source-git / ansible-freeipa

Clone
Source Code
GIT

Blame plugins/modules/ipatopologysegment.py

c8 c8s master
  1.   ee01e6587bd6b928ff227ac2405e54850a970f70
  2.   plugins
  3.   modules
  4.   ipatopologysegment.py
Blob History Raw
Packit Service ee01e6 
#!/usr/bin/python
Packit Service 0a38ef 
# -*- coding: utf-8 -*-
Packit Service 0a38ef
Packit Service 0a38ef 
# Authors:
Packit Service 0a38ef 
#   Thomas Woerner <twoerner@redhat.com>
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# Copyright (C) 2019 Red Hat
Packit Service 0a38ef 
# see file 'COPYING' for use and warranty information
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# This program is free software; you can redistribute it and/or modify
Packit Service 0a38ef 
# it under the terms of the GNU General Public License as published by
Packit Service 0a38ef 
# the Free Software Foundation, either version 3 of the License, or
Packit Service 0a38ef 
# (at your option) any later version.
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# This program is distributed in the hope that it will be useful,
Packit Service 0a38ef 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 0a38ef 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Packit Service 0a38ef 
# GNU General Public License for more details.
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# You should have received a copy of the GNU General Public License
Packit Service 0a38ef 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
Packit Service 0a38ef
Packit Service 0a38ef 
ANSIBLE_METADATA = {
Packit Service 0a38ef 
    "metadata_version": "1.0",
Packit Service 0a38ef 
    "supported_by": "community",
Packit Service 0a38ef 
    "status": ["preview"],
Packit Service 0a38ef 
}
Packit Service 0a38ef
Packit Service 0a38ef 
DOCUMENTATION = """
Packit Service 0a38ef 
---
Packit Service 0a38ef 
module: ipatopologysegment
Packit Service 0a38ef 
short description: Manage FreeIPA topology segments
Packit Service 0a38ef 
description: Manage FreeIPA topology segments
Packit Service 0a38ef 
options:
Packit Service 0a38ef 
  ipaadmin_principal:
Packit Service 0a38ef 
    description: The admin principal
Packit Service 0a38ef 
    default: admin
Packit Service 0a38ef 
  ipaadmin_password:
Packit Service 0a38ef 
    description: The admin password
Packit Service 0a38ef 
    required: false
Packit Service 0a38ef 
  suffix:
Packit Service 0a38ef 
    description: Topology suffix
Packit Service 0a38ef 
    required: true
Packit Service 0a38ef 
    choices: ["domain", "ca", "domain+ca"]
Packit Service 0a38ef 
  name:
Packit Service 0a38ef 
    description: Topology segment name, unique identifier.
Packit Service 0a38ef 
    required: false
Packit Service 0a38ef 
    aliases: ["cn"]
Packit Service 0a38ef 
  left:
Packit Service 0a38ef 
    description: Left replication node - an IPA server
Packit Service 0a38ef 
    aliases: ["leftnode"]
Packit Service 0a38ef 
  right:
Packit Service 0a38ef 
    description: Right replication node - an IPA server
Packit Service 0a38ef 
    aliases: ["rightnode"]
Packit Service 0a38ef 
  direction:
Packit Service 0a38ef 
    description: The direction a segment will be reinitialized
Packit Service 0a38ef 
    required: false
Packit Service 0a38ef 
    choices: ["left-to-right", "right-to-left"]
Packit Service 0a38ef 
  state:
Packit Service 0a38ef 
    description: State to ensure
Packit Service 0a38ef 
    default: present
Packit Service a166ed 
    choices: ["present", "absent", "enabled", "disabled", "reinitialized",
Packit Service 0a38ef 
              "checked" ]
Packit Service 0a38ef 
author:
Packit Service 0a38ef 
    - Thomas Woerner
Packit Service 0a38ef 
"""
Packit Service 0a38ef
Packit Service 0a38ef 
EXAMPLES = """
Packit Service 0a38ef 
- ipatopologysegment:
Packit Service 0a38ef 
    suffix: domain
Packit Service 0a38ef 
    left: ipaserver.test.local
Packit Service 0a38ef 
    right: ipareplica1.test.local
Packit Service 0a38ef 
    state: present
Packit Service 0a38ef
Packit Service 0a38ef 
- ipatopologysegment:
Packit Service 0a38ef 
    suffix: domain
Packit Service 0a38ef 
    name: ipaserver.test.local-to-replica1.test.local
Packit Service 0a38ef 
    state: absent
Packit Service 0a38ef
Packit Service 0a38ef 
- ipatopologysegment:
Packit Service 0a38ef 
    suffix: domain
Packit Service 0a38ef 
    left: ipaserver.test.local
Packit Service 0a38ef 
    right: ipareplica1.test.local
Packit Service 0a38ef 
    state: absent
Packit Service 0a38ef
Packit Service 0a38ef 
- ipatopologysegment:
Packit Service 0a38ef 
    suffix: ca
Packit Service 0a38ef 
    name: ipaserver.test.local-to-replica1.test.local
Packit Service 0a38ef 
    direction: left-to-right
Packit Service 0a38ef 
    state: reinitialized
Packit Service 0a38ef
Packit Service 0a38ef 
- ipatopologysegment:
Packit Service 0a38ef 
    suffix: domain+ca
Packit Service 0a38ef 
    left: ipaserver.test.local
Packit Service 0a38ef 
    right: ipareplica1.test.local
Packit Service 0a38ef 
    state: absent
Packit Service 0a38ef
Packit Service 0a38ef 
- ipatopologysegment:
Packit Service 0a38ef 
    suffix: domain+ca
Packit Service 0a38ef 
    left: ipaserver.test.local
Packit Service 0a38ef 
    right: ipareplica1.test.local
Packit Service 0a38ef 
    state: checked
Packit Service 0a38ef 
"""
Packit Service 0a38ef
Packit Service 0a38ef 
RETURN = """
Packit Service 0a38ef 
found:
Packit Service 0a38ef 
  description: List of found segments
Packit Service 0a38ef 
  returned: if state is checked
Packit Service 0a38ef 
  type: list
Packit Service 0a38ef 
not-found:
Packit Service 0a38ef 
  description: List of not found segments
Packit Service 0a38ef 
  returned: if state is checked
Packit Service 0a38ef 
  type: list
Packit Service 0a38ef 
"""
Packit Service 0a38ef
Packit Service 0a38ef 
from ansible.module_utils.basic import AnsibleModule
Packit Service 0a38ef 
from ansible.module_utils._text import to_text
Packit Service 0a38ef 
from ansible.module_utils.ansible_freeipa_module import temp_kinit, \
Packit Service 0a38ef 
    temp_kdestroy, valid_creds, api_connect, api_command
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
def find_left_right(module, suffix, left, right):
Packit Service 0a38ef 
    _args = {
Packit Service 0a38ef 
        "iparepltoposegmentleftnode": to_text(left),
Packit Service 0a38ef 
        "iparepltoposegmentrightnode": to_text(right),
Packit Service 0a38ef 
    }
Packit Service 0a38ef 
    _result = api_command(module, "topologysegment_find",
Packit Service 0a38ef 
                          to_text(suffix), _args)
Packit Service 0a38ef 
    if len(_result["result"]) > 1:
Packit Service 0a38ef 
        module.fail_json(
Packit Service 0a38ef 
            msg="Combination of left node '%s' and right node '%s' is "
Packit Service 0a38ef 
            "not unique for suffix '%s'" % (left, right, suffix))
Packit Service 0a38ef 
    elif len(_result["result"]) == 1:
Packit Service 0a38ef 
        return _result["result"][0]
Packit Service 0a38ef 
    else:
Packit Service 0a38ef 
        return None
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
def find_cn(module, suffix, name):
Packit Service 0a38ef 
    _args = {
Packit Service 0a38ef 
        "cn": to_text(name),
Packit Service 0a38ef 
    }
Packit Service 0a38ef 
    _result = api_command(module, "topologysegment_find",
Packit Service 0a38ef 
                          to_text(suffix), _args)
Packit Service 0a38ef 
    if len(_result["result"]) > 1:
Packit Service 0a38ef 
        module.fail_json(
Packit Service 0a38ef 
            msg="CN '%s' is not unique for suffix '%s'" % (name, suffix))
Packit Service 0a38ef 
    elif len(_result["result"]) == 1:
Packit Service 0a38ef 
        return _result["result"][0]
Packit Service 0a38ef 
    else:
Packit Service 0a38ef 
        return None
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
def find_left_right_cn(module, suffix, left, right, name):
Packit Service 0a38ef 
    if left is not None and right is not None:
Packit Service 0a38ef 
        left_right = find_left_right(module, suffix, left, right)
Packit Service 0a38ef 
        if left_right is not None:
Packit Service 0a38ef 
            if name is not None and \
Packit Service 0a38ef 
               left_right["cn"][0] != to_text(name):
Packit Service 0a38ef 
                module.fail_json(
Packit Service 0a38ef 
                    msg="Left and right nodes do not match "
Packit Service 0a38ef 
                    "given name name (cn) '%s'" % name)
Packit Service 0a38ef 
            return left_right
Packit Service 0a38ef 
        # else: Nothing to change
Packit Service 0a38ef 
    elif name is not None:
Packit Service 0a38ef 
        cn = find_cn(module, suffix, name)
Packit Service 0a38ef 
        if cn is not None:
Packit Service 0a38ef 
            return cn
Packit Service 0a38ef 
        # else: Nothing to change
Packit Service 0a38ef 
    else:
Packit Service 0a38ef 
        module.fail_json(
Packit Service 0a38ef 
            msg="Either left and right or name need to be set.")
Packit Service 0a38ef 
    return None
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
def main():
Packit Service 0a38ef 
    ansible_module = AnsibleModule(
Packit Service 0a38ef 
        argument_spec=dict(
Packit Service 0a38ef 
            ipaadmin_principal=dict(type="str", default="admin"),
Packit Service 0a38ef 
            ipaadmin_password=dict(type="str", required=False, no_log=True),
Packit Service 0a38ef 
            suffix=dict(choices=["domain", "ca", "domain+ca"], required=True),
Packit Service 0a38ef 
            name=dict(type="str", aliases=["cn"], default=None),
Packit Service 0a38ef 
            left=dict(type="str", aliases=["leftnode"], default=None),
Packit Service 0a38ef 
            right=dict(type="str", aliases=["rightnode"], default=None),
Packit Service 0a38ef 
            direction=dict(type="str", default=None,
Packit Service 0a38ef 
                           choices=["left-to-right", "right-to-left"]),
Packit Service 0a38ef 
            state=dict(type="str", default="present",
Packit Service 0a38ef 
                       choices=["present", "absent", "enabled", "disabled",
Packit Service 0a38ef 
                                "reinitialized", "checked"]),
Packit Service 0a38ef 
        ),
Packit Service 0a38ef 
        supports_check_mode=True,
Packit Service 0a38ef 
    )
Packit Service 0a38ef
Packit Service 0a38ef 
    ansible_module._ansible_debug = True
Packit Service 0a38ef
Packit Service 0a38ef 
    # Get parameters
Packit Service 0a38ef
Packit Service 0a38ef 
    ipaadmin_principal = ansible_module.params.get("ipaadmin_principal")
Packit Service 0a38ef 
    ipaadmin_password = ansible_module.params.get("ipaadmin_password")
Packit Service 0a38ef 
    suffixes = ansible_module.params.get("suffix")
Packit Service 0a38ef 
    name = ansible_module.params.get("name")
Packit Service 0a38ef 
    left = ansible_module.params.get("left")
Packit Service 0a38ef 
    right = ansible_module.params.get("right")
Packit Service 0a38ef 
    direction = ansible_module.params.get("direction")
Packit Service 0a38ef 
    state = ansible_module.params.get("state")
Packit Service 0a38ef
Packit Service 0a38ef 
    # Check parameters
Packit Service 0a38ef
Packit Service 0a38ef 
    if state != "reinitialized" and direction is not None:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="Direction is not supported in this mode.")
Packit Service 0a38ef
Packit Service 0a38ef 
    # Init
Packit Service 0a38ef
Packit Service 0a38ef 
    changed = False
Packit Service 0a38ef 
    exit_args = {}
Packit Service 0a38ef 
    ccache_dir = None
Packit Service 0a38ef 
    ccache_name = None
Packit Service 0a38ef 
    try:
Packit Service 0a38ef 
        if not valid_creds(ansible_module, ipaadmin_principal):
Packit Service 0a38ef 
            ccache_dir, ccache_name = temp_kinit(ipaadmin_principal,
Packit Service 0a38ef 
                                                 ipaadmin_password)
Packit Service 0a38ef 
        api_connect()
Packit Service 0a38ef
Packit Service 0a38ef 
        commands = []
Packit Service 0a38ef
Packit Service 0a38ef 
        for suffix in suffixes.split("+"):
Packit Service 0a38ef 
            # Create command
Packit Service 0a38ef 
            if state in ["present", "enabled"]:
Packit Service 0a38ef 
                # Make sure topology segment exists
Packit Service 0a38ef
Packit Service 0a38ef 
                if left is None or right is None:
Packit Service 0a38ef 
                    ansible_module.fail_json(
Packit Service 0a38ef 
                        msg="Left and right need to be set.")
Packit Service 0a38ef 
                args = {
Packit Service 0a38ef 
                    "iparepltoposegmentleftnode": to_text(left),
Packit Service 0a38ef 
                    "iparepltoposegmentrightnode": to_text(right),
Packit Service 0a38ef 
                }
Packit Service 0a38ef 
                if name is not None:
Packit Service 0a38ef 
                    args["cn"] = to_text(name)
Packit Service 0a38ef
Packit Service 0a38ef 
                res_left_right = find_left_right(ansible_module, suffix,
Packit Service 0a38ef 
                                                 left, right)
Packit Service 0a38ef 
                if res_left_right is not None:
Packit Service 0a38ef 
                    if name is not None and \
Packit Service 0a38ef 
                       res_left_right["cn"][0] != to_text(name):
Packit Service 0a38ef 
                        ansible_module.fail_json(
Packit Service 0a38ef 
                            msg="Left and right nodes already used with "
Packit Service 0a38ef 
                            "different name (cn) '%s'" % res_left_right["cn"])
Packit Service 0a38ef
Packit Service 0a38ef 
                    # Left and right nodes and also the name can not be
Packit Service 0a38ef 
                    # changed
Packit Service 0a38ef 
                    for key in ["iparepltoposegmentleftnode",
Packit Service 0a38ef 
                                "iparepltoposegmentrightnode"]:
Packit Service 0a38ef 
                        if key in args:
Packit Service 0a38ef 
                            del args[key]
Packit Service 0a38ef 
                    if len(args) > 1:
Packit Service 0a38ef 
                        # cn needs to be in args always
Packit Service 0a38ef 
                        commands.append(["topologysegment_mod", args, suffix])
Packit Service 0a38ef 
                    # else: Nothing to change
Packit Service 0a38ef 
                else:
Packit Service 0a38ef 
                    if name is None:
Packit Service 0a38ef 
                        args["cn"] = to_text("%s-to-%s" % (left, right))
Packit Service 0a38ef 
                    commands.append(["topologysegment_add", args, suffix])
Packit Service 0a38ef
Packit Service 0a38ef 
            elif state in ["absent", "disabled"]:
Packit Service 0a38ef 
                # Make sure topology segment does not exist
Packit Service 0a38ef
Packit Service 0a38ef 
                res_find = find_left_right_cn(ansible_module, suffix,
Packit Service 0a38ef 
                                              left, right, name)
Packit Service 0a38ef 
                if res_find is not None:
Packit Service 0a38ef 
                    # Found either given name or found name from left and right
Packit Service 0a38ef 
                    # node
Packit Service 0a38ef 
                    args = {
Packit Service 0a38ef 
                        "cn": res_find["cn"][0]
Packit Service 0a38ef 
                    }
Packit Service 0a38ef 
                    commands.append(["topologysegment_del", args, suffix])
Packit Service 0a38ef
Packit Service 0a38ef 
            elif state == "checked":
Packit Service 0a38ef 
                # Check if topology segment does exists
Packit Service 0a38ef
Packit Service 0a38ef 
                res_find = find_left_right_cn(ansible_module, suffix,
Packit Service 0a38ef 
                                              left, right, name)
Packit Service 0a38ef 
                if res_find is not None:
Packit Service 0a38ef 
                    # Found either given name or found name from left and right
Packit Service 0a38ef 
                    # node
Packit Service 0a38ef 
                    exit_args.setdefault("found", []).append(suffix)
Packit Service 0a38ef 
                else:
Packit Service 0a38ef 
                    # Not found
Packit Service 0a38ef 
                    exit_args.setdefault("not-found", []).append(suffix)
Packit Service 0a38ef
Packit Service 0a38ef 
            elif state == "reinitialized":
Packit Service 0a38ef 
                # Reinitialize segment
Packit Service 0a38ef
Packit Service 0a38ef 
                if direction not in ["left-to-right", "right-to-left"]:
Packit Service 0a38ef 
                    ansible_module.fail_json(msg="Unknown direction '%s'" %
Packit Service 0a38ef 
                                             direction)
Packit Service 0a38ef
Packit Service 0a38ef 
                res_find = find_left_right_cn(ansible_module, suffix,
Packit Service 0a38ef 
                                              left, right, name)
Packit Service 0a38ef 
                if res_find is not None:
Packit Service 0a38ef 
                    # Found either given name or found name from left and right
Packit Service 0a38ef 
                    # node
Packit Service 0a38ef 
                    args = {
Packit Service 0a38ef 
                        "cn": res_find["cn"][0]
Packit Service 0a38ef 
                    }
Packit Service 0a38ef 
                    if direction == "left-to-right":
Packit Service 0a38ef 
                        args["left"] = True
Packit Service 0a38ef 
                    elif direction == "right-to-left":
Packit Service 0a38ef 
                        args["right"] = True
Packit Service 0a38ef
Packit Service 0a38ef 
                    commands.append(["topologysegment_reinitialize", args,
Packit Service 0a38ef 
                                     suffix])
Packit Service 0a38ef 
                else:
Packit Service 0a38ef 
                    params = []
Packit Service 0a38ef 
                    if name is not None:
Packit Service 0a38ef 
                        params.append("name=%s" % name)
Packit Service 0a38ef 
                    if left is not None:
Packit Service 0a38ef 
                        params.append("left=%s" % left)
Packit Service 0a38ef 
                    if right is not None:
Packit Service 0a38ef 
                        params.append("right=%s" % right)
Packit Service 0a38ef 
                    ansible_module.fail_json(
Packit Service 0a38ef 
                        msg="No entry '%s' for suffix '%s'" %
Packit Service 0a38ef 
                        (",".join(params), suffix))
Packit Service 0a38ef
Packit Service 0a38ef 
            else:
Packit Service 0a38ef 
                ansible_module.fail_json(msg="Unkown state '%s'" % state)
Packit Service 0a38ef
Packit Service 0a38ef 
        # Execute command
Packit Service 0a38ef
Packit Service 0a38ef 
        for command, args, _suffix in commands:
Packit Service 0a38ef 
            api_command(ansible_module, command, to_text(_suffix), args)
Packit Service 0a38ef 
            changed = True
Packit Service 0a38ef
Packit Service 0a38ef 
    except Exception as e:
Packit Service 0a38ef 
        ansible_module.fail_json(msg=str(e))
Packit Service 0a38ef
Packit Service 0a38ef 
    finally:
Packit Service 0a38ef 
        temp_kdestroy(ccache_dir, ccache_name)
Packit Service 0a38ef
Packit Service 0a38ef 
    # Done
Packit Service 0a38ef
Packit Service 0a38ef 
    ansible_module.exit_json(changed=changed, **exit_args)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
if __name__ == "__main__":
Packit Service 0a38ef 
    main()

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation