internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 05:43:26 +00:00
Code Issues Projects Releases Wiki Activity

New ipareplica_enable_ipa: Use of ipaserver_enable_ipa is not possible anymore

Browse Source 
With the changes for IPA enablement in the replica installer it is not
possible anymore to enable the IPA server in the same way as in the
server deployment.

The new module ipareplica_enable_ipa has been added and the link for
ipaserver_enable_ipa has been removed.
This commit is contained in:
Thomas Woerner
2019-03-26 13:26:47 +01:00
parent 98a6e0a78c
commit 5b770ae135
3 changed files with 159 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
roles/ipareplica/library/ipareplica_enable_ipa.py Normal file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-replica-install code
#
# Copyright (C) 2018 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from __future__ import print_function
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipareplica_enable_ipa
short description:
description: Enable IPA
Enable IPA
options:
subject_base:
description: The certificate subject base (default O=<realm-name>).
required: yes
ccache:
description: The installation specific ccache file.
required: yes
_top_dir:
description: The temporary top directory used for the installation.
required: yes
setup_ca:
description: Configure a dogtag CA
required: yes
config_master_host_name:
description: The master host name
required: yes
author:
- Thomas Woerner
'''
EXAMPLES = '''
'''
RETURN = '''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import *
def main():
ansible_module = AnsibleModule(
argument_spec = dict(
hostname=dict(required=False),
### server ###
### certificate system ###
subject_base=dict(required=True),
### additional ###
ccache=dict(required=True),
_top_dir = dict(required=True),
setup_ca=dict(required=True),
config_master_host_name=dict(required=True),
),
supports_check_mode = True,
)
ansible_module._ansible_debug = True
ansible_log = AnsibleModuleLog(ansible_module)
# get parameters #
options = installer
options.host_name = ansible_module.params.get('hostname')
### server ###
### certificate system ###
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
### additional ###
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
options._top_dir = ansible_module.params.get('_top_dir')
options.setup_ca = ansible_module.params.get('setup_ca')
config_master_host_name = ansible_module.params.get('config_master_host_name')
# init #
fstore = sysrestore.FileStore(paths.SYSRESTORE)
sstore = sysrestore.StateFile(paths.SYSRESTORE)
ansible_log.debug("== INSTALL ==")
promote = installer.promote
env = gen_env_boostrap_finalize_core(paths.ETC_IPA,
constants.DEFAULT_CONFIG)
api_bootstrap_finalize(env)
config = gen_ReplicaConfig()
config.subject_base = options.subject_base
config.master_host_name = config_master_host_name
remote_api = gen_remote_api(config.master_host_name, paths.ETC_IPA)
installer._remote_api = remote_api
conn = remote_api.Backend.ldap2
ccache = os.environ['KRB5CCNAME']
api.Backend.ldap2.connect()
with redirect_stdout(ansible_log):
# Enable configured services and update DNS SRV records
service.enable_services(config.host_name)
api.Command.dns_update_system_records()
ca_servers = service.find_providing_servers('CA', api.Backend.ldap2,
api)
api.Backend.ldap2.disconnect()
# Everything installed properly, activate ipa service.
services.knownservices.ipa.enable()
# Print a warning if CA role is only installed on one server
if len(ca_servers) == 1:
msg = textwrap.dedent(u'''
WARNING: The CA service is only installed on one server ({}).
It is strongly recommended to install it on another server.
Run ipa-ca-install(1) on another master to accomplish this.
'''.format(ca_servers[0]))
ansible_module.warn(msg)
# done #
ansible_module.exit_json(changed=True)
if __name__ == '__main__':
main()

1
roles/ipareplica/library/ipaserver_enable_ipa.py
View File

@@ -1 +0,0 @@
../../ipaserver/library/ipaserver_enable_ipa.py

11
roles/ipareplica/tasks/install.yml
View File

@@ -603,12 +603,15 @@
# ipareplica_backend_disconnect:
- name: Install - Enable IPA
ipaserver_enable_ipa:
ipareplica_enable_ipa:
hostname: "{{ result_ipareplica_test.hostname }}"
### certificate system ###
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
### additional ###
ccache: "{{ result_ipareplica_prepare.ccache }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
# The setup_dns step is only used on the server, therefore simply
# setting setup_dns to reuse the server version here.
setup_dns: no
config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}"
register: result_ipareplica_enable_ipa
- name: Install - Cleanup root IPA cache