|
Packit |
8cb997 |
#!/usr/bin/python
|
|
Packit |
8cb997 |
# -*- coding: utf-8 -*-
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Authors:
|
|
Packit |
8cb997 |
# Thomas Woerner <twoerner@redhat.com>
|
|
Packit |
8cb997 |
#
|
|
Packit |
8cb997 |
# Copyright (C) 2019 Red Hat
|
|
Packit |
8cb997 |
# see file 'COPYING' for use and warranty information
|
|
Packit |
8cb997 |
#
|
|
Packit |
8cb997 |
# This program is free software; you can redistribute it and/or modify
|
|
Packit |
8cb997 |
# it under the terms of the GNU General Public License as published by
|
|
Packit |
8cb997 |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit |
8cb997 |
# (at your option) any later version.
|
|
Packit |
8cb997 |
#
|
|
Packit |
8cb997 |
# This program is distributed in the hope that it will be useful,
|
|
Packit |
8cb997 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
8cb997 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
8cb997 |
# GNU General Public License for more details.
|
|
Packit |
8cb997 |
#
|
|
Packit |
8cb997 |
# You should have received a copy of the GNU General Public License
|
|
Packit |
8cb997 |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
ANSIBLE_METADATA = {
|
|
Packit |
8cb997 |
"metadata_version": "1.0",
|
|
Packit |
8cb997 |
"supported_by": "community",
|
|
Packit |
8cb997 |
"status": ["preview"],
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
DOCUMENTATION = """
|
|
Packit |
8cb997 |
---
|
|
Packit |
8cb997 |
module: ipatopologysegment
|
|
Packit |
8cb997 |
short description: Manage FreeIPA topology segments
|
|
Packit |
8cb997 |
description: Manage FreeIPA topology segments
|
|
Packit |
8cb997 |
options:
|
|
Packit |
8cb997 |
ipaadmin_principal:
|
|
Packit |
8cb997 |
description: The admin principal
|
|
Packit |
8cb997 |
default: admin
|
|
Packit |
8cb997 |
ipaadmin_password:
|
|
Packit |
8cb997 |
description: The admin password
|
|
Packit |
8cb997 |
required: false
|
|
Packit |
8cb997 |
suffix:
|
|
Packit |
8cb997 |
description: Topology suffix
|
|
Packit |
8cb997 |
required: true
|
|
Packit |
8cb997 |
choices: ["domain", "ca", "domain+ca"]
|
|
Packit |
8cb997 |
name:
|
|
Packit |
8cb997 |
description: Topology segment name, unique identifier.
|
|
Packit |
8cb997 |
required: false
|
|
Packit |
8cb997 |
aliases: ["cn"]
|
|
Packit |
8cb997 |
left:
|
|
Packit |
8cb997 |
description: Left replication node - an IPA server
|
|
Packit |
8cb997 |
aliases: ["leftnode"]
|
|
Packit |
8cb997 |
right:
|
|
Packit |
8cb997 |
description: Right replication node - an IPA server
|
|
Packit |
8cb997 |
aliases: ["rightnode"]
|
|
Packit |
8cb997 |
direction:
|
|
Packit |
8cb997 |
description: The direction a segment will be reinitialized
|
|
Packit |
8cb997 |
required: false
|
|
Packit |
8cb997 |
choices: ["left-to-right", "right-to-left"]
|
|
Packit |
8cb997 |
state:
|
|
Packit |
8cb997 |
description: State to ensure
|
|
Packit |
8cb997 |
default: present
|
|
Packit |
8cb997 |
choices: ["present", "absent", "enabled", "disabled", "reinitialized"
|
|
Packit |
8cb997 |
"checked" ]
|
|
Packit |
8cb997 |
author:
|
|
Packit |
8cb997 |
- Thomas Woerner
|
|
Packit |
8cb997 |
"""
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
EXAMPLES = """
|
|
Packit |
8cb997 |
- ipatopologysegment:
|
|
Packit |
8cb997 |
suffix: domain
|
|
Packit |
8cb997 |
left: ipaserver.test.local
|
|
Packit |
8cb997 |
right: ipareplica1.test.local
|
|
Packit |
8cb997 |
state: present
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- ipatopologysegment:
|
|
Packit |
8cb997 |
suffix: domain
|
|
Packit |
8cb997 |
name: ipaserver.test.local-to-replica1.test.local
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- ipatopologysegment:
|
|
Packit |
8cb997 |
suffix: domain
|
|
Packit |
8cb997 |
left: ipaserver.test.local
|
|
Packit |
8cb997 |
right: ipareplica1.test.local
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- ipatopologysegment:
|
|
Packit |
8cb997 |
suffix: ca
|
|
Packit |
8cb997 |
name: ipaserver.test.local-to-replica1.test.local
|
|
Packit |
8cb997 |
direction: left-to-right
|
|
Packit |
8cb997 |
state: reinitialized
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- ipatopologysegment:
|
|
Packit |
8cb997 |
suffix: domain+ca
|
|
Packit |
8cb997 |
left: ipaserver.test.local
|
|
Packit |
8cb997 |
right: ipareplica1.test.local
|
|
Packit |
8cb997 |
state: absent
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
- ipatopologysegment:
|
|
Packit |
8cb997 |
suffix: domain+ca
|
|
Packit |
8cb997 |
left: ipaserver.test.local
|
|
Packit |
8cb997 |
right: ipareplica1.test.local
|
|
Packit |
8cb997 |
state: checked
|
|
Packit |
8cb997 |
"""
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
RETURN = """
|
|
Packit |
8cb997 |
found:
|
|
Packit |
8cb997 |
description: List of found segments
|
|
Packit |
8cb997 |
returned: if state is checked
|
|
Packit |
8cb997 |
type: list
|
|
Packit |
8cb997 |
not-found:
|
|
Packit |
8cb997 |
description: List of not found segments
|
|
Packit |
8cb997 |
returned: if state is checked
|
|
Packit |
8cb997 |
type: list
|
|
Packit |
8cb997 |
"""
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
from ansible.module_utils.basic import AnsibleModule
|
|
Packit |
8cb997 |
from ansible.module_utils._text import to_text
|
|
Packit |
8cb997 |
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
|
|
Packit |
8cb997 |
temp_kdestroy, valid_creds, api_connect, api_command
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
def find_left_right(module, suffix, left, right):
|
|
Packit |
8cb997 |
_args = {
|
|
Packit |
8cb997 |
"iparepltoposegmentleftnode": to_text(left),
|
|
Packit |
8cb997 |
"iparepltoposegmentrightnode": to_text(right),
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
_result = api_command(module, "topologysegment_find",
|
|
Packit |
8cb997 |
to_text(suffix), _args)
|
|
Packit |
8cb997 |
if len(_result["result"]) > 1:
|
|
Packit |
8cb997 |
module.fail_json(
|
|
Packit |
8cb997 |
msg="Combination of left node '%s' and right node '%s' is "
|
|
Packit |
8cb997 |
"not unique for suffix '%s'" % (left, right, suffix))
|
|
Packit |
8cb997 |
elif len(_result["result"]) == 1:
|
|
Packit |
8cb997 |
return _result["result"][0]
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
return None
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
def find_cn(module, suffix, name):
|
|
Packit |
8cb997 |
_args = {
|
|
Packit |
8cb997 |
"cn": to_text(name),
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
_result = api_command(module, "topologysegment_find",
|
|
Packit |
8cb997 |
to_text(suffix), _args)
|
|
Packit |
8cb997 |
if len(_result["result"]) > 1:
|
|
Packit |
8cb997 |
module.fail_json(
|
|
Packit |
8cb997 |
msg="CN '%s' is not unique for suffix '%s'" % (name, suffix))
|
|
Packit |
8cb997 |
elif len(_result["result"]) == 1:
|
|
Packit |
8cb997 |
return _result["result"][0]
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
return None
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
def find_left_right_cn(module, suffix, left, right, name):
|
|
Packit |
8cb997 |
if left is not None and right is not None:
|
|
Packit |
8cb997 |
left_right = find_left_right(module, suffix, left, right)
|
|
Packit |
8cb997 |
if left_right is not None:
|
|
Packit |
8cb997 |
if name is not None and \
|
|
Packit |
8cb997 |
left_right["cn"][0] != to_text(name):
|
|
Packit |
8cb997 |
module.fail_json(
|
|
Packit |
8cb997 |
msg="Left and right nodes do not match "
|
|
Packit |
8cb997 |
"given name name (cn) '%s'" % name)
|
|
Packit |
8cb997 |
return left_right
|
|
Packit |
8cb997 |
# else: Nothing to change
|
|
Packit |
8cb997 |
elif name is not None:
|
|
Packit |
8cb997 |
cn = find_cn(module, suffix, name)
|
|
Packit |
8cb997 |
if cn is not None:
|
|
Packit |
8cb997 |
return cn
|
|
Packit |
8cb997 |
# else: Nothing to change
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
module.fail_json(
|
|
Packit |
8cb997 |
msg="Either left and right or name need to be set.")
|
|
Packit |
8cb997 |
return None
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
def main():
|
|
Packit |
8cb997 |
ansible_module = AnsibleModule(
|
|
Packit |
8cb997 |
argument_spec=dict(
|
|
Packit |
8cb997 |
ipaadmin_principal=dict(type="str", default="admin"),
|
|
Packit |
8cb997 |
ipaadmin_password=dict(type="str", required=False, no_log=True),
|
|
Packit |
8cb997 |
suffix=dict(choices=["domain", "ca", "domain+ca"], required=True),
|
|
Packit |
8cb997 |
name=dict(type="str", aliases=["cn"], default=None),
|
|
Packit |
8cb997 |
left=dict(type="str", aliases=["leftnode"], default=None),
|
|
Packit |
8cb997 |
right=dict(type="str", aliases=["rightnode"], default=None),
|
|
Packit |
8cb997 |
direction=dict(type="str", default=None,
|
|
Packit |
8cb997 |
choices=["left-to-right", "right-to-left"]),
|
|
Packit |
8cb997 |
state=dict(type="str", default="present",
|
|
Packit |
8cb997 |
choices=["present", "absent", "enabled", "disabled",
|
|
Packit |
8cb997 |
"reinitialized", "checked"]),
|
|
Packit |
8cb997 |
),
|
|
Packit |
8cb997 |
supports_check_mode=True,
|
|
Packit |
8cb997 |
)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
ansible_module._ansible_debug = True
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Get parameters
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
ipaadmin_principal = ansible_module.params.get("ipaadmin_principal")
|
|
Packit |
8cb997 |
ipaadmin_password = ansible_module.params.get("ipaadmin_password")
|
|
Packit |
8cb997 |
suffixes = ansible_module.params.get("suffix")
|
|
Packit |
8cb997 |
name = ansible_module.params.get("name")
|
|
Packit |
8cb997 |
left = ansible_module.params.get("left")
|
|
Packit |
8cb997 |
right = ansible_module.params.get("right")
|
|
Packit |
8cb997 |
direction = ansible_module.params.get("direction")
|
|
Packit |
8cb997 |
state = ansible_module.params.get("state")
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Check parameters
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
if state != "reinitialized" and direction is not None:
|
|
Packit |
8cb997 |
ansible_module.fail_json(
|
|
Packit |
8cb997 |
msg="Direction is not supported in this mode.")
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Init
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
changed = False
|
|
Packit |
8cb997 |
exit_args = {}
|
|
Packit |
8cb997 |
ccache_dir = None
|
|
Packit |
8cb997 |
ccache_name = None
|
|
Packit |
8cb997 |
try:
|
|
Packit |
8cb997 |
if not valid_creds(ansible_module, ipaadmin_principal):
|
|
Packit |
8cb997 |
ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
|
|
Packit |
8cb997 |
ipaadmin_password)
|
|
Packit |
8cb997 |
api_connect()
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
commands = []
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
for suffix in suffixes.split("+"):
|
|
Packit |
8cb997 |
# Create command
|
|
Packit |
8cb997 |
if state in ["present", "enabled"]:
|
|
Packit |
8cb997 |
# Make sure topology segment exists
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
if left is None or right is None:
|
|
Packit |
8cb997 |
ansible_module.fail_json(
|
|
Packit |
8cb997 |
msg="Left and right need to be set.")
|
|
Packit |
8cb997 |
args = {
|
|
Packit |
8cb997 |
"iparepltoposegmentleftnode": to_text(left),
|
|
Packit |
8cb997 |
"iparepltoposegmentrightnode": to_text(right),
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
if name is not None:
|
|
Packit |
8cb997 |
args["cn"] = to_text(name)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
res_left_right = find_left_right(ansible_module, suffix,
|
|
Packit |
8cb997 |
left, right)
|
|
Packit |
8cb997 |
if res_left_right is not None:
|
|
Packit |
8cb997 |
if name is not None and \
|
|
Packit |
8cb997 |
res_left_right["cn"][0] != to_text(name):
|
|
Packit |
8cb997 |
ansible_module.fail_json(
|
|
Packit |
8cb997 |
msg="Left and right nodes already used with "
|
|
Packit |
8cb997 |
"different name (cn) '%s'" % res_left_right["cn"])
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Left and right nodes and also the name can not be
|
|
Packit |
8cb997 |
# changed
|
|
Packit |
8cb997 |
for key in ["iparepltoposegmentleftnode",
|
|
Packit |
8cb997 |
"iparepltoposegmentrightnode"]:
|
|
Packit |
8cb997 |
if key in args:
|
|
Packit |
8cb997 |
del args[key]
|
|
Packit |
8cb997 |
if len(args) > 1:
|
|
Packit |
8cb997 |
# cn needs to be in args always
|
|
Packit |
8cb997 |
commands.append(["topologysegment_mod", args, suffix])
|
|
Packit |
8cb997 |
# else: Nothing to change
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
if name is None:
|
|
Packit |
8cb997 |
args["cn"] = to_text("%s-to-%s" % (left, right))
|
|
Packit |
8cb997 |
commands.append(["topologysegment_add", args, suffix])
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
elif state in ["absent", "disabled"]:
|
|
Packit |
8cb997 |
# Make sure topology segment does not exist
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
res_find = find_left_right_cn(ansible_module, suffix,
|
|
Packit |
8cb997 |
left, right, name)
|
|
Packit |
8cb997 |
if res_find is not None:
|
|
Packit |
8cb997 |
# Found either given name or found name from left and right
|
|
Packit |
8cb997 |
# node
|
|
Packit |
8cb997 |
args = {
|
|
Packit |
8cb997 |
"cn": res_find["cn"][0]
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
commands.append(["topologysegment_del", args, suffix])
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
elif state == "checked":
|
|
Packit |
8cb997 |
# Check if topology segment does exists
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
res_find = find_left_right_cn(ansible_module, suffix,
|
|
Packit |
8cb997 |
left, right, name)
|
|
Packit |
8cb997 |
if res_find is not None:
|
|
Packit |
8cb997 |
# Found either given name or found name from left and right
|
|
Packit |
8cb997 |
# node
|
|
Packit |
8cb997 |
exit_args.setdefault("found", []).append(suffix)
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
# Not found
|
|
Packit |
8cb997 |
exit_args.setdefault("not-found", []).append(suffix)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
elif state == "reinitialized":
|
|
Packit |
8cb997 |
# Reinitialize segment
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
if direction not in ["left-to-right", "right-to-left"]:
|
|
Packit |
8cb997 |
ansible_module.fail_json(msg="Unknown direction '%s'" %
|
|
Packit |
8cb997 |
direction)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
res_find = find_left_right_cn(ansible_module, suffix,
|
|
Packit |
8cb997 |
left, right, name)
|
|
Packit |
8cb997 |
if res_find is not None:
|
|
Packit |
8cb997 |
# Found either given name or found name from left and right
|
|
Packit |
8cb997 |
# node
|
|
Packit |
8cb997 |
args = {
|
|
Packit |
8cb997 |
"cn": res_find["cn"][0]
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
if direction == "left-to-right":
|
|
Packit |
8cb997 |
args["left"] = True
|
|
Packit |
8cb997 |
elif direction == "right-to-left":
|
|
Packit |
8cb997 |
args["right"] = True
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
commands.append(["topologysegment_reinitialize", args,
|
|
Packit |
8cb997 |
suffix])
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
params = []
|
|
Packit |
8cb997 |
if name is not None:
|
|
Packit |
8cb997 |
params.append("name=%s" % name)
|
|
Packit |
8cb997 |
if left is not None:
|
|
Packit |
8cb997 |
params.append("left=%s" % left)
|
|
Packit |
8cb997 |
if right is not None:
|
|
Packit |
8cb997 |
params.append("right=%s" % right)
|
|
Packit |
8cb997 |
ansible_module.fail_json(
|
|
Packit |
8cb997 |
msg="No entry '%s' for suffix '%s'" %
|
|
Packit |
8cb997 |
(",".join(params), suffix))
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
ansible_module.fail_json(msg="Unkown state '%s'" % state)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Execute command
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
for command, args, _suffix in commands:
|
|
Packit |
8cb997 |
api_command(ansible_module, command, to_text(_suffix), args)
|
|
Packit |
8cb997 |
changed = True
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
except Exception as e:
|
|
Packit |
8cb997 |
ansible_module.fail_json(msg=str(e))
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
finally:
|
|
Packit |
8cb997 |
temp_kdestroy(ccache_dir, ccache_name)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# Done
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
ansible_module.exit_json(changed=changed, **exit_args)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
if __name__ == "__main__":
|
|
Packit |
8cb997 |
main()
|