internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-23 09:14:43 +00:00
Code Issues Projects Releases Wiki Activity

ipaclient: Replace extras module with ssh, automount, firefox and nis modules

Browse Source 
ipaclient_extras could configure several things internally according to
provided settings. These have been ssh, sshd, automount, firefox an also
nis. The ssh and sshd configuration is now plocated in ipaclient_setup_ssh,
the automount configuration in ipaclient_setup_automount, the firefox
configuration in ipaclient_setup_firefox and the nis configuration in
ipaclient_setup_nis.

The following additional settings have been added to
roles/ipaclient/defaults/main.yml to provide the same configruation options
as ipa-client-install does:

ipaclient_no_ssh: no
ipaclient_no_sshd: no
ipaclient_no_nisdomain: no
ipaclient_configure_firefox: no
This commit is contained in:
Thomas Woerner
2019-03-21 14:06:48 +01:00
parent 7c378d9c4d
commit 4b2fc33b35
7 changed files with 404 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/ipaclient/defaults/main.yml
View File

@@ -11,6 +11,10 @@ ipaclient_on_master: no
ipaclient_no_ntp: no ipaclient_no_ntp: no
ipaclient_no_dns_lookup: no ipaclient_no_dns_lookup: no
ipaclient_ssh_trust_dns: no ipaclient_ssh_trust_dns: no
ipaclient_no_ssh: no
ipaclient_no_sshd: no
ipaclient_no_nisdomain: no
ipaclient_configure_firefox: no
### packages ### ### packages ###
ipaclient_install_packages: yes ipaclient_install_packages: yes

209
roles/ipaclient/library/ipaclient_extras.py
View File

@@ -1,209 +0,0 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_extras
short description: Configure IPA extras
description:
Configure IPA extras
options:
servers:
description: The FQDN of the IPA servers to connect to.
required: true
type: list
domain:
description: The primary DNS domain of an existing IPA deployment.
required: true
ntp:
description: Set to no to not configure and enable NTP
required: false
type: bool
default: no
force_ntpd:
description: Stop and disable any time&date synchronization services besides ntpd.
required: false
type: bool
default: no
ntp_servers:
description: The ntp servers to configure if ntp is enabled.
required: false
type: list
ssh:
description: Configure OpenSSH client
required: false
type: bool
default: yes
sssd:
description: Configure the client to use SSSD for authentication
required: false
type: bool
default: yes
trust_sshfp:
description: Configure OpenSSH client to trust DNS SSHFP records
required: false
type: bool
default: yes
sshd:
description: Configure OpenSSH server
required: false
type: bool
default: yes
automount_location:
description: Automount location
required: false
firefox:
description: Configure Firefox to use IPA domain credentials
required: false
type: bool
default: no
firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
required: false
no_nisdomain:
description: Do not configure NIS domain name
required: false
type: bool
default: no
nisdomain:
description: NIS domain name
required: false
on_master:
description: Whether the configuration is done on the master or not.
required: false
type: bool
default: no
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: IPA extras configurations
ipaclient_extras:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
'''
RETURN = '''
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
servers=dict(required=True, type='list'),
domain=dict(required=True),
ntp=dict(required=False, type='bool', default='no'),
force_ntpd=dict(required=False, type='bool', default='no'),
ntp_servers=dict(required=False, type='list'),
ssh=dict(required=False, type='bool', default='yes'),
sssd=dict(required=False, type='bool', default='yes'),
trust_sshfp=dict(required=False, type='bool', default='yes'),
sshd=dict(required=False, type='bool', default='yes'),
automount_location=dict(required=False),
firefox=dict(required=False, type='bool', default='no'),
firefox_dir=dict(required=False),
no_nisdomain=dict(required=False, type='bool', default='no'),
nisdomain=dict(required=False),
on_master=dict(required=False, type='bool', default='no'),
),
supports_check_mode = True,
)
module._ansible_debug = True
servers = module.params.get('servers')
domain = module.params.get('domain')
ntp = module.params.get('ntp')
force_ntpd = module.params.get('force_ntpd')
ntp_servers = module.params.get('ntp_servers')
ssh = module.params.get('ssh')
sssd = module.params.get('sssd')
trust_sshfp = module.params.get('trust_sshfp')
sshd = module.params.get('sshd')
automount_location = module.params.get('automount_location')
firefox = module.params.get('firefox')
firefox_dir = module.params.get('firefox_dir')
no_nisdomain = module.params.get('no_nisdomain')
nisdomain = module.params.get('nisdomain')
on_master = module.params.get('on_master')
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
options.sssd = sssd
options.trust_sshfp = trust_sshfp
options.location = automount_location
options.server = servers
options.firefox_dir = firefox_dir
options.nisdomain = nisdomain
if ntp and not on_master:
# disable other time&date services first
if force_ntpd:
ntpconf.force_ntpd(statestore)
ntpconf.config_ntp(ntp_servers, fstore, statestore)
module.log("NTP enabled")
if ssh:
configure_ssh_config(fstore, options)
if sshd:
configure_sshd_config(fstore, options)
if automount_location:
configure_automount(options)
if firefox:
configure_firefox(options, statestore, domain)
if not no_nisdomain:
if NUM_VERSION < 40500:
configure_nisdomain(options=options, domain=domain)
else:
configure_nisdomain(options=options, domain=domain,
statestore=statestore)
# Cleanup: Remove CCACHE_FILE
try:
os.remove(paths.IPA_DNS_CCACHE)
except Exception:
pass
module.exit_json(changed=True)
if __name__ == '__main__':
main()

88
roles/ipaclient/library/ipaclient_setup_automount.py Normal file
View File

@@ -0,0 +1,88 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_automount
short description: Setup automount for IPA client
description:
Setup automount for IPA client
options:
servers:
description: The FQDN of the IPA servers to connect to.
required: true
type: list
automount_location:
description: Automount location
required: false
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: IPA extras configurations
ipaclient_setup_automount:
servers: ["server1.example.com","server2.example.com"]
'''
RETURN = '''
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
servers=dict(required=True, type='list'),
sssd=dict(required=False, type='bool', default='yes'),
automount_location=dict(required=False, default=None),
),
supports_check_mode = True,
)
#os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
module._ansible_debug = True
options.servers = module.params.get('servers')
options.server = options.servers
options.sssd = module.params.get('sssd')
options.automount_location = module.params.get('automount_location')
options.location = options.automount_location
if options.automount_location:
configure_automount(options)
module.exit_json(changed=True)
if __name__ == '__main__':
main()

82
roles/ipaclient/library/ipaclient_setup_firefox.py Normal file
View File

@@ -0,0 +1,82 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_firefox
short description: Setup firefox for IPA client
description:
Setup firefox for IPA client
options:
domain:
description: The primary DNS domain of an existing IPA deployment.
required: true
firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
required: false
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: Setup firefox for IPA client
ipaclient_setup_firefox:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
firefox_dir: /usr/lib/firefox
'''
RETURN = '''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
domain=dict(required=True),
firefox_dir=dict(required=False),
),
supports_check_mode = True,
)
module._ansible_debug = True
domain = module.params.get('domain')
options.firefox_dir = module.params.get('firefox_dir')
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
configure_firefox(options, statestore, domain)
module.exit_json(changed=True)
if __name__ == '__main__':
main()

88
roles/ipaclient/library/ipaclient_setup_nis.py Normal file
View File

@@ -0,0 +1,88 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_nis
short description: Setup NIS for IPA client
description:
Setup NIS for IPA client
options:
domain:
description: The primary DNS domain of an existing IPA deployment.
required: true
nisdomain:
description: NIS domain name
required: false
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: Setup NIS for IPA client
ipaclient_setup_nis:
domain: example.com
'''
RETURN = '''
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
domain=dict(required=True),
nisdomain=dict(required=False),
),
supports_check_mode = True,
)
module._ansible_debug = True
domain = module.params.get('domain')
options.nisdomain = module.params.get('nisdomain')
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
argspec = inspect.getargspec(configure_nisdomain)
if not "statestore" in argspec.args:
# NUM_VERSION < 40500:
configure_nisdomain(options=options, domain=domain)
else:
configure_nisdomain(options=options, domain=domain,
statestore=statestore)
module.exit_json(changed=True)
if __name__ == '__main__':
main()

119
roles/ipaclient/library/ipaclient_setup_ssh.py Normal file
View File

@@ -0,0 +1,119 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_ssh
short description: Configure ssh and sshd for IPA client
description:
Configure ssh and sshd for IPA client
options:
servers:
description: The FQDN of the IPA servers to connect to.
required: true
type: list
ssh:
description: Configure OpenSSH client
required: false
type: bool
default: no
trust_sshfp:
description: Configure OpenSSH client to trust DNS SSHFP records
required: false
type: bool
default: no
sshd:
description: Configure OpenSSH server
required: false
type: bool
default: no
sssd:
description: Configure SSSD server
required: false
type: bool
default: no
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: Configure ssh and sshd for IPA client
ipaclient_setup_ssh:
servers: ["server1.example.com","server2.example.com"]
ssh: yes
sshd: yes
sssd: yes
'''
RETURN = '''
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
servers=dict(required=True, type='list'),
ssh=dict(required=False, type='bool', default='no'),
trust_sshfp=dict(required=False, type='bool', default='no'),
sshd=dict(required=False, type='bool', default='no'),
sssd=dict(required=False, type='bool', default='no'),
),
supports_check_mode = True,
)
module._ansible_debug = True
options.servers = module.params.get('servers')
options.server = options.servers
options.conf_ssh = module.params.get('ssh')
options.trust_sshfp = module.params.get('trust_sshfp')
options.conf_sshd = module.params.get('sshd')
options.sssd = module.params.get('sssd')
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
#os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
changed = False
if options.conf_ssh:
configure_ssh_config(fstore, options)
changed = True
if options.conf_sshd:
configure_sshd_config(fstore, options)
changed = True
module.exit_json(changed=changed)
if __name__ == '__main__':
main()

37
roles/ipaclient/tasks/install.yml
View File

@@ -249,23 +249,30 @@
ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}" ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}"
on_master: "{{ ipaclient_on_master }}" on_master: "{{ ipaclient_on_master }}"
- name: Install - IPA extras configuration - name: Install - Configure SSH and SSHD
ipaclient_extras: ipaclient_setup_ssh:
servers: "{{ result_ipaclient_test.servers }}" servers: "{{ result_ipaclient_test.servers }}"
sssd: "{{ result_ipaclient_test.sssd }}"
ssh: "{{ not ipaclient_no_ssh }}"
trust_sshfp: "{{ ipaclient_ssh_trust_dns }}"
sshd: "{{ not ipaclient_no_sshd }}"
- name: Install - Configure automount
ipaclient_setup_automount:
servers: "{{ result_ipaclient_test.servers }}"
sssd: "{{ result_ipaclient_test.sssd }}"
automount_location: "{{ ipaautomount_location | default(omit) }}"
- name: Install - Configure firefox
ipaclient_setup_firefox:
firefox_dir: "{{ ipaclient_firefox_dir | default(omit) }}"
when: ipaclient_configure_firefox | bool
- name: Install - Configure NIS
ipaclient_setup_nis:
domain: "{{ result_ipaclient_test.domain }}" domain: "{{ result_ipaclient_test.domain }}"
ntp_servers: "{{ result_ipaclient_test.ntp_servers }}" nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
ntp: "{{ ipaclient_ntp | default(omit) }}" when: not ipaclient_no_nisdomain | bool
on_master: "{{ ipaclient_on_master }}"
#force_ntpd: no
#sssd: yes
#ssh: yes
#trust_sshfp: yes
#sshd: yes
#automount_location:
#firefox: no
#firefox_dir:
#no_nisdomain: no
#nisdomain:
always: always:
- name: Cleanup leftover ccache - name: Cleanup leftover ccache