internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-03-26 21:33:05 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #643 from t-woerner/ipaclient_nss_nosssd_files

Browse Source 
ipaclient_setup_nss: Use proper nosssd_files list
This commit is contained in:
Rafael Guterres Jeffman
2021-09-25 19:25:12 -03:00
committed by GitHub
parent 116398608f 60ff782a7e
commit 3fefaadff4
4 changed files with 34 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
roles/ipaclient/library/ipaclient_setup_nss.py
View File

@@ -111,6 +111,11 @@ options:
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
required: yes
nosssd_files:
description: >
The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
required: yes
type: dict
author:
- Thomas Woerner
'''
@@ -143,7 +148,7 @@ from ansible.module_utils.ansible_ipa_client import (
get_certs_from_ldap, DN, certstore, x509, logger, certdb,
CalledProcessError, tasks, client_dns, configure_certmonger, services,
update_ssh_keys, save_state, configure_ldap_conf, configure_nslcd_conf,
nosssd_files, configure_openldap_conf, hardcode_ldap_server
configure_openldap_conf, hardcode_ldap_server
)
@@ -174,6 +179,7 @@ def main():
permit=dict(required=False, type='bool'),
no_krb5_offline_passwords=dict(required=False, type='bool'),
no_dns_sshfp=dict(required=False, type='bool', default=False),
nosssd_files=dict(required=True, type='dict'),
),
supports_check_mode=True,
)
@@ -221,7 +227,9 @@ def main():
options.no_sssd = False
options.sssd = not options.no_sssd
options.no_ac = False
nosssd_files = module.params.get('nosssd_files')
# pylint: disable=invalid-name
CCACHE_FILE = paths.IPA_DNS_CCACHE
api.bootstrap(context='cli_installer',
@@ -311,6 +319,7 @@ def main():
except Exception:
pass
# pylint: disable=deprecated-method
argspec_save_state = inspect.getargspec(save_state)
# Name Server Caching Daemon. Disable for SSSD, use otherwise
@@ -374,6 +383,7 @@ def main():
if not options.no_ac:
# Modify nsswitch/pam stack
# pylint: disable=deprecated-method
argspec = inspect.getargspec(tasks.modify_nsswitch_pam_stack)
if "sudo" in argspec.args:
tasks.modify_nsswitch_pam_stack(

14
roles/ipaclient/library/ipaclient_test.py
View File

@@ -186,6 +186,10 @@ ipa_python_version:
returned: always
type: int
sample: 040400
nosssd_files:
description: >
The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
type: list
'''
import os
@@ -248,7 +252,7 @@ def get_ipa_conf():
"""
parser = RawConfigParser()
parser.read(paths.IPA_DEFAULT_CONF)
result = dict()
result = {}
for item in ['basedn', 'realm', 'domain', 'server', 'host', 'xmlrpc_uri']:
if parser.has_option('global', item):
value = parser.get('global', item)
@@ -336,6 +340,7 @@ def main():
validate_domain_name(options.domain_name)
if options.realm_name:
# pylint: disable=deprecated-method
argspec = inspect.getargspec(validate_domain_name)
if "entity" in argspec.args:
# NUM_VERSION >= 40690:
@@ -457,7 +462,7 @@ def main():
# global variables
hostname = None
hostname_source = None
nosssd_files = None
nosssd_files = {}
dnsok = False
cli_domain = None
cli_server = None
@@ -573,7 +578,6 @@ def main():
rval=CLIENT_INSTALL_ERROR)
(nssldap_installed, nosssd_files) = nssldap_exists()
(nssldap_installed, __temp) = nssldap_exists()
if not nssldap_installed:
raise ScriptError(
"One of these packages must be installed: nss_ldap or "
@@ -617,6 +621,7 @@ def main():
rval=CLIENT_INSTALL_ERROR)
# Create the discovery instance
# pylint: disable=invalid-name
ds = ipadiscovery.IPADiscovery()
ret = ds.search(
@@ -926,7 +931,8 @@ def main():
ntp_servers=options.ntp_servers,
ntp_pool=options.ntp_pool,
client_already_configured=client_already_configured,
ipa_python_version=IPA_PYTHON_VERSION)
ipa_python_version=IPA_PYTHON_VERSION,
nosssd_files=nosssd_files)
if __name__ == '__main__':

20
roles/ipaclient/module_utils/ansible_ipa_client.py
View File

@@ -40,7 +40,7 @@ __all__ = ["gssapi", "version", "ipadiscovery", "api", "errors", "x509",
"configure_openldap_conf", "hardcode_ldap_server",
"get_certs_from_ldap", "save_state", "create_ipa_nssdb",
"configure_nisdomain", "configure_ldap_conf",
"configure_nslcd_conf", "nosssd_files", "configure_ssh_config",
"configure_nslcd_conf", "configure_ssh_config",
"configure_sshd_config", "configure_automount",
"configure_firefox", "sync_time", "check_ldap_conf",
"sssd_enable_ifp"]
@@ -64,12 +64,14 @@ else:
else:
IPA_PYTHON_VERSION = NUM_VERSION
# pylint: disable=invalid-name,useless-object-inheritance
class installer_obj(object):
def __init__(self):
pass
def set_logger(self, logger):
self.logger = logger
# pylint: disable=attribute-defined-outside-init
def set_logger(self, _logger):
self.logger = _logger
# def __getattribute__(self, attr):
# value = super(installer_obj, self).__getattribute__(attr)
@@ -97,13 +99,14 @@ else:
installer = installer_obj()
# Create options
options = installer
# pylint: disable=attribute-defined-outside-init
options.interactive = False
options.unattended = not options.interactive
if NUM_VERSION >= 40400:
# IPA version >= 4.4
import sys
# import sys
import inspect
import gssapi
import logging
@@ -166,7 +169,7 @@ else:
CLIENT_ALREADY_CONFIGURED, nssldap_exists, remove_file, \
check_ip_addresses, print_port_conf_info, configure_ipa_conf, \
purge_host_keytab, configure_sssd_conf, configure_ldap_conf, \
configure_nslcd_conf, nosssd_files
configure_nslcd_conf
get_ca_cert = None
except ImportError:
# Create temporary copy of ipa-client-install script (as
@@ -193,6 +196,7 @@ else:
shutil.rmtree(temp_dir, ignore_errors=True)
sys.path.remove(temp_dir)
# pylint: disable=deprecated-method
argspec = inspect.getargspec(
ipa_client_install.configure_krb5_conf)
if argspec.keywords is None:
@@ -200,6 +204,7 @@ else:
cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
filename, client_domain, client_hostname, force=False,
configure_sssd=True):
# pylint: disable=global-statement
global options
options.force = force
options.sssd = configure_sssd
@@ -236,13 +241,12 @@ else:
if len(argspec.args) == 3:
configure_nisdomain = ipa_client_install.configure_nisdomain
else:
def configure_nisdomain(options, domain, statestore=None):
return ipa_client_install.configure_nisdomain(options,
def configure_nisdomain(_options, domain, _statestore=None):
return ipa_client_install.configure_nisdomain(_options,
domain)
configure_ldap_conf = ipa_client_install.configure_ldap_conf
configure_nslcd_conf = ipa_client_install.configure_nslcd_conf
nosssd_files = ipa_client_install.nosssd_files
configure_ssh_config = ipa_client_install.configure_ssh_config
configure_sshd_config = ipa_client_install.configure_sshd_config

1
roles/ipaclient/tasks/install.yml
View File

@@ -329,6 +329,7 @@
"{{ ipassd_no_krb5_offline_passwords
| default(ipasssd_no_krb5_offline_passwords) }}"
no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
nosssd_files: "{{ result_ipaclient_test.nosssd_files }}"
- name: Install - Configure SSH and SSHD
ipaclient_setup_ssh: