Ansible for IPA

action_plugins/ipahost.py

@@ -0,0 +1,77 @@
+# Authors:
+#   Florence Blanc-Renaud <frenaud@redhat.com>
+#
+# Copyright (C) 2017  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import os
+
+from ansible.errors import AnsibleError
+from ansible.module_utils._text import to_native
+from ansible.plugins.action import ActionBase
+
+class ActionModule(ActionBase):
+    def run(self, tmp=None, task_vars=None):
+        """
+        handler for file transfer operations
+
+        ipa* commands can either provide a password or a keytab file
+        in order to authenticate on the managed node with Kerberos.
+        When a keytab is provided, it needs to be copied from the control
+        node to the managed node.
+        This Action Module performs the copy when needed.
+        """
+
+        if task_vars is None:
+            task_vars = dict()
+
+        result = super(ActionModule, self).run(tmp, task_vars)
+        keytab = self._task.args.get('keytab', None)
+        password = self._task.args.get('password', None)
+
+        if (keytab is None and password is None):
+            result['failed'] = True
+            result['msg'] = "keytab or password is required"
+            return result
+
+        # If password is supplied, just need to execute the module
+        if password:
+            result.update(self._execute_module(task_vars=task_vars))
+            return result
+
+        # Password not supplied, need to transfer the keytab file
+        # Check if the source keytab exists
+        try:
+            keytab = self._find_needle('files', keytab)
+        except AnsibleError as e:
+            result['failed'] = True
+            result['msg'] = to_native(e)
+            return result
+
+        # Create the remote tmp dir
+        tmp = self._make_tmp_path()
+        tmp_keytab = self._connection._shell.join_path(
+            tmp, os.path.basename(keytab))
+        self._transfer_file(keytab, tmp_keytab)
+        self._fixup_perms2((tmp, tmp_keytab))
+
+        new_module_args = self._task.args.copy()
+        new_module_args.update(dict(keytab=tmp_keytab))
+
+        # Execute module
+        result.update(self._execute_module(module_args=new_module_args, task_vars=task_vars))
+        self._remove_tmp_path(tmp)
+        return result