mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-07 22:03:18 +00:00
ansible_ipa_replica: Dropped unused ds_init_info and krb_init_info functions
These functions are not used and therefore these functions have been removed.
This commit is contained in:
Thomas Woerner
@@ -326,40 +326,6 @@ def gen_ReplicaConfig():
|
||||
return config
|
||||
|
||||
|
||||
def ds_init_info(ansible_log, fstore, domainlevel, dirsrv_config_file,
|
||||
realm_name, host_name, domain_name, dm_password,
|
||||
idstart, idmax, subject_base, ca_subject,
|
||||
#no_hbac_allow,
|
||||
dirsrv_pkcs12_info, no_pkinit,
|
||||
external_cert_files, dirsrv_cert_files):
|
||||
|
||||
if not external_cert_files:
|
||||
ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel,
|
||||
config_ldif=dirsrv_config_file)
|
||||
ds.set_output(ansible_log)
|
||||
|
||||
if dirsrv_cert_files:
|
||||
_dirsrv_pkcs12_info = dirsrv_pkcs12_info
|
||||
else:
|
||||
_dirsrv_pkcs12_info = None
|
||||
|
||||
with redirect_stdout(ansible_log):
|
||||
ds.init_info(realm_name, host_name, domain_name, dm_password,
|
||||
subject_base, ca_subject, idstart, idmax,
|
||||
#hbac_allow=not no_hbac_allow,
|
||||
_dirsrv_pkcs12_info, setup_pkinit=not no_pkinit)
|
||||
else:
|
||||
ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel)
|
||||
ds.set_output(ansible_log)
|
||||
|
||||
with redirect_stdout(ansible_log):
|
||||
ds.init_info(realm_name, host_name, domain_name, dm_password,
|
||||
subject_base, ca_subject, 1101, 1100, None,
|
||||
setup_pkinit=not no_pkinit)
|
||||
|
||||
return ds
|
||||
|
||||
|
||||
def replica_ds_init_info(ansible_log,
|
||||
config, options, ca_is_configured, remote_api,
|
||||
ds_ca_subject, ca_file,
|
||||
@@ -425,109 +391,6 @@ def replica_ds_init_info(ansible_log,
|
||||
return ds
|
||||
|
||||
|
||||
def krb_init_info(ansible_log, fstore, realm_name, host_name, no_pkinit,
|
||||
subject_base):
|
||||
krb = krbinstance.KrbInstance(fstore)
|
||||
krb.set_output(ansible_log)
|
||||
with redirect_stdout(ansible_log):
|
||||
krb.init_info(realm_name, host_name, etup_pkinit=not no_pkinit,
|
||||
subject_base=subject_base)
|
||||
|
||||
|
||||
def replica_krb_init_info(ansible_log, fstore, realm_name, master_host_name,
|
||||
host_name, domain_name, admin_password,
|
||||
no_pkinit, subject_base, pkcs12_info=None):
|
||||
# promote is not needed here
|
||||
|
||||
# From replicainstall.install_krb
|
||||
krb = krbinstance.KrbInstance(fstore=fstore)
|
||||
krb.set_output(ansible_log)
|
||||
|
||||
# pkinit files
|
||||
if pkcs12_info is None:
|
||||
pkcs12_info = make_pkcs12_info(config.dir, "pkinitcert.p12",
|
||||
"pkinit_pin.txt")
|
||||
|
||||
#krb.create_replica(realm_name,
|
||||
# master_host_name, host_name,
|
||||
# domain_name, dirman_password,
|
||||
# setup_pkinit, pkcs12_info,
|
||||
# subject_base=subject_base,
|
||||
# promote=promote)
|
||||
with redirect_stdout(ansible_log):
|
||||
krb.init_info(realm_name, host_name, setup_pkinit=not no_pkinit,
|
||||
subject_base=subject_base)
|
||||
|
||||
# From ipaserver.install.krbinstance.create_replica
|
||||
|
||||
krb.pkcs12_info = pkcs12_info
|
||||
krb.subject_base = subject_base
|
||||
krb.master_fqdn = master_host_name
|
||||
krb.config_pkinit = not no_pkinit
|
||||
|
||||
#krb.__common_setup(realm_name, host_name, domain_name, admin_password)
|
||||
krb.fqdn = host_name
|
||||
krb.realm = realm_name.upper()
|
||||
krb.host = host_name.split(".")[0]
|
||||
krb.ip = socket.getaddrinfo(host_name, None, socket.AF_UNSPEC, socket.SOCK_STREAM)[0][4][0]
|
||||
krb.domain = domain_name
|
||||
krb.suffix = ipautil.realm_to_suffix(krb.realm)
|
||||
krb.kdc_password = ipautil.ipa_generate_password()
|
||||
krb.admin_password = admin_password
|
||||
krb.dm_password = admin_password
|
||||
|
||||
#krb.__setup_sub_dict()
|
||||
if os.path.exists(paths.COMMON_KRB5_CONF_DIR):
|
||||
includes = 'includedir {}'.format(paths.COMMON_KRB5_CONF_DIR)
|
||||
else:
|
||||
includes = ''
|
||||
|
||||
krb.sub_dict = dict(FQDN=krb.fqdn,
|
||||
IP=krb.ip,
|
||||
PASSWORD=krb.kdc_password,
|
||||
SUFFIX=krb.suffix,
|
||||
DOMAIN=krb.domain,
|
||||
HOST=krb.host,
|
||||
SERVER_ID=installutils.realm_to_serverid(krb.realm),
|
||||
REALM=krb.realm,
|
||||
KRB5KDC_KADM5_ACL=paths.KRB5KDC_KADM5_ACL,
|
||||
DICT_WORDS=paths.DICT_WORDS,
|
||||
KRB5KDC_KADM5_KEYTAB=paths.KRB5KDC_KADM5_KEYTAB,
|
||||
KDC_CERT=paths.KDC_CERT,
|
||||
KDC_KEY=paths.KDC_KEY,
|
||||
CACERT_PEM=paths.CACERT_PEM,
|
||||
KDC_CA_BUNDLE_PEM=paths.KDC_CA_BUNDLE_PEM,
|
||||
CA_BUNDLE_PEM=paths.CA_BUNDLE_PEM,
|
||||
INCLUDES=includes)
|
||||
|
||||
# IPA server/KDC is not a subdomain of default domain
|
||||
# Proper domain-realm mapping needs to be specified
|
||||
domain = dnsname.from_text(krb.domain)
|
||||
fqdn = dnsname.from_text(krb.fqdn)
|
||||
if not fqdn.is_subdomain(domain):
|
||||
logger.debug("IPA FQDN '%s' is not located in default domain '%s'",
|
||||
fqdn, domain)
|
||||
server_domain = fqdn.parent().to_unicode(omit_final_dot=True)
|
||||
logger.debug("Domain '%s' needs additional mapping in krb5.conf",
|
||||
server_domain)
|
||||
dr_map = " .%(domain)s = %(realm)s\n %(domain)s = %(realm)s\n" \
|
||||
% dict(domain=server_domain, realm=krb.realm)
|
||||
else:
|
||||
dr_map = ""
|
||||
krb.sub_dict['OTHER_DOMAIN_REALM_MAPS'] = dr_map
|
||||
|
||||
# Configure KEYRING CCACHE if supported
|
||||
if kernel_keyring.is_persistent_keyring_supported():
|
||||
logger.debug("Enabling persistent keyring CCACHE")
|
||||
krb.sub_dict['OTHER_LIBDEFAULTS'] = \
|
||||
" default_ccache_name = KEYRING:persistent:%{uid}\n"
|
||||
else:
|
||||
logger.debug("Persistent keyring CCACHE is not enabled")
|
||||
krb.sub_dict['OTHER_LIBDEFAULTS'] = ''
|
||||
|
||||
return krb
|
||||
|
||||
|
||||
def ansible_module_get_parsed_ip_addresses(ansible_module,
|
||||
param='ip_addresses'):
|
||||
ip_addrs = []
|
||||
|
||||
Reference in New Issue
Block a user