Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaextras
short description: Configure IPA extras
description:
Configure IPA extras
options:
servers:
description: The FQDN of the IPA servers to connect to.
required: false
domain:
description: The primary DNS domain of an existing IPA deployment.
required: false
ntp:
description: Set to no to not configure and enable NTP
required: false
force_ntpd:
description: Stop and disable any time&date synchronization services besides ntpd.
required: false
ntp_servers:
description: The ntp servers to configure if ntp is enabled.
required: false
ssh:
description: Configure OpenSSH client
required: false
default: yes
sssd:
description: Configure the client to use SSSD for authentication
required: false
default: yes
trust_sshfp:
description: Configure OpenSSH client to trust DNS SSHFP records
required: false
default: yes
sshd:
description: Configure OpenSSH server
required: false
default: yes
automount_location:
description: Automount location
required: false
default: no
firefox:
description: Configure Firefox to use IPA domain credentials
required: false
default: no
firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
required: false
no_nisdomain:
description: Do not configure NIS domain name
required: false
default: no
nisdomain:
description: NIS domain name
required: false
on_master:
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: IPA extras configurations
ipaextras:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
'''
RETURN = '''
'''
import logging
import os
from ansible.module_utils.basic import AnsibleModule
from ipalib.install import sysrestore
from ipaplatform.paths import paths
from ipaclient.install.client import CCACHE_FILE, configure_ssh_config, \
configure_sshd_config, configure_automount, configure_firefox, \
configure_nisdomain
from ipaclient.install import ntpconf
def main():
module = AnsibleModule(
argument_spec = dict(
servers=dict(required=True, type='list'),
domain=dict(required=True),
ntp=dict(required=False, type='bool', default='no'),
force_ntpd=dict(required=False, type='bool', default='no'),
ntp_servers=dict(required=False, type='list'),
ssh=dict(required=False, type='bool', default='yes'),
sssd=dict(required=False, type='bool', default='yes'),
trust_sshfp=dict(required=False, type='bool', default='yes'),
sshd=dict(required=False, type='bool', default='yes'),
automount_location=dict(required=False),
firefox=dict(required=False, type='bool', default='no'),
firefox_dir=dict(required=False),
no_nisdomain=dict(required=False, type='bool', default='no'),
nisdomain=dict(required=False),
on_master=dict(required=False, type='bool', default='no'),
),
# required_one_of = ( [ '', '' ] ),
supports_check_mode = True,
)
module._ansible_debug = True
servers = module.params.get('servers')
domain = module.params.get('domain')
ntp = module.params.get('ntp')
force_ntpd = module.params.get('force_ntpd')
ntp_servers = module.params.get('ntp_servers')
ssh = module.params.get('ssh')
sssd = module.params.get('sssd')
trust_sshfp = module.params.get('trust_sshfp')
sshd = module.params.get('sshd')
automount_location = module.params.get('automount_location')
firefox = module.params.get('firefox')
firefox_dir = module.params.get('firefox_dir')
no_nisdomain = module.params.get('no_nisdomain')
nisdomain = module.params.get('nisdomain')
on_master = module.params.get('on_master')
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
logger = logging.getLogger("ipa-client-install")
os.environ['KRB5CCNAME'] = CCACHE_FILE
class Object(object):
pass
options = Object()
options.sssd = sssd
options.trust_sshfp = trust_sshfp
options.location = automount_location
options.server = servers
options.firefox_dir = firefox_dir
options.nisdomain = nisdomain
if ntp and not on_master:
# disable other time&date services first
if force_ntpd:
ntpconf.force_ntpd(statestore)
ntpconf.config_ntp(ntp_servers, fstore, statestore)
module.log("NTP enabled")
if ssh:
configure_ssh_config(fstore, options)
if sshd:
configure_sshd_config(fstore, options)
if automount_location:
configure_automount(options)
if firefox:
configure_firefox(options, statestore, domain)
if not no_nisdomain:
configure_nisdomain(
options=options, domain=domain, statestore=statestore)
# Cleanup: Remove CCACHE_FILE
try:
os.remove(CCACHE_FILE)
except Exception:
pass
module.exit_json(changed=True)
if __name__ == '__main__':
main()