ipareplica_setup_adtrust: Add missing settings for adtrust and module

There have been missing settings that have not been provided to ipareplica_setup_adtrust. These are: enable_compat, rid_base and secondary_rid_base. The settings rid_base and secondary_rid_base are now initialized in ipareplica_prepare and propagated in the results. The two settings netbios_name and reset_netbios_name are placed in the adtrust binding in the adtrust.install_check call. These are now saved when ipareplica_prepare finishes and are written back in the fist steps of ipareplica_setup_adtrust to make adtrust.install working. The settings add_sids and add_agents are now initialized in ansible_ipa_replica in the same way as in ServerMasterInstall. These settings are fixed in the replica deployment. Related: #73 (ipaserver_setup_adtrust fails on default smb.conf)
2026-05-14 21:42:17 +00:00 · 2019-04-18 11:52:43 +02:00
parent a980aec1f8
commit 832d233380
4 changed files with 41 additions and 9 deletions
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -184,6 +184,11 @@ def main():
            no_dnssec_validation=dict(required=False, type='bool',
                                      default=False),
            ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            netbios_name=dict(required=False),
+            rid_base=dict(required=False, type='int', default=1000),
+            secondary_rid_base=dict(required=False, type='int',
+                                    default=100000000),
            ### additional ###
            server=dict(required=True),
            skip_conncheck=dict(required=False, type='bool'),
@@ -243,6 +248,11 @@ def main():
    options.forward_policy = ansible_module.params.get('forward_policy')
    options.no_dnssec_validation = ansible_module.params.get(
        'no_dnssec_validationdnssec_validation')
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.netbios_name = ansible_module.params.get('netbios_name')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')

    ### additional ###
    #options._host_name_overridden = ansible_module.params.get(
@@ -701,7 +711,12 @@ def main():
                             config_setup_ca=config.setup_ca,
                             config_master_host_name=config.master_host_name,
                             config_ca_host_name=config.ca_host_name,
-                             config_ips=[ str(ip) for ip in config.ips ])
+                             config_ips=[ str(ip) for ip in config.ips ],
+                             ### ad trust ###
+                             rid_base=options.rid_base,
+                             secondary_rid_base=options.secondary_rid_base,
+                             adtrust_netbios_name=adtrust.netbios_name,
+                             adtrust_reset_netbios_name=adtrust.reset_netbios_name)

 if __name__ == '__main__':
    main()
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -37,9 +37,6 @@ short description: Setup adtrust
 description:
  Setup adtrust
 options:
-  setup_adtrust:
-    description: 
-    required: yes
  setup_kra:
    description: 
    required: yes
@@ -75,10 +72,16 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec = dict(
            ### server ###
-            setup_adtrust=dict(required=False, type='bool'),
            setup_kra=dict(required=False, type='bool'),
            ### certificate system ###
            subject_base=dict(required=True),
+            ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            rid_base=dict(required=False, type='int'),
+            secondary_rid_base=dict(required=False, type='int'),
+            ### additional ###
+            adtrust_netbios_name=dict(required=True),
+            adtrust_reset_netbios_name=dict(required=True, type='bool'),
            ### additional ###
            ccache=dict(required=True),
            _top_dir = dict(required=True),
@@ -95,18 +98,23 @@ def main():

    options = installer
    ### server ###
-    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
    options.setup_kra = ansible_module.params.get('setup_kra')
    ### certificate system ###
    options.subject_base = ansible_module.params.get('subject_base')
    if options.subject_base is not None:
        options.subject_base = DN(options.subject_base)
-    ### additional ###
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')    ### additional ###
    ccache = ansible_module.params.get('ccache')
    os.environ['KRB5CCNAME'] = ccache
    options._top_dir = ansible_module.params.get('_top_dir')
    options.setup_ca = ansible_module.params.get('setup_ca')
    config_master_host_name = ansible_module.params.get('config_master_host_name')
+    adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
+    adtrust.reset_netbios_name = \
+        ansible_module.params.get('adtrust_reset_netbios_name')

    # init #

@@ -133,7 +141,6 @@ def main():
    api.Backend.ldap2.connect()

    with redirect_stdout(ansible_log):
-        #if options.setup_adtrust:
        ansible_log.debug("-- INSTALL ADTRUST --")

        adtrust.install(False, options, fstore, api)