source-git / ansible-freeipa

Clone
Source Code
GIT

Blame roles/ipareplica/library/ipareplica_test.py

c8 c8s master
  1.   0cfb78a6b56eb323102ba4582119b0e687abb7f2
  2.   roles
  3.   ipareplica
  4.   library
  5.   ipareplica_test.py
Blob History Raw
Packit Service 0a38ef 
# -*- coding: utf-8 -*-
Packit Service 0a38ef
Packit Service 0a38ef 
# Authors:
Packit Service 0a38ef 
#   Thomas Woerner <twoerner@redhat.com>
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# Based on ipa-replica-install code
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# Copyright (C) 2018  Red Hat
Packit Service 0a38ef 
# see file 'COPYING' for use and warranty information
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# This program is free software; you can redistribute it and/or modify
Packit Service 0a38ef 
# it under the terms of the GNU General Public License as published by
Packit Service 0a38ef 
# the Free Software Foundation, either version 3 of the License, or
Packit Service 0a38ef 
# (at your option) any later version.
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# This program is distributed in the hope that it will be useful,
Packit Service 0a38ef 
# but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 0a38ef 
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
Packit Service 0a38ef 
# GNU General Public License for more details.
Packit Service 0a38ef 
#
Packit Service 0a38ef 
# You should have received a copy of the GNU General Public License
Packit Service 0a38ef 
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
Packit Service 0a38ef
Packit Service 0a38ef 
ANSIBLE_METADATA = {
Packit Service 0a38ef 
    'metadata_version': '1.0',
Packit Service 0a38ef 
    'supported_by': 'community',
Packit Service 0a38ef 
    'status': ['preview'],
Packit Service 0a38ef 
}
Packit Service 0a38ef
Packit Service 0a38ef 
DOCUMENTATION = '''
Packit Service 0a38ef 
---
Packit Service 0a38ef 
module: ipareplica_test
Packit Service 0a38ef 
short description: IPA replica deployment tests
Packit Service 0a38ef 
description: IPA replica deployment tests
Packit Service 0a38ef 
options:
Packit Service 0a38ef 
  ip_addresses:
Packit Service 0a38ef 
    description: List of Master Server IP Addresses
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  domain:
Packit Service 0a38ef 
    description: Primary DNS domain of the IPA deployment
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  servers:
Packit Service 0a38ef 
    description: Fully qualified name of IPA servers to enroll to
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  realm:
Packit Service 0a38ef 
    description: Kerberos realm name of the IPA deployment
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  hostname:
Packit Service 0a38ef 
    description: Fully qualified name of this host
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  ca_cert_files:
Packit Service 0a38ef 
    description:
Packit Service 0a38ef 
      List of files containing CA certificates for the service certificate
Packit Service 0a38ef 
      files
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  hidden_replica:
Packit Service 0a38ef 
    description: Install a hidden replica
Packit Service 0a38ef 
    required: yes
Packit Service a166ed 
  skip_mem_check:
Packit Service a166ed 
    description: Skip checking for minimum required memory
Packit Service a166ed 
    required: yes
Packit Service 0a38ef 
  setup_adtrust:
Packit Service 0a38ef 
    description: Configure AD trust capability
Packit Service 0a38ef 
    required: yes
Packit Service a166ed 
  setup_ca:
Packit Service a166ed 
    description: Configure a dogtag CA
Packit Service a166ed 
    required: yes
Packit Service 0a38ef 
  setup_kra:
Packit Service 0a38ef 
    description: Configure a dogtag KRA
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  setup_dns:
Packit Service 0a38ef 
    description: Configure bind with our zone
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  no_pkinit:
Packit Service 0a38ef 
    description: Disable pkinit setup steps
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  dirsrv_config_file:
Packit Service 0a38ef 
    description:
Packit Service 0a38ef 
      The path to LDIF file that will be used to modify configuration of
Packit Service 0a38ef 
      dse.ldif during installation of the directory server instance
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  dirsrv_cert_files:
Packit Service 0a38ef 
    description:
Packit Service 0a38ef 
      Files containing the Directory Server SSL certificate and private key
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  http_cert_files:
Packit Service 0a38ef 
    description:
Packit Service 0a38ef 
      File containing the Apache Server SSL certificate and private key
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  pkinit_cert_files:
Packit Service 0a38ef 
    description:
Packit Service 0a38ef 
      File containing the Kerberos KDC SSL certificate and private key
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  no_ntp:
Packit Service 0a38ef 
    description: Do not configure ntp
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  ntp_servers:
Packit Service 0a38ef 
    description: ntp servers to use
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  ntp_pool:
Packit Service 0a38ef 
    description: ntp server pool to use
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  no_reverse:
Packit Service 0a38ef 
    description: Do not create new reverse DNS zone
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  auto_reverse:
Packit Service 0a38ef 
    description: Create necessary reverse zones
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  forwarders:
Packit Service 0a38ef 
    description: Add DNS forwarders
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  no_forwarders:
Packit Service 0a38ef 
    description: Do not add any DNS forwarders, use root servers instead
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  auto_forwarders:
Packit Service 0a38ef 
    description: Use DNS forwarders configured in /etc/resolv.conf
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  forward_policy:
Packit Service 0a38ef 
    description: DNS forwarding policy for global forwarders
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
  no_dnssec_validation:
Packit Service 0a38ef 
    description: Disable DNSSEC validation
Packit Service 0a38ef 
    required: yes
Packit Service 0a38ef 
author:
Packit Service 0a38ef 
    - Thomas Woerner
Packit Service 0a38ef 
'''
Packit Service 0a38ef
Packit Service 0a38ef 
EXAMPLES = '''
Packit Service 0a38ef 
'''
Packit Service 0a38ef
Packit Service 0a38ef 
RETURN = '''
Packit Service 0a38ef 
'''
Packit Service 0a38ef
Packit Service 0a38ef 
import os
Packit Service 0a38ef 
import inspect
Packit Service 0a38ef
Packit Service 0a38ef 
from ansible.module_utils.basic import AnsibleModule
Packit Service 0a38ef 
from ansible.module_utils.ansible_ipa_replica import (
Packit Service 0a38ef 
    AnsibleModuleLog, setup_logging, options, installer, paths, sysrestore,
Packit Service 0a38ef 
    ansible_module_get_parsed_ip_addresses, service,
Packit Service 0a38ef 
    redirect_stdout, create_ipa_conf, ipautil,
Packit Service 0a38ef 
    x509, validate_domain_name, common_check,
Packit Service 0a38ef 
    IPA_PYTHON_VERSION
Packit Service 0a38ef 
)
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
def main():
Packit Service 0a38ef 
    ansible_module = AnsibleModule(
Packit Service 0a38ef 
        argument_spec=dict(
Packit Service 0a38ef 
            # basic
Packit Service 0a38ef 
            # dm_password=dict(required=False, no_log=True),
Packit Service 0a38ef 
            # password=dict(required=False, no_log=True),
Packit Service 0a38ef 
            ip_addresses=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            domain=dict(required=False),
Packit Service 0a38ef 
            servers=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            realm=dict(required=False),
Packit Service 0a38ef 
            hostname=dict(required=False),
Packit Service 0a38ef 
            ca_cert_files=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            hidden_replica=dict(required=False, type='bool', default=False),
Packit Service a166ed 
            skip_mem_check=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            # server
Packit Service 0a38ef 
            setup_adtrust=dict(required=False, type='bool', default=False),
Packit Service a166ed 
            setup_ca=dict(required=False, type='bool'),
Packit Service 0a38ef 
            setup_kra=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            setup_dns=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            no_pkinit=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            dirsrv_config_file=dict(required=False),
Packit Service 0a38ef 
            # ssl certificate
Packit Service 0a38ef 
            dirsrv_cert_files=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            http_cert_files=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            pkinit_cert_files=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            # client
Packit Service 0a38ef 
            no_ntp=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            ntp_servers=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            ntp_pool=dict(required=False),
Packit Service 0a38ef 
            # dns
Packit Service 0a38ef 
            no_reverse=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            auto_reverse=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            forwarders=dict(required=False, type='list', default=[]),
Packit Service 0a38ef 
            no_forwarders=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            auto_forwarders=dict(required=False, type='bool', default=False),
Packit Service 0a38ef 
            forward_policy=dict(default=None, choices=['first', 'only']),
Packit Service 0a38ef 
            no_dnssec_validation=dict(required=False, type='bool',
Packit Service 0a38ef 
                                      default=False),
Packit Service 0a38ef 
        ),
Packit Service 0a38ef 
    )
Packit Service 0a38ef
Packit Service 0a38ef 
    ansible_module._ansible_debug = True
Packit Service 0a38ef 
    setup_logging()
Packit Service 0a38ef 
    ansible_log = AnsibleModuleLog(ansible_module)
Packit Service 0a38ef
Packit Service 0a38ef 
    # get parameters #
Packit Service 0a38ef
Packit Service 0a38ef 
    # basic
Packit Service 0a38ef 
    # options.dm_password = ansible_module.params.get('dm_password')
Packit Service 0a38ef 
    # # options.password = ansible_module.params.get('password')
Packit Service 0a38ef 
    # options.password = options.dm_password
Packit Service 0a38ef 
    options.ip_addresses = ansible_module_get_parsed_ip_addresses(
Packit Service 0a38ef 
        ansible_module)
Packit Service 0a38ef 
    options.domain_name = ansible_module.params.get('domain')
Packit Service 0a38ef 
    options.servers = ansible_module.params.get('servers')
Packit Service 0a38ef 
    options.realm_name = ansible_module.params.get('realm')
Packit Service 0a38ef 
    options.host_name = ansible_module.params.get('hostname')
Packit Service 0a38ef 
    options.ca_cert_files = ansible_module.params.get('ca_cert_files')
Packit Service 0a38ef 
    options.hidden_replica = ansible_module.params.get('hidden_replica')
Packit Service a166ed 
    options.skip_mem_check = ansible_module.params.get('skip_mem_check')
Packit Service 0a38ef 
    # server
Packit Service 0a38ef 
    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
Packit Service a166ed 
    options.setup_ca = ansible_module.params.get('setup_ca')
Packit Service 0a38ef 
    options.setup_kra = ansible_module.params.get('setup_kra')
Packit Service 0a38ef 
    options.setup_dns = ansible_module.params.get('setup_dns')
Packit Service 0a38ef 
    options.no_pkinit = ansible_module.params.get('no_pkinit')
Packit Service 0a38ef 
    options.dirsrv_config_file = ansible_module.params.get(
Packit Service 0a38ef 
        'dirsrv_config_file')
Packit Service 0a38ef 
    # ssl certificate
Packit Service 0a38ef 
    options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
Packit Service 0a38ef 
    options.http_cert_files = ansible_module.params.get('http_cert_files')
Packit Service 0a38ef 
    options.pkinit_cert_files = ansible_module.params.get('pkinit_cert_files')
Packit Service 0a38ef 
    # client
Packit Service 0a38ef 
    options.no_ntp = ansible_module.params.get('no_ntp')
Packit Service 0a38ef 
    options.ntp_servers = ansible_module.params.get('ntp_servers')
Packit Service 0a38ef 
    options.ntp_pool = ansible_module.params.get('ntp_pool')
Packit Service 0a38ef 
    # dns
Packit Service 0a38ef 
    options.no_reverse = ansible_module.params.get('no_reverse')
Packit Service 0a38ef 
    options.auto_reverse = ansible_module.params.get('auto_reverse')
Packit Service 0a38ef 
    options.forwarders = ansible_module.params.get('forwarders')
Packit Service 0a38ef 
    options.no_forwarders = ansible_module.params.get('no_forwarders')
Packit Service 0a38ef 
    options.auto_forwarders = ansible_module.params.get('auto_forwarders')
Packit Service 0a38ef 
    options.forward_policy = ansible_module.params.get('forward_policy')
Packit Service 0a38ef 
    options.no_dnssec_validation = ansible_module.params.get(
Packit Service 0a38ef 
        'no_dnssec_validation')
Packit Service 0a38ef
Packit Service 0a38ef 
    ##########################################################################
Packit Service 0a38ef 
    # replica init ###########################################################
Packit Service 0a38ef 
    ##########################################################################
Packit Service 0a38ef
Packit Service 0a38ef 
    if installer.servers:
Packit Service 0a38ef 
        installer.server = installer.servers[0]
Packit Service 0a38ef 
    else:
Packit Service 0a38ef 
        installer.server = None
Packit Service 0a38ef 
    # TODO: Kills ipa-client-install
Packit Service 0a38ef 
    # if installer.replica_file is None:
Packit Service 0a38ef 
    #     installer.password = installer.admin_password
Packit Service 0a38ef 
    # else:
Packit Service 0a38ef 
    #     installer.password = installer.dm_password
Packit Service 0a38ef
Packit Service 0a38ef 
    # installer._ccache = os.environ.get('KRB5CCNAME')
Packit Service 0a38ef
Packit Service 0a38ef 
    # If not defined, set domain from server name
Packit Service 0a38ef 
    if installer.domain_name is None and installer.server is not None:
Packit Service 0a38ef 
        installer.domain_name = installer.server[installer.server.find(".")+1:]
Packit Service 0a38ef 
    # If not defined, set realm from domain name
Packit Service 0a38ef 
    if installer.realm_name is None and installer.domain_name is not None:
Packit Service 0a38ef 
        installer.realm_name = installer.domain_name.upper()
Packit Service 0a38ef
Packit Service 0a38ef 
    ##########################################################################
Packit Service 0a38ef 
    # other checks ###########################################################
Packit Service 0a38ef 
    ##########################################################################
Packit Service 0a38ef
Packit Service 0a38ef 
    # version specific tests #
Packit Service 0a38ef
Packit Service 0a38ef 
    # if options.setup_adtrust and not adtrust_imported:
Packit Service 0a38ef 
    #    # if "adtrust" not in options._allow_missing:
Packit Service 0a38ef 
    #    ansible_module.fail_json(msg="adtrust can not be imported")
Packit Service 0a38ef 
    #    # else:
Packit Service 0a38ef 
    #    #  options.setup_adtrust = False
Packit Service 0a38ef 
    #    #  ansible_module.warn(msg="adtrust is not supported, disabling")
Packit Service 0a38ef
Packit Service 0a38ef 
    # if options.setup_kra and not kra_imported:
Packit Service 0a38ef 
    #    # if "kra" not in options._allow_missing:
Packit Service 0a38ef 
    #    ansible_module.fail_json(msg="kra can not be imported")
Packit Service 0a38ef 
    #    # else:
Packit Service 0a38ef 
    #    #  options.setup_kra = False
Packit Service 0a38ef 
    #    #  ansible_module.warn(msg="kra is not supported, disabling")
Packit Service 0a38ef
Packit Service 0a38ef 
    if options.hidden_replica and not hasattr(service, "hide_services"):
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="Hidden replica is not supported in this version.")
Packit Service 0a38ef
Packit Service 0a38ef 
    # We need to point to the master in ipa default conf when certmonger
Packit Service 0a38ef 
    # asks for HTTP certificate in newer ipa versions. In these versions
Packit Service 0a38ef 
    # create_ipa_conf has the additional master argument.
Packit Service 0a38ef 
    change_master_for_certmonger = False
Packit Service 0a38ef 
    argspec = inspect.getargspec(create_ipa_conf)
Packit Service 0a38ef 
    if "master" in argspec.args:
Packit Service 0a38ef 
        change_master_for_certmonger = True
Packit Service 0a38ef
Packit Service 0a38ef 
    # From ipa installer classes
Packit Service 0a38ef
Packit Service 0a38ef 
    # pkinit is not supported on DL0, don't allow related options
Packit Service 0a38ef 
    if installer.replica_file is not None:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="Replica installation using a replica file is not supported")
Packit Service 0a38ef
Packit Service 0a38ef 
    # If any of the key file options are selected, all are required.
Packit Service 0a38ef 
    cert_file_req = (installer.dirsrv_cert_files, installer.http_cert_files)
Packit Service 0a38ef 
    cert_file_opt = (installer.pkinit_cert_files,)
Packit Service 0a38ef 
    if not installer.no_pkinit:
Packit Service 0a38ef 
        cert_file_req += cert_file_opt
Packit Service 0a38ef 
    if installer.no_pkinit and installer.pkinit_cert_files:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="--no-pkinit and --pkinit-cert-file cannot be specified "
Packit Service 0a38ef 
            "together")
Packit Service 0a38ef 
    if any(cert_file_req + cert_file_opt) and not all(cert_file_req):
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="--dirsrv-cert-file, --http-cert-file, and --pkinit-cert-file "
Packit Service 0a38ef 
            "or --no-pkinit are required if any key file options are used.")
Packit Service 0a38ef
Packit Service 0a38ef 
    if not installer.setup_dns:
Packit Service 0a38ef 
        if installer.forwarders:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --forwarder option without the "
Packit Service 0a38ef 
                "--setup-dns option")
Packit Service 0a38ef 
        if installer.auto_forwarders:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --auto-forwarders option without "
Packit Service 0a38ef 
                "the --setup-dns option")
Packit Service 0a38ef 
        if installer.no_forwarders:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --no-forwarders option without the "
Packit Service 0a38ef 
                "--setup-dns option")
Packit Service 0a38ef 
        if installer.forward_policy:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --forward-policy option without the "
Packit Service 0a38ef 
                "--setup-dns option")
Packit Service 0a38ef 
        if installer.reverse_zones:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --reverse-zone option without the "
Packit Service 0a38ef 
                "--setup-dns option")
Packit Service 0a38ef 
        if installer.auto_reverse:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --auto-reverse option without the "
Packit Service 0a38ef 
                "--setup-dns option")
Packit Service 0a38ef 
        if installer.no_reverse:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --no-reverse option without the "
Packit Service 0a38ef 
                "--setup-dns option")
Packit Service 0a38ef 
        if installer.no_dnssec_validation:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You cannot specify a --no-dnssec-validation option "
Packit Service 0a38ef 
                "without the --setup-dns option")
Packit Service 0a38ef 
    elif installer.forwarders and installer.no_forwarders:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="You cannot specify a --forwarder option together with "
Packit Service 0a38ef 
            "--no-forwarders")
Packit Service 0a38ef 
    elif installer.auto_forwarders and installer.no_forwarders:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="You cannot specify a --auto-forwarders option together with "
Packit Service 0a38ef 
            "--no-forwarders")
Packit Service 0a38ef 
    elif installer.reverse_zones and installer.no_reverse:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="You cannot specify a --reverse-zone option together with "
Packit Service 0a38ef 
            "--no-reverse")
Packit Service 0a38ef 
    elif installer.auto_reverse and installer.no_reverse:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="You cannot specify a --auto-reverse option together with "
Packit Service 0a38ef 
            "--no-reverse")
Packit Service 0a38ef
Packit Service 0a38ef 
    # replica installers
Packit Service 0a38ef 
    if installer.servers and not installer.domain_name:
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="The --server option cannot be used without providing "
Packit Service 0a38ef 
            "domain via the --domain option")
Packit Service 0a38ef
Packit Service 0a38ef 
    if installer.setup_dns:
Packit Service 0a38ef 
        if (not installer.forwarders and
Packit Service 0a38ef 
                not installer.no_forwarders and
Packit Service 0a38ef 
                not installer.auto_forwarders):
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="You must specify at least one of --forwarder, "
Packit Service 0a38ef 
                "--auto-forwarders, or --no-forwarders options")
Packit Service 0a38ef
Packit Service 0a38ef 
    if installer.dirsrv_config_file is not None and \
Packit Service 0a38ef 
       not os.path.exists(installer.dirsrv_config_file):
Packit Service 0a38ef 
        ansible_module.fail_json(
Packit Service 0a38ef 
            msg="File %s does not exist." % installer.dirsrv_config_file)
Packit Service 0a38ef
Packit Service 0a38ef 
    if installer.ca_cert_files is not None:
Packit Service 0a38ef 
        if not isinstance(installer.ca_cert_files, list):
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="Expected list, got {!r}".format(installer.ca_cert_files))
Packit Service 0a38ef 
        for cert in installer.ca_cert_files:
Packit Service 0a38ef 
            if not os.path.exists(cert):
Packit Service 0a38ef 
                ansible_module.fail_json(msg="'%s' does not exist" % cert)
Packit Service 0a38ef 
            if not os.path.isfile(cert):
Packit Service 0a38ef 
                ansible_module.fail_json(msg="'%s' is not a file" % cert)
Packit Service 0a38ef 
            if not os.path.isabs(cert):
Packit Service 0a38ef 
                ansible_module.fail_json(
Packit Service 0a38ef 
                    msg="'%s' is not an absolute file path" % cert)
Packit Service 0a38ef
Packit Service 0a38ef 
            try:
Packit Service 0a38ef 
                x509.load_certificate_from_file(cert)
Packit Service 0a38ef 
            except Exception:
Packit Service 0a38ef 
                ansible_module.fail_json(
Packit Service 0a38ef 
                    msg="'%s' is not a valid certificate file" % cert)
Packit Service 0a38ef
Packit Service 0a38ef 
    if installer.ip_addresses is not None:
Packit Service 0a38ef 
        for value in installer.ip_addresses:
Packit Service 0a38ef 
            try:
Packit Service 0a38ef 
                ipautil.CheckedIPAddress(value)
Packit Service 0a38ef 
            except Exception as e:
Packit Service 0a38ef 
                ansible_module.fail_json(
Packit Service 0a38ef 
                    msg="invalid IP address {0}: {1}".format(
Packit Service 0a38ef 
                        value, e))
Packit Service 0a38ef
Packit Service 0a38ef 
    if installer.domain_name is not None:
Packit Service 0a38ef 
        validate_domain_name(installer.domain_name)
Packit Service 0a38ef
Packit Service 0a38ef 
    ##########################################################################
Packit Service 0a38ef 
    # replica promote_check excerpts #########################################
Packit Service 0a38ef 
    ##########################################################################
Packit Service 0a38ef
Packit Service 0a38ef 
    # check selinux status, http and DS ports, NTP conflicting services
Packit Service 0a38ef 
    try:
Packit Service 0a38ef 
        with redirect_stdout(ansible_log):
Packit Service a166ed 
            argspec = inspect.getargspec(common_check)
Packit Service a166ed 
            if "skip_mem_check" in argspec.args:
Packit Service a166ed 
                common_check(options.no_ntp, options.skip_mem_check,
Packit Service a166ed 
                             options.setup_ca)
Packit Service a166ed 
            else:
Packit Service a166ed 
                common_check(options.no_ntp)
Packit Service 0a38ef 
    except Exception as msg:  # ScriptError as msg:
Packit Service 0a38ef 
        _msg = str(msg)
Packit Service 0a38ef 
        if "server is already configured" in _msg:
Packit Service 0a38ef 
            ansible_module.exit_json(changed=False,
Packit Service 0a38ef 
                                     server_already_configured=True)
Packit Service 0a38ef 
        else:
Packit Service 0a38ef 
            ansible_module.fail_json(msg=_msg)
Packit Service 0a38ef
Packit Service 0a38ef 
    # TODO: Check ntp_servers and ntp_pool
Packit Service 0a38ef
Packit Service 0a38ef 
    # client enrolled?
Packit Service 0a38ef
Packit Service 0a38ef 
    client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
Packit Service 0a38ef 
    client_enrolled = client_fstore.has_files()
Packit Service 0a38ef
Packit Service 0a38ef 
    if not client_enrolled:
Packit Service 0a38ef 
        # # One-step replica installation
Packit Service 0a38ef 
        # if options.dm_password and options.password:
Packit Service 0a38ef 
        #    ansible_module.fail_json(
Packit Service 0a38ef 
        #        msg="--password and --admin-password options are "
Packit Service 0a38ef 
        #        "mutually exclusive")
Packit Service 0a38ef 
        pass
Packit Service 0a38ef 
    else:
Packit Service 0a38ef 
        # The NTP configuration can not be touched on pre-installed client:
Packit Service 0a38ef 
        if options.no_ntp or options.ntp_servers or options.ntp_pool:
Packit Service 0a38ef 
            ansible_module.fail_json(
Packit Service 0a38ef 
                msg="NTP configuration cannot be updated during promotion")
Packit Service 0a38ef
Packit Service 0a38ef 
    # done #
Packit Service 0a38ef
Packit Service 0a38ef 
    ansible_module.exit_json(
Packit Service 0a38ef 
        changed=False,
Packit Service 0a38ef 
        ipa_python_version=IPA_PYTHON_VERSION,
Packit Service 0a38ef 
        # basic
Packit Service 0a38ef 
        domain=options.domain_name,
Packit Service 0a38ef 
        realm=options.realm_name,
Packit Service 0a38ef 
        hostname=options.host_name,
Packit Service 0a38ef 
        # server
Packit Service 0a38ef 
        setup_adtrust=options.setup_adtrust,
Packit Service 0a38ef 
        setup_kra=options.setup_kra,
Packit Service 0a38ef 
        server=options.server,
Packit Service 0a38ef 
        # additional
Packit Service 0a38ef 
        client_enrolled=client_enrolled,
Packit Service 0a38ef 
        change_master_for_certmonger=change_master_for_certmonger,
Packit Service 0a38ef 
    )
Packit Service 0a38ef
Packit Service 0a38ef
Packit Service 0a38ef 
if __name__ == '__main__':
Packit Service 0a38ef 
    main()

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation