|
Packit |
8cb997 |
import sys
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
param_docs = {
|
|
Packit |
8cb997 |
"ccache": "The local ccache",
|
|
Packit |
8cb997 |
"installer_ccache": "The installer ccache setting",
|
|
Packit |
8cb997 |
"_top_dir": "The installer _top_dir setting",
|
|
Packit |
8cb997 |
"_ca_enabled": "The installer _ca_enabled setting",
|
|
Packit |
8cb997 |
"_add_to_ipaservers": "The installer _add_to_ipaservers setting",
|
|
Packit |
8cb997 |
"_ca_subject": "The installer _ca_subject setting",
|
|
Packit |
8cb997 |
"_subject_base": "The installer _subject_base setting",
|
|
Packit |
8cb997 |
"config_setup_ca": "The config setup_ca setting",
|
|
Packit |
8cb997 |
"config_master_host_name": "The config master_host_name setting",
|
|
Packit |
8cb997 |
"config_ca_host_name": "The config ca_host_name setting",
|
|
Packit |
8cb997 |
"config_ips": "The config ips setting",
|
|
Packit |
8cb997 |
"_ca_file": "The installer _ca_file setting",
|
|
Packit |
8cb997 |
"_kra_enabled": "The installer _kra_enabled setting",
|
|
Packit |
8cb997 |
"_dirsrv_pkcs12_info": "The installer _dirsrv_pkcs12_info setting",
|
|
Packit |
8cb997 |
"_pkinit_pkcs12_info": "The installer _pkinit_pkcs12_info setting",
|
|
Packit |
8cb997 |
"_http_pkcs12_info": "The installer _http_pkcs12_info setting",
|
|
Packit |
8cb997 |
"ds_ca_subject": "The ds.ca_subject setting",
|
|
Packit |
8cb997 |
"ca_subject": "The installer ca_subject setting",
|
|
Packit |
8cb997 |
"_hostname_overridden": "The installer _hostname_overridden setting",
|
|
Packit |
8cb997 |
"_kra_host_name": "The installer _kra_host_name setting",
|
|
Packit |
8cb997 |
"_http_ca_cert": "The installer _http_ca_cert setting",
|
|
Packit |
8cb997 |
"_update_hosts_file": "The installer _update_host_file setting",
|
|
Packit |
8cb997 |
"sssd": "The installer sssd setting",
|
|
Packit |
8cb997 |
"dnsok": "The installer dnsok setting",
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
"dm_password": "Directory Manager password",
|
|
Packit |
8cb997 |
"password": "Admin user kerberos password",
|
|
Packit |
8cb997 |
"ip_addresses": "List of Master Server IP Addresses",
|
|
Packit |
8cb997 |
"domain": "Primary DNS domain of the IPA deployment",
|
|
Packit |
8cb997 |
"realm": "Kerberos realm name of the IPA deployment",
|
|
Packit |
8cb997 |
"hostname": "Fully qualified name of this host",
|
|
Packit |
8cb997 |
"ca_cert_file": [
|
|
Packit |
8cb997 |
"A CA certificate to use. Do not acquire the IPA CA certificate via",
|
|
Packit |
8cb997 |
"automated means"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"ca_cert_files": [
|
|
Packit |
8cb997 |
"List of files containing CA certificates for the service certificate",
|
|
Packit |
8cb997 |
"files"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"no_host_dns": "Do not use DNS for hostname lookup during installation",
|
|
Packit |
8cb997 |
"setup_adtrust": "Configure AD trust capability",
|
|
Packit |
8cb997 |
"setup_ca": "Configure a dogtag CA",
|
|
Packit |
8cb997 |
"setup_kra": "Configure a dogtag KRA",
|
|
Packit |
8cb997 |
"setup_dns": "Configure bind with our zone",
|
|
Packit |
8cb997 |
"force_join": "Force client enrollment even if already enrolled",
|
|
Packit |
8cb997 |
"subject_base": [
|
|
Packit |
8cb997 |
"The certificate subject base (default O=<realm-name>).",
|
|
Packit |
8cb997 |
"RDNs are in LDAP order (most specific RDN first)."
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"server": "Fully qualified name of IPA server to enroll to",
|
|
Packit |
8cb997 |
"dirman_password": "Directory Manager (master) password",
|
|
Packit |
8cb997 |
"no_pkinit": "Disable pkinit setup steps",
|
|
Packit |
8cb997 |
"no_ui_redirect": "Do not automatically redirect to the Web UI",
|
|
Packit |
8cb997 |
"external_ca": "External ca setting",
|
|
Packit |
8cb997 |
"setup_adtrust": "Configure AD trust capability",
|
|
Packit |
8cb997 |
"external_cert_files": [
|
|
Packit |
8cb997 |
"File containing the IPA CA certificate and the external CA certificate",
|
|
Packit |
8cb997 |
"chain"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"reverse_zones": "The reverse DNS zones to use",
|
|
Packit |
8cb997 |
"no_reverse": "Do not create new reverse DNS zone",
|
|
Packit |
8cb997 |
"auto_reverse": "Create necessary reverse zones",
|
|
Packit |
8cb997 |
"forwarders": "Add DNS forwarders",
|
|
Packit |
8cb997 |
"no_forwarders": "Do not add any DNS forwarders, use root servers instead",
|
|
Packit |
8cb997 |
"auto_forwarders": "Use DNS forwarders configured in /etc/resolv.conf",
|
|
Packit |
8cb997 |
"forward_policy": "DNS forwarding policy for global forwarders",
|
|
Packit |
8cb997 |
"enable_compat": "Enable support for trusted domains for old clients",
|
|
Packit |
8cb997 |
"netbios_name": "NetBIOS name of the IPA domain",
|
|
Packit |
8cb997 |
"rid_base": "Start value for mapping UIDs and GIDs to RIDs",
|
|
Packit |
8cb997 |
"secondary_rid_base": [
|
|
Packit |
8cb997 |
"Start value of the secondary range for mapping UIDs and GIDs to RIDs"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"pki_config_override": "Path to ini file with config overrides",
|
|
Packit |
8cb997 |
"servers": "Fully qualified name of IPA servers to enroll to",
|
|
Packit |
8cb997 |
"hidden_replica": "Install a hidden replica",
|
|
Packit |
8cb997 |
"dirsrv_config_file": [
|
|
Packit |
8cb997 |
"The path to LDIF file that will be used to modify configuration of",
|
|
Packit |
8cb997 |
"dse.ldif during installation of the directory server instance"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"dirsrv_cert_files": [
|
|
Packit |
8cb997 |
"Files containing the Directory Server SSL certificate and private key"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"http_cert_files": [
|
|
Packit |
8cb997 |
"File containing the Apache Server SSL certificate and private key"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"pkinit_cert_files": [
|
|
Packit |
8cb997 |
"File containing the Kerberos KDC SSL certificate and private key"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"no_ntp": "Do not configure ntp",
|
|
Packit |
8cb997 |
"ntp_servers": "ntp servers to use",
|
|
Packit |
8cb997 |
"ntp_pool": "ntp server pool to use",
|
|
Packit |
8cb997 |
"no_dnssec_validation": "Disable DNSSEC validation",
|
|
Packit |
8cb997 |
"master": "Master host name",
|
|
Packit |
8cb997 |
"master_password": "kerberos master password (normally autogenerated)",
|
|
Packit |
8cb997 |
"principal": [
|
|
Packit |
8cb997 |
"User Principal allowed to promote replicas and join IPA realm"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"dirsrv_pin": "The password to unlock the Directory Server private key",
|
|
Packit |
8cb997 |
"http_pin": "The password to unlock the Apache Server private key",
|
|
Packit |
8cb997 |
"pkinit_pin": "The password to unlock the Kerberos KDC private key",
|
|
Packit |
8cb997 |
"dirsrv_cert_name":
|
|
Packit |
8cb997 |
"Name of the Directory Server SSL certificate to install",
|
|
Packit |
8cb997 |
"http_cert_name": "Name of the Apache Server SSL certificate to install",
|
|
Packit |
8cb997 |
"pkinit_cert_name": "Name of the Kerberos KDC SSL certificate to install",
|
|
Packit |
8cb997 |
"keytab": "Path to backed up keytab from previous enrollment",
|
|
Packit |
8cb997 |
"mkhomedir": "Create home directories for users on their first login",
|
|
Packit |
8cb997 |
"adtrust_netbios_name": "The adtrust netbios_name setting",
|
|
Packit |
8cb997 |
"adtrust_reset_netbios_name": "The adtrust reset_netbios_name setting",
|
|
Packit |
8cb997 |
"zonemgr":
|
|
Packit |
8cb997 |
"DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN",
|
|
Packit |
8cb997 |
"ssh_trust_dns": "Configure OpenSSH client to trust DNS SSHFP records",
|
|
Packit |
8cb997 |
"dns_ip_addresses": "The dns ip_addresses setting",
|
|
Packit |
8cb997 |
"dns_reverse_zones": "The dns reverse_zones setting",
|
|
Packit |
8cb997 |
"no_ssh": "Do not configure OpenSSH client",
|
|
Packit |
8cb997 |
"no_sshd": "Do not configure OpenSSH server",
|
|
Packit |
8cb997 |
"no_dns_sshfp": "Do not automatically create DNS SSHFP records",
|
|
Packit |
8cb997 |
"allow_zone_overlap": "Create DNS zone even if it already exists",
|
|
Packit |
8cb997 |
"skip_conncheck": "Skip connection check to remote master",
|
|
Packit |
8cb997 |
"idstart": "The starting value for the IDs range (default random)",
|
|
Packit |
8cb997 |
"idmax": "The max value for the IDs range (default: idstart+199999)",
|
|
Packit |
8cb997 |
"no_hbac_allow": "Don't install allow_all HBAC rule",
|
|
Packit |
8cb997 |
"domainlevel": "The domain level",
|
|
Packit |
8cb997 |
"external_ca_type": "Type of the external CA",
|
|
Packit |
8cb997 |
"external_ca_profile": [
|
|
Packit |
8cb997 |
"Specify the certificate profile/template to use at the external CA"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"force": "Installer force parameter",
|
|
Packit |
8cb997 |
"ca_signing_algorithm": "Signing algorithm of the IPA CA certificate",
|
|
Packit |
8cb997 |
"debug": "Turn on extra debugging",
|
|
Packit |
8cb997 |
"basedn": "The basedn of the IPA server (of the form dc=example,dc=com)",
|
|
Packit |
8cb997 |
"allow_repair": [
|
|
Packit |
8cb997 |
"Allow repair of already joined hosts. Contrary to ipaclient_force_join",
|
|
Packit |
8cb997 |
"the host entry will not be changed on the server"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"backup": "File to backup",
|
|
Packit |
8cb997 |
"fqdn": [
|
|
Packit |
8cb997 |
"The fully-qualified hostname of the host to add/modify/remove"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"certificates": "A list of host certificates",
|
|
Packit |
8cb997 |
"sshpubkey": "The SSH public key for the host",
|
|
Packit |
8cb997 |
"ipaddress": "The IP address for the host",
|
|
Packit |
8cb997 |
"random": "Generate a random password to be used in bulk enrollment",
|
|
Packit |
8cb997 |
"state": "The desired host state",
|
|
Packit |
8cb997 |
"kdc": "The name or address of the host running the KDC",
|
|
Packit |
8cb997 |
"admin_keytab": "The path to a local admin keytab",
|
|
Packit |
8cb997 |
"kinit_attempts": "Repeat the request for host Kerberos ticket X times",
|
|
Packit |
8cb997 |
"automount_location": "The automount location",
|
|
Packit |
8cb997 |
"firefox_dir": [
|
|
Packit |
8cb997 |
"Specify directory where Firefox is installed (for example",
|
|
Packit |
8cb997 |
"'/usr/lib/firefox')"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"client_domain": "Primary DNS domain of the IPA deployment",
|
|
Packit |
8cb997 |
"nisdomain": "The NIS domain name",
|
|
Packit |
8cb997 |
"ca_enabled": "Whether the Certificate Authority is enabled or not",
|
|
Packit |
8cb997 |
"on_master": "Whether the configuration is done on the master or not",
|
|
Packit |
8cb997 |
"enable_dns_updates": [
|
|
Packit |
8cb997 |
"Configures the machine to attempt dns updates when the ip address",
|
|
Packit |
8cb997 |
"changes"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"all_ip_addresses": [
|
|
Packit |
8cb997 |
"All routable IP addresses configured on any interface will be added",
|
|
Packit |
8cb997 |
"to DNS"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"request_cert": "Request certificate for the machine",
|
|
Packit |
8cb997 |
"preserve_sssd": "Preserve old SSSD configuration if possible",
|
|
Packit |
8cb997 |
"no_sudo": "Do not configure SSSD as data source for sudo",
|
|
Packit |
8cb997 |
"fixed_primary":
|
|
Packit |
8cb997 |
"Configure sssd to use fixed server as primary IPA server",
|
|
Packit |
8cb997 |
"permit": "Disable access rules by default, permit all access",
|
|
Packit |
8cb997 |
"no_krb5_offline_passwords": [
|
|
Packit |
8cb997 |
"Configure SSSD not to store user password when the server is offline"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"force_ntpd": [
|
|
Packit |
8cb997 |
"Stop and disable any time&date synchronization services besides ntpd",
|
|
Packit |
8cb997 |
"Deprecated since 4.7"
|
|
Packit |
8cb997 |
],
|
|
Packit |
8cb997 |
"no_nisdomain": "Do not configure NIS domain name",
|
|
Packit |
8cb997 |
"configure_firefox": "Configure Firefox to use IPA domain credentials",
|
|
Packit |
8cb997 |
}
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
def gen_module_docs(module_in):
|
|
Packit |
8cb997 |
with open(module_in) as in_f:
|
|
Packit |
8cb997 |
in_lines = in_f.readlines()
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
arg_spec = False
|
|
Packit |
8cb997 |
args = []
|
|
Packit |
8cb997 |
i = 0
|
|
Packit |
8cb997 |
while i < len(in_lines):
|
|
Packit |
8cb997 |
line = in_lines[i]
|
|
Packit |
8cb997 |
stripped = line.strip()
|
|
Packit |
8cb997 |
# print("stripped: %s" % repr(stripped))
|
|
Packit |
8cb997 |
if stripped.startswith("# "):
|
|
Packit |
8cb997 |
pass
|
|
Packit |
8cb997 |
elif stripped.startswith("argument_spec=dict()"):
|
|
Packit |
8cb997 |
pass
|
|
Packit |
8cb997 |
elif stripped.startswith("argument_spec=dict("):
|
|
Packit |
8cb997 |
arg_spec = True
|
|
Packit |
8cb997 |
elif stripped.startswith("),") and arg_spec:
|
|
Packit |
8cb997 |
arg_spec = False
|
|
Packit |
8cb997 |
elif arg_spec:
|
|
Packit |
8cb997 |
# if not "dict=(" in stripped:
|
|
Packit |
8cb997 |
# print("%s: Bad argument dict line '%s'" % (module_in,
|
|
Packit |
8cb997 |
# stripped))
|
|
Packit |
8cb997 |
while ")," not in stripped and i < len(in_lines) - 1:
|
|
Packit |
8cb997 |
next_stripped = in_lines[i+1].strip()
|
|
Packit |
8cb997 |
if not next_stripped.startswith("# "):
|
|
Packit |
8cb997 |
stripped += next_stripped
|
|
Packit |
8cb997 |
i += 1
|
|
Packit |
8cb997 |
# print("stripped: '%s'" % stripped)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
try:
|
|
Packit |
8cb997 |
param, _dict = stripped.split("=", 1)
|
|
Packit |
8cb997 |
except Exception:
|
|
Packit |
8cb997 |
print("Failed to split line '%s'" % stripped)
|
|
Packit |
8cb997 |
sys.exit(1)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# print("_dict: '%s'" % _dict)
|
|
Packit |
8cb997 |
if not _dict.startswith("dict(") or not _dict.endswith("),"):
|
|
Packit |
8cb997 |
print("%s: Bad argument dict line 2 '%s'" % (module_in, _dict))
|
|
Packit |
8cb997 |
sys.exit(1)
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
_dict = _dict[5:-2]
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
if param not in param_docs:
|
|
Packit |
8cb997 |
print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
|
Packit |
8cb997 |
print("%s: param '%s' is not in param_docs" % (module_in,
|
|
Packit |
8cb997 |
param))
|
|
Packit |
8cb997 |
print("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!")
|
|
Packit |
8cb997 |
sys.exit(1)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# print("param: '%s', dict: '%s'" % (param, _dict))
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
opts = _dict.split(',')
|
|
Packit |
8cb997 |
opts = [o.strip() for o in opts]
|
|
Packit |
8cb997 |
required = False
|
|
Packit |
8cb997 |
# no_log = False
|
|
Packit |
8cb997 |
if "required=True" in opts:
|
|
Packit |
8cb997 |
required = True
|
|
Packit |
8cb997 |
# if "no_log=True" in opts:
|
|
Packit |
8cb997 |
# no_log = True
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# args.append([param, required, no_log])
|
|
Packit |
8cb997 |
args.append([param, required])
|
|
Packit |
8cb997 |
i += 1
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
# print("%s: %s" % (module_in, repr(args)))
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
def add_options(args):
|
|
Packit |
8cb997 |
for param, required in args:
|
|
Packit |
8cb997 |
out_lines.append(" %s:\n" % param)
|
|
Packit |
8cb997 |
if isinstance(param_docs[param], list):
|
|
Packit |
8cb997 |
out_lines.append(" description:\n")
|
|
Packit |
8cb997 |
for x in param_docs[param]:
|
|
Packit |
8cb997 |
out_lines.append(" %s\n" % x)
|
|
Packit |
8cb997 |
else:
|
|
Packit |
8cb997 |
out_lines.append(" description: %s\n" % param_docs[param])
|
|
Packit |
8cb997 |
out_lines.append(" required: %s\n" % ("yes", "no")[required])
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
out_lines = []
|
|
Packit |
8cb997 |
options = False
|
|
Packit |
8cb997 |
in_options = False
|
|
Packit |
8cb997 |
changed = False
|
|
Packit |
8cb997 |
docs = False
|
|
Packit |
8cb997 |
for line in in_lines:
|
|
Packit |
8cb997 |
stripped = line.strip()
|
|
Packit |
8cb997 |
if stripped.startswith("DOCUMENTATION = '''"):
|
|
Packit |
8cb997 |
docs = True
|
|
Packit |
8cb997 |
elif stripped.startswith("options:"):
|
|
Packit |
8cb997 |
out_lines.append(line)
|
|
Packit |
8cb997 |
add_options(args)
|
|
Packit |
8cb997 |
options = True
|
|
Packit |
8cb997 |
in_options = True
|
|
Packit |
8cb997 |
changed = True
|
|
Packit |
8cb997 |
continue
|
|
Packit |
8cb997 |
elif stripped.startswith("author:"):
|
|
Packit |
8cb997 |
if not options:
|
|
Packit |
8cb997 |
add_options(args)
|
|
Packit |
8cb997 |
options = True
|
|
Packit |
8cb997 |
changed = True
|
|
Packit |
8cb997 |
in_options = False
|
|
Packit |
8cb997 |
elif stripped.startswith("'''"):
|
|
Packit |
8cb997 |
if not options:
|
|
Packit |
8cb997 |
add_options(args)
|
|
Packit |
8cb997 |
options = True
|
|
Packit |
8cb997 |
changed = True
|
|
Packit |
8cb997 |
in_options = False
|
|
Packit |
8cb997 |
docs = False
|
|
Packit |
8cb997 |
elif docs and in_options:
|
|
Packit |
8cb997 |
continue
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
out_lines.append(line)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
print(module_in)
|
|
Packit |
8cb997 |
# for line in out_lines:
|
|
Packit |
8cb997 |
# sys.stdout.write(line)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
if changed:
|
|
Packit |
8cb997 |
with open(module_in, "w") as out_f:
|
|
Packit |
8cb997 |
for line in out_lines:
|
|
Packit |
8cb997 |
out_f.write(line)
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
|
|
Packit |
8cb997 |
gen_module_docs(sys.argv[1])
|