From 50a1c2f9cdabb90c8882e3ec4ab7a49be10a1ec3 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 30 Mar 2020 14:37:46 +0200 Subject: [PATCH 1/7] utils/build-galaxy-release: Do not add release tag to version for galaxy Galaxy does not like the use of the extra "-1" release tag. Fixes: #236 (Can't install via Galaxy) --- utils/build-galaxy-release.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/build-galaxy-release.sh b/utils/build-galaxy-release.sh index fc6bcdd6..3ace6376 100644 --- a/utils/build-galaxy-release.sh +++ b/utils/build-galaxy-release.sh @@ -1,7 +1,7 @@ #!/bin/bash galaxy_version=$(git describe --tags | sed -e "s/^v//") -echo $galaxy_version | grep "-" -q || galaxy_version="${galaxy_version}-1" +echo $galaxy_version | grep "-" -q || galaxy_version="${galaxy_version}" sed -i -e "s/version: .*/version: \"$galaxy_version\"/" galaxy.yml find . -name "*~" -exec rm {} \; From a972beb484874fd0dd39a6bcdcfaad38c0ab56a1 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 30 Mar 2020 14:55:50 +0200 Subject: [PATCH 2/7] ipaserver docs: Calm down module linter The use of "default: idstart+199999" in the description of the idmax parameter was resulting in the galaxy import error: Cannot parse "DOCUMENTATION": mapping values are not allowed here in "", line 52, column 58: ... value for the IDs range (default: idstart+199999) The ":" has simply been removed to fix this issue. --- roles/ipaserver/library/ipaserver_set_ds_password.py | 2 +- roles/ipaserver/library/ipaserver_setup_ca.py | 2 +- roles/ipaserver/library/ipaserver_setup_ds.py | 2 +- roles/ipaserver/library/ipaserver_setup_http.py | 2 +- roles/ipaserver/library/ipaserver_setup_krb.py | 2 +- roles/ipaserver/library/ipaserver_test.py | 2 +- utils/gen_module_docs.py | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py index 164a0ac5..00773024 100644 --- a/roles/ipaserver/library/ipaserver_set_ds_password.py +++ b/roles/ipaserver/library/ipaserver_set_ds_password.py @@ -58,7 +58,7 @@ options: description: The starting value for the IDs range (default random) required: no idmax: - description: The max value for the IDs range (default: idstart+199999) + description: The max value for the IDs range (default idstart+199999) required: no no_hbac_allow: description: Don't install allow_all HBAC rule diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py index 524d1aa9..faaf6601 100644 --- a/roles/ipaserver/library/ipaserver_setup_ca.py +++ b/roles/ipaserver/library/ipaserver_setup_ca.py @@ -79,7 +79,7 @@ options: description: The starting value for the IDs range (default random) required: no idmax: - description: The max value for the IDs range (default: idstart+199999) + description: The max value for the IDs range (default idstart+199999) required: no no_hbac_allow: description: Don't install allow_all HBAC rule diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py index 7e327405..fc49d62a 100644 --- a/roles/ipaserver/library/ipaserver_setup_ds.py +++ b/roles/ipaserver/library/ipaserver_setup_ds.py @@ -55,7 +55,7 @@ options: description: The starting value for the IDs range (default random) required: no idmax: - description: The max value for the IDs range (default: idstart+199999) + description: The max value for the IDs range (default idstart+199999) required: no no_hbac_allow: description: Don't install allow_all HBAC rule diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py index 0518d088..f5479f5d 100644 --- a/roles/ipaserver/library/ipaserver_setup_http.py +++ b/roles/ipaserver/library/ipaserver_setup_http.py @@ -111,7 +111,7 @@ options: description: The starting value for the IDs range (default random) required: no idmax: - description: The max value for the IDs range (default: idstart+199999) + description: The max value for the IDs range (default idstart+199999) required: no domainlevel: description: The domain level diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py index 06256ff1..d8671467 100644 --- a/roles/ipaserver/library/ipaserver_setup_krb.py +++ b/roles/ipaserver/library/ipaserver_setup_krb.py @@ -98,7 +98,7 @@ options: description: The starting value for the IDs range (default random) required: no idmax: - description: The max value for the IDs range (default: idstart+199999) + description: The max value for the IDs range (default idstart+199999) required: no no_reverse: description: Do not create new reverse DNS zone diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py index 822efb89..71afabcf 100644 --- a/roles/ipaserver/library/ipaserver_test.py +++ b/roles/ipaserver/library/ipaserver_test.py @@ -79,7 +79,7 @@ options: description: The starting value for the IDs range (default random) required: yes idmax: - description: The max value for the IDs range (default: idstart+199999) + description: The max value for the IDs range (default idstart+199999) required: yes no_pkinit: description: Disable pkinit setup steps diff --git a/utils/gen_module_docs.py b/utils/gen_module_docs.py index a09a6530..4994a346 100644 --- a/utils/gen_module_docs.py +++ b/utils/gen_module_docs.py @@ -120,7 +120,7 @@ param_docs = { "allow_zone_overlap": "Create DNS zone even if it already exists", "skip_conncheck": "Skip connection check to remote master", "idstart": "The starting value for the IDs range (default random)", - "idmax": "The max value for the IDs range (default: idstart+199999)", + "idmax": "The max value for the IDs range (default idstart+199999)", "no_hbac_allow": "Don't install allow_all HBAC rule", "domainlevel": "The domain level", "external_ca_type": "Type of the external CA", From 2712e39bc4c055a3cc7174354cccffdb8caee5f3 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Mon, 30 Mar 2020 16:14:12 +0200 Subject: [PATCH 3/7] galaxy.yml: Add system tag --- galaxy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/galaxy.yml b/galaxy.yml index 9740ba3d..e379f686 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -18,6 +18,7 @@ license_file: "COPYING" dependencies: tags: + - "system" - "identity" - "ipa" - "freeipa" From ffd8585d19a8ac2459f9519141ef50e5b9521254 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 2 Apr 2020 10:48:53 +0200 Subject: [PATCH 4/7] ipareplica_setup_kra: Remove unused ccache parameter The installer_ccache parameter is used in the module. The ccache parameter was only set, but not used at all. --- roles/ipareplica/library/ipareplica_setup_kra.py | 8 -------- roles/ipareplica/tasks/install.yml | 1 - 2 files changed, 9 deletions(-) diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py index 8e7b5f6f..3149c104 100644 --- a/roles/ipareplica/library/ipareplica_setup_kra.py +++ b/roles/ipareplica/library/ipareplica_setup_kra.py @@ -96,9 +96,6 @@ options: config_master_host_name: description: The config master_host_name setting required: no - ccache: - description: The local ccache - required: no installer_ccache: description: The installer ccache setting required: no @@ -172,7 +169,6 @@ def main(): # additional server=dict(required=True), config_master_host_name=dict(required=True), - ccache=dict(required=True), installer_ccache=dict(required=True), _ca_enabled=dict(required=False, type='bool'), _kra_enabled=dict(required=False, type='bool'), @@ -232,8 +228,6 @@ def main(): # additional options.server = ansible_module.params.get('server') master_host_name = ansible_module.params.get('config_master_host_name') - ccache = ansible_module.params.get('ccache') - # os.environ['KRB5CCNAME'] = ccache os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache') installer._ccache = ansible_module.params.get('installer_ccache') ca_enabled = ansible_module.params.get('_ca_enabled') @@ -268,8 +262,6 @@ def main(): remote_api = gen_remote_api(master_host_name, paths.ETC_IPA) installer._remote_api = remote_api - # ccache = os.environ['KRB5CCNAME'] - with redirect_stdout(ansible_log): ansible_log.debug("-- INSTALL KRA --") diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml index 3345beba..fe81a4d1 100644 --- a/roles/ipareplica/tasks/install.yml +++ b/roles/ipareplica/tasks/install.yml @@ -606,7 +606,6 @@ server: "{{ result_ipareplica_test.server }}" config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}" - ccache: "{{ result_ipareplica_prepare.ccache }}" installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}" _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}" _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}" From cd5429a5345dbada6ab2120d55ca43a743c86610 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 2 Apr 2020 10:50:41 +0200 Subject: [PATCH 5/7] ipareplica_setup_krb: krb is assigned to but never used krb was set, but not used afterwards. Therefore it can be removed. --- roles/ipareplica/library/ipareplica_setup_krb.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py index 0671df8b..7763f76f 100644 --- a/roles/ipareplica/library/ipareplica_setup_krb.py +++ b/roles/ipareplica/library/ipareplica_setup_krb.py @@ -155,19 +155,19 @@ def main(): with redirect_stdout(ansible_log): argspec = inspect.getargspec(install_krb) if "promote" in argspec.args: - krb = install_krb( + install_krb( config, setup_pkinit=not options.no_pkinit, pkcs12_info=pkinit_pkcs12_info, promote=promote) else: if "fstore" not in argspec.args: - krb = install_krb( + install_krb( config, setup_pkinit=not options.no_pkinit, pkcs12_info=pkinit_pkcs12_info) else: - krb = install_krb( + install_krb( config, setup_pkinit=not options.no_pkinit, pkcs12_info=pkinit_pkcs12_info, From 57d407f15fe469382051beb7558e5b835acb635f Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 2 Apr 2020 11:26:32 +0200 Subject: [PATCH 6/7] utils/*galaxy*: Make galaxy scripts more generic The namespace and colleciton name have been hard coded. Now variables are used for them. The project prefix and collection prefix are now passed to galaxyify-playbook.py. --- utils/build-galaxy-release.sh | 21 ++++++++++++--------- utils/galaxyify-playbook.py | 20 +++++++++++--------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/utils/build-galaxy-release.sh b/utils/build-galaxy-release.sh index 3ace6376..0482ffd1 100644 --- a/utils/build-galaxy-release.sh +++ b/utils/build-galaxy-release.sh @@ -1,36 +1,40 @@ #!/bin/bash +namespace="freeipa" +collection="ansible_freeipa" +collection_prefix="${namespace}.${collection}" + galaxy_version=$(git describe --tags | sed -e "s/^v//") echo $galaxy_version | grep "-" -q || galaxy_version="${galaxy_version}" sed -i -e "s/version: .*/version: \"$galaxy_version\"/" galaxy.yml find . -name "*~" -exec rm {} \; -sed -i -e "s/ansible.module_utils.ansible_freeipa_module/ansible_collections.freeipa.ansible_freeipa.plugins.module_utils.ansible_freeipa_module/" plugins/modules/*.py +sed -i -e "s/ansible.module_utils.ansible_freeipa_module/ansible_collections.${collection_prefix}.plugins.module_utils.ansible_freeipa_module/" plugins/modules/*.py cd plugins/module_utils && { - ln -s ../../roles/ipa*/module_utils/*.py . + ln -s ../../roles/*/module_utils/*.py . cd ../.. } cd plugins/modules && { - sed -i -e "s/ansible.module_utils.ansible_ipa_/ansible_collections.freeipa.ansible_freeipa.plugins.module_utils.ansible_ipa_/" ../../roles/ipa*/library/*.py - ln -s ../../roles/ipa*/library/*.py . + sed -i -e "s/ansible.module_utils.ansible_ipa_/ansible_collections.${collection_prefix}.plugins.module_utils.ansible_ipa_/" ../../roles/*/library/*.py + ln -s ../../roles/*/library/*.py . cd ../.. } [ ! -x plugins/action_plugins ] && mkdir plugins/action_plugins cd plugins/action_plugins && { - ln -s ../../roles/ipa*/action_plugins/*.py . + ln -s ../../roles/*/action_plugins/*.py . cd ../.. } -for x in roles/ipa*/tasks/*.yml; do - python utils/galaxyify-playbook.py "$x" +for x in roles/*/tasks/*.yml; do + python utils/galaxyify-playbook.py "$x" "ipa" "$collection_prefix" done for x in $(find playbooks -name "*.yml" -print); do - python utils/galaxyify-playbook.py "$x" + python utils/galaxyify-playbook.py "$x" "ipa" "$collection_prefix" done #git diff @@ -43,4 +47,3 @@ rm plugins/modules/ipareplica_* rm plugins/modules/ipaclient_* rm plugins/action_plugins/ipaclient_* git reset --hard - diff --git a/utils/galaxyify-playbook.py b/utils/galaxyify-playbook.py index c2ad6209..3810ba3c 100644 --- a/utils/galaxyify-playbook.py +++ b/utils/galaxyify-playbook.py @@ -2,11 +2,14 @@ import sys import re -def galaxify_playbook(playbook_in): - p1 = re.compile('(ipa.*:)$') - p2 = re.compile('(.*:) (ipa.*)$') +def galaxify_playbook(playbook_in, project_prefix, collection_prefix): + p1 = re.compile('(%s.*:)$' % project_prefix) + p2 = re.compile('(.*:) (%s.*)$' % project_prefix) lines = [] + pattern1 = r'%s.\1' % collection_prefix + pattern2 = r'\1 %s.\2' % collection_prefix + with open(playbook_in) as in_f: changed = False changeable = False @@ -22,14 +25,13 @@ def galaxify_playbook(playbook_in): elif stripped.startswith("include_role:"): include_role = True elif include_role and stripped.startswith("name:"): - line = p2.sub(r'\1 freeipa.ansible_freeipa.\2', line) + line = p2.sub(pattern2, line) changed = True elif changeable and stripped.startswith("- role:"): - line = p2.sub(r'\1 freeipa.ansible_freeipa.\2', line) + line = p2.sub(pattern2, line) changed = True - elif changeable and not stripped.startswith( - "freeipa.ansible_freeipa."): - line = p1.sub(r'freeipa.ansible_freeipa.\1', line) + elif changeable and not stripped.startswith(collection_prefix): + line = p1.sub(pattern1, line) changed = True lines.append(line) @@ -40,4 +42,4 @@ def galaxify_playbook(playbook_in): out_f.write(line) -galaxify_playbook(sys.argv[1]) +galaxify_playbook(sys.argv[1], sys.argv[2], sys.argv[3]) From 3a37325a3655227d2e555afef7db6d796e324e10 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 2 Apr 2020 14:46:54 +0200 Subject: [PATCH 7/7] galaxyfy-playbook.py: Fixed script name The old name was galaxyify-playbook.py instead of galaxyfy-playbook.py --- utils/build-galaxy-release.sh | 4 ++-- utils/{galaxyify-playbook.py => galaxyfy-playbook.py} | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename utils/{galaxyify-playbook.py => galaxyfy-playbook.py} (100%) diff --git a/utils/build-galaxy-release.sh b/utils/build-galaxy-release.sh index 0482ffd1..f6e55a9d 100644 --- a/utils/build-galaxy-release.sh +++ b/utils/build-galaxy-release.sh @@ -30,11 +30,11 @@ cd plugins/action_plugins && { } for x in roles/*/tasks/*.yml; do - python utils/galaxyify-playbook.py "$x" "ipa" "$collection_prefix" + python utils/galaxyfy-playbook.py "$x" "ipa" "$collection_prefix" done for x in $(find playbooks -name "*.yml" -print); do - python utils/galaxyify-playbook.py "$x" "ipa" "$collection_prefix" + python utils/galaxyfy-playbook.py "$x" "ipa" "$collection_prefix" done #git diff diff --git a/utils/galaxyify-playbook.py b/utils/galaxyfy-playbook.py similarity index 100% rename from utils/galaxyify-playbook.py rename to utils/galaxyfy-playbook.py