|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Authors:
|
|
Packit Service |
0a38ef |
# Thomas Woerner <twoerner@redhat.com>
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Based on ipa-client-install code
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Copyright (C) 2017 Red Hat
|
|
Packit Service |
0a38ef |
# see file 'COPYING' for use and warranty information
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
0a38ef |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
0a38ef |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
0a38ef |
# (at your option) any later version.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
0a38ef |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
0a38ef |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
0a38ef |
# GNU General Public License for more details.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
0a38ef |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
__all__ = ["gssapi", "version", "ipadiscovery", "api", "errors", "x509",
|
|
Packit Service |
0a38ef |
"constants", "sysrestore", "certmonger", "certstore",
|
|
Packit Service |
0a38ef |
"delete_persistent_client_session_data", "ScriptError",
|
|
Packit Service |
0a38ef |
"CheckedIPAddress", "validate_domain_name", "normalize_hostname",
|
|
Packit Service |
0a38ef |
"validate_hostname", "services", "tasks", "CalledProcessError",
|
|
Packit Service |
0a38ef |
"write_tmp_file", "ipa_generate_password", "DN", "kinit_keytab",
|
|
Packit Service |
0a38ef |
"kinit_password", "GSSError", "CLIENT_INSTALL_ERROR",
|
|
Packit Service |
0a38ef |
"is_ipa_client_installed", "CLIENT_ALREADY_CONFIGURED",
|
|
Packit Service |
0a38ef |
"nssldap_exists", "remove_file", "check_ip_addresses",
|
|
Packit Service |
0a38ef |
"print_port_conf_info", "configure_ipa_conf", "purge_host_keytab",
|
|
Packit Service |
0a38ef |
"configure_sssd_conf", "realm_to_suffix", "run", "timeconf",
|
|
Packit Service |
0a38ef |
"serialization", "configure_krb5_conf", "get_ca_certs",
|
|
Packit Service |
0a38ef |
"SECURE_PATH", "get_server_connection_interface",
|
|
Packit Service |
0a38ef |
"disable_ra", "client_dns",
|
|
Packit Service |
0a38ef |
"configure_certmonger", "update_ssh_keys",
|
|
Packit Service |
0a38ef |
"configure_openldap_conf", "hardcode_ldap_server",
|
|
Packit Service |
0a38ef |
"get_certs_from_ldap", "save_state", "create_ipa_nssdb",
|
|
Packit Service |
0a38ef |
"configure_nisdomain", "configure_ldap_conf",
|
|
Packit Service |
0a38ef |
"configure_nslcd_conf", "nosssd_files", "configure_ssh_config",
|
|
Packit Service |
0a38ef |
"configure_sshd_config", "configure_automount",
|
|
Packit Service |
0a38ef |
"configure_firefox", "sync_time", "check_ldap_conf",
|
|
Packit Service |
0a38ef |
"sssd_enable_ifp"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ipapython.version import NUM_VERSION, VERSION
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if NUM_VERSION < 30201:
|
|
Packit Service |
0a38ef |
# See ipapython/version.py
|
|
Packit Service |
0a38ef |
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
|
|
Packit Service |
0a38ef |
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
IPA_PYTHON_VERSION = NUM_VERSION
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
class installer_obj(object):
|
|
Packit Service |
0a38ef |
def __init__(self):
|
|
Packit Service |
0a38ef |
pass
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def set_logger(self, logger):
|
|
Packit Service |
0a38ef |
self.logger = logger
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __getattribute__(self, attr):
|
|
Packit Service |
0a38ef |
# value = super(installer_obj, self).__getattribute__(attr)
|
|
Packit Service |
0a38ef |
# if not attr.startswith("--") and not attr.endswith("--"):
|
|
Packit Service |
0a38ef |
# logger.debug(
|
|
Packit Service |
0a38ef |
# " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
|
|
Packit Service |
0a38ef |
# return value
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __getattr__(self, attr):
|
|
Packit Service |
0a38ef |
# # logger.info(" --> ADDING missing installer.%s" % attr)
|
|
Packit Service |
0a38ef |
# self.logger.warn(" --> ADDING missing installer.%s" % attr)
|
|
Packit Service |
0a38ef |
# setattr(self, attr, None)
|
|
Packit Service |
0a38ef |
# return getattr(self, attr)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __setattr__(self, attr, value):
|
|
Packit Service |
0a38ef |
# logger.debug(" --> Setting installer.%s to %s" % (attr, repr(value)))
|
|
Packit Service |
0a38ef |
# return super(installer_obj, self).__setattr__(attr, value)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def knobs(self):
|
|
Packit Service |
0a38ef |
for name in self.__dict__:
|
|
Packit Service |
0a38ef |
yield self, name
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Initialize installer settings
|
|
Packit Service |
0a38ef |
installer = installer_obj()
|
|
Packit Service |
0a38ef |
# Create options
|
|
Packit Service |
0a38ef |
options = installer
|
|
Packit Service |
0a38ef |
options.interactive = False
|
|
Packit Service |
0a38ef |
options.unattended = not options.interactive
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if NUM_VERSION >= 40400:
|
|
Packit Service |
0a38ef |
# IPA version >= 4.4
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
import sys
|
|
Packit Service |
0a38ef |
import inspect
|
|
Packit Service |
0a38ef |
import gssapi
|
|
Packit Service |
0a38ef |
import logging
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ipapython import version
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install import ipadiscovery
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipaclient import ipadiscovery
|
|
Packit Service |
0a38ef |
from ipalib import api, errors, x509
|
|
Packit Service |
0a38ef |
from ipalib import constants
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
a166ed |
from ipalib import sysrestore
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
a166ed |
try:
|
|
Packit Service |
a166ed |
from ipalib.install import sysrestore
|
|
Packit Service |
a166ed |
except ImportError:
|
|
Packit Service |
a166ed |
from ipapython import sysrestore
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipalib.install import certmonger
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipapython import certmonger
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipalib.install import certstore
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipalib import certstore
|
|
Packit Service |
0a38ef |
from ipalib.rpc import delete_persistent_client_session_data
|
|
Packit Service |
0a38ef |
from ipapython import certdb, ipautil
|
|
Packit Service |
0a38ef |
from ipapython.admintool import ScriptError
|
|
Packit Service |
0a38ef |
from ipapython.ipautil import CheckedIPAddress
|
|
Packit Service |
0a38ef |
from ipalib.util import validate_domain_name, normalize_hostname, \
|
|
Packit Service |
0a38ef |
validate_hostname
|
|
Packit Service |
0a38ef |
from ipaplatform import services
|
|
Packit Service |
0a38ef |
from ipaplatform.paths import paths
|
|
Packit Service |
0a38ef |
from ipaplatform.tasks import tasks
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from cryptography.hazmat.primitives import serialization
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
serialization = None
|
|
Packit Service |
0a38ef |
from ipapython.ipautil import CalledProcessError, write_tmp_file, \
|
|
Packit Service |
0a38ef |
ipa_generate_password
|
|
Packit Service |
0a38ef |
from ipapython.dn import DN
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipalib.install.kinit import kinit_keytab, kinit_password
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipapython.ipautil import kinit_keytab, kinit_password
|
|
Packit Service |
0a38ef |
from ipapython.ipa_log_manager import standard_logging_setup
|
|
Packit Service |
0a38ef |
from gssapi.exceptions import GSSError
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install.client import configure_krb5_conf, \
|
|
Packit Service |
0a38ef |
get_ca_certs, SECURE_PATH, get_server_connection_interface, \
|
|
Packit Service |
0a38ef |
disable_ra, client_dns, \
|
|
Packit Service |
0a38ef |
configure_certmonger, update_ssh_keys, configure_openldap_conf, \
|
|
Packit Service |
0a38ef |
hardcode_ldap_server, get_certs_from_ldap, save_state, \
|
|
Packit Service |
0a38ef |
create_ipa_nssdb, configure_ssh_config, configure_sshd_config, \
|
|
Packit Service |
0a38ef |
configure_automount, configure_firefox, configure_nisdomain, \
|
|
Packit Service |
0a38ef |
CLIENT_INSTALL_ERROR, is_ipa_client_installed, \
|
|
Packit Service |
0a38ef |
CLIENT_ALREADY_CONFIGURED, nssldap_exists, remove_file, \
|
|
Packit Service |
0a38ef |
check_ip_addresses, print_port_conf_info, configure_ipa_conf, \
|
|
Packit Service |
0a38ef |
purge_host_keytab, configure_sssd_conf, configure_ldap_conf, \
|
|
Packit Service |
0a38ef |
configure_nslcd_conf, nosssd_files
|
|
Packit Service |
0a38ef |
get_ca_cert = None
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
# Create temporary copy of ipa-client-install script (as
|
|
Packit Service |
0a38ef |
# ipa_client_install.py) to be able to import the script easily
|
|
Packit Service |
0a38ef |
# and also to remove the global finally clause in which the
|
|
Packit Service |
0a38ef |
# generated ccache file gets removed. The ccache file will be
|
|
Packit Service |
0a38ef |
# needed in the next step.
|
|
Packit Service |
0a38ef |
# This is done in a temporary directory that gets removed right
|
|
Packit Service |
0a38ef |
# after ipa_client_install has been imported.
|
|
Packit Service |
0a38ef |
import shutil
|
|
Packit Service |
0a38ef |
import tempfile
|
|
Packit Service |
0a38ef |
temp_dir = tempfile.mkdtemp(dir="/tmp")
|
|
Packit Service |
0a38ef |
sys.path.append(temp_dir)
|
|
Packit Service |
0a38ef |
temp_file = "%s/ipa_client_install.py" % temp_dir
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
with open("/usr/sbin/ipa-client-install", "r") as f_in:
|
|
Packit Service |
0a38ef |
with open(temp_file, "w") as f_out:
|
|
Packit Service |
0a38ef |
for line in f_in:
|
|
Packit Service |
0a38ef |
if line.startswith("finally:"):
|
|
Packit Service |
0a38ef |
break
|
|
Packit Service |
0a38ef |
f_out.write(line)
|
|
Packit Service |
0a38ef |
import ipa_client_install
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
shutil.rmtree(temp_dir, ignore_errors=True)
|
|
Packit Service |
0a38ef |
sys.path.remove(temp_dir)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
|
|
Packit Service |
0a38ef |
if argspec.keywords is None:
|
|
Packit Service |
0a38ef |
def configure_krb5_conf(
|
|
Packit Service |
0a38ef |
cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
|
|
Packit Service |
0a38ef |
filename, client_domain, client_hostname, force=False,
|
|
Packit Service |
0a38ef |
configure_sssd=True):
|
|
Packit Service |
0a38ef |
global options
|
|
Packit Service |
0a38ef |
options.force = force
|
|
Packit Service |
0a38ef |
options.sssd = configure_sssd
|
|
Packit Service |
0a38ef |
return ipa_client_install.configure_krb5_conf(
|
|
Packit Service |
0a38ef |
cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
|
|
Packit Service |
0a38ef |
filename, client_domain, client_hostname)
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
configure_krb5_conf = ipa_client_install.configure_krb5_conf
|
|
Packit Service |
0a38ef |
if NUM_VERSION < 40100:
|
|
Packit Service |
0a38ef |
get_ca_cert = ipa_client_install.get_ca_cert
|
|
Packit Service |
0a38ef |
get_ca_certs = None
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
get_ca_cert = None
|
|
Packit Service |
0a38ef |
get_ca_certs = ipa_client_install.get_ca_certs
|
|
Packit Service |
0a38ef |
SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:"
|
|
Packit Service |
0a38ef |
"/usr/bin:/usr/sbin")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
get_server_connection_interface = \
|
|
Packit Service |
0a38ef |
ipa_client_install.get_server_connection_interface
|
|
Packit Service |
0a38ef |
disable_ra = ipa_client_install.disable_ra
|
|
Packit Service |
0a38ef |
client_dns = ipa_client_install.client_dns
|
|
Packit Service |
0a38ef |
configure_certmonger = ipa_client_install.configure_certmonger
|
|
Packit Service |
0a38ef |
update_ssh_keys = ipa_client_install.update_ssh_keys
|
|
Packit Service |
0a38ef |
configure_openldap_conf = ipa_client_install.configure_openldap_conf
|
|
Packit Service |
0a38ef |
hardcode_ldap_server = ipa_client_install.hardcode_ldap_server
|
|
Packit Service |
0a38ef |
get_certs_from_ldap = ipa_client_install.get_certs_from_ldap
|
|
Packit Service |
0a38ef |
save_state = ipa_client_install.save_state
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
create_ipa_nssdb = certdb.create_ipa_nssdb
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
argspec = inspect.getargspec(ipa_client_install.configure_nisdomain)
|
|
Packit Service |
0a38ef |
if len(argspec.args) == 3:
|
|
Packit Service |
0a38ef |
configure_nisdomain = ipa_client_install.configure_nisdomain
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
def configure_nisdomain(options, domain, statestore=None):
|
|
Packit Service |
0a38ef |
return ipa_client_install.configure_nisdomain(options, domain)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
configure_ldap_conf = ipa_client_install.configure_ldap_conf
|
|
Packit Service |
0a38ef |
configure_nslcd_conf = ipa_client_install.configure_nslcd_conf
|
|
Packit Service |
0a38ef |
nosssd_files = ipa_client_install.nosssd_files
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
configure_ssh_config = ipa_client_install.configure_ssh_config
|
|
Packit Service |
0a38ef |
configure_sshd_config = ipa_client_install.configure_sshd_config
|
|
Packit Service |
0a38ef |
configure_automount = ipa_client_install.configure_automount
|
|
Packit Service |
0a38ef |
configure_firefox = ipa_client_install.configure_firefox
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ipapython.ipautil import realm_to_suffix, run
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install import timeconf
|
|
Packit Service |
0a38ef |
time_service = "chronyd"
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install import ntpconf as timeconf
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipaclient import ntpconf as timeconf
|
|
Packit Service |
0a38ef |
time_service = "ntpd"
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install.client import sync_time
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
sync_time = None
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install.client import check_ldap_conf
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
check_ldap_conf = None
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install.client import sssd_enable_ifp
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
sssd_enable_ifp = None
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
logger = logging.getLogger("ipa-client-install")
|
|
Packit Service |
0a38ef |
root_logger = logger
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
# IPA version < 4.4
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
raise Exception("freeipa version '%s' is too old" % VERSION)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def setup_logging():
|
|
Packit Service |
0a38ef |
standard_logging_setup(
|
|
Packit Service |
0a38ef |
paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=False,
|
|
Packit Service |
0a38ef |
filemode='a', console_format='%(message)s')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def ansible_module_get_parsed_ip_addresses(ansible_module,
|
|
Packit Service |
0a38ef |
param='ip_addresses'):
|
|
Packit Service |
0a38ef |
ip_addresses = ansible_module.params.get(param)
|
|
Packit Service |
0a38ef |
if ip_addresses is None:
|
|
Packit Service |
0a38ef |
return None
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ip_addrs = []
|
|
Packit Service |
0a38ef |
for ip in ip_addresses:
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
ip_parsed = ipautil.CheckedIPAddress(ip)
|
|
Packit Service |
0a38ef |
except Exception as e:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="Invalid IP Address %s: %s" % (ip, e))
|
|
Packit Service |
0a38ef |
ip_addrs.append(ip_parsed)
|
|
Packit Service |
0a38ef |
return ip_addrs
|