ipareplica_setup_adtrust: Add missing settings for adtrust and module

There have been missing settings that have not been provided to
ipareplica_setup_adtrust. These are: enable_compat, rid_base and
secondary_rid_base.

The settings rid_base and secondary_rid_base are now initialized in
ipareplica_prepare and propagated in the results.

The two settings netbios_name and reset_netbios_name are placed in the
adtrust binding in the adtrust.install_check call. These are now saved
when ipareplica_prepare finishes and are written back in the fist steps of
ipareplica_setup_adtrust to make adtrust.install working.

The settings add_sids and add_agents are now initialized in
ansible_ipa_replica in the same way as in ServerMasterInstall. These
settings are fixed in the replica deployment.

Related: #73 (ipaserver_setup_adtrust fails on default smb.conf)

roles/ipareplica/library/ipareplica_prepare.py

@@ -184,6 +184,11 @@ def main():
             no_dnssec_validation=dict(required=False, type='bool',
                                       default=False),
             ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            netbios_name=dict(required=False),
+            rid_base=dict(required=False, type='int', default=1000),
+            secondary_rid_base=dict(required=False, type='int',
+                                    default=100000000),
             ### additional ###
             server=dict(required=True),
             skip_conncheck=dict(required=False, type='bool'),
@@ -243,6 +248,11 @@ def main():
     options.forward_policy = ansible_module.params.get('forward_policy')
     options.no_dnssec_validation = ansible_module.params.get(
         'no_dnssec_validationdnssec_validation')
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.netbios_name = ansible_module.params.get('netbios_name')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')
 
     ### additional ###
     #options._host_name_overridden = ansible_module.params.get(
@@ -701,7 +711,12 @@ def main():
                              config_setup_ca=config.setup_ca,
                              config_master_host_name=config.master_host_name,
                              config_ca_host_name=config.ca_host_name,
-                             config_ips=[ str(ip) for ip in config.ips ])
+                             config_ips=[ str(ip) for ip in config.ips ],
+                             ### ad trust ###
+                             rid_base=options.rid_base,
+                             secondary_rid_base=options.secondary_rid_base,
+                             adtrust_netbios_name=adtrust.netbios_name,
+                             adtrust_reset_netbios_name=adtrust.reset_netbios_name)
 
 if __name__ == '__main__':
     main()

roles/ipareplica/library/ipareplica_setup_adtrust.py

@@ -37,9 +37,6 @@ short description: Setup adtrust
 description:
   Setup adtrust
 options:
-  setup_adtrust:
-    description: 
-    required: yes
   setup_kra:
     description: 
     required: yes
@@ -75,10 +72,16 @@ def main():
     ansible_module = AnsibleModule(
         argument_spec = dict(
             ### server ###
-            setup_adtrust=dict(required=False, type='bool'),
             setup_kra=dict(required=False, type='bool'),
             ### certificate system ###
             subject_base=dict(required=True),
+            ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            rid_base=dict(required=False, type='int'),
+            secondary_rid_base=dict(required=False, type='int'),
+            ### additional ###
+            adtrust_netbios_name=dict(required=True),
+            adtrust_reset_netbios_name=dict(required=True, type='bool'),
             ### additional ###
             ccache=dict(required=True),
             _top_dir = dict(required=True),
@@ -95,18 +98,23 @@ def main():
 
     options = installer
     ### server ###
-    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
     options.setup_kra = ansible_module.params.get('setup_kra')
     ### certificate system ###
     options.subject_base = ansible_module.params.get('subject_base')
     if options.subject_base is not None:
         options.subject_base = DN(options.subject_base)
-    ### additional ###
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')    ### additional ###
     ccache = ansible_module.params.get('ccache')
     os.environ['KRB5CCNAME'] = ccache
     options._top_dir = ansible_module.params.get('_top_dir')
     options.setup_ca = ansible_module.params.get('setup_ca')
     config_master_host_name = ansible_module.params.get('config_master_host_name')
+    adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
+    adtrust.reset_netbios_name = \
+        ansible_module.params.get('adtrust_reset_netbios_name')
 
     # init #
 
@@ -133,7 +141,6 @@ def main():
     api.Backend.ldap2.connect()
 
     with redirect_stdout(ansible_log):
-        #if options.setup_adtrust:
         ansible_log.debug("-- INSTALL ADTRUST --")
 
         adtrust.install(False, options, fstore, api)

roles/ipareplica/module_utils/ansible_ipa_replica.py

@@ -230,6 +230,10 @@ options.disable_dnssec_master = False
 options.kasp_db_file = None
 options.force = False
 
+# ServerMasterInstall
+options.add_sids = True
+options.add_agents = False
+
 # ServerReplicaInstall
 options.subject_base = None
 options.ca_subject = None

roles/ipareplica/tasks/install.yml

@@ -159,6 +159,7 @@
       forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
       no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
       ### ad trust ###
+      enable_compat: "{{ ipareplica_enable_compat }}"
       netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
       rid_base: "{{ ipareplica_rid_base | default(omit) }}"
       secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
@@ -595,15 +596,20 @@
   - name: Install - Setup adtrust
     ipareplica_setup_adtrust:
       ### replica ###
-      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
       setup_kra: "{{ result_ipareplica_test.setup_kra }}"
       ### certificate system ###
       subject_base: "{{ result_ipareplica_prepare.subject_base }}"
+      ### ad trust ###
+      enable_compat: "{{ ipareplica_enable_compat }}"
+      rid_base: "{{ result_ipareplica_prepare.rid_base }}"
+      secondary_rid_base: "{{ result_ipareplica_prepare.secondary_rid_base }}"
       ### additional ###
       ccache: "{{ result_ipareplica_prepare.ccache }}"
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
       setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
       config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}"
+      adtrust_netbios_name: "{{ result_ipareplica_prepare.adtrust_netbios_name }}"
+      adtrust_reset_netbios_name: "{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}"
     when: result_ipareplica_test.setup_adtrust
 
   #- name: Install - Disconnect backend