|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Authors:
|
|
Packit Service |
0a38ef |
# Thomas Woerner <twoerner@redhat.com>
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Based on ipa-replica-install code
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Copyright (C) 2018 Red Hat
|
|
Packit Service |
0a38ef |
# see file 'COPYING' for use and warranty information
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
0a38ef |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
0a38ef |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
0a38ef |
# (at your option) any later version.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
0a38ef |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
0a38ef |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
0a38ef |
# GNU General Public License for more details.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
0a38ef |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
__all__ = ["contextlib", "dnsexception", "dnsresolver", "dnsreversename",
|
|
Packit Service |
0a38ef |
"parse_version", "IPAChangeConf",
|
|
Packit Service |
0a38ef |
"certstore", "sysrestore", "ipa_generate_password", "kinit_keytab",
|
|
Packit Service |
0a38ef |
"IPA_CA_TRUST_FLAGS", "EXTERNAL_CA_TRUST_FLAGS", "DN",
|
|
Packit Service |
0a38ef |
"ScriptError", "services", "tasks", "constants", "errors", "rpc",
|
|
Packit Service |
0a38ef |
"x509", "validate_domain_name",
|
|
Packit Service |
0a38ef |
"no_matching_interface_for_ip_address_warning",
|
|
Packit Service |
0a38ef |
"configure_krb5_conf", "purge_host_keytab", "adtrust",
|
|
Packit Service |
0a38ef |
"bindinstance", "ca", "certs", "dns", "httpinstance", "kra",
|
|
Packit Service |
0a38ef |
"otpdinstance", "custodiainstance", "service", "upgradeinstance",
|
|
Packit Service |
0a38ef |
"find_providing_servers", "find_providing_server", "load_pkcs12",
|
|
Packit Service |
0a38ef |
"is_ipa_configured", "ReplicationManager", "replica_conn_check",
|
|
Packit Service |
0a38ef |
"install_replica_ds", "install_krb", "install_ca_cert",
|
|
Packit Service |
0a38ef |
"install_http", "install_dns_records", "create_ipa_conf",
|
|
Packit Service |
0a38ef |
"check_dirsrv", "check_dns_resolution", "configure_certmonger",
|
|
Packit Service |
0a38ef |
"remove_replica_info_dir", "preserve_enrollment_state",
|
|
Packit Service |
0a38ef |
"uninstall_client", "promote_sssd", "promote_openldap_conf",
|
|
Packit Service |
0a38ef |
"rpc_client", "check_remote_fips_mode", "check_remote_version",
|
|
Packit Service |
0a38ef |
"common_check", "current_domain_level",
|
|
Packit Service |
0a38ef |
"check_domain_level_is_supported", "promotion_check_ipa_domain",
|
|
Packit Service |
0a38ef |
"SSSDConfig", "CalledProcessError", "timeconf", "ntpinstance",
|
|
Packit Service |
0a38ef |
"dnsname", "kernel_keyring", "krbinstance"]
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
import sys
|
|
Packit Service |
0a38ef |
import logging
|
|
Packit Service |
0a38ef |
from contextlib import contextmanager as contextlib_contextmanager
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ipapython.version import NUM_VERSION, VERSION
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if NUM_VERSION < 30201:
|
|
Packit Service |
0a38ef |
# See ipapython/version.py
|
|
Packit Service |
0a38ef |
IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
|
|
Packit Service |
0a38ef |
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
IPA_PYTHON_VERSION = NUM_VERSION
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if NUM_VERSION >= 40600:
|
|
Packit Service |
0a38ef |
# IPA version >= 4.6
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
import contextlib
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
import dns.exception as dnsexception
|
|
Packit Service |
0a38ef |
import dns.name as dnsname
|
|
Packit Service |
0a38ef |
import dns.resolver as dnsresolver
|
|
Packit Service |
0a38ef |
import dns.reversename as dnsreversename
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from pkg_resources import parse_version
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ipaclient.install.ipachangeconf import IPAChangeConf
|
|
Packit Service |
0a38ef |
from ipalib.install import certstore, sysrestore
|
|
Packit Service |
0a38ef |
from ipapython.ipautil import ipa_generate_password
|
|
Packit Service |
0a38ef |
from ipalib.install.kinit import kinit_keytab
|
|
Packit Service |
0a38ef |
from ipapython import ipaldap, ipautil, kernel_keyring
|
|
Packit Service |
0a38ef |
from ipapython.certdb import IPA_CA_TRUST_FLAGS, EXTERNAL_CA_TRUST_FLAGS
|
|
Packit Service |
0a38ef |
from ipapython.dn import DN
|
|
Packit Service |
0a38ef |
from ipapython.admintool import ScriptError
|
|
Packit Service |
0a38ef |
from ipapython.ipa_log_manager import standard_logging_setup
|
|
Packit Service |
0a38ef |
from ipaplatform import services
|
|
Packit Service |
0a38ef |
from ipaplatform.tasks import tasks
|
|
Packit Service |
0a38ef |
from ipaplatform.paths import paths
|
|
Packit Service |
0a38ef |
from ipalib import api, constants, create_api, errors, rpc, x509
|
|
Packit Service |
0a38ef |
from ipalib.config import Env
|
|
Packit Service |
0a38ef |
from ipalib.util import (
|
|
Packit Service |
0a38ef |
validate_domain_name,
|
|
Packit Service |
0a38ef |
no_matching_interface_for_ip_address_warning)
|
|
Packit Service |
0a38ef |
from ipaclient.install.client import configure_krb5_conf, purge_host_keytab
|
|
Packit Service |
0a38ef |
from ipaserver.install import (
|
|
Packit Service |
0a38ef |
adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance,
|
|
Packit Service |
0a38ef |
installutils, kra, krbinstance,
|
|
Packit Service |
0a38ef |
otpdinstance, custodiainstance, service, upgradeinstance)
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaserver.masters import (
|
|
Packit Service |
0a38ef |
find_providing_servers, find_providing_server)
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipaserver.install.service import (
|
|
Packit Service |
0a38ef |
find_providing_servers, find_providing_server)
|
|
Packit Service |
0a38ef |
from ipaserver.install.installutils import (
|
|
Packit Service |
a166ed |
ReplicaConfig, load_pkcs12)
|
|
Packit Service |
a166ed |
try:
|
|
Packit Service |
a166ed |
from ipalib.facts import is_ipa_configured
|
|
Packit Service |
a166ed |
except ImportError:
|
|
Packit Service |
a166ed |
from ipaserver.install.installutils import is_ipa_configured
|
|
Packit Service |
0a38ef |
from ipaserver.install.replication import (
|
|
Packit Service |
0a38ef |
ReplicationManager, replica_conn_check)
|
|
Packit Service |
0a38ef |
from ipaserver.install.server.replicainstall import (
|
|
Packit Service |
0a38ef |
make_pkcs12_info, install_replica_ds, install_krb, install_ca_cert,
|
|
Packit Service |
0a38ef |
install_http, install_dns_records, create_ipa_conf, check_dirsrv,
|
|
Packit Service |
0a38ef |
check_dns_resolution, configure_certmonger, remove_replica_info_dir,
|
|
Packit Service |
0a38ef |
# common_cleanup,
|
|
Packit Service |
0a38ef |
preserve_enrollment_state, uninstall_client,
|
|
Packit Service |
0a38ef |
promote_sssd, promote_openldap_conf, rpc_client,
|
|
Packit Service |
0a38ef |
check_remote_fips_mode, check_remote_version, common_check,
|
|
Packit Service |
0a38ef |
current_domain_level, check_domain_level_is_supported,
|
|
Packit Service |
0a38ef |
# enroll_dl0_replica,
|
|
Packit Service |
0a38ef |
# ensure_enrolled,
|
|
Packit Service |
0a38ef |
promotion_check_ipa_domain
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
import SSSDConfig
|
|
Packit Service |
0a38ef |
from subprocess import CalledProcessError
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install import timeconf
|
|
Packit Service |
0a38ef |
time_service = "chronyd"
|
|
Packit Service |
0a38ef |
ntpinstance = None
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
from ipaclient.install import ntpconf as timeconf
|
|
Packit Service |
0a38ef |
except ImportError:
|
|
Packit Service |
0a38ef |
from ipaclient import ntpconf as timeconf
|
|
Packit Service |
0a38ef |
from ipaserver.install import ntpinstance
|
|
Packit Service |
0a38ef |
time_service = "ntpd"
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
else:
|
|
Packit Service |
0a38ef |
# IPA version < 4.6
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
raise Exception("freeipa version '%s' is too old" % VERSION)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
logger = logging.getLogger("ipa-server-install")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def setup_logging():
|
|
Packit Service |
0a38ef |
# logger.setLevel(logging.DEBUG)
|
|
Packit Service |
0a38ef |
standard_logging_setup(
|
|
Packit Service |
0a38ef |
paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
|
|
Packit Service |
0a38ef |
filemode='a', console_format='%(message)s')
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
@contextlib_contextmanager
|
|
Packit Service |
0a38ef |
def redirect_stdout(f):
|
|
Packit Service |
0a38ef |
sys.stdout = f
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
yield f
|
|
Packit Service |
0a38ef |
finally:
|
|
Packit Service |
0a38ef |
sys.stdout = sys.__stdout__
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
class AnsibleModuleLog():
|
|
Packit Service |
0a38ef |
def __init__(self, module):
|
|
Packit Service |
0a38ef |
self.module = module
|
|
Packit Service |
0a38ef |
_ansible_module_log = self
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
class AnsibleLoggingHandler(logging.Handler):
|
|
Packit Service |
0a38ef |
def emit(self, record):
|
|
Packit Service |
0a38ef |
_ansible_module_log.write(self.format(record))
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
self.logging_handler = AnsibleLoggingHandler()
|
|
Packit Service |
0a38ef |
logger.setLevel(logging.DEBUG)
|
|
Packit Service |
0a38ef |
logger.root.addHandler(self.logging_handler)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def close(self):
|
|
Packit Service |
0a38ef |
self.flush()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def flush(self):
|
|
Packit Service |
0a38ef |
pass
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def log(self, msg):
|
|
Packit Service |
0a38ef |
# self.write(msg+"\n")
|
|
Packit Service |
0a38ef |
self.write(msg)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def debug(self, msg):
|
|
Packit Service |
0a38ef |
self.module.debug(msg)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def info(self, msg):
|
|
Packit Service |
0a38ef |
self.module.debug(msg)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def write(self, msg):
|
|
Packit Service |
0a38ef |
self.module.debug(msg)
|
|
Packit Service |
0a38ef |
# self.module.warn(msg)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
class installer_obj(object):
|
|
Packit Service |
0a38ef |
def __init__(self):
|
|
Packit Service |
0a38ef |
# CompatServerReplicaInstall
|
|
Packit Service |
0a38ef |
self.ca_cert_files = None
|
|
Packit Service |
0a38ef |
self.all_ip_addresses = False
|
|
Packit Service |
0a38ef |
self.no_wait_for_dns = True
|
|
Packit Service |
0a38ef |
self.nisdomain = None
|
|
Packit Service |
0a38ef |
self.no_nisdomain = False
|
|
Packit Service |
0a38ef |
self.no_sudo = False
|
|
Packit Service |
0a38ef |
self.request_cert = False
|
|
Packit Service |
0a38ef |
self.ca_file = None
|
|
Packit Service |
0a38ef |
self.zonemgr = None
|
|
Packit Service |
0a38ef |
self.replica_file = None
|
|
Packit Service |
0a38ef |
# ServerReplicaInstall
|
|
Packit Service |
0a38ef |
self.subject_base = None
|
|
Packit Service |
0a38ef |
self.ca_subject = None
|
|
Packit Service |
0a38ef |
# others
|
|
Packit Service |
0a38ef |
self._ccache = None
|
|
Packit Service |
0a38ef |
self.password = None
|
|
Packit Service |
0a38ef |
self.reverse_zones = []
|
|
Packit Service |
0a38ef |
# def _is_promote(self):
|
|
Packit Service |
0a38ef |
# return self.replica_file is None
|
|
Packit Service |
0a38ef |
# self.skip_conncheck = False
|
|
Packit Service |
0a38ef |
self._replica_install = False
|
|
Packit Service |
0a38ef |
# self.dnssec_master = False # future unknown
|
|
Packit Service |
0a38ef |
# self.disable_dnssec_master = False # future unknown
|
|
Packit Service |
0a38ef |
# self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
|
|
Packit Service |
0a38ef |
# self.domain_level = self.domainlevel # deprecated
|
|
Packit Service |
0a38ef |
self.interactive = False
|
|
Packit Service |
0a38ef |
self.unattended = not self.interactive
|
|
Packit Service |
0a38ef |
# self.promote = self.replica_file is None
|
|
Packit Service |
0a38ef |
self.promote = True
|
|
Packit Service |
0a38ef |
self.skip_schema_check = None
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __getattribute__(self, attr):
|
|
Packit Service |
0a38ef |
# value = super(installer_obj, self).__getattribute__(attr)
|
|
Packit Service |
0a38ef |
# if not attr.startswith("--") and not attr.endswith("--"):
|
|
Packit Service |
0a38ef |
# logger.debug(
|
|
Packit Service |
0a38ef |
# " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
|
|
Packit Service |
0a38ef |
# return value
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def __getattr__(self, attr):
|
|
Packit Service |
0a38ef |
logger.info(" --> ADDING missing installer.%s", attr)
|
|
Packit Service |
0a38ef |
setattr(self, attr, None)
|
|
Packit Service |
0a38ef |
return getattr(self, attr)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __setattr__(self, attr, value):
|
|
Packit Service |
0a38ef |
# logger.debug(" --> Setting installer.%s to %s" % (attr, repr(value)))
|
|
Packit Service |
0a38ef |
# return super(installer_obj, self).__setattr__(attr, value)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def knobs(self):
|
|
Packit Service |
0a38ef |
for name in self.__dict__:
|
|
Packit Service |
0a38ef |
yield self, name
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
installer = installer_obj()
|
|
Packit Service |
0a38ef |
options = installer
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# DNSInstallInterface
|
|
Packit Service |
0a38ef |
options.dnssec_master = False
|
|
Packit Service |
0a38ef |
options.disable_dnssec_master = False
|
|
Packit Service |
0a38ef |
options.kasp_db_file = None
|
|
Packit Service |
0a38ef |
options.force = False
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# ServerMasterInstall
|
|
Packit Service |
0a38ef |
options.add_sids = False
|
|
Packit Service |
0a38ef |
options.add_agents = False
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# ServerReplicaInstall
|
|
Packit Service |
0a38ef |
options.subject_base = None
|
|
Packit Service |
0a38ef |
options.ca_subject = None
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def gen_env_boostrap_finalize_core(etc_ipa, default_config):
|
|
Packit Service |
0a38ef |
env = Env()
|
|
Packit Service |
0a38ef |
# env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
|
|
Packit Service |
0a38ef |
# env._finalize_core(**dict(constants.DEFAULT_CONFIG))
|
|
Packit Service |
0a38ef |
env._bootstrap(context='installer', confdir=etc_ipa, log=None)
|
|
Packit Service |
0a38ef |
env._finalize_core(**dict(default_config))
|
|
Packit Service |
0a38ef |
return env
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def api_bootstrap_finalize(env):
|
|
Packit Service |
0a38ef |
# pylint: disable=no-member
|
|
Packit Service |
0a38ef |
xmlrpc_uri = 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))
|
|
Packit Service |
0a38ef |
api.bootstrap(in_server=True,
|
|
Packit Service |
0a38ef |
context='installer',
|
|
Packit Service |
0a38ef |
confdir=paths.ETC_IPA,
|
|
Packit Service |
0a38ef |
ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
|
|
Packit Service |
0a38ef |
xmlrpc_uri=xmlrpc_uri)
|
|
Packit Service |
0a38ef |
# pylint: enable=no-member
|
|
Packit Service |
0a38ef |
api.finalize()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def gen_ReplicaConfig():
|
|
Packit Service |
0a38ef |
class ExtendedReplicaConfig(ReplicaConfig):
|
|
Packit Service |
0a38ef |
def __init__(self, top_dir=None):
|
|
Packit Service |
0a38ef |
super(ExtendedReplicaConfig, self).__init__(top_dir)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __getattribute__(self, attr):
|
|
Packit Service |
0a38ef |
# value = super(ExtendedReplicaConfig, self).__getattribute__(attr)
|
|
Packit Service |
0a38ef |
# if attr not in ["__dict__", "knobs"]:
|
|
Packit Service |
0a38ef |
# logger.debug(" <== Accessing config.%s (%s)" %
|
|
Packit Service |
0a38ef |
# (attr, repr(value)))
|
|
Packit Service |
0a38ef |
# return value
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def __getattr__(self, attr):
|
|
Packit Service |
0a38ef |
logger.info(" ==> ADDING missing config.%s", attr)
|
|
Packit Service |
0a38ef |
setattr(self, attr, None)
|
|
Packit Service |
0a38ef |
return getattr(self, attr)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# def __setattr__(self, attr, value):
|
|
Packit Service |
0a38ef |
# logger.debug(" ==> Setting config.%s to %s" % (attr, repr(value)))
|
|
Packit Service |
0a38ef |
# return super(ExtendedReplicaConfig, self).__setattr__(attr, value)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def knobs(self):
|
|
Packit Service |
0a38ef |
for name in self.__dict__:
|
|
Packit Service |
0a38ef |
yield self, name
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# config = ReplicaConfig()
|
|
Packit Service |
0a38ef |
config = ExtendedReplicaConfig()
|
|
Packit Service |
0a38ef |
config.realm_name = api.env.realm
|
|
Packit Service |
0a38ef |
config.host_name = api.env.host
|
|
Packit Service |
0a38ef |
config.domain_name = api.env.domain
|
|
Packit Service |
0a38ef |
config.master_host_name = api.env.server
|
|
Packit Service |
0a38ef |
config.ca_host_name = api.env.ca_host
|
|
Packit Service |
0a38ef |
config.kra_host_name = config.ca_host_name
|
|
Packit Service |
0a38ef |
config.ca_ds_port = 389
|
|
Packit Service |
0a38ef |
config.setup_ca = options.setup_ca
|
|
Packit Service |
0a38ef |
config.setup_kra = options.setup_kra
|
|
Packit Service |
0a38ef |
config.dir = options._top_dir
|
|
Packit Service |
0a38ef |
config.basedn = api.env.basedn
|
|
Packit Service |
0a38ef |
# config.subject_base = options.subject_base
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return config
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def replica_ds_init_info(ansible_log,
|
|
Packit Service |
0a38ef |
config, options, ca_is_configured, remote_api,
|
|
Packit Service |
0a38ef |
ds_ca_subject, ca_file,
|
|
Packit Service |
0a38ef |
promote=False, pkcs12_info=None):
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
dsinstance.check_ports()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# if we have a pkcs12 file, create the cert db from
|
|
Packit Service |
0a38ef |
# that. Otherwise the ds setup will create the CA
|
|
Packit Service |
0a38ef |
# cert
|
|
Packit Service |
0a38ef |
if pkcs12_info is None:
|
|
Packit Service |
0a38ef |
pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
|
|
Packit Service |
0a38ef |
"dirsrv_pin.txt")
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# during replica install, this gets invoked before local DS is
|
|
Packit Service |
0a38ef |
# available, so use the remote api.
|
|
Packit Service |
0a38ef |
# if ca_is_configured:
|
|
Packit Service |
0a38ef |
# ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
|
|
Packit Service |
0a38ef |
# else:
|
|
Packit Service |
0a38ef |
# ca_subject = installutils.default_ca_subject_dn(config.subject_base)
|
|
Packit Service |
0a38ef |
ca_subject = ds_ca_subject
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ds = dsinstance.DsInstance(
|
|
Packit Service |
0a38ef |
config_ldif=options.dirsrv_config_file)
|
|
Packit Service |
0a38ef |
ds.set_output(ansible_log)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Source: ipaserver/install/dsinstance.py
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# idstart and idmax are configured so that the range is seen as
|
|
Packit Service |
0a38ef |
# depleted by the DNA plugin and the replica will go and get a
|
|
Packit Service |
0a38ef |
# new range from the master.
|
|
Packit Service |
0a38ef |
# This way all servers use the initially defined range by default.
|
|
Packit Service |
0a38ef |
idstart = 1101
|
|
Packit Service |
0a38ef |
idmax = 1100
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
with redirect_stdout(ansible_log):
|
|
Packit Service |
0a38ef |
ds.init_info(
|
|
Packit Service |
0a38ef |
realm_name=config.realm_name,
|
|
Packit Service |
0a38ef |
fqdn=config.host_name,
|
|
Packit Service |
0a38ef |
domain_name=config.domain_name,
|
|
Packit Service |
0a38ef |
dm_password=config.dirman_password,
|
|
Packit Service |
0a38ef |
subject_base=config.subject_base,
|
|
Packit Service |
0a38ef |
ca_subject=ca_subject,
|
|
Packit Service |
0a38ef |
idstart=idstart,
|
|
Packit Service |
0a38ef |
idmax=idmax,
|
|
Packit Service |
0a38ef |
pkcs12_info=pkcs12_info,
|
|
Packit Service |
0a38ef |
ca_file=ca_file,
|
|
Packit Service |
0a38ef |
setup_pkinit=not options.no_pkinit,
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
ds.master_fqdn = config.master_host_name
|
|
Packit Service |
0a38ef |
if ca_is_configured is not None:
|
|
Packit Service |
0a38ef |
ds.ca_is_configured = ca_is_configured
|
|
Packit Service |
0a38ef |
ds.promote = promote
|
|
Packit Service |
0a38ef |
ds.api = remote_api
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# from __setup_replica
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Always connect to ds over ldapi
|
|
Packit Service |
0a38ef |
ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
|
|
Packit Service |
0a38ef |
conn = ipaldap.LDAPClient(ldap_uri)
|
|
Packit Service |
0a38ef |
conn.external_bind()
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
return ds
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def ansible_module_get_parsed_ip_addresses(ansible_module,
|
|
Packit Service |
0a38ef |
param='ip_addresses'):
|
|
Packit Service |
0a38ef |
ip_addrs = []
|
|
Packit Service |
0a38ef |
for ip in ansible_module.params.get(param):
|
|
Packit Service |
0a38ef |
try:
|
|
Packit Service |
0a38ef |
ip_parsed = ipautil.CheckedIPAddress(ip)
|
|
Packit Service |
0a38ef |
except Exception as e:
|
|
Packit Service |
0a38ef |
ansible_module.fail_json(msg="Invalid IP Address %s: %s" % (ip, e))
|
|
Packit Service |
0a38ef |
ip_addrs.append(ip_parsed)
|
|
Packit Service |
0a38ef |
return ip_addrs
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def gen_remote_api(master_host_name, etc_ipa):
|
|
Packit Service |
0a38ef |
ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
|
|
Packit Service |
0a38ef |
xmlrpc_uri = 'https://{}/ipa/xml'.format(
|
|
Packit Service |
0a38ef |
ipautil.format_netloc(master_host_name))
|
|
Packit Service |
0a38ef |
remote_api = create_api(mode=None)
|
|
Packit Service |
0a38ef |
remote_api.bootstrap(in_server=True,
|
|
Packit Service |
0a38ef |
context='installer',
|
|
Packit Service |
0a38ef |
confdir=etc_ipa,
|
|
Packit Service |
0a38ef |
ldap_uri=ldapuri,
|
|
Packit Service |
0a38ef |
xmlrpc_uri=xmlrpc_uri)
|
|
Packit Service |
0a38ef |
remote_api.finalize()
|
|
Packit Service |
0a38ef |
return remote_api
|