mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-05-06 13:23:14 +00:00
Merge pull request #972 from t-woerner/fix_ipaclient_role_for_ansible_test
Fix ipaclient role for ansible test
This commit is contained in:
Rafael Guterres Jeffman
GitHub
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -39,18 +39,24 @@ description:
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
debug:
|
||||
description: Turn on extra debugging
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -70,7 +76,7 @@ ca_enabled:
|
||||
subject_base:
|
||||
description: The subject base, needed for certmonger
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: O=EXAMPLE.COM
|
||||
'''
|
||||
|
||||
@@ -78,7 +84,7 @@ import os
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
paths, x509, NUM_VERSION, serialization, certdb, api,
|
||||
delete_persistent_client_session_data, write_tmp_file,
|
||||
ipa_generate_password, CalledProcessError, errors, disable_ra, DN,
|
||||
@@ -89,15 +95,16 @@ from ansible.module_utils.ansible_ipa_client import (
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
realm=dict(required=True),
|
||||
hostname=dict(required=True),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
hostname=dict(required=True, type='str'),
|
||||
debug=dict(required=False, type='bool', default="false"),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
realm = module.params.get('realm')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -33,24 +33,29 @@ DOCUMENTATION = '''
|
||||
---
|
||||
module: ipaclient_fix_ca
|
||||
short_description: Fix IPA ca certificate
|
||||
description: Repair Fix IPA ca certificate
|
||||
description: Fix IPA ca certificate
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
basedn:
|
||||
description: The basedn of the IPA server (of the form dc=example,dc=com)
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
allow_repair:
|
||||
description: |
|
||||
Allow repair of already joined hosts. Contrary to ipaclient_force_join
|
||||
the host entry will not be changed on the server
|
||||
required: no
|
||||
type: bool
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -69,7 +74,7 @@ import os
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
SECURE_PATH, paths, sysrestore, options, NUM_VERSION, get_ca_cert,
|
||||
get_ca_certs, errors
|
||||
)
|
||||
@@ -78,14 +83,15 @@ from ansible.module_utils.ansible_ipa_client import (
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
realm=dict(required=True),
|
||||
basedn=dict(required=True),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
basedn=dict(required=True, type='str'),
|
||||
allow_repair=dict(required=True, type='bool'),
|
||||
),
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -39,9 +39,10 @@ description: Backup files using IPA client sysrestore
|
||||
options:
|
||||
backup:
|
||||
description: File to backup
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -55,18 +56,19 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, paths, sysrestore
|
||||
setup_logging, check_imports, paths, sysrestore
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
backup=dict(required=True),
|
||||
backup=dict(required=True, type='str'),
|
||||
),
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
backup = module.params.get('backup')
|
||||
|
||||
@@ -1,5 +1,26 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Authors:
|
||||
# Thomas Woerner <twoerner@redhat.com>
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2018-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
from __future__ import (absolute_import, division, print_function)
|
||||
|
||||
__metaclass__ = type
|
||||
@@ -10,7 +31,60 @@ module: ipaclient_get_facts
|
||||
short_description: Get facts about IPA client and server configuration.
|
||||
description: Get facts about IPA client and server configuration.
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
"""
|
||||
|
||||
EXAMPLES = """
|
||||
"""
|
||||
|
||||
RETURN = """
|
||||
ipa:
|
||||
description: IPA configuration
|
||||
returned: always
|
||||
type: complex
|
||||
contains:
|
||||
packages:
|
||||
description: IPA lib and server bindings
|
||||
type: dict
|
||||
returned: always
|
||||
contains:
|
||||
ipalib:
|
||||
description: Whether ipalib.api binding could be imported.
|
||||
type: bool
|
||||
returned: always
|
||||
ipaserver:
|
||||
description: Whether ipaserver binding could be imported.
|
||||
type: bool
|
||||
returned: always
|
||||
configured:
|
||||
description: IPA components
|
||||
type: dict
|
||||
returned: always
|
||||
contains:
|
||||
client:
|
||||
description: Whether client is configured
|
||||
type: bool
|
||||
returned: always
|
||||
server:
|
||||
description: Whether server is configured
|
||||
type: bool
|
||||
returned: always
|
||||
dns:
|
||||
description: Whether dns is configured
|
||||
type: bool
|
||||
returned: always
|
||||
ca:
|
||||
description: Whether ca is configured
|
||||
type: bool
|
||||
returned: always
|
||||
kra:
|
||||
description: Whether kra is configured
|
||||
type: bool
|
||||
returned: always
|
||||
ntpd:
|
||||
description: Whether ntpd is configured
|
||||
type: bool
|
||||
returned: always
|
||||
"""
|
||||
|
||||
import os
|
||||
|
||||
@@ -3,7 +3,7 @@
|
||||
# Authors:
|
||||
# Florence Blanc-Renaud <frenaud@redhat.com>
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,31 +40,44 @@ options:
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
default: admin
|
||||
ccache:
|
||||
description: The local ccache
|
||||
required: yes
|
||||
type: path
|
||||
required: no
|
||||
fqdn:
|
||||
description:
|
||||
The fully-qualified hostname of the host to add/modify/remove
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
certificates:
|
||||
description: A list of host certificates
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
sshpubkey:
|
||||
description: The SSH public key for the host
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
ipaddress:
|
||||
description: The IP address for the host
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
random:
|
||||
description: Generate a random password to be used in bulk enrollment
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
state:
|
||||
description: The desired host state
|
||||
required: yes
|
||||
type: str
|
||||
choices: ['present', 'absent']
|
||||
default: present
|
||||
required: no
|
||||
author:
|
||||
- "Florence Blanc-Renaud"
|
||||
- Florence Blanc-Renaud (@flo-renaud)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -87,11 +100,11 @@ host:
|
||||
contains:
|
||||
dn:
|
||||
description: the DN of the host entry
|
||||
type: string
|
||||
type: str
|
||||
returned: always
|
||||
fqdn:
|
||||
description: the fully qualified host name
|
||||
type: string
|
||||
type: str
|
||||
returned: always
|
||||
has_keytab:
|
||||
description: whether the host entry contains a keytab
|
||||
@@ -107,19 +120,20 @@ host:
|
||||
returned: always
|
||||
randompassword:
|
||||
description: the OneTimePassword generated for this host
|
||||
type: string
|
||||
type: str
|
||||
returned: changed
|
||||
certificates:
|
||||
description: the list of host certificates
|
||||
type: list
|
||||
elements: str
|
||||
returned: when present
|
||||
sshpubkey:
|
||||
description: the SSH public key for the host
|
||||
type: string
|
||||
type: str
|
||||
returned: when present
|
||||
ipaddress:
|
||||
description: the IP address for the host
|
||||
type: string
|
||||
type: str
|
||||
returned: when present
|
||||
'''
|
||||
|
||||
@@ -128,9 +142,9 @@ import os
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils import six
|
||||
|
||||
from ipalib import api, errors
|
||||
from ipaplatform.paths import paths
|
||||
from ipapython.ipautil import run
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
check_imports, api, errors, paths, run
|
||||
)
|
||||
|
||||
if six.PY3:
|
||||
unicode = str
|
||||
@@ -276,18 +290,21 @@ def main():
|
||||
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
principal=dict(default='admin'),
|
||||
principal=dict(required=False, type='str', default='admin'),
|
||||
ccache=dict(required=False, type='path'),
|
||||
fqdn=dict(required=True),
|
||||
certificates=dict(required=False, type='list'),
|
||||
sshpubkey=dict(required=False),
|
||||
ipaddress=dict(required=False),
|
||||
random=dict(default=False, type='bool'),
|
||||
state=dict(default='present', choices=['present', 'absent']),
|
||||
fqdn=dict(required=True, type='str'),
|
||||
certificates=dict(required=False, type='list', elements='str'),
|
||||
sshpubkey=dict(required=False, type='str'),
|
||||
ipaddress=dict(required=False, type='str'),
|
||||
random=dict(required=False, type='bool', default=False),
|
||||
state=dict(required=False, type='str',
|
||||
choices=['present', 'absent'], default='present'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
)
|
||||
|
||||
check_imports(module)
|
||||
|
||||
ccache = module.params.get('ccache')
|
||||
fqdn = unicode(module.params.get('fqdn'))
|
||||
state = module.params.get('state')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2018 Red Hat
|
||||
# Copyright (C) 2018-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,21 +40,27 @@ description:
|
||||
options:
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
basedn:
|
||||
description: The basedn of the IPA server (of the form dc=example,dc=com)
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -73,23 +79,24 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, paths, sysrestore, configure_ipa_conf
|
||||
setup_logging, check_imports, paths, sysrestore, configure_ipa_conf
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
domain=dict(required=True, default=None),
|
||||
servers=dict(required=True, type='list', default=None),
|
||||
realm=dict(required=True, default=None),
|
||||
hostname=dict(required=True, default=None),
|
||||
basedn=dict(required=True),
|
||||
domain=dict(required=True, type='str'),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
hostname=dict(required=True, type='str'),
|
||||
basedn=dict(required=True, type='str'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -43,51 +43,67 @@ description:
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
kdc:
|
||||
description: The name or address of the host running the KDC
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
basedn:
|
||||
description: The basedn of the IPA server (of the form dc=example,dc=com)
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
password:
|
||||
description: Admin user kerberos password
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
keytab:
|
||||
description: Path to backed up keytab from previous enrollment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
admin_keytab:
|
||||
description: The path to a local admin keytab
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
ca_cert_file:
|
||||
description:
|
||||
A CA certificate to use. Do not acquire the IPA CA certificate via
|
||||
automated means
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
force_join:
|
||||
description: Force client enrollment even if already enrolled
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
kinit_attempts:
|
||||
description: Repeat the request for host Kerberos ticket X times
|
||||
required: yes
|
||||
type: int
|
||||
required: no
|
||||
default: 5
|
||||
debug:
|
||||
description: Turn on extra debugging
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -130,7 +146,7 @@ import tempfile
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
SECURE_PATH, sysrestore, paths, options, configure_krb5_conf,
|
||||
realm_to_suffix, kinit_keytab, GSSError, kinit_password, NUM_VERSION,
|
||||
get_ca_cert, get_ca_certs, errors, run
|
||||
@@ -140,25 +156,26 @@ from ansible.module_utils.ansible_ipa_client import (
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
domain=dict(required=True),
|
||||
realm=dict(required=True),
|
||||
hostname=dict(required=True),
|
||||
kdc=dict(required=True),
|
||||
basedn=dict(required=True),
|
||||
principal=dict(required=False),
|
||||
password=dict(required=False, no_log=True),
|
||||
keytab=dict(required=False),
|
||||
admin_keytab=dict(required=False),
|
||||
ca_cert_file=dict(required=False),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
domain=dict(required=True, type='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
hostname=dict(required=True, type='str'),
|
||||
kdc=dict(required=True, type='str'),
|
||||
basedn=dict(required=True, type='str'),
|
||||
principal=dict(required=False, type='str'),
|
||||
password=dict(required=False, type='str', no_log=True),
|
||||
keytab=dict(required=False, type='str', no_log=False),
|
||||
admin_keytab=dict(required=False, type='str', no_log=False),
|
||||
ca_cert_file=dict(required=False, type='str'),
|
||||
force_join=dict(required=False, type='bool'),
|
||||
kinit_attempts=dict(required=False, type='int', default=5),
|
||||
debug=dict(required=False, type='bool'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2018 Red Hat
|
||||
# Copyright (C) 2018-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,9 +40,10 @@ description:
|
||||
options:
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -57,19 +58,20 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, sysrestore, paths, tasks
|
||||
setup_logging, check_imports, sysrestore, paths, tasks
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
hostname=dict(required=True),
|
||||
hostname=dict(required=True, type='str'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
hostname = module.params.get('hostname')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,15 +40,20 @@ description:
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
sssd:
|
||||
description: The installer sssd setting
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: yes
|
||||
automount_location:
|
||||
description: The automount location
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -63,23 +68,24 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, options, configure_automount
|
||||
setup_logging, check_imports, options, configure_automount
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
sssd=dict(required=False, type='bool', default='yes'),
|
||||
automount_location=dict(required=False, default=None),
|
||||
automount_location=dict(required=False, type='str', default=None),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
# os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
options.servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,14 +40,16 @@ description:
|
||||
options:
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
type: str
|
||||
required: yes
|
||||
firefox_dir:
|
||||
description:
|
||||
Specify directory where Firefox is installed (for example
|
||||
'/usr/lib/firefox')
|
||||
type: str
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -63,20 +65,21 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, sysrestore, paths, options, configure_firefox
|
||||
setup_logging, check_imports, sysrestore, paths, options, configure_firefox
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
domain=dict(required=True),
|
||||
firefox_dir=dict(required=False),
|
||||
domain=dict(required=True, type='str'),
|
||||
firefox_dir=dict(required=False, type='str'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
domain = module.params.get('domain')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2018 Red Hat
|
||||
# Copyright (C) 2018-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,33 +40,46 @@ description:
|
||||
options:
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
kdc:
|
||||
description: The name or address of the host running the KDC
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
dnsok:
|
||||
description: The installer dnsok setting
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
client_domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
sssd:
|
||||
description: The installer sssd setting
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
force:
|
||||
description: Installer force parameter
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -84,28 +97,31 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, sysrestore, paths, configure_krb5_conf, logger
|
||||
setup_logging, check_imports, sysrestore, paths, configure_krb5_conf,
|
||||
logger
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
domain=dict(required=False, default=None),
|
||||
servers=dict(required=False, type='list', default=None),
|
||||
realm=dict(required=False, default=None),
|
||||
hostname=dict(required=False, default=None),
|
||||
kdc=dict(required=False, default=None),
|
||||
domain=dict(required=False, type='str', default=None),
|
||||
servers=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
realm=dict(required=False, type='str', default=None),
|
||||
hostname=dict(required=False, type='str', default=None),
|
||||
kdc=dict(required=False, type='str', default=None),
|
||||
dnsok=dict(required=False, type='bool', default=False),
|
||||
client_domain=dict(required=False, default=None),
|
||||
client_domain=dict(required=False, type='str', default=None),
|
||||
sssd=dict(required=False, type='bool', default=False),
|
||||
force=dict(required=False, type='bool', default=False),
|
||||
# on_master=dict(required=False, type='bool', default=False),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,12 +40,14 @@ description:
|
||||
options:
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
nisdomain:
|
||||
description: The NIS domain name
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -59,21 +61,22 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, options, sysrestore, paths, configure_nisdomain,
|
||||
getargspec
|
||||
setup_logging, check_imports, options, sysrestore, paths,
|
||||
configure_nisdomain, getargspec
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
domain=dict(required=True),
|
||||
nisdomain=dict(required=False),
|
||||
domain=dict(required=True, type='str'),
|
||||
nisdomain=dict(required=False, type='str'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
domain = module.params.get('domain')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -39,88 +39,117 @@ description: Create IPA NSS database
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
basedn:
|
||||
description: The basedn of the IPA server (of the form dc=example,dc=com)
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
principal:
|
||||
description:
|
||||
User Principal allowed to promote replicas and join IPA realm
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
subject_base:
|
||||
description: |
|
||||
The certificate subject base (default O=<realm-name>).
|
||||
RDNs are in LDAP order (most specific RDN first).
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
ca_enabled:
|
||||
description: Whether the Certificate Authority is enabled or not
|
||||
required: no
|
||||
type: bool
|
||||
required: yes
|
||||
mkhomedir:
|
||||
description: Create home directories for users on their first login
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
on_master:
|
||||
description: Whether the configuration is done on the master or not
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
dnsok:
|
||||
description: The installer dnsok setting
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
enable_dns_updates:
|
||||
description: |
|
||||
Configures the machine to attempt dns updates when the ip address
|
||||
changes
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
all_ip_addresses:
|
||||
description: |
|
||||
All routable IP addresses configured on any interface will be added
|
||||
to DNS
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
request_cert:
|
||||
description: Request certificate for the machine
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
preserve_sssd:
|
||||
description: Preserve old SSSD configuration if possible
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_sudo:
|
||||
description: Do not configure SSSD as data source for sudo
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
fixed_primary:
|
||||
description: Configure sssd to use fixed server as primary IPA server
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
permit:
|
||||
description: Disable access rules by default, permit all access
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_krb5_offline_passwords:
|
||||
description:
|
||||
Configure SSSD not to store user password when the server is offline
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_dns_sshfp:
|
||||
description: Do not automatically create DNS SSHFP records
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
nosssd_files:
|
||||
description: >
|
||||
The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
|
||||
required: yes
|
||||
type: dict
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -144,7 +173,7 @@ import time
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
options, sysrestore, paths, ansible_module_get_parsed_ip_addresses,
|
||||
api, errors, create_ipa_nssdb, ipautil, ScriptError, CLIENT_INSTALL_ERROR,
|
||||
get_certs_from_ldap, DN, certstore, x509, logger, certdb,
|
||||
@@ -158,13 +187,13 @@ from ansible.module_utils.ansible_ipa_client import (
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
domain=dict(required=True),
|
||||
realm=dict(required=True),
|
||||
hostname=dict(required=True),
|
||||
basedn=dict(required=True),
|
||||
principal=dict(required=False),
|
||||
subject_base=dict(required=True),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
domain=dict(required=True, type='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
hostname=dict(required=True, type='str'),
|
||||
basedn=dict(required=True, type='str'),
|
||||
principal=dict(required=False, type='str'),
|
||||
subject_base=dict(required=True, type='str'),
|
||||
ca_enabled=dict(required=True, type='bool'),
|
||||
mkhomedir=dict(required=False, type='bool'),
|
||||
on_master=dict(required=False, type='bool'),
|
||||
@@ -172,7 +201,8 @@ def main():
|
||||
|
||||
enable_dns_updates=dict(required=False, type='bool'),
|
||||
all_ip_addresses=dict(required=False, type='bool', default=False),
|
||||
ip_addresses=dict(required=False, type='list', default=None),
|
||||
ip_addresses=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
request_cert=dict(required=False, type='bool', default=False),
|
||||
preserve_sssd=dict(required=False, type='bool'),
|
||||
no_ssh=dict(required=False, type='bool'),
|
||||
@@ -184,10 +214,11 @@ def main():
|
||||
no_dns_sshfp=dict(required=False, type='bool', default=False),
|
||||
nosssd_files=dict(required=True, type='dict'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
cli_server = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,24 +40,34 @@ description:
|
||||
options:
|
||||
ntp_servers:
|
||||
description: ntp servers to use
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
ntp_pool:
|
||||
description: ntp server pool to use
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
on_master:
|
||||
description: Whether the configuration is done on the master or not
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -68,7 +78,7 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
options, sysrestore, paths, sync_time, logger, ipadiscovery,
|
||||
timeconf, getargspec
|
||||
)
|
||||
@@ -78,19 +88,22 @@ def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
# basic
|
||||
ntp_servers=dict(required=False, type='list', default=None),
|
||||
ntp_pool=dict(required=False, default=None),
|
||||
ntp_servers=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
ntp_pool=dict(required=False, type='str', default=None),
|
||||
no_ntp=dict(required=False, type='bool', default=False),
|
||||
# force_ntpd=dict(required=False, type='bool', default=False),
|
||||
on_master=dict(required=False, type='bool', default=False),
|
||||
# additional
|
||||
servers=dict(required=False, type='list', default=None),
|
||||
domain=dict(required=False, default=None),
|
||||
servers=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
domain=dict(required=False, type='str', default=None),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
# module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
options.ntp_servers = module.params.get('ntp_servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,21 +40,31 @@ description:
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
ssh_trust_dns:
|
||||
description: Configure OpenSSH client to trust DNS SSHFP records
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
sssd:
|
||||
description: The installer sssd setting
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -71,7 +81,7 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
options, sysrestore, paths, configure_ssh_config, configure_sshd_config
|
||||
)
|
||||
|
||||
@@ -79,16 +89,17 @@ from ansible.module_utils.ansible_ipa_client import (
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
no_ssh=dict(required=False, type='bool', default='no'),
|
||||
ssh_trust_dns=dict(required=False, type='bool', default='no'),
|
||||
no_sshd=dict(required=False, type='bool', default='no'),
|
||||
sssd=dict(required=False, type='bool', default='no'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
options.servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -33,60 +33,75 @@ ANSIBLE_METADATA = {
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: ipaclient_setup_ssd
|
||||
module: ipaclient_setup_sssd
|
||||
short_description: Setup sssd for IPA client
|
||||
description:
|
||||
Setup sssd for IPA client
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
on_master:
|
||||
description: Whether the configuration is done on the master or not
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_ssh:
|
||||
description: Do not configure OpenSSH client
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_sshd:
|
||||
description: Do not configure OpenSSH server
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_sudo:
|
||||
description: Do not configure SSSD as data source for sudo
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
all_ip_addresses:
|
||||
description:
|
||||
All routable IP addresses configured on any interface will be added
|
||||
to DNS
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
fixed_primary:
|
||||
description: Configure sssd to use fixed server as primary IPA server
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
permit:
|
||||
description: Disable access rules by default, permit all access
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
enable_dns_updates:
|
||||
description:
|
||||
Configures the machine to attempt dns updates when the ip address
|
||||
changes
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
preserve_sssd:
|
||||
description: Preserve old SSSD configuration if possible
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
no_krb5_offline_passwords:
|
||||
description:
|
||||
Configure SSSD not to store user password when the server is offline
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -104,17 +119,18 @@ RETURN = '''
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging, options, sysrestore, paths, configure_sssd_conf, logger
|
||||
setup_logging, check_imports, options, sysrestore, paths,
|
||||
configure_sssd_conf, logger
|
||||
)
|
||||
|
||||
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
domain=dict(required=True),
|
||||
realm=dict(required=True),
|
||||
hostname=dict(required=True),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
domain=dict(required=True, type='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
hostname=dict(required=True, type='str'),
|
||||
on_master=dict(required=False, type='bool'),
|
||||
no_ssh=dict(required=False, type='bool'),
|
||||
no_sshd=dict(required=False, type='bool'),
|
||||
@@ -127,12 +143,13 @@ def main():
|
||||
preserve_sssd=dict(required=False, type='bool'),
|
||||
no_krb5_offline_passwords=dict(required=False, type='bool'),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
# ansible_log = AnsibleModuleLog(module, logger)
|
||||
# options.set_logger(ansible_log)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
cli_server = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -40,70 +40,99 @@ description:
|
||||
options:
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
ntp_servers:
|
||||
description: ntp servers to use
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
ntp_pool:
|
||||
description: ntp server pool to use
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
no_ntp:
|
||||
description: Do not configure ntp
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
force_ntpd:
|
||||
description:
|
||||
Stop and disable any time&date synchronization services besides ntpd
|
||||
Deprecated since 4.7
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
nisdomain:
|
||||
description: The NIS domain name
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
no_nisdomain:
|
||||
description: Do not configure NIS domain name
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
kinit_attempts:
|
||||
description: Repeat the request for host Kerberos ticket X times
|
||||
required: yes
|
||||
type: int
|
||||
required: no
|
||||
ca_cert_files:
|
||||
description:
|
||||
List of files containing CA certificates for the service certificate
|
||||
files
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
configure_firefox:
|
||||
description: Configure Firefox to use IPA domain credentials
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
firefox_dir:
|
||||
description:
|
||||
Specify directory where Firefox is installed (for example
|
||||
'/usr/lib/firefox')
|
||||
required: yes
|
||||
type: str
|
||||
required: no
|
||||
ip_addresses:
|
||||
description: List of Master Server IP Addresses
|
||||
required: yes
|
||||
type: list
|
||||
elements: str
|
||||
required: no
|
||||
all_ip_addresses:
|
||||
description:
|
||||
All routable IP addresses configured on any interface will be added
|
||||
to DNS
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
on_master:
|
||||
description: Whether the configuration is done on the master or not
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
enable_dns_updates:
|
||||
description:
|
||||
Configures the machine to attempt dns updates when the ip address
|
||||
changes
|
||||
required: yes
|
||||
type: bool
|
||||
required: no
|
||||
default: no
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -142,36 +171,37 @@ servers:
|
||||
description: The list of detected or passed in IPA servers.
|
||||
returned: always
|
||||
type: list
|
||||
elements: str
|
||||
sample: ["server1.example.com","server2.example.com"]
|
||||
domain:
|
||||
description: The DNS domain of the detected or passed in IPA deployment.
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: example.com
|
||||
realm:
|
||||
description: The Kerberos realm of the detected or passed in IPA deployment.
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: EXAMPLE.COM
|
||||
kdc:
|
||||
description: The detected KDC server name.
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: server1.example.com
|
||||
basedn:
|
||||
description: The basedn of the detected IPA server.
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: dc=example,dc=com
|
||||
hostname:
|
||||
description: The detected or passed in FQDN hostname of the client.
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: client1.example.com
|
||||
client_domain:
|
||||
description: The domain name of the client.
|
||||
returned: always
|
||||
type: string
|
||||
type: str
|
||||
sample: example.com
|
||||
dnsok:
|
||||
description: True if DNS discovery worked and not passed in any servers.
|
||||
@@ -181,6 +211,7 @@ ntp_servers:
|
||||
description: The list of detected NTP servers.
|
||||
returned: always
|
||||
type: list
|
||||
elements: str
|
||||
sample: ["ntp.example.com"]
|
||||
ipa_python_version:
|
||||
description: >
|
||||
@@ -192,7 +223,9 @@ ipa_python_version:
|
||||
nosssd_files:
|
||||
description: >
|
||||
The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
|
||||
returned: always
|
||||
type: list
|
||||
elements: str
|
||||
'''
|
||||
|
||||
import os
|
||||
@@ -205,7 +238,7 @@ except ImportError:
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
paths, sysrestore, options, CheckedIPAddress, validate_domain_name,
|
||||
logger, x509, normalize_hostname, installer, version, ScriptError,
|
||||
CLIENT_INSTALL_ERROR, tasks, check_ldap_conf, timeconf, constants,
|
||||
@@ -270,31 +303,36 @@ def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
# basic
|
||||
domain=dict(required=False, default=None),
|
||||
servers=dict(required=False, type='list', default=None),
|
||||
realm=dict(required=False, default=None),
|
||||
hostname=dict(required=False, default=None),
|
||||
ntp_servers=dict(required=False, type='list', default=None),
|
||||
ntp_pool=dict(required=False, default=None),
|
||||
domain=dict(required=False, type='str', default=None),
|
||||
servers=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
realm=dict(required=False, type='str', default=None),
|
||||
hostname=dict(required=False, type='str', default=None),
|
||||
ntp_servers=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
ntp_pool=dict(required=False, type='str', default=None),
|
||||
no_ntp=dict(required=False, type='bool', default=False),
|
||||
force_ntpd=dict(required=False, type='bool', default=False),
|
||||
nisdomain=dict(required=False, default=None),
|
||||
nisdomain=dict(required=False, type='str', default=None),
|
||||
no_nisdomain=dict(required=False, type='bool', default='no'),
|
||||
kinit_attempts=dict(required=False, type='int'),
|
||||
ca_cert_files=dict(required=False, type='list', default=None),
|
||||
ca_cert_files=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
configure_firefox=dict(required=False, type='bool', default=False),
|
||||
firefox_dir=dict(required=False),
|
||||
ip_addresses=dict(required=False, type='list', default=None),
|
||||
firefox_dir=dict(required=False, type='str'),
|
||||
ip_addresses=dict(required=False, type='list', elements='str',
|
||||
default=None),
|
||||
all_ip_addresses=dict(required=False, type='bool', default=False),
|
||||
on_master=dict(required=False, type='bool', default=False),
|
||||
# sssd
|
||||
enable_dns_updates=dict(required=False, type='bool',
|
||||
default=False),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
# module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
options.domain_name = module.params.get('domain')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -42,24 +42,31 @@ description:
|
||||
options:
|
||||
servers:
|
||||
description: Fully qualified name of IPA servers to enroll to
|
||||
required: no
|
||||
type: list
|
||||
elements: str
|
||||
required: yes
|
||||
domain:
|
||||
description: Primary DNS domain of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
realm:
|
||||
description: Kerberos realm name of the IPA deployment
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
hostname:
|
||||
description: Fully qualified name of this host
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
kdc:
|
||||
description: The name or address of the host running the KDC
|
||||
required: no
|
||||
type: str
|
||||
required: yes
|
||||
kinit_attempts:
|
||||
description: Repeat the request for host Kerberos ticket X times
|
||||
required: yes
|
||||
type: int
|
||||
default: 5
|
||||
author:
|
||||
- Thomas Woerner
|
||||
- Thomas Woerner (@t-woerner)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
@@ -91,6 +98,7 @@ krb5_keytab_ok:
|
||||
ca_crt_exists:
|
||||
description: The flag describes if ca.crt exists.
|
||||
returned: always
|
||||
type: str
|
||||
krb5_conf_ok:
|
||||
description: The flag describes if krb5.conf on the host is usable.
|
||||
returned: always
|
||||
@@ -106,7 +114,7 @@ import tempfile
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ansible_ipa_client import (
|
||||
setup_logging,
|
||||
setup_logging, check_imports,
|
||||
SECURE_PATH, paths, kinit_keytab, run, GSSError, configure_krb5_conf
|
||||
)
|
||||
|
||||
@@ -114,17 +122,18 @@ from ansible.module_utils.ansible_ipa_client import (
|
||||
def main():
|
||||
module = AnsibleModule(
|
||||
argument_spec=dict(
|
||||
servers=dict(required=True, type='list'),
|
||||
domain=dict(required=True),
|
||||
realm=dict(required=True),
|
||||
hostname=dict(required=True),
|
||||
kdc=dict(required=True),
|
||||
servers=dict(required=True, type='list', elements='str'),
|
||||
domain=dict(required=True, type='str'),
|
||||
realm=dict(required=True, type='str'),
|
||||
hostname=dict(required=True, type='str'),
|
||||
kdc=dict(required=True, type='str'),
|
||||
kinit_attempts=dict(required=False, type='int', default=5),
|
||||
),
|
||||
supports_check_mode=True,
|
||||
supports_check_mode=False,
|
||||
)
|
||||
|
||||
module._ansible_debug = True
|
||||
check_imports(module)
|
||||
setup_logging()
|
||||
|
||||
servers = module.params.get('servers')
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
#
|
||||
# Based on ipa-client-install code
|
||||
#
|
||||
# Copyright (C) 2017 Red Hat
|
||||
# Copyright (C) 2017-2022 Red Hat
|
||||
# see file 'COPYING' for use and warranty information
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
@@ -46,17 +46,36 @@ __all__ = ["gssapi", "version", "ipadiscovery", "api", "errors", "x509",
|
||||
"configure_nslcd_conf", "configure_ssh_config",
|
||||
"configure_sshd_config", "configure_automount",
|
||||
"configure_firefox", "sync_time", "check_ldap_conf",
|
||||
"sssd_enable_ifp", "getargspec"]
|
||||
"sssd_enable_ifp", "getargspec", "paths", "options",
|
||||
"IPA_PYTHON_VERSION", "NUM_VERSION", "certdb", "get_ca_cert",
|
||||
"ipalib", "logger", "ipautil", "installer"]
|
||||
|
||||
import sys
|
||||
|
||||
# HACK: workaround for Ansible 2.9
|
||||
# https://github.com/ansible/ansible/issues/68361
|
||||
if 'ansible.executor' in sys.modules:
|
||||
for attr in __all__:
|
||||
setattr(sys.modules[__name__], attr, None)
|
||||
# Import getargspec from inspect or provide own getargspec for
|
||||
# Python 2 compatibility with Python 3.11+.
|
||||
try:
|
||||
from inspect import getargspec
|
||||
except ImportError:
|
||||
from collections import namedtuple
|
||||
from inspect import getfullargspec
|
||||
|
||||
else:
|
||||
# The code is copied from Python 3.10 inspect.py
|
||||
# Authors: Ka-Ping Yee <ping@lfw.org>
|
||||
# Yury Selivanov <yselivanov@sprymix.com>
|
||||
ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults')
|
||||
|
||||
def getargspec(func):
|
||||
args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \
|
||||
ann = getfullargspec(func)
|
||||
if kwonlyargs or ann:
|
||||
raise ValueError(
|
||||
"Function has keyword-only parameters or annotations"
|
||||
", use inspect.signature() API which can support them")
|
||||
return ArgSpec(args, varargs, varkw, defaults)
|
||||
|
||||
|
||||
try:
|
||||
from ipapython.version import NUM_VERSION, VERSION
|
||||
|
||||
if NUM_VERSION < 30201:
|
||||
@@ -113,33 +132,12 @@ else:
|
||||
import gssapi
|
||||
import logging
|
||||
|
||||
# Import getargspec from inspect or provide own getargspec for
|
||||
# Python 2 compatibility with Python 3.11+.
|
||||
try:
|
||||
from inspect import getargspec
|
||||
except ImportError:
|
||||
from collections import namedtuple
|
||||
from inspect import getfullargspec
|
||||
|
||||
# The code is copied from Python 3.10 inspect.py
|
||||
# Authors: Ka-Ping Yee <ping@lfw.org>
|
||||
# Yury Selivanov <yselivanov@sprymix.com>
|
||||
ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults')
|
||||
|
||||
def getargspec(func):
|
||||
args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \
|
||||
ann = getfullargspec(func)
|
||||
if kwonlyargs or ann:
|
||||
raise ValueError(
|
||||
"Function has keyword-only parameters or annotations"
|
||||
", use inspect.signature() API which can support them")
|
||||
return ArgSpec(args, varargs, varkw, defaults)
|
||||
|
||||
from ipapython import version
|
||||
try:
|
||||
from ipaclient.install import ipadiscovery
|
||||
except ImportError:
|
||||
from ipaclient import ipadiscovery
|
||||
import ipalib
|
||||
from ipalib import api, errors, x509
|
||||
from ipalib import constants
|
||||
try:
|
||||
@@ -312,6 +310,15 @@ else:
|
||||
|
||||
raise Exception("freeipa version '%s' is too old" % VERSION)
|
||||
|
||||
except ImportError as _err:
|
||||
ANSIBLE_IPA_CLIENT_MODULE_IMPORT_ERROR = str(_err)
|
||||
|
||||
for attr in __all__:
|
||||
setattr(sys.modules[__name__], attr, None)
|
||||
|
||||
else:
|
||||
ANSIBLE_IPA_CLIENT_MODULE_IMPORT_ERROR = None
|
||||
|
||||
|
||||
def setup_logging():
|
||||
standard_logging_setup(
|
||||
@@ -333,3 +340,8 @@ def ansible_module_get_parsed_ip_addresses(ansible_module,
|
||||
ansible_module.fail_json(msg="Invalid IP Address %s: %s" % (ip, e))
|
||||
ip_addrs.append(ip_parsed)
|
||||
return ip_addrs
|
||||
|
||||
|
||||
def check_imports(module):
|
||||
if ANSIBLE_IPA_CLIENT_MODULE_IMPORT_ERROR is not None:
|
||||
module.fail_json(msg=ANSIBLE_IPA_CLIENT_MODULE_IMPORT_ERROR)
|
||||
|
||||
Reference in New Issue
Block a user