Tree - source-git/ansible-freeipa

source-git / ansible-freeipa

Blame roles/ipareplica/library/ipareplica_prepare.py

Blob History Raw

Packit	8cb997	`#!/usr/bin/python`
Packit	8cb997	`# -- coding: utf-8 --`
Packit	8cb997
Packit	8cb997	`# Authors:`
Packit	8cb997	`# Thomas Woerner <twoerner@redhat.com>`
Packit	8cb997	`#`
Packit	8cb997	`# Based on ipa-replica-install code`
Packit	8cb997	`#`
Packit	8cb997	`# Copyright (C) 2018 Red Hat`
Packit	8cb997	`# see file 'COPYING' for use and warranty information`
Packit	8cb997	`#`
Packit	8cb997	`# This program is free software; you can redistribute it and/or modify`
Packit	8cb997	`# it under the terms of the GNU General Public License as published by`
Packit	8cb997	`# the Free Software Foundation, either version 3 of the License, or`
Packit	8cb997	`# (at your option) any later version.`
Packit	8cb997	`#`
Packit	8cb997	`# This program is distributed in the hope that it will be useful,`
Packit	8cb997	`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
Packit	8cb997	`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
Packit	8cb997	`# GNU General Public License for more details.`
Packit	8cb997	`#`
Packit	8cb997	`# You should have received a copy of the GNU General Public License`
Packit	8cb997	`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
Packit	8cb997
Packit	8cb997	`from __future__ import print_function`
Packit	8cb997
Packit	8cb997	`ANSIBLE_METADATA = {`
Packit	8cb997	`'metadata_version': '1.0',`
Packit	8cb997	`'supported_by': 'community',`
Packit	8cb997	`'status': ['preview'],`
Packit	8cb997	`}`
Packit	8cb997
Packit	8cb997	`DOCUMENTATION = '''`
Packit	8cb997	`---`
Packit	8cb997	`module: ipareplica_prepare`
Packit	8cb997	`short description: Prepare ipa replica installation`
Packit	8cb997	`description:`
Packit	8cb997	`Prepare ipa replica installation: Create IPA configuration file, run install`
Packit	8cb997	`checks again and also update the host name and the hosts file if needed.`
Packit	8cb997	`The tests and also the results from ipareplica_test are needed.`
Packit	8cb997	`ptions:`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: no`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`external_ca:`
Packit	8cb997	`description: External ca setting`
Packit	8cb997	`required: yes`
Packit	8cb997	`external_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the IPA CA certificate and the external CA certificate`
Packit	8cb997	`chain`
Packit	8cb997	`required: yes`
Packit	8cb997	`subject_base:`
Packit	8cb997	`description:`
Packit	8cb997	`The certificate subject base (default O=<realm-name>).`
Packit	8cb997	`RDNs are in LDAP order (most specific RDN first).`
Packit	8cb997	`required: yes`
Packit	8cb997	`ca_subject:`
Packit	8cb997	`description: The installer ca_subject setting`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`_hostname_overridden:`
Packit	8cb997	`description: The installer _hostname_overridden setting`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: False`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: False`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: False`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: False`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: False`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: False`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: True`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: False`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: False`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: False`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: False`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: False`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: False`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: False`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: False`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: False`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: False`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: False`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: False`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: False`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: False`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: False`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: False`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: False`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: False`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: False`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: False`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: False`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: False`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: False`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: False`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: False`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: False`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: False`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: False`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: False`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: False`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: False`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: False`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: False`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: False`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: False`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: False`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: True`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: False`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: True`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: True`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: True`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: True`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: True`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: True`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: False`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: True`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: True`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: True`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: True`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: True`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: True`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: True`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: True`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: True`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: True`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: True`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: True`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: True`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: True`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: True`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: True`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: True`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: True`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: True`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: True`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: True`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: True`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: True`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: True`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: True`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: True`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: True`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: True`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: True`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: True`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: True`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: True`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: True`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: True`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: True`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: True`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: False`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: True`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`dm_password:`
Packit	8cb997	`description: Directory Manager password`
Packit	8cb997	`required: yes`
Packit	8cb997	`password:`
Packit	8cb997	`description: Admin user kerberos password`
Packit	8cb997	`required: yes`
Packit	8cb997	`ip_addresses:`
Packit	8cb997	`description: List of Master Server IP Addresses`
Packit	8cb997	`required: yes`
Packit	8cb997	`domain:`
Packit	8cb997	`description: Primary DNS domain of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`realm:`
Packit	8cb997	`description: Kerberos realm name of the IPA deployment`
Packit	8cb997	`required: yes`
Packit	8cb997	`hostname:`
Packit	8cb997	`description: Fully qualified name of this host`
Packit	8cb997	`required: yes`
Packit	8cb997	`principal:`
Packit	8cb997	`description:`
Packit	8cb997	`User Principal allowed to promote replicas and join IPA realm`
Packit	8cb997	`required: no`
Packit	8cb997	`ca_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`List of files containing CA certificates for the service certificate`
Packit	8cb997	`files`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_host_dns:`
Packit	8cb997	`description: Do not use DNS for hostname lookup during installation`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_adtrust:`
Packit	8cb997	`description: Configure AD trust capability`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_ca:`
Packit	8cb997	`description: Configure a dogtag CA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_kra:`
Packit	8cb997	`description: Configure a dogtag KRA`
Packit	8cb997	`required: yes`
Packit	8cb997	`setup_dns:`
Packit	8cb997	`description: Configure bind with our zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`Files containing the Directory Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_cert_name:`
Packit	8cb997	`description: Name of the Directory Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`dirsrv_pin:`
Packit	8cb997	`description: The password to unlock the Directory Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Apache Server SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_cert_name:`
Packit	8cb997	`description: Name of the Apache Server SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`http_pin:`
Packit	8cb997	`description: The password to unlock the Apache Server private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_files:`
Packit	8cb997	`description:`
Packit	8cb997	`File containing the Kerberos KDC SSL certificate and private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_cert_name:`
Packit	8cb997	`description: Name of the Kerberos KDC SSL certificate to install`
Packit	8cb997	`required: yes`
Packit	8cb997	`pkinit_pin:`
Packit	8cb997	`description: The password to unlock the Kerberos KDC private key`
Packit	8cb997	`required: yes`
Packit	8cb997	`keytab:`
Packit	8cb997	`description: Path to backed up keytab from previous enrollment`
Packit	8cb997	`required: yes`
Packit	8cb997	`mkhomedir:`
Packit	8cb997	`description: Create home directories for users on their first login`
Packit	8cb997	`required: yes`
Packit	8cb997	`force_join:`
Packit	8cb997	`description: Force client enrollment even if already enrolled`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ntp:`
Packit	8cb997	`description: Do not configure ntp`
Packit	8cb997	`required: yes`
Packit	8cb997	`ssh_trust_dns:`
Packit	8cb997	`description: Configure OpenSSH client to trust DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_ssh:`
Packit	8cb997	`description: Do not configure OpenSSH client`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_sshd:`
Packit	8cb997	`description: Do not configure OpenSSH server`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dns_sshfp:`
Packit	8cb997	`description: Do not automatically create DNS SSHFP records`
Packit	8cb997	`required: yes`
Packit	8cb997	`allow_zone_overlap:`
Packit	8cb997	`description: Create DNS zone even if it already exists`
Packit	8cb997	`required: yes`
Packit	8cb997	`reverse_zones:`
Packit	8cb997	`description: The reverse DNS zones to use`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_reverse:`
Packit	8cb997	`description: Do not create new reverse DNS zone`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_reverse:`
Packit	8cb997	`description: Create necessary reverse zones`
Packit	8cb997	`required: yes`
Packit	8cb997	`forwarders:`
Packit	8cb997	`description: Add DNS forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_forwarders:`
Packit	8cb997	`description: Do not add any DNS forwarders, use root servers instead`
Packit	8cb997	`required: yes`
Packit	8cb997	`auto_forwarders:`
Packit	8cb997	`description: Use DNS forwarders configured in /etc/resolv.conf`
Packit	8cb997	`required: yes`
Packit	8cb997	`forward_policy:`
Packit	8cb997	`description: DNS forwarding policy for global forwarders`
Packit	8cb997	`required: yes`
Packit	8cb997	`no_dnssec_validation:`
Packit	8cb997	`description: Disable DNSSEC validation`
Packit	8cb997	`required: yes`
Packit	8cb997	`enable_compat:`
Packit	8cb997	`description: Enable support for trusted domains for old clients`
Packit	8cb997	`required: yes`
Packit	8cb997	`netbios_name:`
Packit	8cb997	`description: NetBIOS name of the IPA domain`
Packit	8cb997	`required: yes`
Packit	8cb997	`rid_base:`
Packit	8cb997	`description: Start value for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`secondary_rid_base:`
Packit	8cb997	`description:`
Packit	8cb997	`Start value of the secondary range for mapping UIDs and GIDs to RIDs`
Packit	8cb997	`required: yes`
Packit	8cb997	`server:`
Packit	8cb997	`description: Fully qualified name of IPA server to enroll to`
Packit	8cb997	`required: no`
Packit	8cb997	`skip_conncheck:`
Packit	8cb997	`description: Skip connection check to remote master`
Packit	8cb997	`required: yes`
Packit	8cb997	`author:`
Packit	8cb997	`- Thomas Woerner`
Packit	8cb997	`'''`
Packit	8cb997
Packit	8cb997	`EXAMPLES = '''`
Packit	8cb997	`'''`
Packit	8cb997
Packit	8cb997	`RETURN = '''`
Packit	8cb997	`'''`
Packit	8cb997
Packit	8cb997	`import os`
Packit	8cb997	`import tempfile`
Packit	8cb997	`import traceback`
Packit	8cb997	`import six`
Packit	8cb997
Packit	8cb997	`from ansible.module_utils.basic import AnsibleModule`
Packit	8cb997	`from ansible.module_utils.ansible_ipa_replica import (`
Packit	8cb997	`AnsibleModuleLog, options, installer, DN, paths, sysrestore,`
Packit	8cb997	`ansible_module_get_parsed_ip_addresses, Env, ipautil, ipaldap,`
Packit	8cb997	`installutils, ReplicaConfig, load_pkcs12, kinit_keytab, create_api,`
Packit	8cb997	`rpc_client, check_remote_version, parse_version, check_remote_fips_mode,`
Packit	8cb997	`ReplicationManager, promotion_check_ipa_domain, current_domain_level,`
Packit	8cb997	`check_domain_level_is_supported, errors, ScriptError,`
Packit	8cb997	`logger, check_dns_resolution, service, find_providing_server, ca, kra,`
Packit	8cb997	`dns, no_matching_interface_for_ip_address_warning, adtrust,`
Packit	8cb997	`constants, api, redirect_stdout, replica_conn_check, tasks`
Packit	8cb997	`)`
Packit	8cb997
Packit	8cb997	`if six.PY3:`
Packit	8cb997	`unicode = str`
Packit	8cb997
Packit	8cb997
Packit	8cb997	`def main():`
Packit	8cb997	`ansible_module = AnsibleModule(`
Packit	8cb997	`argument_spec=dict(`
Packit	8cb997	`# basic`
Packit	8cb997	`dm_password=dict(required=False, no_log=True),`
Packit	8cb997	`password=dict(required=False, no_log=True),`
Packit	8cb997	`ip_addresses=dict(required=False, type='list', default=[]),`
Packit	8cb997	`domain=dict(required=False),`
Packit	8cb997	`realm=dict(required=False),`
Packit	8cb997	`hostname=dict(required=False),`
Packit	8cb997	`principal=dict(required=True),`
Packit	8cb997	`ca_cert_files=dict(required=False, type='list', default=[]),`
Packit	8cb997	`no_host_dns=dict(required=False, type='bool', default=False),`
Packit	8cb997	`# server`
Packit	8cb997	`setup_adtrust=dict(required=False, type='bool'),`
Packit	8cb997	`setup_ca=dict(required=False, type='bool'),`
Packit	8cb997	`setup_kra=dict(required=False, type='bool'),`
Packit	8cb997	`setup_dns=dict(required=False, type='bool'),`
Packit	8cb997	`# ssl certificate`
Packit	8cb997	`dirsrv_cert_files=dict(required=False, type='list', default=[]),`
Packit	8cb997	`dirsrv_cert_name=dict(required=False),`
Packit	8cb997	`dirsrv_pin=dict(required=False),`
Packit	8cb997	`http_cert_files=dict(required=False, type='list', default=[]),`
Packit	8cb997	`http_cert_name=dict(required=False),`
Packit	8cb997	`http_pin=dict(required=False),`
Packit	8cb997	`pkinit_cert_files=dict(required=False, type='list', default=[]),`
Packit	8cb997	`pkinit_cert_name=dict(required=False),`
Packit	8cb997	`pkinit_pin=dict(required=False),`
Packit	8cb997	`# client`
Packit	8cb997	`keytab=dict(required=False),`
Packit	8cb997	`mkhomedir=dict(required=False, type='bool'),`
Packit	8cb997	`force_join=dict(required=False, type='bool'),`
Packit	8cb997	`no_ntp=dict(required=False, type='bool'),`
Packit	8cb997	`ssh_trust_dns=dict(required=False, type='bool'),`
Packit	8cb997	`no_ssh=dict(required=False, type='bool'),`
Packit	8cb997	`no_sshd=dict(required=False, type='bool'),`
Packit	8cb997	`no_dns_sshfp=dict(required=False, type='bool'),`
Packit	8cb997	`# certificate system`
Packit	8cb997	`# subject_base=dict(required=False),`
Packit	8cb997	`# dns`
Packit	8cb997	`allow_zone_overlap=dict(required=False, type='bool',`
Packit	8cb997	`default=False),`
Packit	8cb997	`reverse_zones=dict(required=False, type='list', default=[]),`
Packit	8cb997	`no_reverse=dict(required=False, type='bool', default=False),`
Packit	8cb997	`auto_reverse=dict(required=False, type='bool', default=False),`
Packit	8cb997	`forwarders=dict(required=False, type='list', default=[]),`
Packit	8cb997	`no_forwarders=dict(required=False, type='bool', default=False),`
Packit	8cb997	`auto_forwarders=dict(required=False, type='bool', default=False),`
Packit	8cb997	`forward_policy=dict(default=None, choices=['first', 'only']),`
Packit	8cb997	`no_dnssec_validation=dict(required=False, type='bool',`
Packit	8cb997	`default=False),`
Packit	8cb997	`# ad trust`
Packit	8cb997	`enable_compat=dict(required=False, type='bool', default=False),`
Packit	8cb997	`netbios_name=dict(required=False),`
Packit	8cb997	`rid_base=dict(required=False, type='int', default=1000),`
Packit	8cb997	`secondary_rid_base=dict(required=False, type='int',`
Packit	8cb997	`default=100000000),`
Packit	8cb997	`# additional`
Packit	8cb997	`server=dict(required=True),`
Packit	8cb997	`skip_conncheck=dict(required=False, type='bool'),`
Packit	8cb997	`),`
Packit	8cb997	`supports_check_mode=True,`
Packit	8cb997	`)`
Packit	8cb997
Packit	8cb997	`ansible_module._ansible_debug = True`
Packit	8cb997	`ansible_log = AnsibleModuleLog(ansible_module)`
Packit	8cb997
Packit	8cb997	`# get parameters #`
Packit	8cb997
Packit	8cb997	`options.dm_password = ansible_module.params.get('dm_password')`
Packit	8cb997	`options.password = options.dm_password`
Packit	8cb997	`options.admin_password = ansible_module.params.get('password')`
Packit	8cb997	`options.ip_addresses = ansible_module_get_parsed_ip_addresses(`
Packit	8cb997	`ansible_module)`
Packit	8cb997	`options.domain_name = ansible_module.params.get('domain')`
Packit	8cb997	`options.realm_name = ansible_module.params.get('realm')`
Packit	8cb997	`options.host_name = ansible_module.params.get('hostname')`
Packit	8cb997	`options.principal = ansible_module.params.get('principal')`
Packit	8cb997	`options.ca_cert_files = ansible_module.params.get('ca_cert_files')`
Packit	8cb997	`options.no_host_dns = ansible_module.params.get('no_host_dns')`
Packit	8cb997	`# server`
Packit	8cb997	`options.setup_adtrust = ansible_module.params.get('setup_adtrust')`
Packit	8cb997	`options.setup_ca = ansible_module.params.get('setup_ca')`
Packit	8cb997	`options.setup_kra = ansible_module.params.get('setup_kra')`
Packit	8cb997	`options.setup_dns = ansible_module.params.get('setup_dns')`
Packit	8cb997	`# ssl certificate`
Packit	8cb997	`options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')`
Packit	8cb997	`options.dirsrv_cert_name = ansible_module.params.get('dirsrv_cert_name')`
Packit	8cb997	`options.dirsrv_pin = ansible_module.params.get('dirsrv_pin')`
Packit	8cb997	`options.http_cert_files = ansible_module.params.get('http_cert_files')`
Packit	8cb997	`options.http_cert_name = ansible_module.params.get('http_cert_name')`
Packit	8cb997	`options.http_pin = ansible_module.params.get('http_pin')`
Packit	8cb997	`options.pkinit_cert_files = ansible_module.params.get('pkinit_cert_files')`
Packit	8cb997	`options.pkinit_cert_name = ansible_module.params.get('pkinit_cert_name')`
Packit	8cb997	`options.pkinit_pin = ansible_module.params.get('pkinit_pin')`
Packit	8cb997	`# client`
Packit	8cb997	`options.keytab = ansible_module.params.get('keytab')`
Packit	8cb997	`options.mkhomedir = ansible_module.params.get('mkhomedir')`
Packit	8cb997	`options.force_join = ansible_module.params.get('force_join')`
Packit	8cb997	`options.no_ntp = ansible_module.params.get('no_ntp')`
Packit	8cb997	`options.ssh_trust_dns = ansible_module.params.get('ssh_trust_dns')`
Packit	8cb997	`options.no_ssh = ansible_module.params.get('no_ssh')`
Packit	8cb997	`options.no_sshd = ansible_module.params.get('no_sshd')`
Packit	8cb997	`options.no_dns_sshfp = ansible_module.params.get('no_dns_sshfp')`
Packit	8cb997	`# certificate system`
Packit	8cb997	`options.external_ca = ansible_module.params.get('external_ca')`
Packit	8cb997	`options.external_cert_files = ansible_module.params.get(`
Packit	8cb997	`'external_cert_files')`
Packit	8cb997	`# options.subject_base = ansible_module.params.get('subject_base')`
Packit	8cb997	`# options.ca_subject = ansible_module.params.get('ca_subject')`
Packit	8cb997	`options.no_dnssec_validation = ansible_module.params.get(`
Packit	8cb997	`'no_dnssec_validation')`
Packit	8cb997	`# dns`
Packit	8cb997	`options.allow_zone_overlap = ansible_module.params.get(`
Packit	8cb997	`'allow_zone_overlap')`
Packit	8cb997	`options.reverse_zones = ansible_module.params.get('reverse_zones')`
Packit	8cb997	`options.no_reverse = ansible_module.params.get('no_reverse')`
Packit	8cb997	`options.auto_reverse = ansible_module.params.get('auto_reverse')`
Packit	8cb997	`options.forwarders = ansible_module.params.get('forwarders')`
Packit	8cb997	`options.no_forwarders = ansible_module.params.get('no_forwarders')`
Packit	8cb997	`options.auto_forwarders = ansible_module.params.get('auto_forwarders')`
Packit	8cb997	`options.forward_policy = ansible_module.params.get('forward_policy')`
Packit	8cb997	`options.no_dnssec_validation = ansible_module.params.get(`
Packit	8cb997	`'no_dnssec_validationdnssec_validation')`
Packit	8cb997	`# ad trust`
Packit	8cb997	`options.enable_compat = ansible_module.params.get('enable_compat')`
Packit	8cb997	`options.netbios_name = ansible_module.params.get('netbios_name')`
Packit	8cb997	`options.rid_base = ansible_module.params.get('rid_base')`
Packit	8cb997	`options.secondary_rid_base = ansible_module.params.get(`
Packit	8cb997	`'secondary_rid_base')`
Packit	8cb997
Packit	8cb997	`# additional`
Packit	8cb997	`# options._host_name_overridden = ansible_module.params.get(`
Packit	8cb997	`# '_hostname_overridden')`
Packit	8cb997	`options.server = ansible_module.params.get('server')`
Packit	8cb997	`options.skip_conncheck = ansible_module.params.get('skip_conncheck')`
Packit	8cb997
Packit	8cb997	`# init #`
Packit	8cb997
Packit	8cb997	`fstore = sysrestore.FileStore(paths.SYSRESTORE)`
Packit	8cb997	`sstore = sysrestore.StateFile(paths.SYSRESTORE)`
Packit	8cb997
Packit	8cb997	`# prepare (install prepare, install checks) #`
Packit	8cb997
Packit	8cb997	`##########################################################################`
Packit	8cb997	`# replica promote_check ##################################################`
Packit	8cb997	`##########################################################################`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("== PROMOTE CHECK ==")`
Packit	8cb997
Packit	8cb997	`# ansible_log.debug("-- NO_NTP --") # already done in test`
Packit	8cb997
Packit	8cb997	`# check selinux status, http and DS ports, NTP conflicting services`
Packit	8cb997	`# common_check(options.no_ntp)`
Packit	8cb997
Packit	8cb997	`installer._enrollment_performed = False`
Packit	8cb997	`installer._top_dir = tempfile.mkdtemp("ipa")`
Packit	8cb997
Packit	8cb997	`# with ipautil.private_ccache():`
Packit	8cb997	`dir_path = tempfile.mkdtemp(prefix='krbcc')`
Packit	8cb997	`os.environ['KRB5CCNAME'] = os.path.join(dir_path, 'ccache')`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- API --")`
Packit	8cb997
Packit	8cb997	`env = Env()`
Packit	8cb997	`env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)`
Packit	8cb997	`env._finalize_core(**dict(constants.DEFAULT_CONFIG))`
Packit	8cb997
Packit	8cb997	`# pylint: disable=no-member`
Packit	8cb997	`xmlrpc_uri = 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))`
Packit	8cb997	`if hasattr(ipaldap, "realm_to_ldapi_uri"):`
Packit	8cb997	`realm_to_ldapi_uri = ipaldap.realm_to_ldapi_uri`
Packit	8cb997	`else:`
Packit	8cb997	`realm_to_ldapi_uri = installutils.realm_to_ldapi_uri`
Packit	8cb997	`api.bootstrap(in_server=True,`
Packit	8cb997	`context='installer',`
Packit	8cb997	`confdir=paths.ETC_IPA,`
Packit	8cb997	`ldap_uri=realm_to_ldapi_uri(env.realm),`
Packit	8cb997	`xmlrpc_uri=xmlrpc_uri)`
Packit	8cb997	`# pylint: enable=no-member`
Packit	8cb997	`api.finalize()`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- REPLICA_CONFIG --")`
Packit	8cb997
Packit	8cb997	`config = ReplicaConfig()`
Packit	8cb997	`config.realm_name = api.env.realm`
Packit	8cb997	`config.host_name = api.env.host`
Packit	8cb997	`config.domain_name = api.env.domain`
Packit	8cb997	`config.master_host_name = api.env.server`
Packit	8cb997	`if not api.env.ca_host or api.env.ca_host == api.env.host:`
Packit	8cb997	`# ca_host has not been configured explicitly, prefer source master`
Packit	8cb997	`config.ca_host_name = api.env.server`
Packit	8cb997	`else:`
Packit	8cb997	`# default to ca_host from IPA config`
Packit	8cb997	`config.ca_host_name = api.env.ca_host`
Packit	8cb997	`config.kra_host_name = config.ca_host_name`
Packit	8cb997	`config.ca_ds_port = 389`
Packit	8cb997	`config.setup_ca = options.setup_ca`
Packit	8cb997	`config.setup_kra = options.setup_kra`
Packit	8cb997	`config.dir = installer._top_dir`
Packit	8cb997	`config.basedn = api.env.basedn`
Packit	8cb997	`# config.hidden_replica = options.hidden_replica`
Packit	8cb997
Packit	8cb997	`# load and check certificates #`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CERT_FILES --")`
Packit	8cb997
Packit	8cb997	`http_pkcs12_file = None`
Packit	8cb997	`http_pkcs12_info = None`
Packit	8cb997	`http_ca_cert = None`
Packit	8cb997	`dirsrv_pkcs12_file = None`
Packit	8cb997	`dirsrv_pkcs12_info = None`
Packit	8cb997	`dirsrv_ca_cert = None`
Packit	8cb997	`pkinit_pkcs12_file = None`
Packit	8cb997	`pkinit_pkcs12_info = None`
Packit	8cb997	`pkinit_ca_cert = None`
Packit	8cb997
Packit	8cb997	`if options.http_cert_files:`
Packit	8cb997	`ansible_log.debug("-- HTTP_CERT_FILES --")`
Packit	8cb997	`if options.http_pin is None:`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="Apache Server private key unlock password required")`
Packit	8cb997	`http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(`
Packit	8cb997	`cert_files=options.http_cert_files,`
Packit	8cb997	`key_password=options.http_pin,`
Packit	8cb997	`key_nickname=options.http_cert_name,`
Packit	8cb997	`ca_cert_files=options.ca_cert_files,`
Packit	8cb997	`host_name=config.host_name)`
Packit	8cb997	`http_pkcs12_info = (http_pkcs12_file.name, http_pin)`
Packit	8cb997
Packit	8cb997	`if options.dirsrv_cert_files:`
Packit	8cb997	`ansible_log.debug("-- DIRSRV_CERT_FILES --")`
Packit	8cb997	`if options.dirsrv_pin is None:`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="Directory Server private key unlock password required")`
Packit	8cb997	`dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(`
Packit	8cb997	`cert_files=options.dirsrv_cert_files,`
Packit	8cb997	`key_password=options.dirsrv_pin,`
Packit	8cb997	`key_nickname=options.dirsrv_cert_name,`
Packit	8cb997	`ca_cert_files=options.ca_cert_files,`
Packit	8cb997	`host_name=config.host_name)`
Packit	8cb997	`dirsrv_pkcs12_info = (dirsrv_pkcs12_file.name, dirsrv_pin)`
Packit	8cb997
Packit	8cb997	`if options.pkinit_cert_files:`
Packit	8cb997	`ansible_log.debug("-- PKINIT_CERT_FILES --")`
Packit	8cb997	`if options.pkinit_pin is None:`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="Kerberos KDC private key unlock password required")`
Packit	8cb997	`pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(`
Packit	8cb997	`cert_files=options.pkinit_cert_files,`
Packit	8cb997	`key_password=options.pkinit_pin,`
Packit	8cb997	`key_nickname=options.pkinit_cert_name,`
Packit	8cb997	`ca_cert_files=options.ca_cert_files,`
Packit	8cb997	`realm_name=config.realm_name)`
Packit	8cb997	`pkinit_pkcs12_info = (pkinit_pkcs12_file.name, pkinit_pin)`
Packit	8cb997
Packit	8cb997	`if (options.http_cert_files and options.dirsrv_cert_files and`
Packit	8cb997	`http_ca_cert != dirsrv_ca_cert):`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="Apache Server SSL certificate and Directory "`
Packit	8cb997	`"Server SSL certificate are not signed by the same"`
Packit	8cb997	`" CA certificate")`
Packit	8cb997
Packit	8cb997	`if (options.http_cert_files and`
Packit	8cb997	`options.pkinit_cert_files and`
Packit	8cb997	`http_ca_cert != pkinit_ca_cert):`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="Apache Server SSL certificate and PKINIT KDC "`
Packit	8cb997	`"certificate are not signed by the same CA "`
Packit	8cb997	`"certificate")`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- FQDN --")`
Packit	8cb997
Packit	8cb997	`installutils.verify_fqdn(config.host_name, options.no_host_dns)`
Packit	8cb997	`installutils.verify_fqdn(config.master_host_name, options.no_host_dns)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- KINIT_KEYTAB --")`
Packit	8cb997
Packit	8cb997	`ccache = os.environ['KRB5CCNAME']`
Packit	8cb997	`kinit_keytab('host/{env.host}@{env.realm}'.format(env=api.env),`
Packit	8cb997	`paths.KRB5_KEYTAB,`
Packit	8cb997	`ccache)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CA_CRT --")`
Packit	8cb997
Packit	8cb997	`cafile = paths.IPA_CA_CRT`
Packit	8cb997	`if not os.path.isfile(cafile):`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="CA cert file is not available! Please reinstall"`
Packit	8cb997	`"the client and try again.")`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- REMOTE_API --")`
Packit	8cb997
Packit	8cb997	`ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)`
Packit	8cb997	`xmlrpc_uri = 'https://{}/ipa/xml'.format(`
Packit	8cb997	`ipautil.format_netloc(config.master_host_name))`
Packit	8cb997	`remote_api = create_api(mode=None)`
Packit	8cb997	`remote_api.bootstrap(in_server=True,`
Packit	8cb997	`context='installer',`
Packit	8cb997	`confdir=paths.ETC_IPA,`
Packit	8cb997	`ldap_uri=ldapuri,`
Packit	8cb997	`xmlrpc_uri=xmlrpc_uri)`
Packit	8cb997	`remote_api.finalize()`
Packit	8cb997	`installer._remote_api = remote_api`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- RPC_CLIENT --")`
Packit	8cb997
Packit	8cb997	`with rpc_client(remote_api) as client:`
Packit	8cb997	`check_remote_version(client, parse_version(api.env.version))`
Packit	8cb997	`check_remote_fips_mode(client, api.env.fips_mode)`
Packit	8cb997
Packit	8cb997	`conn = remote_api.Backend.ldap2`
Packit	8cb997	`replman = None`
Packit	8cb997	`try:`
Packit	8cb997	`ansible_log.debug("-- CONNECT --")`
Packit	8cb997	`# Try out authentication`
Packit	8cb997	`conn.connect(ccache=ccache)`
Packit	8cb997	`replman = ReplicationManager(config.realm_name,`
Packit	8cb997	`config.master_host_name, None)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK IPA_DOMAIN --")`
Packit	8cb997
Packit	8cb997	`promotion_check_ipa_domain(conn, remote_api.env.basedn)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK DOMAIN_LEVEL --")`
Packit	8cb997
Packit	8cb997	`# Make sure that domain fulfills minimal domain level`
Packit	8cb997	`# requirement`
Packit	8cb997	`domain_level = current_domain_level(remote_api)`
Packit	8cb997	`check_domain_level_is_supported(domain_level)`
Packit	8cb997	`if domain_level < constants.MIN_DOMAIN_LEVEL:`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg="Cannot promote this client to a replica. The domain "`
Packit	8cb997	`"level "`
Packit	8cb997	`"must be raised to {mindomainlevel} before the replica can be "`
Packit	8cb997	`"installed".format(`
Packit	8cb997	`mindomainlevel=constants.MIN_DOMAIN_LEVEL))`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK AUTHORIZATION --")`
Packit	8cb997
Packit	8cb997	`# Check authorization`
Packit	8cb997	`result = remote_api.Command['hostgroup_find'](`
Packit	8cb997	`cn=u'ipaservers',`
Packit	8cb997	`host=[unicode(api.env.host)]`
Packit	8cb997	`)['result']`
Packit	8cb997	`add_to_ipaservers = not result`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- ADD_TO_IPASERVERS --")`
Packit	8cb997
Packit	8cb997	`if add_to_ipaservers:`
Packit	8cb997	`if options.password and not options.admin_password:`
Packit	8cb997	`raise errors.ACIError(info="Not authorized")`
Packit	8cb997
Packit	8cb997	`if installer._ccache is None:`
Packit	8cb997	`del os.environ['KRB5CCNAME']`
Packit	8cb997	`else:`
Packit	8cb997	`os.environ['KRB5CCNAME'] = installer._ccache`
Packit	8cb997
Packit	8cb997	`try:`
Packit	8cb997	`installutils.check_creds(options, config.realm_name)`
Packit	8cb997	`installer._ccache = os.environ.get('KRB5CCNAME')`
Packit	8cb997	`finally:`
Packit	8cb997	`os.environ['KRB5CCNAME'] = ccache`
Packit	8cb997
Packit	8cb997	`conn.disconnect()`
Packit	8cb997	`conn.connect(ccache=installer._ccache)`
Packit	8cb997
Packit	8cb997	`try:`
Packit	8cb997	`result = remote_api.Command['hostgroup_show'](`
Packit	8cb997	`u'ipaservers',`
Packit	8cb997	`all=True,`
Packit	8cb997	`rights=True`
Packit	8cb997	`)['result']`
Packit	8cb997
Packit	8cb997	`if 'w' not in result['attributelevelrights']['member']:`
Packit	8cb997	`raise errors.ACIError(info="Not authorized")`
Packit	8cb997	`finally:`
Packit	8cb997	`ansible_log.debug("-- RECONNECT --")`
Packit	8cb997	`conn.disconnect()`
Packit	8cb997	`conn.connect(ccache=ccache)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK FOR REPLICATION AGREEMENT --")`
Packit	8cb997
Packit	8cb997	`# Check that we don't already have a replication agreement`
Packit	8cb997	`if replman.get_replication_agreement(config.host_name):`
Packit	8cb997	`msg = ("A replication agreement for this host already exists. "`
Packit	8cb997	`"It needs to be removed.\n"`
Packit	8cb997	`"Run this command:\n"`
Packit	8cb997	`" %% ipa-replica-manage del {host} --force"`
Packit	8cb997	`.format(host=config.host_name))`
Packit	8cb997	`raise ScriptError(msg, rval=3)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- DETECT REPLICATION MANAGER GROUP --")`
Packit	8cb997
Packit	8cb997	`# Detect if the other master can handle replication managers`
Packit	8cb997	`# cn=replication managers,cn=sysaccounts,cn=etc,$SUFFIX`
Packit	8cb997	`dn = DN(('cn', 'replication managers'), ('cn', 'sysaccounts'),`
Packit	8cb997	`('cn', 'etc'), ipautil.realm_to_suffix(config.realm_name))`
Packit	8cb997	`try:`
Packit	8cb997	`conn.get_entry(dn)`
Packit	8cb997	`except errors.NotFound:`
Packit	8cb997	`msg = ("The Replication Managers group is not available in "`
Packit	8cb997	`"the domain. Replica promotion requires the use of "`
Packit	8cb997	`"Replication Managers to be able to replicate data. "`
Packit	8cb997	`"Upgrade the peer master or use the ipa-replica-prepare "`
Packit	8cb997	`"command on the master and use a prep file to install "`
Packit	8cb997	`"this replica.")`
Packit	8cb997	`logger.error("%s", msg)`
Packit	8cb997	`raise ScriptError(msg, rval=3)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK DNS_MASTERS --")`
Packit	8cb997
Packit	8cb997	`dns_masters = remote_api.Object['dnsrecord'].get_dns_masters()`
Packit	8cb997	`if dns_masters:`
Packit	8cb997	`if not options.no_host_dns:`
Packit	8cb997	`logger.debug('Check forward/reverse DNS resolution')`
Packit	8cb997	`resolution_ok = (`
Packit	8cb997	`check_dns_resolution(config.master_host_name,`
Packit	8cb997	`dns_masters) and`
Packit	8cb997	`check_dns_resolution(config.host_name, dns_masters))`
Packit	8cb997	`if not resolution_ok and installer.interactive:`
Packit	8cb997	`if not ipautil.user_input("Continue?", False):`
Packit	8cb997	`raise ScriptError(rval=0)`
Packit	8cb997	`else:`
Packit	8cb997	`logger.debug('No IPA DNS servers, '`
Packit	8cb997	`'skipping forward/reverse resolution check')`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- GET_IPA_CONFIG --")`
Packit	8cb997
Packit	8cb997	`entry_attrs = conn.get_ipa_config()`
Packit	8cb997	`subject_base = entry_attrs.get('ipacertificatesubjectbase', [None])[0]`
Packit	8cb997	`if subject_base is not None:`
Packit	8cb997	`config.subject_base = DN(subject_base)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- SEARCH FOR CA --")`
Packit	8cb997
Packit	8cb997	`# Find if any server has a CA`
Packit	8cb997	`if not hasattr(service, "find_providing_server"):`
Packit	8cb997	`_host = [config.ca_host_name]`
Packit	8cb997	`else:`
Packit	8cb997	`_host = config.ca_host_name`
Packit	8cb997	`ca_host = find_providing_server('CA', conn, _host)`
Packit	8cb997	`if ca_host is not None:`
Packit	8cb997	`config.ca_host_name = ca_host`
Packit	8cb997	`ca_enabled = True`
Packit	8cb997	`if options.dirsrv_cert_files:`
Packit	8cb997	`msg = ("Certificates could not be provided when "`
Packit	8cb997	`"CA is present on some master.")`
Packit	8cb997	`logger.error(msg)`
Packit	8cb997	`raise ScriptError(msg, rval=3)`
Packit	8cb997	`else:`
Packit	8cb997	`if options.setup_ca:`
Packit	8cb997	`msg = ("The remote master does not have a CA "`
Packit	8cb997	`"installed, can't set up CA")`
Packit	8cb997	`logger.error(msg)`
Packit	8cb997	`raise ScriptError(msg, rval=3)`
Packit	8cb997	`ca_enabled = False`
Packit	8cb997	`if not options.dirsrv_cert_files:`
Packit	8cb997	`msg = ("Cannot issue certificates: a CA is not "`
Packit	8cb997	`"installed. Use the --http-cert-file, "`
Packit	8cb997	`"--dirsrv-cert-file options to provide "`
Packit	8cb997	`"custom certificates.")`
Packit	8cb997	`logger.error(msg)`
Packit	8cb997	`raise ScriptError(msg, rval=3)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- SEARCH FOR KRA --")`
Packit	8cb997
Packit	8cb997	`if not hasattr(service, "find_providing_server"):`
Packit	8cb997	`_host = [config.kra_host_name]`
Packit	8cb997	`else:`
Packit	8cb997	`_host = config.kra_host_name`
Packit	8cb997	`kra_host = find_providing_server('KRA', conn, _host)`
Packit	8cb997	`if kra_host is not None:`
Packit	8cb997	`config.kra_host_name = kra_host`
Packit	8cb997	`kra_enabled = True`
Packit	8cb997	`else:`
Packit	8cb997	`if options.setup_kra:`
Packit	8cb997	`msg = ("There is no active KRA server in the domain, "`
Packit	8cb997	`"can't setup a KRA clone")`
Packit	8cb997	`logger.error(msg)`
Packit	8cb997	`raise ScriptError(msg, rval=3)`
Packit	8cb997	`kra_enabled = False`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK CA --")`
Packit	8cb997
Packit	8cb997	`if ca_enabled:`
Packit	8cb997	`options.realm_name = config.realm_name`
Packit	8cb997	`options.host_name = config.host_name`
Packit	8cb997	`ca.install_check(False, config, options)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug(" ca.external_cert_file=%s" %`
Packit	8cb997	`repr(ca.external_cert_file))`
Packit	8cb997	`ansible_log.debug(" ca.external_ca_file=%s" %`
Packit	8cb997	`repr(ca.external_ca_file))`
Packit	8cb997
Packit	8cb997	`# TODO`
Packit	8cb997	`# TODO`
Packit	8cb997	`# Save global vars external_cert_file, external_ca_file for`
Packit	8cb997	`# later use`
Packit	8cb997	`# TODO`
Packit	8cb997	`# TODO`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK KRA --")`
Packit	8cb997
Packit	8cb997	`if kra_enabled:`
Packit	8cb997	`try:`
Packit	8cb997	`kra.install_check(remote_api, config, options)`
Packit	8cb997	`except RuntimeError as e:`
Packit	8cb997	`raise ScriptError(e)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK DNS --")`
Packit	8cb997
Packit	8cb997	`if options.setup_dns:`
Packit	8cb997	`dns.install_check(False, remote_api, True, options,`
Packit	8cb997	`config.host_name)`
Packit	8cb997	`config.ips = dns.ip_addresses`
Packit	8cb997	`else:`
Packit	8cb997	`config.ips = installutils.get_server_ip_address(`
Packit	8cb997	`config.host_name, not installer.interactive,`
Packit	8cb997	`False, options.ip_addresses)`
Packit	8cb997
Packit	8cb997	`# check addresses here, dns module is doing own check`
Packit	8cb997	`no_matching_interface_for_ip_address_warning(config.ips)`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK ADTRUST --")`
Packit	8cb997
Packit	8cb997	`if options.setup_adtrust:`
Packit	8cb997	`adtrust.install_check(False, options, remote_api)`
Packit	8cb997
Packit	8cb997	`except errors.ACIError:`
Packit	8cb997	`logger.debug("%s", traceback.format_exc())`
Packit	8cb997	`ansible_module.fail_json(`
Packit	8cb997	`msg=("\nInsufficient privileges to promote the server."`
Packit	8cb997	`"\nPossible issues:"`
Packit	8cb997	`"\n- A user has insufficient privileges"`
Packit	8cb997	`"\n- This client has insufficient privileges "`
Packit	8cb997	`"to become an IPA replica"))`
Packit	8cb997	`except errors.LDAPError:`
Packit	8cb997	`logger.debug("%s", traceback.format_exc())`
Packit	8cb997	`ansible_module.fail_json(msg="\nUnable to connect to LDAP server %s" %`
Packit	8cb997	`config.master_host_name)`
Packit	8cb997	`except ScriptError as e:`
Packit	8cb997	`ansible_module.fail_json(msg=str(e))`
Packit	8cb997	`finally:`
Packit	8cb997	`if replman and replman.conn:`
Packit	8cb997	`ansible_log.debug("-- UNBIND REPLMAN--")`
Packit	8cb997	`replman.conn.unbind()`
Packit	8cb997	`if conn.isconnected():`
Packit	8cb997	`ansible_log.debug("-- DISCONNECT --")`
Packit	8cb997	`conn.disconnect()`
Packit	8cb997
Packit	8cb997	`ansible_log.debug("-- CHECK CONNECTION --")`
Packit	8cb997
Packit	8cb997	`# check connection`
Packit	8cb997	`if not options.skip_conncheck:`
Packit	8cb997	`if add_to_ipaservers:`
Packit	8cb997	`# use user's credentials when the server host is not ipaservers`
Packit	8cb997	`if installer._ccache is None:`
Packit	8cb997	`del os.environ['KRB5CCNAME']`
Packit	8cb997	`else:`
Packit	8cb997	`os.environ['KRB5CCNAME'] = installer._ccache`
Packit	8cb997
Packit	8cb997	`try:`
Packit	8cb997	`with redirect_stdout(ansible_log):`
Packit	8cb997	`replica_conn_check(`
Packit	8cb997	`config.master_host_name, config.host_name,`
Packit	8cb997	`config.realm_name, options.setup_ca, 389,`
Packit	8cb997	`options.admin_password, principal=options.principal,`
Packit	8cb997	`ca_cert_file=cafile)`
Packit	8cb997	`except ScriptError as e:`
Packit	8cb997	`ansible_module.fail_json(msg=str(e))`
Packit	8cb997	`finally:`
Packit	8cb997	`if add_to_ipaservers:`
Packit	8cb997	`os.environ['KRB5CCNAME'] = ccache`
Packit	8cb997
Packit	8cb997	`if hasattr(tasks, "configure_pkcs11_modules"):`
Packit	8cb997	`if tasks.configure_pkcs11_modules(fstore):`
Packit	8cb997	`ansible_log.info("Disabled p11-kit-proxy")`
Packit	8cb997
Packit	8cb997	`installer._ca_enabled = ca_enabled`
Packit	8cb997	`installer._kra_enabled = kra_enabled`
Packit	8cb997	`installer._ca_file = cafile`
Packit	8cb997	`installer._fstore = fstore`
Packit	8cb997	`installer._sstore = sstore`
Packit	8cb997	`installer._config = config`
Packit	8cb997	`installer._add_to_ipaservers = add_to_ipaservers`
Packit	8cb997
Packit	8cb997	`# done #`
Packit	8cb997
Packit	8cb997	`ansible_module.exit_json(`
Packit	8cb997	`changed=True,`
Packit	8cb997	`ccache=ccache,`
Packit	8cb997	`installer_ccache=installer._ccache,`
Packit	8cb997	`subject_base=str(config.subject_base),`
Packit	8cb997	`forward_policy=options.forward_policy,`
Packit	8cb997	`_ca_enabled=ca_enabled,`
Packit	8cb997	`_ca_subject=str(options._ca_subject),`
Packit	8cb997	`_subject_base=str(options._subject_base) if options._subject_base`
Packit	8cb997	`is not None else None,`
Packit	8cb997	`_kra_enabled=kra_enabled,`
Packit	8cb997	`_ca_file=cafile,`
Packit	8cb997	`_top_dir=installer._top_dir,`
Packit	8cb997	`_add_to_ipaservers=add_to_ipaservers,`
Packit	8cb997	`_dirsrv_pkcs12_info=dirsrv_pkcs12_info,`
Packit	8cb997	`_dirsrv_ca_cert=dirsrv_ca_cert,`
Packit	8cb997	`_http_pkcs12_info=http_pkcs12_info,`
Packit	8cb997	`_http_ca_cert=http_ca_cert,`
Packit	8cb997	`_pkinit_pkcs12_info=pkinit_pkcs12_info,`
Packit	8cb997	`_pkinit_ca_cert=pkinit_ca_cert,`
Packit	8cb997	`no_dnssec_validation=options.no_dnssec_validation,`
Packit	8cb997	`config_setup_ca=config.setup_ca,`
Packit	8cb997	`config_master_host_name=config.master_host_name,`
Packit	8cb997	`config_ca_host_name=config.ca_host_name,`
Packit	8cb997	`config_kra_host_name=config.kra_host_name,`
Packit	8cb997	`config_ips=[str(ip) for ip in config.ips],`
Packit	8cb997	`# ad trust`
Packit	8cb997	`dns_ip_addresses=[str(ip) for ip in dns.ip_addresses],`
Packit	8cb997	`dns_reverse_zones=dns.reverse_zones,`
Packit	8cb997	`rid_base=options.rid_base,`
Packit	8cb997	`secondary_rid_base=options.secondary_rid_base,`
Packit	8cb997	`adtrust_netbios_name=adtrust.netbios_name,`
Packit	8cb997	`adtrust_reset_netbios_name=adtrust.reset_netbios_name)`
Packit	8cb997
Packit	8cb997
Packit	8cb997	`if __name__ == '__main__':`
Packit	8cb997	`main()`

source-git / ansible-freeipa

Source Code

Blame roles/ipareplica/library/ipareplica_prepare.py