On 08/02/2017 01:36 PM, Florence Blanc-Renaud via FreeIPA-devel wrote:
Hi all,
The first version of a new design document is available at
https://www.freeipa.org/page/V4/ClientInstallationWithAnsible
The feature will allow to deploy IPA clients using Ansible. Please feel
free to send your comments, suggestions or concerns.
Thanks,
Flo
Thanks for design, I just read it. For now, I have just a question
regarding what is the state of communication with Ansible upstream
community, especially regarding improvement of the already developed
modules.
In the design, I see:
"
ipa_host module does not allow to create a random One-Time Password
all the IPA modules are authenticating to IPA server using principal +
password and do not support keytabs
all the IPA modules are communicating with the IPA server using the
remote JSON API instead of the Python API
These limitations argue in favor of a new ipahost module.
"
Does it mean you want to propose a parallel ipahost Ansible module for
the upstream Module Index? I would think it would be better to work with
Ansible upstream and refactor/enhance the modules that are existing in
there already, rather than fork them. The upstream Ansible modules are
in "preview" mode anyway, i.e. the interface can change.
Thanks,
Martin