|
Packit Service |
ee01e6 |
#!/usr/bin/python
|
|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
import os
|
|
Packit Service |
0a38ef |
import re
|
|
Packit Service |
0a38ef |
import six
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from six.moves.configparser import RawConfigParser
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ConfigParser import RawConfigParser
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ansible.module_utils.basic import AnsibleModule
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# pylint: disable=unused-import
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipalib import api # noqa: F401
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
HAS_IPALIB = False
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
HAS_IPALIB = True
|
|
Packit Service |
0a38ef |
from ipaplatform.paths import paths
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
# FreeIPA >= 4.5
|
|
Packit Service |
0a38ef |
from ipalib.install import sysrestore
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
# FreeIPA 4.4 and older
|
|
Packit Service |
0a38ef |
from ipapython import sysrestore
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
import ipaserver # noqa: F401
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
HAS_IPASERVER = False
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
HAS_IPASERVER = True
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
SERVER_SYSRESTORE_STATE = "/var/lib/ipa/sysrestore/sysrestore.state"
|
|
Packit Service |
0a38ef |
NAMED_CONF = "/etc/named.conf"
|
|
Packit Service |
0a38ef |
VAR_LIB_PKI_TOMCAT = "/var/lib/pki/pki-tomcat"
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_ntpd_configured():
|
|
Packit Service |
0a38ef |
# ntpd is configured when sysrestore.state contains the line
|
|
Packit Service |
0a38ef |
# [ntpd]
|
|
Packit Service |
0a38ef |
ntpd_conf_section = re.compile(r'^\s*\[ntpd\]\s*$')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
with open(SERVER_SYSRESTORE_STATE) as f:
|
|
Packit Service |
0a38ef |
for line in f.readlines():
|
|
Packit Service |
0a38ef |
if ntpd_conf_section.match(line):
|
|
Packit Service |
0a38ef |
return True
|
|
Packit Service |
0a38ef |
return False
|
|
Packit Service |
0a38ef |
except IOError:
|
|
Packit Service |
0a38ef |
return False
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_dns_configured():
|
|
Packit Service |
0a38ef |
# dns is configured when /etc/named.conf contains the line
|
|
Packit Service |
0a38ef |
# dyndb "ipa" "/usr/lib64/bind/ldap.so" {
|
|
Packit Service |
0a38ef |
bind_conf_section = re.compile(r'^\s*dyndb\s+"ipa"\s+"[^"]+"\s+{$')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
with open(NAMED_CONF) as f:
|
|
Packit Service |
0a38ef |
for line in f.readlines():
|
|
Packit Service |
0a38ef |
if bind_conf_section.match(line):
|
|
Packit Service |
0a38ef |
return True
|
|
Packit Service |
0a38ef |
return False
|
|
Packit Service |
0a38ef |
except IOError:
|
|
Packit Service |
0a38ef |
return False
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_dogtag_configured(subsystem):
|
|
Packit Service |
0a38ef |
# ca / kra is configured when the directory
|
|
Packit Service |
0a38ef |
# /var/lib/pki/pki-tomcat/[ca|kra] # exists
|
|
Packit Service |
0a38ef |
available_subsystems = {'ca', 'kra'}
|
|
Packit Service |
0a38ef |
assert subsystem in available_subsystems
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return os.path.isdir(os.path.join(VAR_LIB_PKI_TOMCAT, subsystem))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_ca_configured():
|
|
Packit Service |
0a38ef |
return is_dogtag_configured('ca')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_kra_configured():
|
|
Packit Service |
0a38ef |
return is_dogtag_configured('kra')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_client_configured():
|
|
Packit Service |
0a38ef |
# IPA Client is configured when /etc/ipa/default.conf exists
|
|
Packit Service |
0a38ef |
# and /var/lib/ipa-client/sysrestore/sysrestore.state exists
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
|
|
Packit Service |
0a38ef |
return (os.path.isfile(paths.IPA_DEFAULT_CONF) and fstore.has_files())
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def is_server_configured():
|
|
Packit Service |
0a38ef |
# IPA server is configured when /etc/ipa/default.conf exists
|
|
Packit Service |
0a38ef |
# and /var/lib/ipa/sysrestore/sysrestore.state exists
|
|
Packit Service |
0a38ef |
return (os.path.isfile(paths.IPA_DEFAULT_CONF) and
|
|
Packit Service |
0a38ef |
os.path.isfile(SERVER_SYSRESTORE_STATE))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def get_ipa_conf():
|
|
Packit Service |
0a38ef |
# Extract basedn, realm and domain from /etc/ipa/default.conf
|
|
Packit Service |
0a38ef |
parser = RawConfigParser()
|
|
Packit Service |
0a38ef |
parser.read(paths.IPA_DEFAULT_CONF)
|
|
Packit Service |
0a38ef |
basedn = parser.get('global', 'basedn')
|
|
Packit Service |
0a38ef |
realm = parser.get('global', 'realm')
|
|
Packit Service |
0a38ef |
domain = parser.get('global', 'domain')
|
|
Packit Service |
0a38ef |
return dict(
|
|
Packit Service |
0a38ef |
basedn=basedn,
|
|
Packit Service |
0a38ef |
realm=realm,
|
|
Packit Service |
0a38ef |
domain=domain
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def get_ipa_version():
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipapython import version
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
return None
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
version_info = []
|
|
Packit Service |
0a38ef |
for part in version.VERSION.split('.'):
|
|
Packit Service |
0a38ef |
# DEV versions look like:
|
|
Packit Service |
0a38ef |
# 4.4.90.201610191151GITd852c00
|
|
Packit Service |
0a38ef |
# 4.4.90.dev201701071308+git2e43db1
|
|
Packit Service |
0a38ef |
# 4.6.90.pre2
|
|
Packit Service |
0a38ef |
if part.startswith('dev') or part.startswith('pre') or \
|
|
Packit Service |
0a38ef |
'GIT' in part:
|
|
Packit Service |
0a38ef |
version_info.append(part)
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
version_info.append(int(part))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return dict(
|
|
Packit Service |
0a38ef |
api_version=version.API_VERSION,
|
|
Packit Service |
0a38ef |
num_version=version.NUM_VERSION,
|
|
Packit Service |
0a38ef |
vendor_version=version.VENDOR_VERSION,
|
|
Packit Service |
0a38ef |
version=version.VERSION,
|
|
Packit Service |
0a38ef |
version_info=version_info
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def main():
|
|
Packit Service |
0a38ef |
module = AnsibleModule(
|
|
Packit Service |
0a38ef |
argument_spec=dict(),
|
|
Packit Service |
0a38ef |
supports_check_mode=True
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# The module does not change anything, meaning that
|
|
Packit Service |
0a38ef |
# check mode is supported
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
facts = dict(
|
|
Packit Service |
0a38ef |
packages=dict(
|
|
Packit Service |
0a38ef |
ipalib=HAS_IPALIB,
|
|
Packit Service |
0a38ef |
ipaserver=HAS_IPASERVER,
|
|
Packit Service |
0a38ef |
),
|
|
Packit Service |
0a38ef |
configured=dict(
|
|
Packit Service |
0a38ef |
client=False,
|
|
Packit Service |
0a38ef |
server=False,
|
|
Packit Service |
0a38ef |
dns=False,
|
|
Packit Service |
0a38ef |
ca=False,
|
|
Packit Service |
0a38ef |
kra=False,
|
|
Packit Service |
0a38ef |
ntpd=False
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if HAS_IPALIB:
|
|
Packit Service |
0a38ef |
if is_client_configured():
|
|
Packit Service |
0a38ef |
facts['configured']['client'] = True
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
facts['version'] = get_ipa_version()
|
|
Packit Service |
0a38ef |
for key, value in six.iteritems(get_ipa_conf()):
|
|
Packit Service |
0a38ef |
facts[key] = value
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if HAS_IPASERVER:
|
|
Packit Service |
0a38ef |
if is_server_configured():
|
|
Packit Service |
0a38ef |
facts['configured']['server'] = True
|
|
Packit Service |
0a38ef |
facts['configured']['dns'] = is_dns_configured()
|
|
Packit Service |
0a38ef |
facts['configured']['ca'] = is_ca_configured()
|
|
Packit Service |
0a38ef |
facts['configured']['kra'] = is_kra_configured()
|
|
Packit Service |
0a38ef |
facts['configured']['ntpd'] = is_ntpd_configured()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
module.exit_json(
|
|
Packit Service |
0a38ef |
changed=False,
|
|
Packit Service |
0a38ef |
ansible_facts=dict(ipa=facts)
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if __name__ == '__main__':
|
|
Packit Service |
0a38ef |
main()
|