|
Packit Service |
0a38ef |
# -*- coding: utf-8 -*-
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# Authors:
|
|
Packit Service |
0a38ef |
# Thomas Woerner <twoerner@redhat.com>
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Based on ipa-client-install code
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# Copyright (C) 2017 Red Hat
|
|
Packit Service |
0a38ef |
# see file 'COPYING' for use and warranty information
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
0a38ef |
# it under the terms of the GNU General Public License as published by
|
|
Packit Service |
0a38ef |
# the Free Software Foundation, either version 3 of the License, or
|
|
Packit Service |
0a38ef |
# (at your option) any later version.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# This program is distributed in the hope that it will be useful,
|
|
Packit Service |
0a38ef |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
0a38ef |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
0a38ef |
# GNU General Public License for more details.
|
|
Packit Service |
0a38ef |
#
|
|
Packit Service |
0a38ef |
# You should have received a copy of the GNU General Public License
|
|
Packit Service |
0a38ef |
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from __future__ import print_function
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ANSIBLE_METADATA = {
|
|
Packit Service |
0a38ef |
'metadata_version': '1.0',
|
|
Packit Service |
0a38ef |
'supported_by': 'community',
|
|
Packit Service |
0a38ef |
'status': ['preview'],
|
|
Packit Service |
0a38ef |
}
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
DOCUMENTATION = '''
|
|
Packit Service |
0a38ef |
---
|
|
Packit Service |
0a38ef |
module: ipaserver_set_ds_password
|
|
Packit Service |
0a38ef |
short description: Set DS password
|
|
Packit Service |
0a38ef |
description: Set DS password
|
|
Packit Service |
0a38ef |
options:
|
|
Packit Service |
0a38ef |
dm_password:
|
|
Packit Service |
0a38ef |
description: Directory Manager password
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
password:
|
|
Packit Service |
0a38ef |
description: Admin user kerberos password
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
domain:
|
|
Packit Service |
0a38ef |
description: Primary DNS domain of the IPA deployment
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
realm:
|
|
Packit Service |
0a38ef |
description: Kerberos realm name of the IPA deployment
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
hostname:
|
|
Packit Service |
0a38ef |
description: Fully qualified name of this host
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
setup_ca:
|
|
Packit Service |
0a38ef |
description: Configure a dogtag CA
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
idstart:
|
|
Packit Service |
0a38ef |
description: The starting value for the IDs range (default random)
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
idmax:
|
|
Packit Service |
0a38ef |
description: The max value for the IDs range (default idstart+199999)
|
|
Packit Service |
0a38ef |
required: no
|
|
Packit Service |
0a38ef |
no_hbac_allow:
|
|
Packit Service |
0a38ef |
description: Don't install allow_all HBAC rule
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
no_pkinit:
|
|
Packit Service |
0a38ef |
description: Disable pkinit setup steps
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
dirsrv_config_file:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
The path to LDIF file that will be used to modify configuration of
|
|
Packit Service |
0a38ef |
dse.ldif during installation of the directory server instance
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
_dirsrv_pkcs12_info:
|
|
Packit Service |
0a38ef |
description: The installer _dirsrv_pkcs12_info setting
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
dirsrv_cert_files:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
Files containing the Directory Server SSL certificate and private key
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
subject_base:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
The certificate subject base (default O=<realm-name>).
|
|
Packit Service |
0a38ef |
RDNs are in LDAP order (most specific RDN first).
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
ca_subject:
|
|
Packit Service |
0a38ef |
description: The installer ca_subject setting
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
external_cert_files:
|
|
Packit Service |
0a38ef |
description:
|
|
Packit Service |
0a38ef |
File containing the IPA CA certificate and the external CA certificate
|
|
Packit Service |
0a38ef |
chain
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
domainlevel:
|
|
Packit Service |
0a38ef |
description: The domain level
|
|
Packit Service |
0a38ef |
required: yes
|
|
Packit Service |
0a38ef |
author:
|
|
Packit Service |
0a38ef |
- Thomas Woerner
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
EXAMPLES = '''
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
RETURN = '''
|
|
Packit Service |
0a38ef |
'''
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
from ansible.module_utils.basic import AnsibleModule
|
|
Packit Service |
0a38ef |
from ansible.module_utils.ansible_ipa_server import (
|
|
Packit Service |
0a38ef |
MAX_DOMAIN_LEVEL, AnsibleModuleLog, options, sysrestore, paths,
|
|
Packit Service |
0a38ef |
api_Backend_ldap2, ds_init_info, redirect_stdout, setup_logging
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
def main():
|
|
Packit Service |
0a38ef |
ansible_module = AnsibleModule(
|
|
Packit Service |
0a38ef |
argument_spec=dict(
|
|
Packit Service |
0a38ef |
# basic
|
|
Packit Service |
0a38ef |
dm_password=dict(required=True, no_log=True),
|
|
Packit Service |
0a38ef |
password=dict(required=True, no_log=True),
|
|
Packit Service |
0a38ef |
domain=dict(required=True),
|
|
Packit Service |
0a38ef |
realm=dict(required=True),
|
|
Packit Service |
0a38ef |
hostname=dict(required=True),
|
|
Packit Service |
0a38ef |
# server
|
|
Packit Service |
0a38ef |
setup_ca=dict(required=True, type='bool'),
|
|
Packit Service |
0a38ef |
idstart=dict(required=True, type='int'),
|
|
Packit Service |
0a38ef |
idmax=dict(required=True, type='int'),
|
|
Packit Service |
0a38ef |
no_hbac_allow=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
no_pkinit=dict(required=False, type='bool', default=False),
|
|
Packit Service |
0a38ef |
dirsrv_config_file=dict(required=False),
|
|
Packit Service |
0a38ef |
_dirsrv_pkcs12_info=dict(required=False, type='list'),
|
|
Packit Service |
0a38ef |
# ssl certificate
|
|
Packit Service |
0a38ef |
dirsrv_cert_files=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
subject_base=dict(required=False),
|
|
Packit Service |
0a38ef |
ca_subject=dict(required=False),
|
|
Packit Service |
0a38ef |
# certificate system
|
|
Packit Service |
0a38ef |
external_cert_files=dict(required=False, type='list', default=[]),
|
|
Packit Service |
0a38ef |
# additional
|
|
Packit Service |
0a38ef |
domainlevel=dict(required=False, type='int',
|
|
Packit Service |
0a38ef |
default=MAX_DOMAIN_LEVEL),
|
|
Packit Service |
0a38ef |
),
|
|
Packit Service |
0a38ef |
)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module._ansible_debug = True
|
|
Packit Service |
0a38ef |
setup_logging()
|
|
Packit Service |
0a38ef |
ansible_log = AnsibleModuleLog(ansible_module)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# set values ####################################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# basic
|
|
Packit Service |
0a38ef |
options.dm_password = ansible_module.params.get('dm_password')
|
|
Packit Service |
0a38ef |
options.admin_password = ansible_module.params.get('password')
|
|
Packit Service |
0a38ef |
options.domain_name = ansible_module.params.get('domain')
|
|
Packit Service |
0a38ef |
options.realm_name = ansible_module.params.get('realm')
|
|
Packit Service |
0a38ef |
options.host_name = ansible_module.params.get('hostname')
|
|
Packit Service |
0a38ef |
# server
|
|
Packit Service |
0a38ef |
options.setup_ca = ansible_module.params.get('setup_ca')
|
|
Packit Service |
0a38ef |
options.idstart = ansible_module.params.get('idstart')
|
|
Packit Service |
0a38ef |
options.idmax = ansible_module.params.get('idmax')
|
|
Packit Service |
0a38ef |
options.no_hbac_allow = ansible_module.params.get('no_hbac_allow')
|
|
Packit Service |
0a38ef |
options.no_pkinit = ansible_module.params.get('no_pkinit')
|
|
Packit Service |
0a38ef |
options.dirsrv_config_file = ansible_module.params.get(
|
|
Packit Service |
0a38ef |
'dirsrv_config_file')
|
|
Packit Service |
0a38ef |
options._dirsrv_pkcs12_info = ansible_module.params.get(
|
|
Packit Service |
0a38ef |
'_dirsrv_pkcs12_info')
|
|
Packit Service |
0a38ef |
# ssl certificate
|
|
Packit Service |
0a38ef |
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
|
|
Packit Service |
0a38ef |
options.subject_base = ansible_module.params.get('subject_base')
|
|
Packit Service |
0a38ef |
options.ca_subject = ansible_module.params.get('ca_subject')
|
|
Packit Service |
0a38ef |
# certificate system
|
|
Packit Service |
0a38ef |
options.external_cert_files = ansible_module.params.get(
|
|
Packit Service |
0a38ef |
'external_cert_files')
|
|
Packit Service |
0a38ef |
# additional
|
|
Packit Service |
0a38ef |
options.domainlevel = ansible_module.params.get('domainlevel')
|
|
Packit Service |
0a38ef |
options.domain_level = options.domainlevel
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# init ##########################################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
fstore = sysrestore.FileStore(paths.SYSRESTORE)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
api_Backend_ldap2(options.host_name, options.setup_ca, connect=True)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ds = ds_init_info(ansible_log, fstore,
|
|
Packit Service |
0a38ef |
options.domainlevel, options.dirsrv_config_file,
|
|
Packit Service |
0a38ef |
options.realm_name, options.host_name,
|
|
Packit Service |
0a38ef |
options.domain_name, options.dm_password,
|
|
Packit Service |
0a38ef |
options.idstart, options.idmax,
|
|
Packit Service |
0a38ef |
options.subject_base, options.ca_subject,
|
|
Packit Service |
0a38ef |
options.no_hbac_allow, options._dirsrv_pkcs12_info,
|
|
Packit Service |
0a38ef |
options.no_pkinit)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# set ds password ###############################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
with redirect_stdout(ansible_log):
|
|
Packit Service |
0a38ef |
ds.change_admin_password(options.admin_password)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
# done ##########################################################
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
ansible_module.exit_json(changed=True)
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
|
|
Packit Service |
0a38ef |
if __name__ == '__main__':
|
|
Packit Service |
0a38ef |
main()
|