python-freeipa.readthedocs.io/en/latest/...An administrator account created in GUI must be disabled during puppet run.
Only, administrators accounts defined by IAC must be enabled in freeipa node.
Perhaps the lib [python-freeipa](https://python-freeipa.readthedocs.io/en/latest/) can be used as programmatic interface between Puppet and FreeIPAnot-yet-planed-releasehttps://gitlab.adullact.net/adullact/puppet-freeipa/-/issues/70change puppet_admin_password does not trigger keytab update2019-11-15T11:41:12+01:00Fabien Combernouschange puppet_admin_password does not trigger keytab updateA keytab is a file containing Kerberos principals and encrypted keys (which are derived from the Kerberos password). When you change your Kerberos password, you will need to recreate keytab.
So updating `$freeipa::puppet_admin_password`...A keytab is a file containing Kerberos principals and encrypted keys (which are derived from the Kerberos password). When you change your Kerberos password, you will need to recreate keytab.
So updating `$freeipa::puppet_admin_password` should trigger keytab update.not-yet-planed-releaseFabien CombernousFabien Combernoushttps://gitlab.adullact.net/adullact/puppet-freeipa/-/issues/107change puppet_admin_password does not trigger password update2019-11-15T11:44:03+01:00Fabien Combernouschange puppet_admin_password does not trigger password updateWith puppet we describe the desired state. So change value of `puppet_admin_password` parameter should change the password on the node.With puppet we describe the desired state. So change value of `puppet_admin_password` parameter should change the password on the node.not-yet-planed-release