|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Authors:
|
|
Packit Service |
0a38ef |
# Thomas Woerner <twoerner@redhat.com>
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Copyright (C) 2019 Red Hat
|
|
Packit Service |
0a38ef |
# see file 'COPYING' for use and warranty information
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
0a38ef |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
0a38ef |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
0a38ef |
# (at your option) any later version.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
0a38ef |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
0a38ef |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
0a38ef |
# GNU General Public License for more details.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
0a38ef |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ANSIBLE_METADATA = {
|
|
Packit Service |
0a38ef |
"metadata_version": "1.0",
|
|
Packit Service |
0a38ef |
"supported_by": "community",
|
|
Packit Service |
0a38ef |
"status": ["preview"],
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
DOCUMENTATION = """
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
module: ipahost
|
|
Packit Service |
0a38ef |
short description: Manage FreeIPA hosts
|
|
Packit Service |
0a38ef |
description: Manage FreeIPA hosts
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
ipaadmin_principal:
|
|
Packit Service |
0a38ef |
description: The admin principal
|
|
Packit Service |
0a38ef |
default: admin
|
|
Packit Service |
0a38ef |
ipaadmin_password:
|
|
Packit Service |
0a38ef |
description: The admin password
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
name:
|
|
Packit Service |
0a38ef |
description: The full qualified domain name.
|
|
Packit Service |
0a38ef |
aliases: ["fqdn"]
|
|
Packit Service |
0a38ef |
required: true
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
hosts:
|
|
Packit Service |
0a38ef |
description: The list of user host dicts
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
name:
|
|
Packit Service |
0a38ef |
description: The host (internally uid).
|
|
Packit Service |
0a38ef |
aliases: ["fqdn"]
|
|
Packit Service |
0a38ef |
required: true
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
description: The host description
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
locality:
|
|
Packit Service |
0a38ef |
description: Host locality (e.g. "Baltimore, MD")
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
location:
|
|
Packit Service |
0a38ef |
description: Host location (e.g. "Lab 2")
|
|
Packit Service |
0a38ef |
aliases: ["ns_host_location"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
platform:
|
|
Packit Service |
0a38ef |
description: Host hardware platform (e.g. "Lenovo T61")
|
|
Packit Service |
0a38ef |
aliases: ["ns_hardware_platform"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
os:
|
|
Packit Service |
0a38ef |
description: Host operating system and version (e.g. "Fedora 9")
|
|
Packit Service |
0a38ef |
aliases: ["ns_os_version"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
password:
|
|
Packit Service |
0a38ef |
description: Password used in bulk enrollment
|
|
Packit Service |
0a38ef |
aliases: ["user_password", "userpassword"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
random:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Initiate the generation of a random password to be used in bulk
|
|
Packit Service |
0a38ef |
enrollment
|
|
Packit Service |
0a38ef |
aliases: ["random_password"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
certificate:
|
|
Packit Service |
0a38ef |
description: List of base-64 encoded host certificates
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["usercertificate"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
managedby_host:
|
|
Packit Service |
0a38ef |
description: List of hosts that can manage this host
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["principalname", "krbprincipalname"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
principal:
|
|
Packit Service |
0a38ef |
description: List of principal aliases for this host
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["principalname", "krbprincipalname"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_user:
|
|
Packit Service |
0a38ef |
description: Users allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_user"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_group:
|
|
Packit Service |
0a38ef |
description: Groups allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_group"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_host:
|
|
Packit Service |
0a38ef |
description: Hosts allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_host"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup:
|
|
Packit Service |
0a38ef |
description: Hostgroups allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_hostgroup"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user:
|
|
Packit Service |
0a38ef |
description: Users allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_user"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group:
|
|
Packit Service |
0a38ef |
description: Groups allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_group"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host:
|
|
Packit Service |
0a38ef |
description: Hosts allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_host"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup:
|
|
Packit Service |
0a38ef |
description: Hostgroups allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_hostgroup"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
mac_address:
|
|
Packit Service |
0a38ef |
description: List of hardware MAC addresses.
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["macaddress"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
sshpubkey:
|
|
Packit Service |
0a38ef |
description: List of SSH public keys
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["ipasshpubkey"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
userclass:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Host category (semantics placed on this attribute are for local
|
|
Packit Service |
0a38ef |
interpretation)
|
|
Packit Service |
0a38ef |
aliases: ["class"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
auth_ind:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Defines a whitelist for Authentication Indicators. Use 'otp' to allow
|
|
Packit Service |
0a38ef |
OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA
|
|
Packit Service |
0a38ef |
authentications. Other values may be used for custom configurations.
|
|
Packit Service |
0a38ef |
Use empty string to reset auth_ind to the initial value.
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["krbprincipalauthind"]
|
|
Packit Service |
0a38ef |
choices: ["radius", "otp", "pkinit", "hardened", ""]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
requires_pre_auth:
|
|
Packit Service |
0a38ef |
description: Pre-authentication is required for the service
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
aliases: ["ipakrbrequirespreauth"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
ok_as_delegate:
|
|
Packit Service |
0a38ef |
description: Client credentials may be delegated to the service
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
aliases: ["ipakrbokasdelegate"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
The service is allowed to authenticate on behalf of a client
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
aliases: ["ipakrboktoauthasdelegate"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
force:
|
|
Packit Service |
0a38ef |
description: Force host name even if not in DNS
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
reverse:
|
|
Packit Service |
0a38ef |
description: Reverse DNS detection
|
|
Packit Service |
0a38ef |
default: true
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
ip_address:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
The host IP address list (IPv4 and IPv6). No IP address conflict
|
|
Packit Service |
0a38ef |
check will be done.
|
|
Packit Service |
0a38ef |
aliases: ["ipaddress"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
update_dns:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Controls the update of the DNS SSHFP records for existing hosts and
|
|
Packit Service |
0a38ef |
the removal of all DNS entries if a host gets removed with state
|
|
Packit Service |
0a38ef |
absent.
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
description: The host description
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
locality:
|
|
Packit Service |
0a38ef |
description: Host locality (e.g. "Baltimore, MD")
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
location:
|
|
Packit Service |
0a38ef |
description: Host location (e.g. "Lab 2")
|
|
Packit Service |
0a38ef |
aliases: ["ns_host_location"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
platform:
|
|
Packit Service |
0a38ef |
description: Host hardware platform (e.g. "Lenovo T61")
|
|
Packit Service |
0a38ef |
aliases: ["ns_hardware_platform"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
os:
|
|
Packit Service |
0a38ef |
description: Host operating system and version (e.g. "Fedora 9")
|
|
Packit Service |
0a38ef |
aliases: ["ns_os_version"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
password:
|
|
Packit Service |
0a38ef |
description: Password used in bulk enrollment
|
|
Packit Service |
0a38ef |
aliases: ["user_password", "userpassword"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
random:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Initiate the generation of a random password to be used in bulk
|
|
Packit Service |
0a38ef |
enrollment
|
|
Packit Service |
0a38ef |
aliases: ["random_password"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
certificate:
|
|
Packit Service |
0a38ef |
description: List of base-64 encoded host certificates
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["usercertificate"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
managedby_host:
|
|
Packit Service |
0a38ef |
description: List of hosts that can manage this host
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["principalname", "krbprincipalname"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
principal:
|
|
Packit Service |
0a38ef |
description: List of principal aliases for this host
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["principalname", "krbprincipalname"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_user:
|
|
Packit Service |
0a38ef |
description: Users allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_user"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_group:
|
|
Packit Service |
0a38ef |
description: Groups allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_group"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_host:
|
|
Packit Service |
0a38ef |
description: Hosts allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_host"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup:
|
|
Packit Service |
0a38ef |
description: Hostgroups allowed to create a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_write_keys_hostgroup"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user:
|
|
Packit Service |
0a38ef |
description: Users allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_user"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group:
|
|
Packit Service |
0a38ef |
description: Groups allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_group"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host:
|
|
Packit Service |
0a38ef |
description: Hosts allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_host"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup:
|
|
Packit Service |
0a38ef |
description: Hostgroups allowed to retrieve a keytab of this host
|
|
Packit Service |
0a38ef |
aliases: ["ipaallowedtoperform_read_keys_hostgroup"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
mac_address:
|
|
Packit Service |
0a38ef |
description: List of hardware MAC addresses.
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["macaddress"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
sshpubkey:
|
|
Packit Service |
0a38ef |
description: List of SSH public keys
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["ipasshpubkey"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
userclass:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Host category (semantics placed on this attribute are for local
|
|
Packit Service |
0a38ef |
interpretation)
|
|
Packit Service |
0a38ef |
aliases: ["class"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
auth_ind:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Defines a whitelist for Authentication Indicators. Use 'otp' to allow
|
|
Packit Service |
0a38ef |
OTP-based 2FA authentications. Use 'radius' to allow RADIUS-based 2FA
|
|
Packit Service |
0a38ef |
authentications. Other values may be used for custom configurations.
|
|
Packit Service |
0a38ef |
Use empty string to reset auth_ind to the initial value.
|
|
Packit Service |
0a38ef |
type: list
|
|
Packit Service |
0a38ef |
aliases: ["krbprincipalauthind"]
|
|
Packit Service |
0a38ef |
choices: ["radius", "otp", "pkinit", "hardened", ""]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
requires_pre_auth:
|
|
Packit Service |
0a38ef |
description: Pre-authentication is required for the service
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
aliases: ["ipakrbrequirespreauth"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
ok_as_delegate:
|
|
Packit Service |
0a38ef |
description: Client credentials may be delegated to the service
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
aliases: ["ipakrbokasdelegate"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate:
|
|
Packit Service |
0a38ef |
description: The service is allowed to authenticate on behalf of a client
|
|
Packit Service |
0a38ef |
type: bool
|
|
Packit Service |
0a38ef |
aliases: ["ipakrboktoauthasdelegate"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
force:
|
|
Packit Service |
0a38ef |
description: Force host name even if not in DNS
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
reverse:
|
|
Packit Service |
0a38ef |
description: Reverse DNS detection
|
|
Packit Service |
0a38ef |
default: true
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
ip_address:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
The host IP address list (IPv4 and IPv6). No IP address conflict
|
|
Packit Service |
0a38ef |
check will be done.
|
|
Packit Service |
0a38ef |
aliases: ["ipaddress"]
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
update_dns:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Controls the update of the DNS SSHFP records for existing hosts and
|
|
Packit Service |
0a38ef |
the removal of all DNS entries if a host gets removed with state
|
|
Packit Service |
0a38ef |
absent.
|
|
Packit Service |
0a38ef |
required: false
|
|
Packit Service |
0a38ef |
update_password:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Set password for a host in present state only on creation or always
|
|
Packit Service |
0a38ef |
default: 'always'
|
|
Packit Service |
0a38ef |
choices: ["always", "on_create"]
|
|
Packit Service |
0a38ef |
action:
|
|
Packit Service |
0a38ef |
description: Work on host or member level
|
|
Packit Service |
0a38ef |
default: "host"
|
|
Packit Service |
0a38ef |
choices: ["member", "host"]
|
|
Packit Service |
0a38ef |
state:
|
|
Packit Service |
0a38ef |
description: State to ensure
|
|
Packit Service |
0a38ef |
default: present
|
|
Packit Service |
0a38ef |
choices: ["present", "absent",
|
|
Packit Service |
0a38ef |
"disabled"]
|
|
Packit Service |
0a38ef |
author:
|
|
Packit Service |
0a38ef |
- Thomas Woerner
|
|
Packit Service |
0a38ef |
"""
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
EXAMPLES = """
|
|
Packit Service |
0a38ef |
# Ensure host is present
|
|
Packit Service |
0a38ef |
- ipahost:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: host01.example.com
|
|
Packit Service |
0a38ef |
description: Example host
|
|
Packit Service |
0a38ef |
ip_address: 192.168.0.123
|
|
Packit Service |
0a38ef |
locality: Lab
|
|
Packit Service |
0a38ef |
ns_host_location: Lab
|
|
Packit Service |
0a38ef |
ns_os_version: CentOS 7
|
|
Packit Service |
0a38ef |
ns_hardware_platform: Lenovo T61
|
|
Packit Service |
0a38ef |
mac_address:
|
|
Packit Service |
0a38ef |
- "08:00:27:E3:B1:2D"
|
|
Packit Service |
0a38ef |
- "52:54:00:BD:97:1E"
|
|
Packit Service |
0a38ef |
state: present
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Ensure host is present without DNS
|
|
Packit Service |
0a38ef |
- ipahost:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: host02.example.com
|
|
Packit Service |
0a38ef |
description: Example host
|
|
Packit Service |
0a38ef |
force: yes
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Initiate generation of a random password for the host
|
|
Packit Service |
0a38ef |
- ipahost:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: host01.example.com
|
|
Packit Service |
0a38ef |
description: Example host
|
|
Packit Service |
0a38ef |
ip_address: 192.168.0.123
|
|
Packit Service |
0a38ef |
random: yes
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Ensure host is disabled
|
|
Packit Service |
0a38ef |
- ipahost:
|
|
Packit Service |
0a38ef |
ipaadmin_password: SomeADMINpassword
|
|
Packit Service |
0a38ef |
name: host01.example.com
|
|
Packit Service |
0a38ef |
update_dns: yes
|
|
Packit Service |
0a38ef |
state: disabled
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Ensure host is absent
|
|
Packit Service |
0a38ef |
- ipahost:
|
|
Packit Service |
0a38ef |
ipaadmin_password: password1
|
|
Packit Service |
0a38ef |
name: host01.example.com
|
|
Packit Service |
0a38ef |
state: absent
|
|
Packit Service |
0a38ef |
"""
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
RETURN = """
|
|
Packit Service |
0a38ef |
host:
|
|
Packit Service |
0a38ef |
description: Host dict with random password
|
|
Packit Service |
0a38ef |
returned: If random is yes and user did not exist or update_password is yes
|
|
Packit Service |
0a38ef |
type: dict
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
randompassword:
|
|
Packit Service |
0a38ef |
description: The generated random password
|
|
Packit Service |
0a38ef |
returned: If only one user is handled by the module
|
|
Packit Service |
0a38ef |
name:
|
|
Packit Service |
0a38ef |
description: The user name of the user that got a new random password
|
|
Packit Service |
0a38ef |
returned: If several users are handled by the module
|
|
Packit Service |
0a38ef |
type: dict
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
randompassword:
|
|
Packit Service |
0a38ef |
description: The generated random password
|
|
Packit Service |
0a38ef |
returned: always
|
|
Packit Service |
0a38ef |
"""
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ansible.module_utils.basic import AnsibleModule
|
|
Packit Service |
0a38ef |
from ansible.module_utils._text import to_text
|
|
Packit Service |
0a38ef |
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
|
|
Packit Service |
0a38ef |
temp_kdestroy, valid_creds, api_connect, api_command, compare_args_ipa, \
|
|
Packit Service |
0a38ef |
module_params_get, gen_add_del_lists, encode_certificate, api_get_realm, \
|
|
Packit Service |
0a38ef |
is_ipv4_addr, is_ipv6_addr, ipalib_errors
|
|
Packit Service |
0a38ef |
import six
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if six.PY3:
|
|
Packit Service |
0a38ef |
unicode = str
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def find_host(module, name):
|
|
Packit Service |
0a38ef |
_args = {
|
|
Packit Service |
0a38ef |
"all": True,
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
_result = api_command(module, "host_show", to_text(name), _args)
|
|
Packit Service |
0a38ef |
except ipalib_errors.NotFound as e:
|
|
Packit Service |
0a38ef |
msg = str(e)
|
|
Packit Service |
0a38ef |
if "host not found" in msg:
|
|
Packit Service |
0a38ef |
return None
|
|
Packit Service |
0a38ef |
module.fail_json(msg="host_show failed: %s" % msg)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
_res = _result["result"]
|
|
Packit Service |
0a38ef |
certs = _res.get("usercertificate")
|
|
Packit Service |
0a38ef |
if certs is not None:
|
|
Packit Service |
0a38ef |
_res["usercertificate"] = [encode_certificate(cert) for
|
|
Packit Service |
0a38ef |
cert in certs]
|
|
Packit Service |
0a38ef |
return _res
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def find_dnsrecord(module, name):
|
|
Packit Service |
a166ed |
"""
|
|
Packit Service |
a166ed |
Search for a DNS record.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
This function may raise ipalib_errors.NotFound in some cases,
|
|
Packit Service |
a166ed |
and it should be handled by the caller.
|
|
Packit Service |
a166ed |
"""
|
|
Packit Service |
0a38ef |
domain_name = name[name.find(".")+1:]
|
|
Packit Service |
0a38ef |
host_name = name[:name.find(".")]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
_args = {
|
|
Packit Service |
0a38ef |
"all": True,
|
|
Packit Service |
0a38ef |
"idnsname": to_text(host_name)
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
a166ed |
_result = api_command(module, "dnsrecord_show", to_text(domain_name),
|
|
Packit Service |
a166ed |
_args)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return _result["result"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def show_host(module, name):
|
|
Packit Service |
0a38ef |
_result = api_command(module, "host_show", to_text(name), {})
|
|
Packit Service |
0a38ef |
return _result["result"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def gen_args(description, locality, location, platform, os, password, random,
|
|
Packit Service |
0a38ef |
mac_address, sshpubkey, userclass, auth_ind, requires_pre_auth,
|
|
Packit Service |
0a38ef |
ok_as_delegate, ok_to_auth_as_delegate, force, reverse,
|
|
Packit Service |
0a38ef |
ip_address, update_dns):
|
|
Packit Service |
0a38ef |
# certificate, managedby_host, principal, create_keytab_* and
|
|
Packit Service |
0a38ef |
# allow_retrieve_keytab_* are not handled here
|
|
Packit Service |
0a38ef |
_args = {}
|
|
Packit Service |
0a38ef |
if description is not None:
|
|
Packit Service |
0a38ef |
_args["description"] = description
|
|
Packit Service |
0a38ef |
if locality is not None:
|
|
Packit Service |
0a38ef |
_args["l"] = locality
|
|
Packit Service |
0a38ef |
if location is not None:
|
|
Packit Service |
0a38ef |
_args["nshostlocation"] = location
|
|
Packit Service |
0a38ef |
if platform is not None:
|
|
Packit Service |
0a38ef |
_args["nshardwareplatform"] = platform
|
|
Packit Service |
0a38ef |
if os is not None:
|
|
Packit Service |
0a38ef |
_args["nsosversion"] = os
|
|
Packit Service |
0a38ef |
if password is not None:
|
|
Packit Service |
0a38ef |
_args["userpassword"] = password
|
|
Packit Service |
0a38ef |
if random is not None:
|
|
Packit Service |
0a38ef |
_args["random"] = random
|
|
Packit Service |
0a38ef |
if mac_address is not None:
|
|
Packit Service |
0a38ef |
_args["macaddress"] = mac_address
|
|
Packit Service |
0a38ef |
if sshpubkey is not None:
|
|
Packit Service |
0a38ef |
_args["ipasshpubkey"] = sshpubkey
|
|
Packit Service |
0a38ef |
if userclass is not None:
|
|
Packit Service |
0a38ef |
_args["userclass"] = userclass
|
|
Packit Service |
0a38ef |
if auth_ind is not None:
|
|
Packit Service |
0a38ef |
_args["krbprincipalauthind"] = auth_ind
|
|
Packit Service |
0a38ef |
if requires_pre_auth is not None:
|
|
Packit Service |
0a38ef |
_args["ipakrbrequirespreauth"] = requires_pre_auth
|
|
Packit Service |
0a38ef |
if ok_as_delegate is not None:
|
|
Packit Service |
0a38ef |
_args["ipakrbokasdelegate"] = ok_as_delegate
|
|
Packit Service |
0a38ef |
if ok_to_auth_as_delegate is not None:
|
|
Packit Service |
0a38ef |
_args["ipakrboktoauthasdelegate"] = ok_to_auth_as_delegate
|
|
Packit Service |
0a38ef |
if force is not None:
|
|
Packit Service |
0a38ef |
_args["force"] = force
|
|
Packit Service |
0a38ef |
if ip_address is not None:
|
|
Packit Service |
0a38ef |
# IP addresses are handed extra, therefore it is needed to set
|
|
Packit Service |
0a38ef |
# the force option here to make sure that host-add is able to
|
|
Packit Service |
0a38ef |
# add a host without IP address.
|
|
Packit Service |
0a38ef |
_args["force"] = True
|
|
Packit Service |
0a38ef |
if update_dns is not None:
|
|
Packit Service |
0a38ef |
_args["updatedns"] = update_dns
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return _args
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def gen_dnsrecord_args(module, ip_address, reverse):
|
|
Packit Service |
0a38ef |
_args = {}
|
|
Packit Service |
0a38ef |
if reverse is not None:
|
|
Packit Service |
0a38ef |
_args["a_extra_create_reverse"] = reverse
|
|
Packit Service |
0a38ef |
_args["aaaa_extra_create_reverse"] = reverse
|
|
Packit Service |
0a38ef |
if ip_address is not None:
|
|
Packit Service |
0a38ef |
for ip in ip_address:
|
|
Packit Service |
0a38ef |
if is_ipv4_addr(ip):
|
|
Packit Service |
0a38ef |
_args.setdefault("arecord", []).append(ip)
|
|
Packit Service |
0a38ef |
elif is_ipv6_addr(ip):
|
|
Packit Service |
0a38ef |
_args.setdefault("aaaarecord", []).append(ip)
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
module.fail_json(msg="'%s' is not a valid IP address." % ip)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return _args
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def check_parameters(
|
|
Packit Service |
0a38ef |
module, state, action,
|
|
Packit Service |
0a38ef |
description, locality, location, platform, os, password, random,
|
|
Packit Service |
0a38ef |
certificate, managedby_host, principal, allow_create_keytab_user,
|
|
Packit Service |
0a38ef |
allow_create_keytab_group, allow_create_keytab_host,
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup, allow_retrieve_keytab_user,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group, allow_retrieve_keytab_host,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup, mac_address, sshpubkey,
|
|
Packit Service |
0a38ef |
userclass, auth_ind, requires_pre_auth, ok_as_delegate,
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate, force, reverse, ip_address, update_dns,
|
|
Packit Service |
0a38ef |
update_password):
|
|
Packit Service |
0a38ef |
if state == "present":
|
|
Packit Service |
0a38ef |
if action == "member":
|
|
Packit Service |
0a38ef |
# certificate, managedby_host, principal,
|
|
Packit Service |
0a38ef |
# allow_create_keytab_*, allow_retrieve_keytab_*,
|
|
Packit Service |
0a38ef |
invalid = ["description", "locality", "location", "platform",
|
|
Packit Service |
0a38ef |
"os", "password", "random", "mac_address", "sshpubkey",
|
|
Packit Service |
0a38ef |
"userclass", "auth_ind", "requires_pre_auth",
|
|
Packit Service |
0a38ef |
"ok_as_delegate", "ok_to_auth_as_delegate", "force",
|
|
Packit Service |
0a38ef |
"reverse", "update_dns", "update_password"]
|
|
Packit Service |
0a38ef |
for x in invalid:
|
|
Packit Service |
0a38ef |
if vars()[x] is not None:
|
|
Packit Service |
0a38ef |
module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Argument '%s' can not be used with action "
|
|
Packit Service |
0a38ef |
"'%s'" % (x, action))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if state == "absent":
|
|
Packit Service |
0a38ef |
invalid = ["description", "locality", "location", "platform", "os",
|
|
Packit Service |
0a38ef |
"password", "random", "mac_address", "sshpubkey",
|
|
Packit Service |
0a38ef |
"userclass", "auth_ind", "requires_pre_auth",
|
|
Packit Service |
0a38ef |
"ok_as_delegate", "ok_to_auth_as_delegate", "force",
|
|
Packit Service |
0a38ef |
"reverse", "update_password"]
|
|
Packit Service |
0a38ef |
for x in invalid:
|
|
Packit Service |
0a38ef |
if vars()[x] is not None:
|
|
Packit Service |
0a38ef |
module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Argument '%s' can not be used with state '%s'" %
|
|
Packit Service |
0a38ef |
(x, state))
|
|
Packit Service |
0a38ef |
if action == "host":
|
|
Packit Service |
0a38ef |
invalid = [
|
|
Packit Service |
0a38ef |
"certificate", "managedby_host", "principal",
|
|
Packit Service |
0a38ef |
"allow_create_keytab_user", "allow_create_keytab_group",
|
|
Packit Service |
0a38ef |
"allow_create_keytab_host", "allow_create_keytab_hostgroup",
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_user", "allow_retrieve_keytab_group",
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_host",
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_hostgroup"
|
|
Packit Service |
0a38ef |
]
|
|
Packit Service |
0a38ef |
for x in invalid:
|
|
Packit Service |
0a38ef |
if vars()[x] is not None:
|
|
Packit Service |
0a38ef |
module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Argument '%s' can only be used with action "
|
|
Packit Service |
0a38ef |
"'member' for state '%s'" % (x, state))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def main():
|
|
Packit Service |
0a38ef |
host_spec = dict(
|
|
Packit Service |
0a38ef |
# present
|
|
Packit Service |
0a38ef |
description=dict(type="str", default=None),
|
|
Packit Service |
0a38ef |
locality=dict(type="str", default=None),
|
|
Packit Service |
0a38ef |
location=dict(type="str", aliases=["ns_host_location"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
platform=dict(type="str", aliases=["ns_hardware_platform"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
os=dict(type="str", aliases=["ns_os_version"], default=None),
|
|
Packit Service |
0a38ef |
password=dict(type="str",
|
|
Packit Service |
0a38ef |
aliases=["user_password", "userpassword"],
|
|
Packit Service |
0a38ef |
default=None, no_log=True),
|
|
Packit Service |
0a38ef |
random=dict(type="bool", aliases=["random_password"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
certificate=dict(type="list", aliases=["usercertificate"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
managedby_host=dict(type="list",
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
principal=dict(type="list", aliases=["krbprincipalname"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_create_keytab_user=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_user"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_create_keytab_group=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_group"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_create_keytab_host=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_host"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_hostgroup"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_user"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_group"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_host"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup=dict(
|
|
Packit Service |
0a38ef |
type="list",
|
|
Packit Service |
0a38ef |
aliases=["ipaallowedtoperform_write_keys_hostgroup"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
mac_address=dict(type="list", aliases=["macaddress"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
sshpubkey=dict(type="str", aliases=["ipasshpubkey"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
userclass=dict(type="list", aliases=["class"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
auth_ind=dict(type='list', aliases=["krbprincipalauthind"],
|
|
Packit Service |
0a38ef |
default=None,
|
|
Packit Service |
0a38ef |
choices=['radius', 'otp', 'pkinit', 'hardened', '']),
|
|
Packit Service |
0a38ef |
requires_pre_auth=dict(type="bool", aliases=["ipakrbrequirespreauth"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
ok_as_delegate=dict(type="bool", aliases=["ipakrbokasdelegate"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate=dict(type="bool",
|
|
Packit Service |
0a38ef |
aliases=["ipakrboktoauthasdelegate"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
force=dict(type='bool', default=None),
|
|
Packit Service |
0a38ef |
reverse=dict(type='bool', default=None),
|
|
Packit Service |
0a38ef |
ip_address=dict(type="list", aliases=["ipaddress"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
update_dns=dict(type="bool", aliases=["updatedns"],
|
|
Packit Service |
0a38ef |
default=None),
|
|
Packit Service |
0a38ef |
# no_members
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# for update:
|
|
Packit Service |
0a38ef |
# krbprincipalname
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module = AnsibleModule(
|
|
Packit Service |
0a38ef |
argument_spec=dict(
|
|
Packit Service |
0a38ef |
# general
|
|
Packit Service |
0a38ef |
ipaadmin_principal=dict(type="str", default="admin"),
|
|
Packit Service |
0a38ef |
ipaadmin_password=dict(type="str", no_log=True),
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
name=dict(type="list", aliases=["fqdn"], default=None,
|
|
Packit Service |
0a38ef |
required=False),
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
hosts=dict(type="list", default=None,
|
|
Packit Service |
0a38ef |
options=dict(
|
|
Packit Service |
0a38ef |
# Here name is a simple string
|
|
Packit Service |
0a38ef |
name=dict(type="str", aliases=["fqdn"],
|
|
Packit Service |
0a38ef |
required=True),
|
|
Packit Service |
0a38ef |
# Add host specific parameters
|
|
Packit Service |
0a38ef |
**host_spec
|
|
Packit Service |
0a38ef |
),
|
|
Packit Service |
0a38ef |
elements='dict', required=False),
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# mod
|
|
Packit Service |
0a38ef |
update_password=dict(type='str', default=None,
|
|
Packit Service |
0a38ef |
choices=['always', 'on_create']),
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# general
|
|
Packit Service |
0a38ef |
action=dict(type="str", default="host",
|
|
Packit Service |
0a38ef |
choices=["member", "host"]),
|
|
Packit Service |
0a38ef |
state=dict(type="str", default="present",
|
|
Packit Service |
0a38ef |
choices=["present", "absent", "disabled"]),
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Add host specific parameters for simple use case
|
|
Packit Service |
0a38ef |
**host_spec
|
|
Packit Service |
0a38ef |
),
|
|
Packit Service |
0a38ef |
mutually_exclusive=[["name", "hosts"]],
|
|
Packit Service |
0a38ef |
required_one_of=[["name", "hosts"]],
|
|
Packit Service |
0a38ef |
supports_check_mode=True,
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module._ansible_debug = True
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Get parameters
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# general
|
|
Packit Service |
0a38ef |
ipaadmin_principal = module_params_get(ansible_module,
|
|
Packit Service |
0a38ef |
"ipaadmin_principal")
|
|
Packit Service |
0a38ef |
ipaadmin_password = module_params_get(ansible_module,
|
|
Packit Service |
0a38ef |
"ipaadmin_password")
|
|
Packit Service |
0a38ef |
names = module_params_get(ansible_module, "name")
|
|
Packit Service |
0a38ef |
hosts = module_params_get(ansible_module, "hosts")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# present
|
|
Packit Service |
0a38ef |
description = module_params_get(ansible_module, "description")
|
|
Packit Service |
0a38ef |
locality = module_params_get(ansible_module, "locality")
|
|
Packit Service |
0a38ef |
location = module_params_get(ansible_module, "location")
|
|
Packit Service |
0a38ef |
platform = module_params_get(ansible_module, "platform")
|
|
Packit Service |
0a38ef |
os = module_params_get(ansible_module, "os")
|
|
Packit Service |
0a38ef |
password = module_params_get(ansible_module, "password")
|
|
Packit Service |
0a38ef |
random = module_params_get(ansible_module, "random")
|
|
Packit Service |
0a38ef |
certificate = module_params_get(ansible_module, "certificate")
|
|
Packit Service |
0a38ef |
managedby_host = module_params_get(ansible_module, "managedby_host")
|
|
Packit Service |
0a38ef |
principal = module_params_get(ansible_module, "principal")
|
|
Packit Service |
0a38ef |
allow_create_keytab_user = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_create_keytab_user")
|
|
Packit Service |
0a38ef |
allow_create_keytab_group = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_create_keytab_group")
|
|
Packit Service |
0a38ef |
allow_create_keytab_host = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_create_keytab_host")
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_create_keytab_hostgroup")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_retrieve_keytab_user")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_retrieve_keytab_group")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_retrieve_keytab_host")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup = module_params_get(
|
|
Packit Service |
0a38ef |
ansible_module, "allow_retrieve_keytab_hostgroup")
|
|
Packit Service |
0a38ef |
mac_address = module_params_get(ansible_module, "mac_address")
|
|
Packit Service |
0a38ef |
sshpubkey = module_params_get(ansible_module, "sshpubkey")
|
|
Packit Service |
0a38ef |
userclass = module_params_get(ansible_module, "userclass")
|
|
Packit Service |
0a38ef |
auth_ind = module_params_get(ansible_module, "auth_ind")
|
|
Packit Service |
0a38ef |
requires_pre_auth = module_params_get(ansible_module, "requires_pre_auth")
|
|
Packit Service |
0a38ef |
ok_as_delegate = module_params_get(ansible_module, "ok_as_delegate")
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate = module_params_get(ansible_module,
|
|
Packit Service |
0a38ef |
"ok_to_auth_as_delegate")
|
|
Packit Service |
0a38ef |
force = module_params_get(ansible_module, "force")
|
|
Packit Service |
0a38ef |
reverse = module_params_get(ansible_module, "reverse")
|
|
Packit Service |
0a38ef |
ip_address = module_params_get(ansible_module, "ip_address")
|
|
Packit Service |
0a38ef |
update_dns = module_params_get(ansible_module, "update_dns")
|
|
Packit Service |
0a38ef |
update_password = module_params_get(ansible_module, "update_password")
|
|
Packit Service |
0a38ef |
# general
|
|
Packit Service |
0a38ef |
action = module_params_get(ansible_module, "action")
|
|
Packit Service |
0a38ef |
state = module_params_get(ansible_module, "state")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Check parameters
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if (names is None or len(names) < 1) and \
|
|
Packit Service |
0a38ef |
(hosts is None or len(hosts) < 1):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="One of name and hosts is required")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if state == "present":
|
|
Packit Service |
0a38ef |
if names is not None and len(names) != 1:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Only one host can be added at a time.")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
check_parameters(
|
|
Packit Service |
0a38ef |
ansible_module, state, action,
|
|
Packit Service |
0a38ef |
description, locality, location, platform, os, password, random,
|
|
Packit Service |
0a38ef |
certificate, managedby_host, principal, allow_create_keytab_user,
|
|
Packit Service |
0a38ef |
allow_create_keytab_group, allow_create_keytab_host,
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup, allow_retrieve_keytab_user,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group, allow_retrieve_keytab_host,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup, mac_address, sshpubkey, userclass,
|
|
Packit Service |
0a38ef |
auth_ind, requires_pre_auth, ok_as_delegate, ok_to_auth_as_delegate,
|
|
Packit Service |
0a38ef |
force, reverse, ip_address, update_dns, update_password)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Use hosts if names is None
|
|
Packit Service |
0a38ef |
if hosts is not None:
|
|
Packit Service |
0a38ef |
names = hosts
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Init
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
changed = False
|
|
Packit Service |
0a38ef |
exit_args = {}
|
|
Packit Service |
0a38ef |
ccache_dir = None
|
|
Packit Service |
0a38ef |
ccache_name = None
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
if not valid_creds(ansible_module, ipaadmin_principal):
|
|
Packit Service |
0a38ef |
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
|
|
Packit Service |
0a38ef |
ipaadmin_password)
|
|
Packit Service |
0a38ef |
api_connect()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Check version specific settings
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
server_realm = api_get_realm()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
commands = []
|
|
Packit Service |
a166ed |
host_set = set()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
for host in names:
|
|
Packit Service |
0a38ef |
if isinstance(host, dict):
|
|
Packit Service |
0a38ef |
name = host.get("name")
|
|
Packit Service |
a166ed |
if name in host_set:
|
|
Packit Service |
a166ed |
ansible_module.fail_json(
|
|
Packit Service |
a166ed |
msg="host '%s' is used more than once" % name)
|
|
Packit Service |
a166ed |
host_set.add(name)
|
|
Packit Service |
0a38ef |
description = host.get("description")
|
|
Packit Service |
0a38ef |
locality = host.get("locality")
|
|
Packit Service |
0a38ef |
location = host.get("location")
|
|
Packit Service |
0a38ef |
platform = host.get("platform")
|
|
Packit Service |
0a38ef |
os = host.get("os")
|
|
Packit Service |
0a38ef |
password = host.get("password")
|
|
Packit Service |
0a38ef |
random = host.get("random")
|
|
Packit Service |
0a38ef |
certificate = host.get("certificate")
|
|
Packit Service |
0a38ef |
managedby_host = host.get("managedby_host")
|
|
Packit Service |
0a38ef |
principal = host.get("principal")
|
|
Packit Service |
0a38ef |
allow_create_keytab_user = host.get(
|
|
Packit Service |
0a38ef |
"allow_create_keytab_user")
|
|
Packit Service |
0a38ef |
allow_create_keytab_group = host.get(
|
|
Packit Service |
0a38ef |
"allow_create_keytab_group")
|
|
Packit Service |
0a38ef |
allow_create_keytab_host = host.get(
|
|
Packit Service |
0a38ef |
"allow_create_keytab_host")
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup = host.get(
|
|
Packit Service |
0a38ef |
"allow_create_keytab_hostgroup")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user = host.get(
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_user")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group = host.get(
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_group")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host = host.get(
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_host")
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup = host.get(
|
|
Packit Service |
0a38ef |
"allow_retrieve_keytab_hostgroup")
|
|
Packit Service |
0a38ef |
mac_address = host.get("mac_address")
|
|
Packit Service |
0a38ef |
sshpubkey = host.get("sshpubkey")
|
|
Packit Service |
0a38ef |
userclass = host.get("userclass")
|
|
Packit Service |
0a38ef |
auth_ind = host.get("auth_ind")
|
|
Packit Service |
0a38ef |
requires_pre_auth = host.get("requires_pre_auth")
|
|
Packit Service |
0a38ef |
ok_as_delegate = host.get("ok_as_delegate")
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate = host.get("ok_to_auth_as_delegate")
|
|
Packit Service |
0a38ef |
force = host.get("force")
|
|
Packit Service |
0a38ef |
reverse = host.get("reverse")
|
|
Packit Service |
0a38ef |
ip_address = host.get("ip_address")
|
|
Packit Service |
0a38ef |
update_dns = host.get("update_dns")
|
|
Packit Service |
0a38ef |
# update_password is not part of hosts structure
|
|
Packit Service |
0a38ef |
# action is not part of hosts structure
|
|
Packit Service |
0a38ef |
# state is not part of hosts structure
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
check_parameters(
|
|
Packit Service |
0a38ef |
ansible_module, state, action,
|
|
Packit Service |
0a38ef |
description, locality, location, platform, os, password,
|
|
Packit Service |
0a38ef |
random, certificate, managedby_host, principal,
|
|
Packit Service |
0a38ef |
allow_create_keytab_user, allow_create_keytab_group,
|
|
Packit Service |
0a38ef |
allow_create_keytab_host, allow_create_keytab_hostgroup,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user, allow_retrieve_keytab_group,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup, mac_address, sshpubkey,
|
|
Packit Service |
0a38ef |
userclass, auth_ind, requires_pre_auth, ok_as_delegate,
|
|
Packit Service |
0a38ef |
ok_to_auth_as_delegate, force, reverse, ip_address,
|
|
Packit Service |
0a38ef |
update_dns, update_password)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
elif isinstance(host, str) or isinstance(host, unicode):
|
|
Packit Service |
0a38ef |
name = host
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="Host '%s' is not valid" %
|
|
Packit Service |
0a38ef |
repr(host))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Make sure host exists
|
|
Packit Service |
0a38ef |
res_find = find_host(ansible_module, name)
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
res_find_dnsrecord = find_dnsrecord(ansible_module, name)
|
|
Packit Service |
0a38ef |
except ipalib_errors.NotFound as e:
|
|
Packit Service |
0a38ef |
msg = str(e)
|
|
Packit Service |
0a38ef |
dns_not_configured = "DNS is not configured" in msg
|
|
Packit Service |
0a38ef |
dns_zone_not_found = "DNS zone not found" in msg
|
|
Packit Service |
a166ed |
dns_res_not_found = "DNS resource record not found" in msg
|
|
Packit Service |
a166ed |
if (
|
|
Packit Service |
a166ed |
dns_res_not_found
|
|
Packit Service |
a166ed |
or ip_address is None
|
|
Packit Service |
a166ed |
and (dns_not_configured or dns_zone_not_found)
|
|
Packit Service |
0a38ef |
):
|
|
Packit Service |
0a38ef |
# IP address(es) not given and no DNS support in IPA
|
|
Packit Service |
0a38ef |
# -> Ignore failure
|
|
Packit Service |
0a38ef |
# IP address(es) not given and DNS zone is not found
|
|
Packit Service |
0a38ef |
# -> Ignore failure
|
|
Packit Service |
0a38ef |
res_find_dnsrecord = None
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="%s: %s" % (host, msg))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Create command
|
|
Packit Service |
0a38ef |
if state == "present":
|
|
Packit Service |
0a38ef |
# Generate args
|
|
Packit Service |
0a38ef |
args = gen_args(
|
|
Packit Service |
0a38ef |
description, locality, location, platform, os, password,
|
|
Packit Service |
0a38ef |
random, mac_address, sshpubkey, userclass, auth_ind,
|
|
Packit Service |
0a38ef |
requires_pre_auth, ok_as_delegate, ok_to_auth_as_delegate,
|
|
Packit Service |
0a38ef |
force, reverse, ip_address, update_dns)
|
|
Packit Service |
0a38ef |
dnsrecord_args = gen_dnsrecord_args(
|
|
Packit Service |
0a38ef |
ansible_module, ip_address, reverse)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if action == "host":
|
|
Packit Service |
0a38ef |
# Found the host
|
|
Packit Service |
0a38ef |
if res_find is not None:
|
|
Packit Service |
0a38ef |
# Ignore password with update_password == on_create
|
|
Packit Service |
0a38ef |
if update_password == "on_create":
|
|
Packit Service |
0a38ef |
# Ignore userpassword and random for existing
|
|
Packit Service |
0a38ef |
# host if update_password is "on_create"
|
|
Packit Service |
0a38ef |
if "userpassword" in args:
|
|
Packit Service |
0a38ef |
del args["userpassword"]
|
|
Packit Service |
0a38ef |
if "random" in args:
|
|
Packit Service |
0a38ef |
del args["random"]
|
|
Packit Service |
0a38ef |
elif "userpassword" in args or "random" in args:
|
|
Packit Service |
0a38ef |
# Allow an existing OTP to be reset but don't
|
|
Packit Service |
0a38ef |
# allow a OTP or to be added to an enrolled host.
|
|
Packit Service |
0a38ef |
# Also do not allow to change the password for an
|
|
Packit Service |
0a38ef |
# enrolled host.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if not res_find["has_password"] and \
|
|
Packit Service |
0a38ef |
res_find["has_keytab"]:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="%s: Password cannot be set on "
|
|
Packit Service |
0a38ef |
"enrolled host." % host
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Ignore force, ip_address and no_reverse for mod
|
|
Packit Service |
0a38ef |
for x in ["force", "ip_address", "no_reverse"]:
|
|
Packit Service |
0a38ef |
if x in args:
|
|
Packit Service |
0a38ef |
del args[x]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Ignore auth_ind if it is empty (for resetting)
|
|
Packit Service |
0a38ef |
# and not set in for the host
|
|
Packit Service |
0a38ef |
if "krbprincipalauthind" not in res_find and \
|
|
Packit Service |
0a38ef |
"krbprincipalauthind" in args and \
|
|
Packit Service |
0a38ef |
args["krbprincipalauthind"] == ['']:
|
|
Packit Service |
0a38ef |
del args["krbprincipalauthind"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# For all settings is args, check if there are
|
|
Packit Service |
0a38ef |
# different settings in the find result.
|
|
Packit Service |
0a38ef |
# If yes: modify
|
|
Packit Service |
0a38ef |
if not compare_args_ipa(ansible_module, args,
|
|
Packit Service |
0a38ef |
res_find):
|
|
Packit Service |
0a38ef |
commands.append([name, "host_mod", args])
|
|
Packit Service |
0a38ef |
elif random and "userpassword" in res_find:
|
|
Packit Service |
0a38ef |
# Host exists and random is set, return
|
|
Packit Service |
0a38ef |
# userpassword
|
|
Packit Service |
0a38ef |
if len(names) == 1:
|
|
Packit Service |
0a38ef |
exit_args["userpassword"] = \
|
|
Packit Service |
0a38ef |
res_find["userpassword"]
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
exit_args.setdefault("hosts", {})[name] = {
|
|
Packit Service |
0a38ef |
"userpassword": res_find["userpassword"]
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
# Remove update_dns as it is not supported by host_add
|
|
Packit Service |
0a38ef |
if "updatedns" in args:
|
|
Packit Service |
0a38ef |
del args["updatedns"]
|
|
Packit Service |
0a38ef |
commands.append([name, "host_add", args])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Handle members: certificate, managedby_host, principal,
|
|
Packit Service |
0a38ef |
# allow_create_keytab and allow_retrieve_keytab
|
|
Packit Service |
0a38ef |
if res_find is not None:
|
|
Packit Service |
0a38ef |
certificate_add, certificate_del = gen_add_del_lists(
|
|
Packit Service |
0a38ef |
certificate, res_find.get("usercertificate"))
|
|
Packit Service |
0a38ef |
managedby_host_add, managedby_host_del = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(managedby_host,
|
|
Packit Service |
0a38ef |
res_find.get("managedby_host"))
|
|
Packit Service |
0a38ef |
principal_add, principal_del = gen_add_del_lists(
|
|
Packit Service |
0a38ef |
principal, res_find.get("principal"))
|
|
Packit Service |
0a38ef |
# Principals are not returned as utf8 for IPA using
|
|
Packit Service |
0a38ef |
# python2 using host_show, therefore we need to
|
|
Packit Service |
0a38ef |
# convert the principals that we should remove.
|
|
Packit Service |
0a38ef |
principal_del = [to_text(x) for x in principal_del]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
(allow_create_keytab_user_add,
|
|
Packit Service |
0a38ef |
allow_create_keytab_user_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_create_keytab_user,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_write_keys_user"))
|
|
Packit Service |
0a38ef |
(allow_create_keytab_group_add,
|
|
Packit Service |
0a38ef |
allow_create_keytab_group_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_create_keytab_group,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_write_keys_group"))
|
|
Packit Service |
0a38ef |
(allow_create_keytab_host_add,
|
|
Packit Service |
0a38ef |
allow_create_keytab_host_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_create_keytab_host,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_write_keys_host"))
|
|
Packit Service |
0a38ef |
(allow_create_keytab_hostgroup_add,
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_write_keys_"
|
|
Packit Service |
0a38ef |
"hostgroup"))
|
|
Packit Service |
0a38ef |
(allow_retrieve_keytab_user_add,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_read_keys_user"))
|
|
Packit Service |
0a38ef |
(allow_retrieve_keytab_group_add,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_read_keys_group"))
|
|
Packit Service |
0a38ef |
(allow_retrieve_keytab_host_add,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_read_keys_host"))
|
|
Packit Service |
0a38ef |
(allow_retrieve_keytab_hostgroup_add,
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup_del) = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup,
|
|
Packit Service |
0a38ef |
res_find.get(
|
|
Packit Service |
0a38ef |
"ipaallowedtoperform_read_keys_hostgroup"))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# IP addresses are not really a member of hosts, but
|
|
Packit Service |
0a38ef |
# we will simply treat it as this to enable the
|
|
Packit Service |
0a38ef |
# addition and removal of IPv4 and IPv6 addresses in
|
|
Packit Service |
0a38ef |
# a simple way.
|
|
Packit Service |
0a38ef |
_dnsrec = res_find_dnsrecord or {}
|
|
Packit Service |
0a38ef |
dnsrecord_a_add, dnsrecord_a_del = gen_add_del_lists(
|
|
Packit Service |
0a38ef |
dnsrecord_args.get("arecord"),
|
|
Packit Service |
0a38ef |
_dnsrec.get("arecord"))
|
|
Packit Service |
0a38ef |
dnsrecord_aaaa_add, dnsrecord_aaaa_del = \
|
|
Packit Service |
0a38ef |
gen_add_del_lists(
|
|
Packit Service |
0a38ef |
dnsrecord_args.get("aaaarecord"),
|
|
Packit Service |
0a38ef |
_dnsrec.get("aaaarecord"))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
if res_find is None:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="No host '%s'" % name)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if action != "host" or (action == "host" and res_find is None):
|
|
Packit Service |
0a38ef |
certificate_add = certificate or []
|
|
Packit Service |
0a38ef |
certificate_del = []
|
|
Packit Service |
0a38ef |
managedby_host_add = managedby_host or []
|
|
Packit Service |
0a38ef |
managedby_host_del = []
|
|
Packit Service |
0a38ef |
principal_add = principal or []
|
|
Packit Service |
0a38ef |
principal_del = []
|
|
Packit Service |
0a38ef |
allow_create_keytab_user_add = \
|
|
Packit Service |
0a38ef |
allow_create_keytab_user or []
|
|
Packit Service |
0a38ef |
allow_create_keytab_user_del = []
|
|
Packit Service |
0a38ef |
allow_create_keytab_group_add = \
|
|
Packit Service |
0a38ef |
allow_create_keytab_group or []
|
|
Packit Service |
0a38ef |
allow_create_keytab_group_del = []
|
|
Packit Service |
0a38ef |
allow_create_keytab_host_add = \
|
|
Packit Service |
0a38ef |
allow_create_keytab_host or []
|
|
Packit Service |
0a38ef |
allow_create_keytab_host_del = []
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup_add = \
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup or []
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup_del = []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user_add = \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user or []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_user_del = []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group_add = \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group or []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group_del = []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host_add = \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host or []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host_del = []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup_add = \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup or []
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup_del = []
|
|
Packit Service |
0a38ef |
dnsrecord_a_add = dnsrecord_args.get("arecord") or []
|
|
Packit Service |
0a38ef |
dnsrecord_a_del = []
|
|
Packit Service |
0a38ef |
dnsrecord_aaaa_add = dnsrecord_args.get("aaaarecord") or []
|
|
Packit Service |
0a38ef |
dnsrecord_aaaa_del = []
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Remove canonical principal from principal_del
|
|
Packit Service |
0a38ef |
canonical_principal = "host/" + name + "@" + server_realm
|
|
Packit Service |
0a38ef |
if canonical_principal in principal_del and \
|
|
Packit Service |
0a38ef |
action == "host" and (principal is not None or
|
|
Packit Service |
0a38ef |
canonical_principal not in principal):
|
|
Packit Service |
0a38ef |
principal_del.remove(canonical_principal)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Remove canonical managedby managedby_host_del for
|
|
Packit Service |
0a38ef |
# action host if managedby_host is set and the canonical
|
|
Packit Service |
0a38ef |
# managedby host is not in the managedby_host list.
|
|
Packit Service |
0a38ef |
canonical_managedby_host = name
|
|
Packit Service |
0a38ef |
if canonical_managedby_host in managedby_host_del and \
|
|
Packit Service |
0a38ef |
action == "host" and (managedby_host is None or
|
|
Packit Service |
0a38ef |
canonical_managedby_host not in
|
|
Packit Service |
0a38ef |
managedby_host):
|
|
Packit Service |
0a38ef |
managedby_host_del.remove(canonical_managedby_host)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Certificates need to be added and removed one by one,
|
|
Packit Service |
0a38ef |
# because if entry already exists, the processing of
|
|
Packit Service |
0a38ef |
# the remaining enries is stopped. The same applies to
|
|
Packit Service |
0a38ef |
# the removal of non-existing entries.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Add certificates
|
|
Packit Service |
0a38ef |
for _certificate in certificate_add:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_add_cert",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"usercertificate":
|
|
Packit Service |
0a38ef |
_certificate,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
# Remove certificates
|
|
Packit Service |
0a38ef |
for _certificate in certificate_del:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_remove_cert",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"usercertificate":
|
|
Packit Service |
0a38ef |
_certificate,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Managedby_Hosts need to be added and removed one by one,
|
|
Packit Service |
0a38ef |
# because if entry already exists, the processing of
|
|
Packit Service |
0a38ef |
# the remaining enries is stopped. The same applies to
|
|
Packit Service |
0a38ef |
# the removal of non-existing entries.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Add managedby_hosts
|
|
Packit Service |
0a38ef |
for _managedby_host in managedby_host_add:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_add_managedby",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"host":
|
|
Packit Service |
0a38ef |
_managedby_host,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
# Remove managedby_hosts
|
|
Packit Service |
0a38ef |
for _managedby_host in managedby_host_del:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_remove_managedby",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"host":
|
|
Packit Service |
0a38ef |
_managedby_host,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Principals need to be added and removed one by one,
|
|
Packit Service |
0a38ef |
# because if entry already exists, the processing of
|
|
Packit Service |
0a38ef |
# the remaining enries is stopped. The same applies to
|
|
Packit Service |
0a38ef |
# the removal of non-existing entries.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Add principals
|
|
Packit Service |
0a38ef |
for _principal in principal_add:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_add_principal",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"krbprincipalname":
|
|
Packit Service |
0a38ef |
_principal,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
# Remove principals
|
|
Packit Service |
0a38ef |
for _principal in principal_del:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_remove_principal",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"krbprincipalname":
|
|
Packit Service |
0a38ef |
_principal,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Allow create keytab
|
|
Packit Service |
0a38ef |
if len(allow_create_keytab_user_add) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_create_keytab_group_add) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_create_keytab_host_add) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_create_keytab_hostgroup_add) > 0:
|
|
Packit Service |
0a38ef |
commands.append(
|
|
Packit Service |
0a38ef |
[name, "host_allow_create_keytab",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"user": allow_create_keytab_user_add,
|
|
Packit Service |
0a38ef |
"group": allow_create_keytab_group_add,
|
|
Packit Service |
0a38ef |
"host": allow_create_keytab_host_add,
|
|
Packit Service |
0a38ef |
"hostgroup": allow_create_keytab_hostgroup_add,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Disallow create keytab
|
|
Packit Service |
0a38ef |
if len(allow_create_keytab_user_del) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_create_keytab_group_del) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_create_keytab_host_del) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_create_keytab_hostgroup_del) > 0:
|
|
Packit Service |
0a38ef |
commands.append(
|
|
Packit Service |
0a38ef |
[name, "host_disallow_create_keytab",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"user": allow_create_keytab_user_del,
|
|
Packit Service |
0a38ef |
"group": allow_create_keytab_group_del,
|
|
Packit Service |
0a38ef |
"host": allow_create_keytab_host_del,
|
|
Packit Service |
0a38ef |
"hostgroup": allow_create_keytab_hostgroup_del,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Allow retrieve keytab
|
|
Packit Service |
0a38ef |
if len(allow_retrieve_keytab_user_add) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_retrieve_keytab_group_add) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_retrieve_keytab_host_add) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_retrieve_keytab_hostgroup_add) > 0:
|
|
Packit Service |
0a38ef |
commands.append(
|
|
Packit Service |
0a38ef |
[name, "host_allow_retrieve_keytab",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"user": allow_retrieve_keytab_user_add,
|
|
Packit Service |
0a38ef |
"group": allow_retrieve_keytab_group_add,
|
|
Packit Service |
0a38ef |
"host": allow_retrieve_keytab_host_add,
|
|
Packit Service |
0a38ef |
"hostgroup": allow_retrieve_keytab_hostgroup_add,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Disallow retrieve keytab
|
|
Packit Service |
0a38ef |
if len(allow_retrieve_keytab_user_del) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_retrieve_keytab_group_del) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_retrieve_keytab_host_del) > 0 or \
|
|
Packit Service |
0a38ef |
len(allow_retrieve_keytab_hostgroup_del) > 0:
|
|
Packit Service |
0a38ef |
commands.append(
|
|
Packit Service |
0a38ef |
[name, "host_disallow_retrieve_keytab",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"user": allow_retrieve_keytab_user_del,
|
|
Packit Service |
0a38ef |
"group": allow_retrieve_keytab_group_del,
|
|
Packit Service |
0a38ef |
"host": allow_retrieve_keytab_host_del,
|
|
Packit Service |
0a38ef |
"hostgroup": allow_retrieve_keytab_hostgroup_del,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if len(dnsrecord_a_add) > 0 or len(dnsrecord_aaaa_add) > 0:
|
|
Packit Service |
0a38ef |
domain_name = name[name.find(".")+1:]
|
|
Packit Service |
0a38ef |
host_name = name[:name.find(".")]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
_args = {"idnsname": host_name}
|
|
Packit Service |
0a38ef |
if len(dnsrecord_a_add) > 0:
|
|
Packit Service |
0a38ef |
_args["arecord"] = dnsrecord_a_add
|
|
Packit Service |
0a38ef |
if reverse is not None:
|
|
Packit Service |
0a38ef |
_args["a_extra_create_reverse"] = reverse
|
|
Packit Service |
0a38ef |
if len(dnsrecord_aaaa_add) > 0:
|
|
Packit Service |
0a38ef |
_args["aaaarecord"] = dnsrecord_aaaa_add
|
|
Packit Service |
0a38ef |
if reverse is not None:
|
|
Packit Service |
0a38ef |
_args["aaaa_extra_create_reverse"] = reverse
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
commands.append([domain_name,
|
|
Packit Service |
0a38ef |
"dnsrecord_add", _args])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if len(dnsrecord_a_del) > 0 or len(dnsrecord_aaaa_del) > 0:
|
|
Packit Service |
0a38ef |
domain_name = name[name.find(".")+1:]
|
|
Packit Service |
0a38ef |
host_name = name[:name.find(".")]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# There seems to be an issue with dnsrecord_del (not
|
|
Packit Service |
0a38ef |
# for dnsrecord_add) if aaaarecord is an empty list.
|
|
Packit Service |
0a38ef |
# Therefore this is done differently here:
|
|
Packit Service |
0a38ef |
_args = {"idnsname": host_name}
|
|
Packit Service |
0a38ef |
if len(dnsrecord_a_del) > 0:
|
|
Packit Service |
0a38ef |
_args["arecord"] = dnsrecord_a_del
|
|
Packit Service |
0a38ef |
if len(dnsrecord_aaaa_del) > 0:
|
|
Packit Service |
0a38ef |
_args["aaaarecord"] = dnsrecord_aaaa_del
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
commands.append([domain_name,
|
|
Packit Service |
0a38ef |
"dnsrecord_del", _args])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
elif state == "absent":
|
|
Packit Service |
0a38ef |
if action == "host":
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if res_find is not None:
|
|
Packit Service |
0a38ef |
args = {}
|
|
Packit Service |
0a38ef |
if update_dns is not None:
|
|
Packit Service |
0a38ef |
args["updatedns"] = update_dns
|
|
Packit Service |
0a38ef |
commands.append([name, "host_del", args])
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Certificates need to be added and removed one by one,
|
|
Packit Service |
0a38ef |
# because if entry already exists, the processing of
|
|
Packit Service |
0a38ef |
# the remaining enries is stopped. The same applies to
|
|
Packit Service |
0a38ef |
# the removal of non-existing entries.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Remove certificates
|
|
Packit Service |
0a38ef |
if certificate is not None:
|
|
Packit Service |
0a38ef |
for _certificate in certificate:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_remove_cert",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"usercertificate":
|
|
Packit Service |
0a38ef |
_certificate,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Managedby_Hosts need to be added and removed one by one,
|
|
Packit Service |
0a38ef |
# because if entry already exists, the processing of
|
|
Packit Service |
0a38ef |
# the remaining enries is stopped. The same applies to
|
|
Packit Service |
0a38ef |
# the removal of non-existing entries.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Remove managedby_hosts
|
|
Packit Service |
0a38ef |
if managedby_host is not None:
|
|
Packit Service |
0a38ef |
for _managedby_host in managedby_host:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_remove_managedby",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"host":
|
|
Packit Service |
0a38ef |
_managedby_host,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Principals need to be added and removed one by one,
|
|
Packit Service |
0a38ef |
# because if entry already exists, the processing of
|
|
Packit Service |
0a38ef |
# the remaining enries is stopped. The same applies to
|
|
Packit Service |
0a38ef |
# the removal of non-existing entries.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Remove principals
|
|
Packit Service |
0a38ef |
if principal is not None:
|
|
Packit Service |
0a38ef |
for _principal in principal:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_remove_principal",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"krbprincipalname":
|
|
Packit Service |
0a38ef |
_principal,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Disallow create keytab
|
|
Packit Service |
0a38ef |
if allow_create_keytab_user is not None or \
|
|
Packit Service |
0a38ef |
allow_create_keytab_group is not None or \
|
|
Packit Service |
0a38ef |
allow_create_keytab_host is not None or \
|
|
Packit Service |
0a38ef |
allow_create_keytab_hostgroup is not None:
|
|
Packit Service |
0a38ef |
commands.append(
|
|
Packit Service |
0a38ef |
[name, "host_disallow_create_keytab",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"user": allow_create_keytab_user,
|
|
Packit Service |
0a38ef |
"group": allow_create_keytab_group,
|
|
Packit Service |
0a38ef |
"host": allow_create_keytab_host,
|
|
Packit Service |
0a38ef |
"hostgroup": allow_create_keytab_hostgroup,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Disallow retrieve keytab
|
|
Packit Service |
0a38ef |
if allow_retrieve_keytab_user is not None or \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_group is not None or \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_host is not None or \
|
|
Packit Service |
0a38ef |
allow_retrieve_keytab_hostgroup is not None:
|
|
Packit Service |
0a38ef |
commands.append(
|
|
Packit Service |
0a38ef |
[name, "host_disallow_retrieve_keytab",
|
|
Packit Service |
0a38ef |
{
|
|
Packit Service |
0a38ef |
"user": allow_retrieve_keytab_user,
|
|
Packit Service |
0a38ef |
"group": allow_retrieve_keytab_group,
|
|
Packit Service |
0a38ef |
"host": allow_retrieve_keytab_host,
|
|
Packit Service |
0a38ef |
"hostgroup": allow_retrieve_keytab_hostgroup,
|
|
Packit Service |
0a38ef |
}])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
dnsrecord_args = gen_dnsrecord_args(ansible_module,
|
|
Packit Service |
0a38ef |
ip_address, reverse)
|
|
Packit Service |
0a38ef |
if "arecord" in dnsrecord_args or \
|
|
Packit Service |
0a38ef |
"aaaarecord" in dnsrecord_args:
|
|
Packit Service |
0a38ef |
domain_name = name[name.find(".")+1:]
|
|
Packit Service |
0a38ef |
host_name = name[:name.find(".")]
|
|
Packit Service |
0a38ef |
dnsrecord_args["idnsname"] = host_name
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
commands.append([domain_name, "dnsrecord_del",
|
|
Packit Service |
0a38ef |
dnsrecord_args])
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
elif state == "disabled":
|
|
Packit Service |
0a38ef |
if res_find is not None:
|
|
Packit Service |
0a38ef |
commands.append([name, "host_disable", {}])
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
raise ValueError("No host '%s'" % name)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="Unkown state '%s'" % state)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
a166ed |
del host_set
|
|
Packit Service |
a166ed |
|
|
Packit Service |
0a38ef |
# Execute commands
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
errors = []
|
|
Packit Service |
0a38ef |
for name, command, args in commands:
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
result = api_command(ansible_module, command, to_text(name),
|
|
Packit Service |
0a38ef |
args)
|
|
Packit Service |
0a38ef |
if "completed" in result:
|
|
Packit Service |
0a38ef |
if result["completed"] > 0:
|
|
Packit Service |
0a38ef |
changed = True
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
changed = True
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if "random" in args and command in ["host_add", "host_mod"] \
|
|
Packit Service |
0a38ef |
and "randompassword" in result["result"]:
|
|
Packit Service |
0a38ef |
if len(names) == 1:
|
|
Packit Service |
0a38ef |
exit_args["randompassword"] = \
|
|
Packit Service |
0a38ef |
result["result"]["randompassword"]
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
exit_args.setdefault(name, {})["randompassword"] = \
|
|
Packit Service |
0a38ef |
result["result"]["randompassword"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
except Exception as e:
|
|
Packit Service |
0a38ef |
msg = str(e)
|
|
Packit Service |
0a38ef |
if "already contains" in msg \
|
|
Packit Service |
0a38ef |
or "does not contain" in msg:
|
|
Packit Service |
0a38ef |
continue
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# The canonical principal name may not be removed
|
|
Packit Service |
0a38ef |
if "equal to the canonical principal name must" in msg:
|
|
Packit Service |
0a38ef |
continue
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Host is already disabled, ignore error
|
|
Packit Service |
0a38ef |
if "This entry is already disabled" in msg:
|
|
Packit Service |
0a38ef |
continue
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Ignore no modification error.
|
|
Packit Service |
0a38ef |
if "no modifications to be performed" in msg:
|
|
Packit Service |
0a38ef |
continue
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="%s: %s: %s" % (command, name,
|
|
Packit Service |
0a38ef |
msg))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Get all errors
|
|
Packit Service |
0a38ef |
# All "already a member" and "not a member" failures in the
|
|
Packit Service |
0a38ef |
# result are ignored. All others are reported.
|
|
Packit Service |
0a38ef |
if "failed" in result and len(result["failed"]) > 0:
|
|
Packit Service |
0a38ef |
for item in result["failed"]:
|
|
Packit Service |
0a38ef |
failed_item = result["failed"][item]
|
|
Packit Service |
0a38ef |
for member_type in failed_item:
|
|
Packit Service |
0a38ef |
for member, failure in failed_item[member_type]:
|
|
Packit Service |
0a38ef |
if "already a member" in failure \
|
|
Packit Service |
0a38ef |
or "not a member" in failure:
|
|
Packit Service |
0a38ef |
continue
|
|
Packit Service |
0a38ef |
errors.append("%s: %s %s: %s" % (
|
|
Packit Service |
0a38ef |
command, member_type, member, failure))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if len(errors) > 0:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg=", ".join(errors))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
except Exception as e:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg=str(e))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
finally:
|
|
Packit Service |
0a38ef |
temp_kdestroy(ccache_dir, ccache_name)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Done
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module.exit_json(changed=changed, host=exit_args)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if __name__ == "__main__":
|
|
Packit Service |
0a38ef |
main()
|