Skip to content
Snippets Groups Projects
Select Git revision
  • 457050c6ac79c008d495d72af0dc91b03e998bb1
  • master default protected
  • v1.14.7
  • v1.14.6
  • v1.14.5
  • v1.14.4
  • v1.14.3
  • v1.14.2
  • v1.14.1
  • v1.14.0
  • v1.13.2
  • v1.13.1
  • v1.13.0
  • v1.12.1
  • v1.12.0
  • v1.11.1
  • v1.11.0
  • v1.10.0
  • v1.9.2
  • v1.9.1
  • v1.9.0
  • v1.8.4
22 results

ipasudocmdgroup.py

Blame
    • Thomas Woerner's avatar
      457050c6
      Do not remove member attributes while updating others · 457050c6
      Thomas Woerner authored
      Because of a missing check member attributes (for use with action: member)
      are cleared when a non-member attribute is changed. The fix simply adds a
      check for None (parameter not set) to gen_add_del_lists in
      ansible_freeipa_module to make sure that the parameter is only changed if
      it should be changed.
      
      All places where the add and removal lists have been generated manually
      have been changed to also use gen_add_del_lists.
      
      Resolves: #252 (The "Manager" attribute is removed when updating any user
                      attribute)
      457050c6
      History
      Do not remove member attributes while updating others
      Thomas Woerner authored
      Because of a missing check member attributes (for use with action: member)
      are cleared when a non-member attribute is changed. The fix simply adds a
      check for None (parameter not set) to gen_add_del_lists in
      ansible_freeipa_module to make sure that the parameter is only changed if
      it should be changed.
      
      All places where the add and removal lists have been generated manually
      have been changed to also use gen_add_del_lists.
      
      Resolves: #252 (The "Manager" attribute is removed when updating any user
                      attribute)
    ansible_ipa_client.py 9.41 KiB
    #!/usr/bin/python
    # -*- coding: utf-8 -*-
    
    # Authors:
    #   Thomas Woerner <twoerner@redhat.com>
    #
    # Based on ipa-client-install code
    #
    # Copyright (C) 2017  Red Hat
    # see file 'COPYING' for use and warranty information
    #
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation, either version 3 of the License, or
    # (at your option) any later version.
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # You should have received a copy of the GNU General Public License
    # along with this program.  If not, see <http://www.gnu.org/licenses/>.
    
    from ipapython.version import NUM_VERSION, VERSION
    
    if NUM_VERSION < 30201:
        # See ipapython/version.py
        IPA_MAJOR,IPA_MINOR,IPA_RELEASE = [ int(x) for x in VERSION.split(".", 2) ]
        IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
    else:
        IPA_PYTHON_VERSION = NUM_VERSION
    
    class installer_obj(object):
        def __init__(self):
            pass
    
        def set_logger(self, logger):
            self.logger = logger
    
        #def __getattribute__(self, attr):
        #    value = super(installer_obj, self).__getattribute__(attr)
        #    if not attr.startswith("--") and not attr.endswith("--"):
        #        logger.debug(
        #            "  <-- Accessing installer.%s (%s)" % (attr, repr(value)))
        #    return value
    
        #def __getattr__(self, attr):
        #    #logger.info("  --> ADDING missing installer.%s" % attr)
        #    self.logger.warn("  --> ADDING missing installer.%s" % attr)
        #    setattr(self, attr, None)
        #    return getattr(self, attr)
    
        #def __setattr__(self, attr, value):
        #    logger.debug("  --> Setting installer.%s to %s" % (attr, repr(value)))
        #    return super(installer_obj, self).__setattr__(attr, value)
    
        def knobs(self):
            for name in self.__dict__:
                yield self, name
    
    # Initialize installer settings
    installer = installer_obj()
    # Create options
    options = installer
    options.interactive = False
    
    if NUM_VERSION >= 40400:
        # IPA version >= 4.4
    
        import sys
        import inspect
        import gssapi
        import logging
    
        import six
    
        from ipapython import version
        try:
            from ipaclient.install import ipadiscovery
        except ImportError:
            from ipaclient import ipadiscovery
        from ipalib import api, errors, x509
        try:
            from ipalib.install import sysrestore
        except ImportError:
            from ipapython import sysrestore
        try:
            from ipalib.install import certmonger
        except ImportError:
            from ipapython import certmonger
        try:
            from ipalib.install import certstore
        except ImportError:
            from ipalib import certstore
        from ipalib.rpc import delete_persistent_client_session_data
        from ipapython import certdb, ipautil
        from ipapython.admintool import ScriptError
        from ipapython.ipautil import CheckedIPAddress
        from ipalib.util import validate_domain_name, normalize_hostname
        from ipaplatform import services
        from ipaplatform.paths import paths
        from ipaplatform.tasks import tasks
        if NUM_VERSION >= 40500 and NUM_VERSION < 40590:
            from cryptography.hazmat.primitives import serialization
        from ipapython.ipautil import CalledProcessError, write_tmp_file, \
            ipa_generate_password
        from ipapython.dn import DN
        try:
            from ipalib.install.kinit import kinit_keytab, kinit_password
        except ImportError:
            from ipapython.ipautil import kinit_keytab, kinit_password
        from ipapython.ipa_log_manager import standard_logging_setup
        from gssapi.exceptions import GSSError
        try:
            from ipaclient.install.client import configure_krb5_conf, \
                get_ca_certs, SECURE_PATH, get_server_connection_interface, \
                configure_nsswitch_database, disable_ra, client_dns, \
                configure_certmonger, update_ssh_keys, configure_openldap_conf, \
                hardcode_ldap_server, get_certs_from_ldap, save_state, \
                create_ipa_nssdb, configure_ssh_config, configure_sshd_config, \
                configure_automount, configure_firefox, configure_nisdomain, \
                CLIENT_INSTALL_ERROR, is_ipa_client_installed, \
                CLIENT_ALREADY_CONFIGURED, nssldap_exists, remove_file, \
                check_ip_addresses, print_port_conf_info, configure_ipa_conf, \
                purge_host_keytab, configure_sssd_conf
        except ImportError:
            # Create temporary copy of ipa-client-install script (as
            # ipa_client_install.py) to be able to import the script easily
            # and also to remove the global finally clause in which the
            # generated ccache file gets removed. The ccache file will be
            # needed in the next step.
            # This is done in a temporary directory that gets removed right
            # after ipa_client_install has been imported.
            import shutil, tempfile
            temp_dir = tempfile.mkdtemp(dir="/tmp")
            sys.path.append(temp_dir)
            temp_file = "%s/ipa_client_install.py" % temp_dir
    
            with open("/usr/sbin/ipa-client-install", "r") as f_in:
                with open(temp_file, "w") as f_out:
                    for line in f_in:
                        if line.startswith("finally:"):
                            break
                        f_out.write(line)
            import ipa_client_install
    
            shutil.rmtree(temp_dir, ignore_errors=True)
            sys.path.remove(temp_dir)
    
            argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
            if argspec.keywords is None:
                def configure_krb5_conf(
                        cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
                        filename, client_domain, client_hostname, force=False,
                        configure_sssd=True):
                    global options
                    options.force = force
                    options.sssd = configure_sssd
                    return ipa_client_install.configure_krb5_conf(
                        cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
                        filename, client_domain, client_hostname)
            else:
                configure_krb5_conf = ipa_client_install.configure_krb5_conf
            if NUM_VERSION < 40100:
                get_ca_cert = ipa_client_install.get_ca_cert
                get_ca_certs = None
            else:
                get_ca_certs = ipa_client_install.get_ca_certs
            SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
    
            get_server_connection_interface = ipa_client_install.get_server_connection_interface
            configure_nsswitch_database = ipa_client_install.configure_nsswitch_database
            disable_ra = ipa_client_install.disable_ra
            client_dns = ipa_client_install.client_dns
            configure_certmonger = ipa_client_install.configure_certmonger
            update_ssh_keys = ipa_client_install.update_ssh_keys
            configure_openldap_conf = ipa_client_install.configure_openldap_conf
            hardcode_ldap_server = ipa_client_install.hardcode_ldap_server
            get_certs_from_ldap = ipa_client_install.get_certs_from_ldap
            save_state = ipa_client_install.save_state
    
            create_ipa_nssdb = certdb.create_ipa_nssdb
    
            argspec = inspect.getargspec(ipa_client_install.configure_nisdomain)
            if len(argspec.args) == 3:
                configure_nisdomain = ipa_client_install.configure_nisdomain
            else:
                def configure_nisdomain(options, domain, statestore=None):
                    return ipa_client_install.configure_nisdomain(options, domain)
    
            configure_ssh_config = ipa_client_install.configure_ssh_config
            configure_sshd_config = ipa_client_install.configure_sshd_config
            configure_automount = ipa_client_install.configure_automount
            configure_firefox = ipa_client_install.configure_firefox
    
        from ipapython.ipautil import realm_to_suffix, run
    
        if six.PY3:
            unicode = str
    
        try:
            from ipaclient.install import timeconf
            time_service = "chronyd"
        except ImportError:
            try:
                from ipaclient.install import ntpconf as timeconf
            except ImportError:
                from ipaclient import ntpconf as timeconf
            time_service = "ntpd"
    
        try:
            from ipaclient.install.client import sync_time
        except ImportError:
            sync_time = None
    
        try:
            from ipaclient.install.client import check_ldap_conf
        except ImportError:
            check_ldap_conf = None
    
        try:
            from ipaclient.install.client import sssd_enable_ifp
        except ImportError:
            sssd_enable_ifp = None
    
        logger = logging.getLogger("ipa-client-install")
        standard_logging_setup(
            paths.IPACLIENT_INSTALL_LOG, verbose=False, debug=False,
            filemode='a', console_format='%(message)s')
        root_logger = logger
    
    else:
        # IPA version < 4.4
    
        raise Exception("freeipa version '%s' is too old" % VERSION)
    
    
    def ansible_module_get_parsed_ip_addresses(ansible_module,
                                               param='ip_addresses'):
        ip_addresses = ansible_module.params.get(param)
        if ip_addresses is None:
            return None
    
        ip_addrs = [ ]
        for ip in ip_addresses:
            try:
                ip_parsed = ipautil.CheckedIPAddress(ip)
            except Exception as e:
                ansible_module.fail_json(msg="Invalid IP Address %s: %s" % (ip, e))
            ip_addrs.append(ip_parsed)
        return ip_addrs