From 832d2333801bcf7520a9c8a743dc2f45da137b4a Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Thu, 18 Apr 2019 11:52:43 +0200 Subject: [PATCH] ipareplica_setup_adtrust: Add missing settings for adtrust and module There have been missing settings that have not been provided to ipareplica_setup_adtrust. These are: enable_compat, rid_base and secondary_rid_base. The settings rid_base and secondary_rid_base are now initialized in ipareplica_prepare and propagated in the results. The two settings netbios_name and reset_netbios_name are placed in the adtrust binding in the adtrust.install_check call. These are now saved when ipareplica_prepare finishes and are written back in the fist steps of ipareplica_setup_adtrust to make adtrust.install working. The settings add_sids and add_agents are now initialized in ansible_ipa_replica in the same way as in ServerMasterInstall. These settings are fixed in the replica deployment. Related: #73 (ipaserver_setup_adtrust fails on default smb.conf) --- .../ipareplica/library/ipareplica_prepare.py | 17 ++++++++++++++- .../library/ipareplica_setup_adtrust.py | 21 ++++++++++++------- .../module_utils/ansible_ipa_replica.py | 4 ++++ roles/ipareplica/tasks/install.yml | 8 ++++++- 4 files changed, 41 insertions(+), 9 deletions(-) diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py index 0d965c3c..7e4d8911 100644 --- a/roles/ipareplica/library/ipareplica_prepare.py +++ b/roles/ipareplica/library/ipareplica_prepare.py @@ -184,6 +184,11 @@ def main(): no_dnssec_validation=dict(required=False, type='bool', default=False), ### ad trust ### + enable_compat=dict(required=False, type='bool', default=False), + netbios_name=dict(required=False), + rid_base=dict(required=False, type='int', default=1000), + secondary_rid_base=dict(required=False, type='int', + default=100000000), ### additional ### server=dict(required=True), skip_conncheck=dict(required=False, type='bool'), @@ -243,6 +248,11 @@ def main(): options.forward_policy = ansible_module.params.get('forward_policy') options.no_dnssec_validation = ansible_module.params.get( 'no_dnssec_validationdnssec_validation') + ### ad trust ### + options.enable_compat = ansible_module.params.get('enable_compat') + options.netbios_name = ansible_module.params.get('netbios_name') + options.rid_base = ansible_module.params.get('rid_base') + options.secondary_rid_base = ansible_module.params.get('secondary_rid_base') ### additional ### #options._host_name_overridden = ansible_module.params.get( @@ -701,7 +711,12 @@ def main(): config_setup_ca=config.setup_ca, config_master_host_name=config.master_host_name, config_ca_host_name=config.ca_host_name, - config_ips=[ str(ip) for ip in config.ips ]) + config_ips=[ str(ip) for ip in config.ips ], + ### ad trust ### + rid_base=options.rid_base, + secondary_rid_base=options.secondary_rid_base, + adtrust_netbios_name=adtrust.netbios_name, + adtrust_reset_netbios_name=adtrust.reset_netbios_name) if __name__ == '__main__': main() diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py index 34838daa..565aee11 100644 --- a/roles/ipareplica/library/ipareplica_setup_adtrust.py +++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py @@ -37,9 +37,6 @@ short description: Setup adtrust description: Setup adtrust options: - setup_adtrust: - description: - required: yes setup_kra: description: required: yes @@ -75,10 +72,16 @@ def main(): ansible_module = AnsibleModule( argument_spec = dict( ### server ### - setup_adtrust=dict(required=False, type='bool'), setup_kra=dict(required=False, type='bool'), ### certificate system ### subject_base=dict(required=True), + ### ad trust ### + enable_compat=dict(required=False, type='bool', default=False), + rid_base=dict(required=False, type='int'), + secondary_rid_base=dict(required=False, type='int'), + ### additional ### + adtrust_netbios_name=dict(required=True), + adtrust_reset_netbios_name=dict(required=True, type='bool'), ### additional ### ccache=dict(required=True), _top_dir = dict(required=True), @@ -95,18 +98,23 @@ def main(): options = installer ### server ### - options.setup_adtrust = ansible_module.params.get('setup_adtrust') options.setup_kra = ansible_module.params.get('setup_kra') ### certificate system ### options.subject_base = ansible_module.params.get('subject_base') if options.subject_base is not None: options.subject_base = DN(options.subject_base) - ### additional ### + ### ad trust ### + options.enable_compat = ansible_module.params.get('enable_compat') + options.rid_base = ansible_module.params.get('rid_base') + options.secondary_rid_base = ansible_module.params.get('secondary_rid_base') ### additional ### ccache = ansible_module.params.get('ccache') os.environ['KRB5CCNAME'] = ccache options._top_dir = ansible_module.params.get('_top_dir') options.setup_ca = ansible_module.params.get('setup_ca') config_master_host_name = ansible_module.params.get('config_master_host_name') + adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name') + adtrust.reset_netbios_name = \ + ansible_module.params.get('adtrust_reset_netbios_name') # init # @@ -133,7 +141,6 @@ def main(): api.Backend.ldap2.connect() with redirect_stdout(ansible_log): - #if options.setup_adtrust: ansible_log.debug("-- INSTALL ADTRUST --") adtrust.install(False, options, fstore, api) diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py index 76df774f..92bf1cda 100644 --- a/roles/ipareplica/module_utils/ansible_ipa_replica.py +++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py @@ -230,6 +230,10 @@ options.disable_dnssec_master = False options.kasp_db_file = None options.force = False +# ServerMasterInstall +options.add_sids = True +options.add_agents = False + # ServerReplicaInstall options.subject_base = None options.ca_subject = None diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml index 59dd0ded..dc4c0e79 100644 --- a/roles/ipareplica/tasks/install.yml +++ b/roles/ipareplica/tasks/install.yml @@ -159,6 +159,7 @@ forward_policy: "{{ ipareplica_forward_policy | default(omit) }}" no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}" ### ad trust ### + enable_compat: "{{ ipareplica_enable_compat }}" netbios_name: "{{ ipareplica_netbios_name | default(omit) }}" rid_base: "{{ ipareplica_rid_base | default(omit) }}" secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}" @@ -595,15 +596,20 @@ - name: Install - Setup adtrust ipareplica_setup_adtrust: ### replica ### - setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}" setup_kra: "{{ result_ipareplica_test.setup_kra }}" ### certificate system ### subject_base: "{{ result_ipareplica_prepare.subject_base }}" + ### ad trust ### + enable_compat: "{{ ipareplica_enable_compat }}" + rid_base: "{{ result_ipareplica_prepare.rid_base }}" + secondary_rid_base: "{{ result_ipareplica_prepare.secondary_rid_base }}" ### additional ### ccache: "{{ result_ipareplica_prepare.ccache }}" _top_dir: "{{ result_ipareplica_prepare._top_dir }}" setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}" config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}" + adtrust_netbios_name: "{{ result_ipareplica_prepare.adtrust_netbios_name }}" + adtrust_reset_netbios_name: "{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}" when: result_ipareplica_test.setup_adtrust #- name: Install - Disconnect backend