internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-11 19:25:54 +00:00
Code Issues Projects Releases Wiki Activity

New global ansible_ipa_client utils module

Browse Source 
With ansible 2.3.1 it is possible to have one place as an additional utils
module to do all the needed steps to be able to generate the environment for
new and older ipa versions.

The library modules are now a lot smaller.

The minimal ansible version has been increased to 2.3.1.

In the future it might now also be possible to have a special
ansible_ipa_client version for ipa < 4.4 in this utils module.
This commit is contained in:
Thomas Woerner
2017-11-09 13:10:20 +01:00
parent 9259899db5
commit d8ba096eb9
11 changed files with 191 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
library/ipajoin.py
View File

@@ -120,81 +120,11 @@ already_joined:
type: bool
'''
class Object(object):
pass
options = Object()
import os
import sys
import gssapi
import tempfile
import inspect
from ansible.module_utils.basic import AnsibleModule
from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 40400:
raise Exception("freeipa version '%s' is too old" % VERSION)
from ipalib import errors
from ipaplatform.paths import paths
try:
from ipalib.install import sysrestore
except ImportError:
from ipapython import sysrestore
try:
from ipalib.install.kinit import kinit_keytab, kinit_password
except ImportError:
from ipapython.ipautil import kinit_keytab, kinit_password
try:
from ipaclient.install.client import configure_krb5_conf, get_ca_certs, \
SECURE_PATH
except ImportError:
# Create temporary copy of ipa-client-install script (as
# ipa_client_install.py) to be able to import the script easily
# and also to remove the global finally clause in which the
# generated ccache file gets removed. The ccache file will be
# needed in the next step.
# This is done in a temporary directory that gets removed right
# after ipa_client_install has been imported.
import shutil
temp_dir = tempfile.mkdtemp(dir="/tmp")
sys.path.append(temp_dir)
temp_file = "%s/ipa_client_install.py" % temp_dir
with open("/usr/sbin/ipa-client-install", "r") as f_in:
with open(temp_file, "w") as f_out:
for line in f_in:
if line.startswith("finally:"):
break
f_out.write(line)
import ipa_client_install
shutil.rmtree(temp_dir, ignore_errors=True)
sys.path.remove(temp_dir)
argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
if argspec.keywords is None:
def configure_krb5_conf(
cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
filename, client_domain, client_hostname, force,
configure_sssd):
global options
options.force = force
options.sssd = configure_sssd
return ipa_client_install.configure_krb5_conf(
cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
filename, client_domain, client_hostname)
else:
configure_krb5_conf = ipa_client_install.configure_krb5_conf
if NUM_VERSION < 40100:
get_ca_cert = ipa_client_install.get_ca_cert
else:
get_ca_certs = ipa_client_install.get_ca_certs
SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
from ipapython.ipautil import realm_to_suffix, run
import logging
logger = logging.getLogger("ipa-client-install")
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
@@ -295,7 +225,7 @@ def main():
ccache_name,
config=krb_name,
attempts=kinit_attempts)
except gssapi.exceptions.GSSError as e:
except GSSError as e:
module.fail_json(
msg="Kerberos authentication failed: {}".format(e))
else:
@@ -356,7 +286,7 @@ def main():
config=krb_name,
attempts=kinit_attempts)
env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
except gssapi.exceptions.GSSError as e:
except GSSError as e:
# failure to get ticket makes it impossible to login and
# bind from sssd to LDAP, abort installation
module.fail_json(msg="Failed to obtain host TGT: %s" % e)