|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Authors:
|
|
Packit Service |
0a38ef |
# Thomas Woerner <twoerner@redhat.com>
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Based on ipa-replica-install code
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Copyright (C) 2018 Red Hat
|
|
Packit Service |
0a38ef |
# see file 'COPYING' for use and warranty information
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
0a38ef |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
0a38ef |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
0a38ef |
# (at your option) any later version.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
0a38ef |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
0a38ef |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
0a38ef |
# GNU General Public License for more details.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
0a38ef |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ANSIBLE_METADATA = {
|
|
Packit Service |
0a38ef |
'metadata_version': '1.0',
|
|
Packit Service |
0a38ef |
'supported_by': 'community',
|
|
Packit Service |
0a38ef |
'status': ['preview'],
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
DOCUMENTATION = '''
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
module: ipareplica_test
|
|
Packit Service |
0a38ef |
short description: IPA replica deployment tests
|
|
Packit Service |
0a38ef |
description: IPA replica deployment tests
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
ip_addresses:
|
|
Packit Service |
0a38ef |
description: List of Master Server IP Addresses
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
domain:
|
|
Packit Service |
0a38ef |
description: Primary DNS domain of the IPA deployment
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
servers:
|
|
Packit Service |
0a38ef |
description: Fully qualified name of IPA servers to enroll to
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
realm:
|
|
Packit Service |
0a38ef |
description: Kerberos realm name of the IPA deployment
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
hostname:
|
|
Packit Service |
0a38ef |
description: Fully qualified name of this host
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
ca_cert_files:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
List of files containing CA certificates for the service certificate
|
|
Packit Service |
0a38ef |
files
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
hidden_replica:
|
|
Packit Service |
0a38ef |
description: Install a hidden replica
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
a166ed |
skip_mem_check:
|
|
Packit Service |
a166ed |
description: Skip checking for minimum required memory
|
|
Packit Service |
a166ed |
required: yes
|
|
Packit Service |
0a38ef |
setup_adtrust:
|
|
Packit Service |
0a38ef |
description: Configure AD trust capability
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
a166ed |
setup_ca:
|
|
Packit Service |
a166ed |
description: Configure a dogtag CA
|
|
Packit Service |
a166ed |
required: yes
|
|
Packit Service |
0a38ef |
setup_kra:
|
|
Packit Service |
0a38ef |
description: Configure a dogtag KRA
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
setup_dns:
|
|
Packit Service |
0a38ef |
description: Configure bind with our zone
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
no_pkinit:
|
|
Packit Service |
0a38ef |
description: Disable pkinit setup steps
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
dirsrv_config_file:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
The path to LDIF file that will be used to modify configuration of
|
|
Packit Service |
0a38ef |
dse.ldif during installation of the directory server instance
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
dirsrv_cert_files:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Files containing the Directory Server SSL certificate and private key
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
http_cert_files:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
File containing the Apache Server SSL certificate and private key
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
pkinit_cert_files:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
File containing the Kerberos KDC SSL certificate and private key
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
no_ntp:
|
|
Packit Service |
0a38ef |
description: Do not configure ntp
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
ntp_servers:
|
|
Packit Service |
0a38ef |
description: ntp servers to use
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
ntp_pool:
|
|
Packit Service |
0a38ef |
description: ntp server pool to use
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
no_reverse:
|
|
Packit Service |
0a38ef |
description: Do not create new reverse DNS zone
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
auto_reverse:
|
|
Packit Service |
0a38ef |
description: Create necessary reverse zones
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
forwarders:
|
|
Packit Service |
0a38ef |
description: Add DNS forwarders
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
no_forwarders:
|
|
Packit Service |
0a38ef |
description: Do not add any DNS forwarders, use root servers instead
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
auto_forwarders:
|
|
Packit Service |
0a38ef |
description: Use DNS forwarders configured in /etc/resolv.conf
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
forward_policy:
|
|
Packit Service |
0a38ef |
description: DNS forwarding policy for global forwarders
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
no_dnssec_validation:
|
|
Packit Service |
0a38ef |
description: Disable DNSSEC validation
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
author:
|
|
Packit Service |
0a38ef |
- Thomas Woerner
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
EXAMPLES = '''
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
RETURN = '''
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
import os
|
|
Packit Service |
0a38ef |
import inspect
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ansible.module_utils.basic import AnsibleModule
|
|
Packit Service |
0a38ef |
from ansible.module_utils.ansible_ipa_replica import (
|
|
Packit Service |
0a38ef |
AnsibleModuleLog, setup_logging, options, installer, paths, sysrestore,
|
|
Packit Service |
0a38ef |
ansible_module_get_parsed_ip_addresses, service,
|
|
Packit Service |
0a38ef |
redirect_stdout, create_ipa_conf, ipautil,
|
|
Packit Service |
0a38ef |
x509, validate_domain_name, common_check,
|
|
Packit Service |
0a38ef |
IPA_PYTHON_VERSION
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def main():
|
|
Packit Service |
0a38ef |
ansible_module = AnsibleModule(
|
|
Packit Service |
0a38ef |
argument_spec=dict(
|
|
Packit Service |
0a38ef |
# basic
|
|
Packit Service |
0a38ef |
# dm_password=dict(required=False, no_log=True),
|
|
Packit Service |
0a38ef |
# password=dict(required=False, no_log=True),
|
|
Packit Service |
0a38ef |
ip_addresses=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
domain=dict(required=False),
|
|
Packit Service |
0a38ef |
servers=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
realm=dict(required=False),
|
|
Packit Service |
0a38ef |
hostname=dict(required=False),
|
|
Packit Service |
0a38ef |
ca_cert_files=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
hidden_replica=dict(required=False, type='bool', default=False),
|
|
Packit Service |
a166ed |
skip_mem_check=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
# server
|
|
Packit Service |
0a38ef |
setup_adtrust=dict(required=False, type='bool', default=False),
|
|
Packit Service |
a166ed |
setup_ca=dict(required=False, type='bool'),
|
|
Packit Service |
0a38ef |
setup_kra=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
setup_dns=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
no_pkinit=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
dirsrv_config_file=dict(required=False),
|
|
Packit Service |
0a38ef |
# ssl certificate
|
|
Packit Service |
0a38ef |
dirsrv_cert_files=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
http_cert_files=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
pkinit_cert_files=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
# client
|
|
Packit Service |
0a38ef |
no_ntp=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
ntp_servers=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
ntp_pool=dict(required=False),
|
|
Packit Service |
0a38ef |
# dns
|
|
Packit Service |
0a38ef |
no_reverse=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
auto_reverse=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
forwarders=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
no_forwarders=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
auto_forwarders=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
forward_policy=dict(default=None, choices=['first', 'only']),
|
|
Packit Service |
0a38ef |
no_dnssec_validation=dict(required=False, type='bool',
|
|
Packit Service |
0a38ef |
default=False),
|
|
Packit Service |
0a38ef |
),
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module._ansible_debug = True
|
|
Packit Service |
0a38ef |
setup_logging()
|
|
Packit Service |
0a38ef |
ansible_log = AnsibleModuleLog(ansible_module)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# get parameters #
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# basic
|
|
Packit Service |
0a38ef |
# options.dm_password = ansible_module.params.get('dm_password')
|
|
Packit Service |
0a38ef |
# # options.password = ansible_module.params.get('password')
|
|
Packit Service |
0a38ef |
# options.password = options.dm_password
|
|
Packit Service |
0a38ef |
options.ip_addresses = ansible_module_get_parsed_ip_addresses(
|
|
Packit Service |
0a38ef |
ansible_module)
|
|
Packit Service |
0a38ef |
options.domain_name = ansible_module.params.get('domain')
|
|
Packit Service |
0a38ef |
options.servers = ansible_module.params.get('servers')
|
|
Packit Service |
0a38ef |
options.realm_name = ansible_module.params.get('realm')
|
|
Packit Service |
0a38ef |
options.host_name = ansible_module.params.get('hostname')
|
|
Packit Service |
0a38ef |
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
|
|
Packit Service |
0a38ef |
options.hidden_replica = ansible_module.params.get('hidden_replica')
|
|
Packit Service |
a166ed |
options.skip_mem_check = ansible_module.params.get('skip_mem_check')
|
|
Packit Service |
0a38ef |
# server
|
|
Packit Service |
0a38ef |
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
|
|
Packit Service |
a166ed |
options.setup_ca = ansible_module.params.get('setup_ca')
|
|
Packit Service |
0a38ef |
options.setup_kra = ansible_module.params.get('setup_kra')
|
|
Packit Service |
0a38ef |
options.setup_dns = ansible_module.params.get('setup_dns')
|
|
Packit Service |
0a38ef |
options.no_pkinit = ansible_module.params.get('no_pkinit')
|
|
Packit Service |
0a38ef |
options.dirsrv_config_file = ansible_module.params.get(
|
|
Packit Service |
0a38ef |
'dirsrv_config_file')
|
|
Packit Service |
0a38ef |
# ssl certificate
|
|
Packit Service |
0a38ef |
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
|
|
Packit Service |
0a38ef |
options.http_cert_files = ansible_module.params.get('http_cert_files')
|
|
Packit Service |
0a38ef |
options.pkinit_cert_files = ansible_module.params.get('pkinit_cert_files')
|
|
Packit Service |
0a38ef |
# client
|
|
Packit Service |
0a38ef |
options.no_ntp = ansible_module.params.get('no_ntp')
|
|
Packit Service |
0a38ef |
options.ntp_servers = ansible_module.params.get('ntp_servers')
|
|
Packit Service |
0a38ef |
options.ntp_pool = ansible_module.params.get('ntp_pool')
|
|
Packit Service |
0a38ef |
# dns
|
|
Packit Service |
0a38ef |
options.no_reverse = ansible_module.params.get('no_reverse')
|
|
Packit Service |
0a38ef |
options.auto_reverse = ansible_module.params.get('auto_reverse')
|
|
Packit Service |
0a38ef |
options.forwarders = ansible_module.params.get('forwarders')
|
|
Packit Service |
0a38ef |
options.no_forwarders = ansible_module.params.get('no_forwarders')
|
|
Packit Service |
0a38ef |
options.auto_forwarders = ansible_module.params.get('auto_forwarders')
|
|
Packit Service |
0a38ef |
options.forward_policy = ansible_module.params.get('forward_policy')
|
|
Packit Service |
0a38ef |
options.no_dnssec_validation = ansible_module.params.get(
|
|
Packit Service |
0a38ef |
'no_dnssec_validation')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
##########################################################################
|
|
Packit Service |
0a38ef |
# replica init ###########################################################
|
|
Packit Service |
0a38ef |
##########################################################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if installer.servers:
|
|
Packit Service |
0a38ef |
installer.server = installer.servers[0]
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
installer.server = None
|
|
Packit Service |
0a38ef |
# TODO: Kills ipa-client-install
|
|
Packit Service |
0a38ef |
# if installer.replica_file is None:
|
|
Packit Service |
0a38ef |
# installer.password = installer.admin_password
|
|
Packit Service |
0a38ef |
# else:
|
|
Packit Service |
0a38ef |
# installer.password = installer.dm_password
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# installer._ccache = os.environ.get('KRB5CCNAME')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# If not defined, set domain from server name
|
|
Packit Service |
0a38ef |
if installer.domain_name is None and installer.server is not None:
|
|
Packit Service |
0a38ef |
installer.domain_name = installer.server[installer.server.find(".")+1:]
|
|
Packit Service |
0a38ef |
# If not defined, set realm from domain name
|
|
Packit Service |
0a38ef |
if installer.realm_name is None and installer.domain_name is not None:
|
|
Packit Service |
0a38ef |
installer.realm_name = installer.domain_name.upper()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
##########################################################################
|
|
Packit Service |
0a38ef |
# other checks ###########################################################
|
|
Packit Service |
0a38ef |
##########################################################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# version specific tests #
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# if options.setup_adtrust and not adtrust_imported:
|
|
Packit Service |
0a38ef |
# # if "adtrust" not in options._allow_missing:
|
|
Packit Service |
0a38ef |
# ansible_module.fail_json(msg="adtrust can not be imported")
|
|
Packit Service |
0a38ef |
# # else:
|
|
Packit Service |
0a38ef |
# # options.setup_adtrust = False
|
|
Packit Service |
0a38ef |
# # ansible_module.warn(msg="adtrust is not supported, disabling")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# if options.setup_kra and not kra_imported:
|
|
Packit Service |
0a38ef |
# # if "kra" not in options._allow_missing:
|
|
Packit Service |
0a38ef |
# ansible_module.fail_json(msg="kra can not be imported")
|
|
Packit Service |
0a38ef |
# # else:
|
|
Packit Service |
0a38ef |
# # options.setup_kra = False
|
|
Packit Service |
0a38ef |
# # ansible_module.warn(msg="kra is not supported, disabling")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if options.hidden_replica and not hasattr(service, "hide_services"):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Hidden replica is not supported in this version.")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# We need to point to the master in ipa default conf when certmonger
|
|
Packit Service |
0a38ef |
# asks for HTTP certificate in newer ipa versions. In these versions
|
|
Packit Service |
0a38ef |
# create_ipa_conf has the additional master argument.
|
|
Packit Service |
0a38ef |
change_master_for_certmonger = False
|
|
Packit Service |
0a38ef |
argspec = inspect.getargspec(create_ipa_conf)
|
|
Packit Service |
0a38ef |
if "master" in argspec.args:
|
|
Packit Service |
0a38ef |
change_master_for_certmonger = True
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# From ipa installer classes
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# pkinit is not supported on DL0, don't allow related options
|
|
Packit Service |
0a38ef |
if installer.replica_file is not None:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Replica installation using a replica file is not supported")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# If any of the key file options are selected, all are required.
|
|
Packit Service |
0a38ef |
cert_file_req = (installer.dirsrv_cert_files, installer.http_cert_files)
|
|
Packit Service |
0a38ef |
cert_file_opt = (installer.pkinit_cert_files,)
|
|
Packit Service |
0a38ef |
if not installer.no_pkinit:
|
|
Packit Service |
0a38ef |
cert_file_req += cert_file_opt
|
|
Packit Service |
0a38ef |
if installer.no_pkinit and installer.pkinit_cert_files:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="--no-pkinit and --pkinit-cert-file cannot be specified "
|
|
Packit Service |
0a38ef |
"together")
|
|
Packit Service |
0a38ef |
if any(cert_file_req + cert_file_opt) and not all(cert_file_req):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="--dirsrv-cert-file, --http-cert-file, and --pkinit-cert-file "
|
|
Packit Service |
0a38ef |
"or --no-pkinit are required if any key file options are used.")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if not installer.setup_dns:
|
|
Packit Service |
0a38ef |
if installer.forwarders:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --forwarder option without the "
|
|
Packit Service |
0a38ef |
"--setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.auto_forwarders:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --auto-forwarders option without "
|
|
Packit Service |
0a38ef |
"the --setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.no_forwarders:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --no-forwarders option without the "
|
|
Packit Service |
0a38ef |
"--setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.forward_policy:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --forward-policy option without the "
|
|
Packit Service |
0a38ef |
"--setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.reverse_zones:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --reverse-zone option without the "
|
|
Packit Service |
0a38ef |
"--setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.auto_reverse:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --auto-reverse option without the "
|
|
Packit Service |
0a38ef |
"--setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.no_reverse:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --no-reverse option without the "
|
|
Packit Service |
0a38ef |
"--setup-dns option")
|
|
Packit Service |
0a38ef |
if installer.no_dnssec_validation:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --no-dnssec-validation option "
|
|
Packit Service |
0a38ef |
"without the --setup-dns option")
|
|
Packit Service |
0a38ef |
elif installer.forwarders and installer.no_forwarders:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --forwarder option together with "
|
|
Packit Service |
0a38ef |
"--no-forwarders")
|
|
Packit Service |
0a38ef |
elif installer.auto_forwarders and installer.no_forwarders:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --auto-forwarders option together with "
|
|
Packit Service |
0a38ef |
"--no-forwarders")
|
|
Packit Service |
0a38ef |
elif installer.reverse_zones and installer.no_reverse:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --reverse-zone option together with "
|
|
Packit Service |
0a38ef |
"--no-reverse")
|
|
Packit Service |
0a38ef |
elif installer.auto_reverse and installer.no_reverse:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You cannot specify a --auto-reverse option together with "
|
|
Packit Service |
0a38ef |
"--no-reverse")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# replica installers
|
|
Packit Service |
0a38ef |
if installer.servers and not installer.domain_name:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="The --server option cannot be used without providing "
|
|
Packit Service |
0a38ef |
"domain via the --domain option")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if installer.setup_dns:
|
|
Packit Service |
0a38ef |
if (not installer.forwarders and
|
|
Packit Service |
0a38ef |
not installer.no_forwarders and
|
|
Packit Service |
0a38ef |
not installer.auto_forwarders):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="You must specify at least one of --forwarder, "
|
|
Packit Service |
0a38ef |
"--auto-forwarders, or --no-forwarders options")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if installer.dirsrv_config_file is not None and \
|
|
Packit Service |
0a38ef |
not os.path.exists(installer.dirsrv_config_file):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="File %s does not exist." % installer.dirsrv_config_file)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if installer.ca_cert_files is not None:
|
|
Packit Service |
0a38ef |
if not isinstance(installer.ca_cert_files, list):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="Expected list, got {!r}".format(installer.ca_cert_files))
|
|
Packit Service |
0a38ef |
for cert in installer.ca_cert_files:
|
|
Packit Service |
0a38ef |
if not os.path.exists(cert):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="'%s' does not exist" % cert)
|
|
Packit Service |
0a38ef |
if not os.path.isfile(cert):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="'%s' is not a file" % cert)
|
|
Packit Service |
0a38ef |
if not os.path.isabs(cert):
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="'%s' is not an absolute file path" % cert)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
x509.load_certificate_from_file(cert)
|
|
Packit Service |
0a38ef |
except Exception:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="'%s' is not a valid certificate file" % cert)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if installer.ip_addresses is not None:
|
|
Packit Service |
0a38ef |
for value in installer.ip_addresses:
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
ipautil.CheckedIPAddress(value)
|
|
Packit Service |
0a38ef |
except Exception as e:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="invalid IP address {0}: {1}".format(
|
|
Packit Service |
0a38ef |
value, e))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if installer.domain_name is not None:
|
|
Packit Service |
0a38ef |
validate_domain_name(installer.domain_name)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
##########################################################################
|
|
Packit Service |
0a38ef |
# replica promote_check excerpts #########################################
|
|
Packit Service |
0a38ef |
##########################################################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# check selinux status, http and DS ports, NTP conflicting services
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
with redirect_stdout(ansible_log):
|
|
Packit Service |
a166ed |
argspec = inspect.getargspec(common_check)
|
|
Packit Service |
a166ed |
if "skip_mem_check" in argspec.args:
|
|
Packit Service |
a166ed |
common_check(options.no_ntp, options.skip_mem_check,
|
|
Packit Service |
a166ed |
options.setup_ca)
|
|
Packit Service |
a166ed |
else:
|
|
Packit Service |
a166ed |
common_check(options.no_ntp)
|
|
Packit Service |
0a38ef |
except Exception as msg: # ScriptError as msg:
|
|
Packit Service |
0a38ef |
_msg = str(msg)
|
|
Packit Service |
0a38ef |
if "server is already configured" in _msg:
|
|
Packit Service |
0a38ef |
ansible_module.exit_json(changed=False,
|
|
Packit Service |
0a38ef |
server_already_configured=True)
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg=_msg)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# TODO: Check ntp_servers and ntp_pool
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# client enrolled?
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
|
|
Packit Service |
0a38ef |
client_enrolled = client_fstore.has_files()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if not client_enrolled:
|
|
Packit Service |
0a38ef |
# # One-step replica installation
|
|
Packit Service |
0a38ef |
# if options.dm_password and options.password:
|
|
Packit Service |
0a38ef |
# ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
# msg="--password and --admin-password options are "
|
|
Packit Service |
0a38ef |
# "mutually exclusive")
|
|
Packit Service |
0a38ef |
pass
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
# The NTP configuration can not be touched on pre-installed client:
|
|
Packit Service |
0a38ef |
if options.no_ntp or options.ntp_servers or options.ntp_pool:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(
|
|
Packit Service |
0a38ef |
msg="NTP configuration cannot be updated during promotion")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# done #
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module.exit_json(
|
|
Packit Service |
0a38ef |
changed=False,
|
|
Packit Service |
0a38ef |
ipa_python_version=IPA_PYTHON_VERSION,
|
|
Packit Service |
0a38ef |
# basic
|
|
Packit Service |
0a38ef |
domain=options.domain_name,
|
|
Packit Service |
0a38ef |
realm=options.realm_name,
|
|
Packit Service |
0a38ef |
hostname=options.host_name,
|
|
Packit Service |
0a38ef |
# server
|
|
Packit Service |
0a38ef |
setup_adtrust=options.setup_adtrust,
|
|
Packit Service |
0a38ef |
setup_kra=options.setup_kra,
|
|
Packit Service |
0a38ef |
server=options.server,
|
|
Packit Service |
0a38ef |
# additional
|
|
Packit Service |
0a38ef |
client_enrolled=client_enrolled,
|
|
Packit Service |
0a38ef |
change_master_for_certmonger=change_master_for_certmonger,
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if __name__ == '__main__':
|
|
Packit Service |
0a38ef |
main()
|