mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
Merge pull request #1222 from t-woerner/ipaserver_use_IPAChangeConf_and_realm_to_ldapi_uri
ipaserver_prepare: Properly create IPA_DEFAULT_CONF
This commit is contained in:
Rafael Guterres Jeffman
GitHub
@@ -226,7 +226,8 @@ from ansible.module_utils.ansible_ipa_server import (
|
||||
redirect_stdout, adtrust, api, default_subject_base,
|
||||
default_ca_subject_dn, ipautil, installutils, ca, kra, dns,
|
||||
get_server_ip_address, no_matching_interface_for_ip_address_warning,
|
||||
services, logger, tasks, update_hosts_file, ScriptError
|
||||
services, logger, tasks, update_hosts_file, ScriptError, IPAChangeConf,
|
||||
realm_to_ldapi_uri
|
||||
)
|
||||
|
||||
|
||||
@@ -365,6 +366,11 @@ def main():
|
||||
fstore = sysrestore.FileStore(paths.SYSRESTORE)
|
||||
sstore = sysrestore.StateFile(paths.SYSRESTORE)
|
||||
|
||||
domain_name = options.domain_name
|
||||
realm_name = options.realm_name
|
||||
host_name = options.host_name
|
||||
setup_ca = options.setup_ca
|
||||
|
||||
# subject_base
|
||||
if not options.subject_base:
|
||||
options.subject_base = str(default_subject_base(options.realm_name))
|
||||
@@ -391,27 +397,68 @@ def main():
|
||||
|
||||
# Create the management framework config file and finalize api
|
||||
target_fname = paths.IPA_DEFAULT_CONF
|
||||
# pylint: disable=invalid-name, consider-using-with
|
||||
fd = open(target_fname, "w")
|
||||
fd.write("[global]\n")
|
||||
fd.write("host=%s\n" % options.host_name)
|
||||
fd.write("basedn=%s\n" % ipautil.realm_to_suffix(options.realm_name))
|
||||
fd.write("realm=%s\n" % options.realm_name)
|
||||
fd.write("domain=%s\n" % options.domain_name)
|
||||
fd.write("xmlrpc_uri=https://%s/ipa/xml\n" %
|
||||
ipautil.format_netloc(options.host_name))
|
||||
fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" %
|
||||
installutils.realm_to_serverid(options.realm_name))
|
||||
if options.setup_ca:
|
||||
fd.write("enable_ra=True\n")
|
||||
fd.write("ra_plugin=dogtag\n")
|
||||
fd.write("dogtag_version=10\n")
|
||||
if realm_to_ldapi_uri is not None:
|
||||
ipaconf = IPAChangeConf("IPA Server Install")
|
||||
ipaconf.setOptionAssignment(" = ")
|
||||
ipaconf.setSectionNameDelimiters(("[", "]"))
|
||||
|
||||
xmlrpc_uri = 'https://{0}/ipa/xml'.format(
|
||||
ipautil.format_netloc(host_name))
|
||||
ldapi_uri = realm_to_ldapi_uri(realm_name)
|
||||
|
||||
# [global] section
|
||||
gopts = [
|
||||
ipaconf.setOption('host', host_name),
|
||||
ipaconf.setOption('basedn',
|
||||
ipautil.realm_to_suffix(realm_name)),
|
||||
ipaconf.setOption('realm', realm_name),
|
||||
ipaconf.setOption('domain', domain_name),
|
||||
ipaconf.setOption('xmlrpc_uri', xmlrpc_uri),
|
||||
ipaconf.setOption('ldap_uri', ldapi_uri),
|
||||
ipaconf.setOption('mode', 'production')
|
||||
]
|
||||
|
||||
if setup_ca:
|
||||
gopts.extend([
|
||||
ipaconf.setOption('enable_ra', 'True'),
|
||||
ipaconf.setOption('ra_plugin', 'dogtag'),
|
||||
ipaconf.setOption('dogtag_version', '10')
|
||||
])
|
||||
else:
|
||||
gopts.extend([
|
||||
ipaconf.setOption('enable_ra', 'False'),
|
||||
ipaconf.setOption('ra_plugin', 'None')
|
||||
])
|
||||
|
||||
opts = [
|
||||
ipaconf.setSection('global', gopts),
|
||||
{'name': 'empty', 'type': 'empty'}
|
||||
]
|
||||
|
||||
ipaconf.newConf(target_fname, opts)
|
||||
else:
|
||||
fd.write("enable_ra=False\n")
|
||||
fd.write("ra_plugin=none\n")
|
||||
fd.write("mode=production\n")
|
||||
fd.close()
|
||||
# pylint: enable=invalid-name, consider-using-with
|
||||
# pylint: disable=invalid-name, consider-using-with
|
||||
fd = open(target_fname, "w")
|
||||
fd.write("[global]\n")
|
||||
fd.write("host=%s\n" % options.host_name)
|
||||
fd.write("basedn=%s\n" % ipautil.realm_to_suffix(
|
||||
options.realm_name))
|
||||
fd.write("realm=%s\n" % options.realm_name)
|
||||
fd.write("domain=%s\n" % options.domain_name)
|
||||
fd.write("xmlrpc_uri=https://%s/ipa/xml\n" %
|
||||
ipautil.format_netloc(options.host_name))
|
||||
fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" %
|
||||
installutils.realm_to_serverid(options.realm_name))
|
||||
if options.setup_ca:
|
||||
fd.write("enable_ra=True\n")
|
||||
fd.write("ra_plugin=dogtag\n")
|
||||
fd.write("dogtag_version=10\n")
|
||||
else:
|
||||
fd.write("enable_ra=False\n")
|
||||
fd.write("ra_plugin=none\n")
|
||||
fd.write("mode=production\n")
|
||||
fd.close()
|
||||
# pylint: enable=invalid-name, consider-using-with
|
||||
|
||||
# Must be readable for everyone
|
||||
os.chmod(target_fname, 0o644)
|
||||
|
||||
@@ -44,7 +44,7 @@ __all__ = ["IPAChangeConf", "certmonger", "sysrestore", "root_logger",
|
||||
"check_available_memory", "getargspec", "get_min_idstart",
|
||||
"paths", "api", "ipautil", "adtrust_imported", "NUM_VERSION",
|
||||
"time_service", "kra_imported", "dsinstance", "IPA_PYTHON_VERSION",
|
||||
"NUM_VERSION", "SerialNumber"]
|
||||
"NUM_VERSION", "SerialNumber", "realm_to_ldapi_uri"]
|
||||
|
||||
import sys
|
||||
import logging
|
||||
@@ -121,6 +121,10 @@ try:
|
||||
)
|
||||
from ipapython.dnsutil import check_zone_overlap
|
||||
from ipapython.dn import DN
|
||||
try:
|
||||
from ipapython.ipaldap import realm_to_ldapi_uri
|
||||
except ImportError:
|
||||
realm_to_ldapi_uri = None
|
||||
try:
|
||||
from ipaclient.install import timeconf
|
||||
from ipaclient.install.client import sync_time
|
||||
|
||||
Reference in New Issue
Block a user