From 2ba2b3cfee96742a58d5fd7158c5e8ea7cc5dd20 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 22 Jul 2019 17:45:32 +0200
Subject: [PATCH] ipa[server,replica,client]: flake8 and pylint fixes
These are white space and line length changes to calm down pylint and flake8.
---
.../action_plugins/ipaclient_get_otp.py | 13 +-
roles/ipaclient/library/ipaclient_api.py | 24 +-
roles/ipaclient/library/ipaclient_fix_ca.py | 6 +-
roles/ipaclient/library/ipaclient_fstore.py | 4 +-
.../ipaclient/library/ipaclient_get_facts.py | 25 +-
roles/ipaclient/library/ipaclient_get_otp.py | 33 +--
roles/ipaclient/library/ipaclient_ipa_conf.py | 6 +-
roles/ipaclient/library/ipaclient_join.py | 11 +-
.../library/ipaclient_set_hostname.py | 4 +-
.../library/ipaclient_setup_automount.py | 8 +-
.../library/ipaclient_setup_firefox.py | 6 +-
.../ipaclient/library/ipaclient_setup_krb5.py | 32 +--
.../ipaclient/library/ipaclient_setup_nis.py | 8 +-
.../ipaclient/library/ipaclient_setup_nss.py | 35 +--
.../ipaclient/library/ipaclient_setup_ntp.py | 26 ++-
.../ipaclient/library/ipaclient_setup_ssh.py | 8 +-
.../ipaclient/library/ipaclient_setup_sssd.py | 10 +-
roles/ipaclient/library/ipaclient_test.py | 220 ++++++++++--------
.../library/ipaclient_test_keytab.py | 86 +++----
.../module_utils/ansible_ipa_client.py | 23 +-
.../library/ipareplica_add_to_ipaservers.py | 24 +-
.../library/ipareplica_create_ipa_conf.py | 41 ++--
.../ipareplica_custodia_import_dm_password.py | 24 +-
.../library/ipareplica_ds_apply_updates.py | 43 ++--
.../library/ipareplica_ds_enable_ssl.py | 39 ++--
.../library/ipareplica_enable_ipa.py | 23 +-
.../library/ipareplica_install_ca_certs.py | 45 ++--
.../library/ipareplica_krb_enable_ssl.py | 31 +--
.../library/ipareplica_master_password.py | 8 +-
.../ipareplica/library/ipareplica_prepare.py | 171 +++++++-------
.../ipareplica_promote_openldap_conf.py | 25 +-
.../library/ipareplica_promote_sssd.py | 23 +-
.../library/ipareplica_restart_kdc.py | 20 +-
.../library/ipareplica_setup_adtrust.py | 35 +--
.../ipareplica/library/ipareplica_setup_ca.py | 43 ++--
.../library/ipareplica_setup_certmonger.py | 6 +-
.../library/ipareplica_setup_custodia.py | 29 +--
.../library/ipareplica_setup_dns.py | 27 ++-
.../ipareplica/library/ipareplica_setup_ds.py | 49 ++--
.../library/ipareplica_setup_http.py | 26 ++-
.../library/ipareplica_setup_kra.py | 41 ++--
.../library/ipareplica_setup_krb.py | 31 +--
.../library/ipareplica_setup_otpd.py | 22 +-
roles/ipareplica/library/ipareplica_test.py | 91 ++++----
.../module_utils/ansible_ipa_replica.py | 100 ++++----
.../ipaserver/library/ipaserver_enable_ipa.py | 4 +-
.../ipaserver/library/ipaserver_load_cache.py | 11 +-
.../library/ipaserver_master_password.py | 8 +-
roles/ipaserver/library/ipaserver_prepare.py | 106 +++++----
.../library/ipaserver_set_ds_password.py | 26 ++-
.../library/ipaserver_setup_adtrust.py | 21 +-
roles/ipaserver/library/ipaserver_setup_ca.py | 33 +--
.../library/ipaserver_setup_custodia.py | 8 +-
.../ipaserver/library/ipaserver_setup_dns.py | 20 +-
roles/ipaserver/library/ipaserver_setup_ds.py | 31 +--
.../ipaserver/library/ipaserver_setup_http.py | 22 +-
.../ipaserver/library/ipaserver_setup_kra.py | 4 +-
.../ipaserver/library/ipaserver_setup_krb.py | 7 +-
.../ipaserver/library/ipaserver_setup_ntp.py | 4 +-
.../ipaserver/library/ipaserver_setup_otpd.py | 6 +-
roles/ipaserver/library/ipaserver_test.py | 190 ++++++++-------
.../module_utils/ansible_ipa_server.py | 29 +--
62 files changed, 1160 insertions(+), 975 deletions(-)
diff --git a/roles/ipaclient/action_plugins/ipaclient_get_otp.py b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
index f6deebc9..b7e80567 100644
--- a/roles/ipaclient/action_plugins/ipaclient_get_otp.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -56,13 +56,12 @@ def kinit_password(principal, password, ccache_name, config):
Perform kinit using principal/password, with the specified config file
and store the TGT in ccache_name.
"""
- args = [ "/usr/bin/kinit", principal, '-c', ccache_name]
+ args = ["/usr/bin/kinit", principal, '-c', ccache_name]
old_config = os.environ.get('KRB5_CONFIG')
os.environ['KRB5_CONFIG'] = config
try:
- result = run_cmd(args, stdin=password.encode())
- return result
+ return run_cmd(args, stdin=password.encode())
finally:
if old_config is not None:
os.environ['KRB5_CONFIG'] = old_config
@@ -122,6 +121,7 @@ KRB5CONF_TEMPLATE = """
{{ ipa_domain }} = {{ ipa_realm }}
"""
+
class ActionModule(ActionBase):
def run(self, tmp=None, task_vars=None):
@@ -162,8 +162,8 @@ class ActionModule(ActionBase):
result['msg'] = "principal is required"
return result
- data = self._execute_module(module_name='ipaclient_get_facts', module_args=dict(),
- task_vars=None)
+ data = self._execute_module(module_name='ipaclient_get_facts',
+ module_args=dict(), task_vars=None)
try:
domain = data['ansible_facts']['ipa']['domain']
realm = data['ansible_facts']['ipa']['realm']
@@ -217,7 +217,8 @@ class ActionModule(ActionBase):
kinit_keytab(principal, keytab, ccache_name, krb5conf_name)
except Exception as e:
result['failed'] = True
- result['msg'] = 'kinit %s with keytab %s failed' % (principal, keytab)
+ result['msg'] = 'kinit %s with keytab %s failed: %s' % \
+ (principal, keytab, str(e))
return result
try:
diff --git a/roles/ipaclient/library/ipaclient_api.py b/roles/ipaclient/library/ipaclient_api.py
index 4514ce3c..a82fb345 100644
--- a/roles/ipaclient/library/ipaclient_api.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -80,15 +80,16 @@ from ansible.module_utils.ansible_ipa_client import (
CLIENT_INSTALL_ERROR, logger
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
realm=dict(required=True),
hostname=dict(required=True),
- debug=dict(required=False, type='bool', default="false")
+ debug=dict(required=False, type='bool', default="false"),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -102,10 +103,10 @@ def main():
ca_certs = x509.load_certificate_list_from_file(paths.IPA_CA_CRT)
if 40500 <= NUM_VERSION < 40590:
- ca_certs = [ cert.public_bytes(serialization.Encoding.DER)
- for cert in ca_certs ]
+ ca_certs = [cert.public_bytes(serialization.Encoding.DER)
+ for cert in ca_certs]
elif NUM_VERSION < 40500:
- ca_certs = [ cert.der_data for cert in ca_certs ]
+ ca_certs = [cert.der_data for cert in ca_certs]
with certdb.NSSDatabase() as tmp_db:
api.bootstrap(context='cli_installer',
@@ -139,7 +140,7 @@ def main():
else:
tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1),
'C,,')
- except CalledProcessError as e:
+ except CalledProcessError:
module.fail_json(msg="Failed to add CA to temporary NSS database.")
api.finalize()
@@ -175,10 +176,12 @@ def main():
"may not be available")
except errors.PublicError as e2:
module.fail_json(
- msg="Cannot connect to the IPA server RPC interface: %s" % e2)
+ msg="Cannot connect to the IPA server RPC interface: "
+ "%s" % e2)
except errors.PublicError as e:
module.fail_json(
- msg="Cannot connect to the server due to generic error: %s" % e)
+ msg="Cannot connect to the server due to generic error: "
+ "%s" % e)
# Use the RPC directly so older servers are supported
try:
result = api.Backend.rpcclient.forward(
@@ -200,7 +203,7 @@ def main():
try:
config = api.Command['config_show']()['result']
subject_base = str(DN(config['ipacertificatesubjectbase'][0]))
- except errors.PublicError as e:
+ except errors.PublicError:
try:
config = api.Backend.rpcclient.forward(
'config_show',
@@ -219,5 +222,6 @@ def main():
ca_enabled=ca_enabled,
subject_base=subject_base)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_fix_ca.py b/roles/ipaclient/library/ipaclient_fix_ca.py
index 4d13cdbb..f4d2fbe4 100644
--- a/roles/ipaclient/library/ipaclient_fix_ca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -72,9 +72,10 @@ from ansible.module_utils.ansible_ipa_client import (
get_ca_certs, errors
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
realm=dict(required=True),
basedn=dict(required=True),
@@ -101,7 +102,7 @@ def main():
if not os.path.exists(paths.IPA_CA_CRT):
if not allow_repair:
module.fail_json(
- msg="%s missing, enable allow_repair to fix it." % \
+ msg="%s missing, enable allow_repair to fix it." %
paths.IPA_CA_CRT)
# Repair missing ca.crt file
@@ -121,5 +122,6 @@ def main():
module.exit_json(changed=changed)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_fstore.py b/roles/ipaclient/library/ipaclient_fstore.py
index f41cd5f0..efefee96 100644
--- a/roles/ipaclient/library/ipaclient_fstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -56,9 +56,10 @@ from ansible.module_utils.ansible_ipa_client import (
paths, sysrestore
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
backup=dict(required=True),
),
)
@@ -73,5 +74,6 @@ def main():
module.exit_json(changed=False)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_get_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py
index 7ae7ffa7..305635fa 100644
--- a/roles/ipaclient/library/ipaclient_get_facts.py
+++ b/roles/ipaclient/library/ipaclient_get_facts.py
@@ -49,6 +49,7 @@ def is_ntpd_configured():
except IOError:
return False
+
def is_dns_configured():
# dns is configured when /etc/named.conf contains the line
# dyndb "ipa" "/usr/lib64/bind/ldap.so" {
@@ -63,20 +64,24 @@ def is_dns_configured():
except IOError:
return False
+
def is_dogtag_configured(subsystem):
- # ca / kra is configured when the directory /var/lib/pki/pki-tomcat/[ca|kra]
- # exists
- available_subsystems = { 'ca', 'kra' }
+ # ca / kra is configured when the directory
+ # /var/lib/pki/pki-tomcat/[ca|kra] # exists
+ available_subsystems = {'ca', 'kra'}
assert subsystem in available_subsystems
return os.path.isdir(os.path.join(VAR_LIB_PKI_TOMCAT, subsystem))
+
def is_ca_configured():
return is_dogtag_configured('ca')
+
def is_kra_configured():
return is_dogtag_configured('kra')
+
def is_client_configured():
# IPA Client is configured when /etc/ipa/default.conf exists
# and /var/lib/ipa-client/sysrestore/sysrestore.state exists
@@ -84,12 +89,14 @@ def is_client_configured():
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
return (os.path.isfile(paths.IPA_DEFAULT_CONF) and fstore.has_files())
+
def is_server_configured():
# IPA server is configured when /etc/ipa/default.conf exists
# and /var/lib/ipa/sysrestore/sysrestore.state exists
return (os.path.isfile(paths.IPA_DEFAULT_CONF) and
os.path.isfile(SERVER_SYSRESTORE_STATE))
+
def get_ipa_conf():
# Extract basedn, realm and domain from /etc/ipa/default.conf
parser = RawConfigParser()
@@ -103,6 +110,7 @@ def get_ipa_conf():
domain=domain
)
+
def get_ipa_version():
try:
from ipapython import version
@@ -115,7 +123,8 @@ def get_ipa_version():
# 4.4.90.201610191151GITd852c00
# 4.4.90.dev201701071308+git2e43db1
# 4.6.90.pre2
- if part.startswith('dev') or part.startswith('pre') or 'GIT' in part:
+ if part.startswith('dev') or part.startswith('pre') or \
+ 'GIT' in part:
version_info.append(part)
else:
version_info.append(int(part))
@@ -128,9 +137,10 @@ def get_ipa_version():
version_info=version_info
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(),
+ argument_spec=dict(),
supports_check_mode=True
)
@@ -138,7 +148,7 @@ def main():
# check mode is supported
facts = dict(
- packages= dict(
+ packages=dict(
ipalib=HAS_IPALIB,
ipaserver=HAS_IPASERVER,
),
@@ -157,7 +167,7 @@ def main():
facts['configured']['client'] = True
facts['version'] = get_ipa_version()
- for key,value in six.iteritems(get_ipa_conf()):
+ for key, value in six.iteritems(get_ipa_conf()):
facts[key] = value
if HAS_IPASERVER:
@@ -173,5 +183,6 @@ def main():
ansible_facts=dict(ipa=facts)
)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_get_otp.py b/roles/ipaclient/library/ipaclient_get_otp.py
index 4014d234..da65e32c 100644
--- a/roles/ipaclient/library/ipaclient_get_otp.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -146,6 +146,7 @@ from ipapython.ipautil import run
if six.PY3:
unicode = str
+
def get_host_diff(ipa_host, module_host):
"""
Compares two dictionaries containing host attributes and builds a dict
@@ -171,7 +172,7 @@ def get_host_diff(ipa_host, module_host):
ipa_value = sorted(ipa_value)
module_value = sorted(module_value)
if ipa_value != module_value:
- data[key]=unicode(module_value)
+ data[key] = unicode(module_value)
return data
@@ -226,7 +227,7 @@ def ensure_host_present(module, api, ipahost):
# If we want to create a random password, and the host
# already has Keytab: true, then we need first to run
# ipa host-disable in order to remove OTP and keytab
- if module.params.get('random') and ipahost['has_keytab'] == True:
+ if module.params.get('random') and ipahost['has_keytab'] is True:
api.Command.host_disable(fqdn)
result = api.Command.host_mod(fqdn, **diffs)
@@ -289,14 +290,14 @@ def main():
"""
module = AnsibleModule(
argument_spec=dict(
- principal = dict(default='admin'),
- ccache = dict(required=False, type='path'),
- fqdn = dict(required=True),
- certificates = dict(required=False, type='list'),
- sshpubkey= dict(required=False),
- ipaddress = dict(required=False),
- random = dict(default=False, type='bool'),
- state = dict(default='present', choices=[ 'present', 'absent' ]),
+ principal=dict(default='admin'),
+ ccache=dict(required=False, type='path'),
+ fqdn=dict(required=True),
+ certificates=dict(required=False, type='list'),
+ sshpubkey=dict(required=False),
+ ipaddress=dict(required=False),
+ random=dict(default=False, type='bool'),
+ state=dict(default='present', choices=['present', 'absent']),
),
supports_check_mode=True,
)
@@ -307,7 +308,7 @@ def main():
state = module.params.get('state')
try:
- os.environ['KRB5CCNAME']=ccache
+ os.environ['KRB5CCNAME'] = ccache
cfg = dict(
context='ansible_module',
@@ -320,24 +321,24 @@ def main():
api.finalize()
api.Backend.rpcclient.connect()
- changed = False
try:
result = api.Command.host_show(fqdn, all=True)
host = result['result']
except errors.NotFound:
host = None
- if state in ['present','disabled']:
- changed = ensure_host_present(module, api, host)
+ if state in ['present', 'disabled']:
+ ensure_host_present(module, api, host)
elif state == 'absent':
- changed = ensure_host_absent(module, api, host)
+ ensure_host_absent(module, api, host)
except Exception as e:
module.fail_json(msg="ipaclient_get_otp module failed : %s" % str(e))
finally:
run([paths.KDESTROY], raiseonerr=False, env=os.environ)
- module.exit_json(changed=changed, host=host)
+ module.exit_json(changed=False, host=host)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_ipa_conf.py b/roles/ipaclient/library/ipaclient_ipa_conf.py
index b68798f8..a96aa32a 100644
--- a/roles/ipaclient/library/ipaclient_ipa_conf.py
+++ b/roles/ipaclient/library/ipaclient_ipa_conf.py
@@ -76,16 +76,17 @@ from ansible.module_utils.ansible_ipa_client import (
paths, sysrestore, configure_ipa_conf
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
domain=dict(required=True, default=None),
servers=dict(required=True, type='list', default=None),
realm=dict(required=True, default=None),
hostname=dict(required=True, default=None),
basedn=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -101,5 +102,6 @@ def main():
module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_join.py b/roles/ipaclient/library/ipaclient_join.py
index 6a8e6235..e103c37e 100644
--- a/roles/ipaclient/library/ipaclient_join.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -133,9 +133,10 @@ from ansible.module_utils.ansible_ipa_client import (
get_ca_cert, get_ca_certs, errors, run
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
domain=dict(required=True),
realm=dict(required=True),
@@ -151,7 +152,7 @@ def main():
kinit_attempts=dict(required=False, type='int', default=5),
debug=dict(required=False, type='bool'),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -224,7 +225,7 @@ def main():
join_args.append("-f")
if not os.path.exists(admin_keytab):
module.fail_json(
- msg="Keytab file could not be found: %s" % \
+ msg="Keytab file could not be found: %s" %
admin_keytab)
try:
kinit_keytab(principal,
@@ -298,7 +299,8 @@ def main():
# Fail for missing krb5.keytab on already joined host
if already_joined and not os.path.exists(paths.KRB5_KEYTAB):
- module.fail_json(msg="krb5.keytab missing! Retry with ipaclient_force_join=yes to generate a new one.")
+ module.fail_json(msg="krb5.keytab missing! Retry with "
+ "ipaclient_force_join=yes to generate a new one.")
if principal:
run([paths.KDESTROY], raiseonerr=False, env=env)
@@ -337,5 +339,6 @@ def main():
module.exit_json(changed=changed,
already_joined=already_joined)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_set_hostname.py b/roles/ipaclient/library/ipaclient_set_hostname.py
index 7b2c2df4..c7a7acb1 100644
--- a/roles/ipaclient/library/ipaclient_set_hostname.py
+++ b/roles/ipaclient/library/ipaclient_set_hostname.py
@@ -60,10 +60,10 @@ from ansible.module_utils.ansible_ipa_client import (
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
hostname=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
diff --git a/roles/ipaclient/library/ipaclient_setup_automount.py b/roles/ipaclient/library/ipaclient_setup_automount.py
index ca4e2d19..7320a9b5 100644
--- a/roles/ipaclient/library/ipaclient_setup_automount.py
+++ b/roles/ipaclient/library/ipaclient_setup_automount.py
@@ -61,17 +61,18 @@ from ansible.module_utils.ansible_ipa_client import (
options, configure_automount
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
sssd=dict(required=False, type='bool', default='yes'),
automount_location=dict(required=False, default=None),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
- #os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
+ # os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
module._ansible_debug = True
options.servers = module.params.get('servers')
@@ -85,5 +86,6 @@ def main():
module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_setup_firefox.py b/roles/ipaclient/library/ipaclient_setup_firefox.py
index 8f1fe2fa..e480116f 100644
--- a/roles/ipaclient/library/ipaclient_setup_firefox.py
+++ b/roles/ipaclient/library/ipaclient_setup_firefox.py
@@ -61,13 +61,14 @@ from ansible.module_utils.ansible_ipa_client import (
sysrestore, paths, options, configure_firefox
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
domain=dict(required=True),
firefox_dir=dict(required=False),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -80,5 +81,6 @@ def main():
module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_setup_krb5.py b/roles/ipaclient/library/ipaclient_setup_krb5.py
index 0422e72a..fc8b83f7 100644
--- a/roles/ipaclient/library/ipaclient_setup_krb5.py
+++ b/roles/ipaclient/library/ipaclient_setup_krb5.py
@@ -63,9 +63,10 @@ from ansible.module_utils.ansible_ipa_client import (
sysrestore, paths, configure_krb5_conf, logger
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
domain=dict(required=False, default=None),
servers=dict(required=False, type='list', default=None),
realm=dict(required=False, default=None),
@@ -75,9 +76,9 @@ def main():
client_domain=dict(required=False, default=None),
sssd=dict(required=False, type='bool', default=False),
force=dict(required=False, type='bool', default=False),
- #on_master=dict(required=False, type='bool', default=False),
+ # on_master=dict(required=False, type='bool', default=False),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -90,21 +91,21 @@ def main():
client_domain = module.params.get('client_domain')
sssd = module.params.get('sssd')
force = module.params.get('force')
- #on_master = module.params.get('on_master')
+ # on_master = module.params.get('on_master')
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
- #if options.on_master:
- # # If on master assume kerberos is already configured properly.
- # # Get the host TGT.
- # try:
- # kinit_keytab(host_principal, paths.KRB5_KEYTAB, CCACHE_FILE,
- # attempts=options.kinit_attempts)
- # os.environ['KRB5CCNAME'] = CCACHE_FILE
- # except gssapi.exceptions.GSSError as e:
- # logger.error("Failed to obtain host TGT: %s", e)
- # raise ScriptError(rval=CLIENT_INSTALL_ERROR)
- #else:
+ # if options.on_master:
+ # # If on master assume kerberos is already configured properly.
+ # # Get the host TGT.
+ # try:
+ # kinit_keytab(host_principal, paths.KRB5_KEYTAB, CCACHE_FILE,
+ # attempts=options.kinit_attempts)
+ # os.environ['KRB5CCNAME'] = CCACHE_FILE
+ # except gssapi.exceptions.GSSError as e:
+ # logger.error("Failed to obtain host TGT: %s", e)
+ # raise ScriptError(rval=CLIENT_INSTALL_ERROR)
+ # else:
# Configure krb5.conf
fstore.backup_file(paths.KRB5_CONF)
@@ -125,5 +126,6 @@ def main():
module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_setup_nis.py b/roles/ipaclient/library/ipaclient_setup_nis.py
index 054c4584..121b266e 100644
--- a/roles/ipaclient/library/ipaclient_setup_nis.py
+++ b/roles/ipaclient/library/ipaclient_setup_nis.py
@@ -61,13 +61,14 @@ from ansible.module_utils.ansible_ipa_client import (
options, sysrestore, paths, configure_nisdomain
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
domain=dict(required=True),
nisdomain=dict(required=False),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -77,7 +78,7 @@ def main():
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
argspec = inspect.getargspec(configure_nisdomain)
- if not "statestore" in argspec.args:
+ if "statestore" not in argspec.args:
# NUM_VERSION < 40500:
configure_nisdomain(options=options, domain=domain)
else:
@@ -86,5 +87,6 @@ def main():
module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_setup_nss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
index d20bc976..6f40a96c 100644
--- a/roles/ipaclient/library/ipaclient_setup_nss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -167,9 +167,10 @@ from ansible.module_utils.ansible_ipa_client import (
nosssd_files, configure_openldap_conf, hardcode_ldap_server
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
domain=dict(required=True),
realm=dict(required=True),
@@ -195,7 +196,7 @@ def main():
no_krb5_offline_passwords=dict(required=False, type='bool'),
no_dns_sshfp=dict(required=False, type='bool', default=False),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -251,7 +252,7 @@ def main():
api.Backend.rpcclient.connect()
try:
api.Backend.rpcclient.forward('ping')
- except errors.KerberosError as e:
+ except errors.KerberosError:
# Cannot connect to the server due to Kerberos error, trying with
# delegate=True
api.Backend.rpcclient.disconnect()
@@ -272,8 +273,8 @@ def main():
# Get CA certificates from the certificate store
try:
- ca_certs = get_certs_from_ldap(cli_server[0], cli_basedn, cli_realm,
- ca_enabled)
+ ca_certs = get_certs_from_ldap(cli_server[0], cli_basedn,
+ cli_realm, ca_enabled)
except errors.NoCertificateError:
if ca_enabled:
ca_subject = DN(('CN', 'Certificate Authority'), subject_base)
@@ -281,7 +282,8 @@ def main():
ca_subject = None
ca_certs = certstore.make_compat_ca_certs(ca_certs, cli_realm,
ca_subject)
- ca_certs_trust = [(c, n, certstore.key_policy_to_trust_flags(t, True, u))
+ ca_certs_trust = [(c, n,
+ certstore.key_policy_to_trust_flags(t, True, u))
for (c, n, t, u) in ca_certs]
if hasattr(paths, "KDC_CA_BUNDLE_PEM"):
@@ -303,12 +305,13 @@ def main():
for cert, nickname, trust_flags in ca_certs_trust:
try:
ipa_db.add_cert(cert, nickname, trust_flags)
- except CalledProcessError as e:
+ except CalledProcessError:
raise ScriptError(
"Failed to add %s to the IPA NSS database." % nickname,
rval=CLIENT_INSTALL_ERROR)
- # Add the CA certificates to the platform-dependant systemwide CA store
+ # Add the CA certificates to the platform-dependant systemwide CA
+ # store
tasks.insert_ca_certs_into_systemwide_ca_store(ca_certs)
if not options.on_master:
@@ -361,7 +364,8 @@ def main():
except Exception:
if not options.sssd:
logger.warning(
- "Failed to configure automatic startup of the %s daemon",
+ "Failed to configure automatic startup of the %s "
+ "daemon",
nscd.service_name)
logger.info(
"Caching of users/groups will not be "
@@ -434,15 +438,15 @@ def main():
sssd.enable()
except CalledProcessError as e:
logger.warning(
- "Failed to enable automatic startup of the SSSD daemon: "
- "%s", e)
+ "Failed to enable automatic startup of the SSSD "
+ "daemon: %s", e)
if not options.sssd:
tasks.modify_pam_to_use_krb5(statestore)
logger.info("Kerberos 5 enabled")
- # Update non-SSSD LDAP configuration after authconfig calls as it would
- # change its configuration otherways
+ # Update non-SSSD LDAP configuration after authconfig calls as it
+ # would change its configuration otherways
if not options.sssd:
for configurer in [configure_ldap_conf, configure_nslcd_conf]:
(retcode, conf, filenames) = configurer(
@@ -479,9 +483,9 @@ def main():
# Particulary, SSSD might take longer than 6-8 seconds.
while n < 10 and not found:
try:
- ipautil.run([paths.GETENT, "passwd", user])
+ ipautil.run([getent_cmd, "passwd", user])
found = True
- except Exception as e:
+ except Exception:
time.sleep(1)
n = n + 1
@@ -510,5 +514,6 @@ def main():
module.exit_json(changed=True,
ca_enabled_ra=ca_enabled)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_setup_ntp.py b/roles/ipaclient/library/ipaclient_setup_ntp.py
index 5400825c..83197b1a 100644
--- a/roles/ipaclient/library/ipaclient_setup_ntp.py
+++ b/roles/ipaclient/library/ipaclient_setup_ntp.py
@@ -91,23 +91,24 @@ from ansible.module_utils.ansible_ipa_client import (
timeconf
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
ntp_servers=dict(required=False, type='list', default=None),
ntp_pool=dict(required=False, default=None),
no_ntp=dict(required=False, type='bool', default=False),
# force_ntpd=dict(required=False, type='bool', default=False),
on_master=dict(required=False, type='bool', default=False),
- ### additional ###
+ # additional
servers=dict(required=False, type='list', default=None),
domain=dict(required=False, default=None),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
- #module._ansible_debug = True
+ # module._ansible_debug = True
options.ntp_servers = module.params.get('ntp_servers')
options.ntp_pool = module.params.get('ntp_pool')
options.no_ntp = module.params.get('no_ntp')
@@ -133,10 +134,11 @@ def main():
else:
synced_ntp = sync_time(options, fstore, statestore)
elif options.on_master:
- # If we're on master skipping the time sync here because it was done
- # in ipa-server-install
- logger.info("Skipping attempt to configure and synchronize time with"
- " chrony server as it has been already done on master.")
+ # If we're on master skipping the time sync here because it was
+ # done in ipa-server-install
+ logger.info(
+ "Skipping attempt to configure and synchronize time with"
+ " chrony server as it has been already done on master.")
else:
logger.info("Skipping chrony configuration")
@@ -144,7 +146,8 @@ def main():
ntp_srv_servers = []
if not options.on_master and options.conf_ntp:
# Attempt to sync time with IPA server.
- # If we're skipping NTP configuration, we also skip the time sync here.
+ # If we're skipping NTP configuration, we also skip the time sync
+ # here.
# We assume that NTP servers are discoverable through SRV records
# in the DNS.
# If that fails, we try to sync directly with IPA server,
@@ -166,7 +169,8 @@ def main():
break
if not synced_ntp and not options.ntp_servers:
- synced_ntp = timeconf.synconce_ntp(cli_server[0], options.debug)
+ synced_ntp = timeconf.synconce_ntp(cli_server[0],
+ options.debug)
if not synced_ntp:
module.warn(
"Unable to sync time with NTP "
diff --git a/roles/ipaclient/library/ipaclient_setup_ssh.py b/roles/ipaclient/library/ipaclient_setup_ssh.py
index 6c3cf4fd..214968a8 100644
--- a/roles/ipaclient/library/ipaclient_setup_ssh.py
+++ b/roles/ipaclient/library/ipaclient_setup_ssh.py
@@ -80,16 +80,17 @@ from ansible.module_utils.ansible_ipa_client import (
options, sysrestore, paths, configure_ssh_config, configure_sshd_config
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
no_ssh=dict(required=False, type='bool', default='no'),
ssh_trust_dns=dict(required=False, type='bool', default='no'),
no_sshd=dict(required=False, type='bool', default='no'),
sssd=dict(required=False, type='bool', default='no'),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -104,7 +105,7 @@ def main():
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
- #os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
+ # os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
changed = False
if options.conf_ssh:
@@ -117,5 +118,6 @@ def main():
module.exit_json(changed=changed)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_setup_sssd.py b/roles/ipaclient/library/ipaclient_setup_sssd.py
index 4d9d2416..87d5f03d 100644
--- a/roles/ipaclient/library/ipaclient_setup_sssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -120,9 +120,10 @@ from ansible.module_utils.ansible_ipa_client import (
options, sysrestore, paths, configure_sssd_conf, logger
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
domain=dict(required=True),
realm=dict(required=True),
@@ -139,10 +140,10 @@ def main():
preserve_sssd=dict(required=False, type='bool'),
no_krb5_offline_passwords=dict(required=False, type='bool'),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
- #ansible_log = AnsibleModuleLog(module, logger)
- #options.set_logger(ansible_log)
+ # ansible_log = AnsibleModuleLog(module, logger)
+ # options.set_logger(ansible_log)
module._ansible_debug = True
cli_server = module.params.get('servers')
@@ -178,5 +179,6 @@ def main():
module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_test.py b/roles/ipaclient/library/ipaclient_test.py
index cce9fe63..9e5db938 100644
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -215,6 +215,7 @@ from ansible.module_utils.ansible_ipa_client import (
IPA_PYTHON_VERSION
)
+
def get_cert_path(cert_path):
"""
If a CA certificate is passed in on the command line, use that.
@@ -231,6 +232,7 @@ def get_cert_path(cert_path):
return None
+
def is_client_configured():
"""
Check if ipa client is configured.
@@ -245,6 +247,7 @@ def is_client_configured():
os.path.isfile(os.path.join(paths.IPA_CLIENT_SYSRESTORE,
sysrestore.SYSRESTORE_STATEFILE)))
+
def get_ipa_conf():
"""
Return IPA configuration read from /etc/ipa/default.conf
@@ -265,10 +268,11 @@ def get_ipa_conf():
return result
+
def main():
module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
domain=dict(required=False, default=None),
servers=dict(required=False, type='list', default=None),
realm=dict(required=False, default=None),
@@ -286,13 +290,14 @@ def main():
ip_addresses=dict(required=False, type='list', default=None),
all_ip_addresses=dict(required=False, type='bool', default=False),
on_master=dict(required=False, type='bool', default=False),
- ### sssd ###
- enable_dns_updates=dict(required=False, type='bool', default=False),
+ # sssd
+ enable_dns_updates=dict(required=False, type='bool',
+ default=False),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
- #module._ansible_debug = True
+ # module._ansible_debug = True
options.domain_name = module.params.get('domain')
options.servers = module.params.get('servers')
options.realm_name = module.params.get('realm')
@@ -316,12 +321,13 @@ def main():
# servers
if options.domain_name is None and options.servers is not None:
if len(options.servers) > 0:
- options.domain_name = options.servers[0][options.servers[0].find(".")+1:]
+ options.domain_name = options.servers[0][
+ options.servers[0].find(".")+1:]
try:
self = options
- ### HostNameInstallInterface ###
+ # HostNameInstallInterface
if options.ip_addresses is not None:
for value in options.ip_addresses:
@@ -331,7 +337,7 @@ def main():
raise ValueError("invalid IP address {0}: {1}".format(
value, e))
- ### ServiceInstallInterface ###
+ # ServiceInstallInterface
if options.domain_name:
validate_domain_name(options.domain_name)
@@ -342,12 +348,12 @@ def main():
# NUM_VERSION >= 40690:
validate_domain_name(options.realm_name, entity="realm")
- ### ClientInstallInterface ###
+ # ClientInstallInterface
if options.kinit_attempts < 1:
raise ValueError("expects an integer greater than 0.")
- ### ClientInstallInterface.__init__ ###
+ # ClientInstallInterface.__init__
if self.servers and not self.domain_name:
raise RuntimeError(
@@ -372,18 +378,18 @@ def main():
if self.enable_dns_updates:
raise RuntimeError(
"--ip-address cannot be used together with"
- " --enable-dns-updates")
+ " --enable-dns-updates")
if self.all_ip_addresses:
raise RuntimeError(
"--ip-address cannot be used together with"
"--all-ip-addresses")
- ### SSSDInstallInterface ###
+ # SSSDInstallInterface
self.no_sssd = False
- ### ClientInstall ###
+ # ClientInstall
if options.ca_cert_files is not None:
for value in options.ca_cert_files:
@@ -396,18 +402,20 @@ def main():
if not os.path.isfile(value):
raise ValueError("'%s' is not a file" % value)
if not os.path.isabs(value):
- raise ValueError("'%s' is not an absolute file path" % value)
+ raise ValueError("'%s' is not an absolute file path" %
+ value)
try:
x509.load_certificate_from_file(value)
except Exception:
- raise ValueError("'%s' is not a valid certificate file" % value)
+ raise ValueError("'%s' is not a valid certificate file" %
+ value)
- #self.prompt_password = self.interactive
+ # self.prompt_password = self.interactive
self.no_ac = False
- ### ClientInstall.__init__ ###
+ # ClientInstall.__init__
if self.firefox_dir and not self.configure_firefox:
raise RuntimeError(
@@ -417,7 +425,7 @@ def main():
except (RuntimeError, ValueError) as e:
module.fail_json(msg=str(e))
- ### ipaclient.install.client.init ###
+ # ipaclient.install.client.init
# root_logger
options.debug = False
@@ -427,30 +435,31 @@ def main():
options.domain = None
options.server = options.servers
options.realm = options.realm_name
- #installer.primary = installer.fixed_primary
- #if installer.principal:
- # installer.password = installer.admin_password
- #else:
- # installer.password = installer.host_password
+ # installer.primary = installer.fixed_primary
+ # if installer.principal:
+ # installer.password = installer.admin_password
+ # else:
+ # installer.password = installer.host_password
installer.hostname = installer.host_name
options.conf_ntp = not options.no_ntp
- #installer.trust_sshfp = installer.ssh_trust_dns
- #installer.conf_ssh = not installer.no_ssh
- #installer.conf_sshd = not installer.no_sshd
- #installer.conf_sudo = not installer.no_sudo
- #installer.create_sshfp = not installer.no_dns_sshfp
+ # installer.trust_sshfp = installer.ssh_trust_dns
+ # installer.conf_ssh = not installer.no_ssh
+ # installer.conf_sshd = not installer.no_sshd
+ # installer.conf_sudo = not installer.no_sudo
+ # installer.create_sshfp = not installer.no_dns_sshfp
if installer.ca_cert_files:
installer.ca_cert_file = installer.ca_cert_files[-1]
else:
installer.ca_cert_file = None
- #installer.location = installer.automount_location
+ # installer.location = installer.automount_location
installer.dns_updates = installer.enable_dns_updates
- #installer.krb5_offline_passwords = not installer.no_krb5_offline_passwords
+ # installer.krb5_offline_passwords = \
+ # not installer.no_krb5_offline_passwords
installer.sssd = not installer.no_sssd
try:
- ### client ###
+ # client
# global variables
hostname = None
@@ -466,7 +475,7 @@ def main():
cli_basedn = None
# end of global variables
- ### client.install_check ###
+ # client.install_check
logger.info("This program will set up FreeIPA client.")
logger.info("Version %s", version.VERSION)
@@ -484,14 +493,14 @@ def main():
tasks.check_selinux_status()
- #if is_ipa_client_installed(fstore, on_master=options.on_master):
- # logger.error("IPA client is already configured on this system.")
- # logger.info(
- # "If you want to reinstall the IPA client, uninstall it first "
- # "using 'ipa-client-install --uninstall'.")
- # raise ScriptError(
- # "IPA client is already configured on this system.",
- # rval=CLIENT_ALREADY_CONFIGURED)
+ # if is_ipa_client_installed(fstore, on_master=options.on_master):
+ # logger.error("IPA client is already configured on this system.")
+ # logger.info(
+ # "If you want to reinstall the IPA client, uninstall it first "
+ # "using 'ipa-client-install --uninstall'.")
+ # raise ScriptError(
+ # "IPA client is already configured on this system.",
+ # rval=CLIENT_ALREADY_CONFIGURED)
if check_ldap_conf is not None:
check_ldap_conf()
@@ -509,16 +518,16 @@ def main():
pass
# password, principal and keytab are checked in tasks/install.yml
- #if options.unattended and (
- # options.password is None and
- # options.principal is None and
- # options.keytab is None and
- # options.prompt_password is False and
- # not options.on_master
- #):
- # raise ScriptError(
- # "One of password / principal / keytab is required.",
- # rval=CLIENT_INSTALL_ERROR)
+ # if options.unattended and (
+ # options.password is None and
+ # options.principal is None and
+ # options.keytab is None and
+ # options.prompt_password is False and
+ # not options.on_master
+ # ):
+ # raise ScriptError(
+ # "One of password / principal / keytab is required.",
+ # rval=CLIENT_INSTALL_ERROR)
if options.hostname:
hostname = options.hostname
@@ -549,17 +558,17 @@ def main():
# --no-sssd is not supported any more for rhel-based distros
if not tasks.is_nosssd_supported() and not options.sssd:
raise ScriptError(
- "Option '--no-sssd' is incompatible with the 'authselect' tool "
- "provided by this distribution for configuring system "
- "authentication resources",
+ "Option '--no-sssd' is incompatible with the 'authselect' "
+ "tool provided by this distribution for configuring "
+ "system authentication resources",
rval=CLIENT_INSTALL_ERROR)
# --noac is not supported any more for rhel-based distros
if not tasks.is_nosssd_supported() and options.no_ac:
raise ScriptError(
- "Option '--noac' is incompatible with the 'authselect' tool "
- "provided by this distribution for configuring system "
- "authentication resources",
+ "Option '--noac' is incompatible with the 'authselect' "
+ "tool provided by this distribution for configuring "
+ "system authentication resources",
rval=CLIENT_INSTALL_ERROR)
# when installing with '--no-sssd' option, check whether nss-ldap is
@@ -579,15 +588,15 @@ def main():
rval=CLIENT_INSTALL_ERROR)
# principal and keytab are checked in tasks/install.yml
- #if options.keytab and options.principal:
- # raise ScriptError(
- # "Options 'principal' and 'keytab' cannot be used together.",
- # rval=CLIENT_INSTALL_ERROR)
+ # if options.keytab and options.principal:
+ # raise ScriptError(
+ # "Options 'principal' and 'keytab' cannot be used together.",
+ # rval=CLIENT_INSTALL_ERROR)
# keytab and force_join are checked in tasks/install.yml
- #if options.keytab and options.force_join:
- # logger.warning("Option 'force-join' has no additional effect "
- # "when used with together with option 'keytab'.")
+ # if options.keytab and options.force_join:
+ # logger.warning("Option 'force-join' has no additional effect "
+ # "when used with together with option 'keytab'.")
# Added with freeipa-4.7.1 >>>
# Remove invalid keytab file
@@ -606,7 +615,8 @@ def main():
not options.ca_cert_file and
get_cert_path(options.ca_cert_file) == paths.IPA_CA_CRT
):
- logger.warning("Using existing certificate '%s'.", paths.IPA_CA_CRT)
+ logger.warning("Using existing certificate '%s'.",
+ paths.IPA_CA_CRT)
if not check_ip_addresses(options):
raise ScriptError(
@@ -625,9 +635,9 @@ def main():
)
if options.server and ret != 0:
- # There is no point to continue with installation as server list was
- # passed as a fixed list of server and thus we cannot discover any
- # better result
+ # There is no point to continue with installation as server list
+ # was passed as a fixed list of server and thus we cannot discover
+ # any better result
logger.error(
"Failed to verify that %s is an IPA Server.",
', '.join(options.server))
@@ -675,7 +685,8 @@ def main():
# logger.info(
# "DNS discovery failed to determine your DNS domain")
# cli_domain = user_input(
- # "Provide the domain name of your IPA server (ex: example.com)",
+ # "Provide the domain name of your IPA server "
+ # "(ex: example.com)",
# allow_empty=False)
# cli_domain_source = 'Provided interactively'
# logger.debug(
@@ -714,7 +725,7 @@ def main():
# ]
# cli_server_source = 'Provided interactively'
# logger.debug(
- # "will use interactively provided server: %s", cli_server[0])
+ # "will use interactively provided server: %s", cli_server[0])
ret = ds.search(
domain=cli_domain,
servers=cli_server,
@@ -722,8 +733,8 @@ def main():
ca_cert_path=get_cert_path(options.ca_cert_file))
else:
- # Only set dnsok to True if we were not passed in one or more servers
- # and if DNS discovery actually worked.
+ # Only set dnsok to True if we were not passed in one or more
+ # servers and if DNS discovery actually worked.
if not options.server:
(server, domain) = ds.check_domain(
ds.domain, set(), "Validating DNS Discovery")
@@ -793,29 +804,29 @@ def main():
logger.info("Discovery was successful!")
elif not options.unattended:
raise ScriptError("No interactive installation")
- # if not options.server:
- # logger.warning(
- # "The failure to use DNS to find your IPA "
- # "server indicates that your resolv.conf file is not properly "
- # "configured.")
- # logger.info(
- # "Autodiscovery of servers for failover cannot work "
- # "with this configuration.")
- # logger.info(
- # "If you proceed with the installation, services "
- # "will be configured to always access the discovered server for "
- # "all operations and will not fail over to other servers in case "
- # "of failure.")
- # if not user_input(
- # "Proceed with fixed values and no DNS discovery?", False):
- # raise ScriptError(rval=CLIENT_INSTALL_ERROR)
+ # if not options.server:
+ # logger.warning(
+ # "The failure to use DNS to find your IPA "
+ # "server indicates that your resolv.conf file is not properly "
+ # "configured.")
+ # logger.info(
+ # "Autodiscovery of servers for failover cannot work "
+ # "with this configuration.")
+ # logger.info(
+ # "If you proceed with the installation, services "
+ # "will be configured to always access the discovered server for "
+ # "all operations and will not fail over to other servers in case "
+ # "of failure.")
+ # if not user_input(
+ # "Proceed with fixed values and no DNS discovery?", False):
+ # raise ScriptError(rval=CLIENT_INSTALL_ERROR)
# Do not ask for time source
- #if options.conf_ntp:
- # if not options.on_master and not options.unattended and not (
- # options.ntp_servers or options.ntp_pool):
- # options.ntp_servers, options.ntp_pool = \
- # timeconf.get_time_source()
+ # if options.conf_ntp:
+ # if not options.on_master and not options.unattended and not (
+ # options.ntp_servers or options.ntp_pool):
+ # options.ntp_servers, options.ntp_pool = \
+ # timeconf.get_time_source()
cli_realm = ds.realm
cli_realm_source = ds.realm_source
@@ -823,11 +834,13 @@ def main():
if options.realm_name and options.realm_name != cli_realm:
logger.error(
- "The provided realm name [%s] does not match discovered one [%s]",
+ "The provided realm name [%s] does not match discovered "
+ "one [%s]",
options.realm_name, cli_realm)
logger.debug("(%s: %s)", cli_realm, cli_realm_source)
raise ScriptError(
- "The provided realm name [%s] does not match discovered one [%s]" % (options.realm_name, cli_realm),
+ "The provided realm name [%s] does not match discovered "
+ "one [%s]" % (options.realm_name, cli_realm),
rval=CLIENT_INSTALL_ERROR)
cli_basedn = ds.basedn
@@ -874,22 +887,22 @@ def main():
"installation may fail.")
break
- #logger.info()
- #if not options.unattended and not user_input(
- # "Continue to configure the system with these values?", False):
- # raise ScriptError(rval=CLIENT_INSTALL_ERROR)
+ # logger.info()
+ # if not options.unattended and not user_input(
+ # "Continue to configure the system with these values?", False):
+ # raise ScriptError(rval=CLIENT_INSTALL_ERROR)
except ScriptError as e:
module.fail_json(msg=str(e))
#########################################################################
- ### client._install ###
+ # client._install
# May not happen in here at this time
- #if not options.on_master:
- # # Try removing old principals from the keytab
- # purge_host_keytab(cli_realm)
+ # if not options.on_master:
+ # # Try removing old principals from the keytab
+ # purge_host_keytab(cli_realm)
# Check if ipa client is already configured
if is_client_configured():
@@ -922,5 +935,6 @@ def main():
client_already_configured=client_already_configured,
ipa_python_version=IPA_PYTHON_VERSION)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/library/ipaclient_test_keytab.py b/roles/ipaclient/library/ipaclient_test_keytab.py
index 5d63f5c7..0b6a565b 100644
--- a/roles/ipaclient/library/ipaclient_test_keytab.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -108,9 +108,10 @@ from ansible.module_utils.ansible_ipa_client import (
SECURE_PATH, paths, kinit_keytab, run, GSSError, configure_krb5_conf
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
servers=dict(required=True, type='list'),
domain=dict(required=True),
realm=dict(required=True),
@@ -118,7 +119,7 @@ def main():
kdc=dict(required=True),
kinit_attempts=dict(required=False, type='int', default=5),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -167,46 +168,46 @@ def main():
# Second try: Validate krb5 keytab with temporary krb5
# configuration
if not krb5_conf_ok:
- try:
- (krb_fd, krb_name) = tempfile.mkstemp()
- os.close(krb_fd)
- configure_krb5_conf(
- cli_realm=realm,
- cli_domain=domain,
- cli_server=servers,
- cli_kdc=kdc,
- dnsok=False,
- filename=krb_name,
- client_domain=client_domain,
- client_hostname=hostname,
- configure_sssd=sssd,
- force=False)
-
- try:
- kinit_keytab(host_principal, paths.KRB5_KEYTAB,
- paths.IPA_DNS_CCACHE,
- config=krb_name,
- attempts=kinit_attempts)
- krb5_keytab_ok = True
-
- # Test IPA
- env['KRB5_CONFIG'] = krb_name
- try:
- result = run(["/usr/bin/ipa", "ping"], raiseonerr=False,
- env=env)
- if result.returncode == 0:
- ping_test_ok = True
- except OSError:
- pass
-
- except GSSError:
- pass
-
- finally:
- try:
- os.remove(krb_name)
- except OSError:
- module.fail_json(msg="Could not remove %s" % krb_name)
+ try:
+ (krb_fd, krb_name) = tempfile.mkstemp()
+ os.close(krb_fd)
+ configure_krb5_conf(
+ cli_realm=realm,
+ cli_domain=domain,
+ cli_server=servers,
+ cli_kdc=kdc,
+ dnsok=False,
+ filename=krb_name,
+ client_domain=client_domain,
+ client_hostname=hostname,
+ configure_sssd=sssd,
+ force=False)
+
+ try:
+ kinit_keytab(host_principal, paths.KRB5_KEYTAB,
+ paths.IPA_DNS_CCACHE,
+ config=krb_name,
+ attempts=kinit_attempts)
+ krb5_keytab_ok = True
+
+ # Test IPA
+ env['KRB5_CONFIG'] = krb_name
+ try:
+ result = run(["/usr/bin/ipa", "ping"], raiseonerr=False,
+ env=env)
+ if result.returncode == 0:
+ ping_test_ok = True
+ except OSError:
+ pass
+
+ except GSSError:
+ pass
+
+ finally:
+ try:
+ os.remove(krb_name)
+ except OSError:
+ module.fail_json(msg="Could not remove %s" % krb_name)
module.exit_json(changed=False,
krb5_keytab_ok=krb5_keytab_ok,
@@ -214,5 +215,6 @@ def main():
ca_crt_exists=ca_crt_exists,
ping_test_ok=ping_test_ok)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/module_utils/ansible_ipa_client.py b/roles/ipaclient/module_utils/ansible_ipa_client.py
index d5f2b821..83f37538 100644
--- a/roles/ipaclient/module_utils/ansible_ipa_client.py
+++ b/roles/ipaclient/module_utils/ansible_ipa_client.py
@@ -26,11 +26,12 @@ from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 30201:
# See ipapython/version.py
- IPA_MAJOR,IPA_MINOR,IPA_RELEASE = [ int(x) for x in VERSION.split(".", 2) ]
+ IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else:
IPA_PYTHON_VERSION = NUM_VERSION
+
class installer_obj(object):
def __init__(self):
pass
@@ -38,20 +39,20 @@ class installer_obj(object):
def set_logger(self, logger):
self.logger = logger
- #def __getattribute__(self, attr):
+ # def __getattribute__(self, attr):
# value = super(installer_obj, self).__getattribute__(attr)
# if not attr.startswith("--") and not attr.endswith("--"):
# logger.debug(
# " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
# return value
- #def __getattr__(self, attr):
- # #logger.info(" --> ADDING missing installer.%s" % attr)
+ # def __getattr__(self, attr):
+ # # logger.info(" --> ADDING missing installer.%s" % attr)
# self.logger.warn(" --> ADDING missing installer.%s" % attr)
# setattr(self, attr, None)
# return getattr(self, attr)
- #def __setattr__(self, attr, value):
+ # def __setattr__(self, attr, value):
# logger.debug(" --> Setting installer.%s to %s" % (attr, repr(value)))
# return super(installer_obj, self).__setattr__(attr, value)
@@ -59,6 +60,7 @@ class installer_obj(object):
for name in self.__dict__:
yield self, name
+
# Initialize installer settings
installer = installer_obj()
# Create options
@@ -174,10 +176,13 @@ if NUM_VERSION >= 40400:
else:
get_ca_cert = None
get_ca_certs = ipa_client_install.get_ca_certs
- SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
+ SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:"
+ "/usr/bin:/usr/sbin")
- get_server_connection_interface = ipa_client_install.get_server_connection_interface
- configure_nsswitch_database = ipa_client_install.configure_nsswitch_database
+ get_server_connection_interface = \
+ ipa_client_install.get_server_connection_interface
+ configure_nsswitch_database = \
+ ipa_client_install.configure_nsswitch_database
disable_ra = ipa_client_install.disable_ra
client_dns = ipa_client_install.client_dns
configure_certmonger = ipa_client_install.configure_certmonger
@@ -250,7 +255,7 @@ def ansible_module_get_parsed_ip_addresses(ansible_module,
if ip_addresses is None:
return None
- ip_addrs = [ ]
+ ip_addrs = []
for ip in ip_addresses:
try:
ip_parsed = ipautil.CheckedIPAddress(ip)
diff --git a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
index edc19504..a11ce415 100644
--- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
+++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
@@ -78,16 +78,16 @@ if six.PY3:
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### server ###
+ argument_spec=dict(
+ # server
setup_kra=dict(required=True, type='bool'),
- ### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
installer_ccache=dict(required=True),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -96,14 +96,15 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_kra = ansible_module.params.get('setup_kra')
- ### additional ###
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ # additional
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
options._ccache = ansible_module.params.get('installer_ccache')
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
options._top_dir = ansible_module.params.get('_top_dir')
# init #
@@ -115,10 +116,10 @@ def main():
env = gen_env_boostrap_finalize_core(paths.ETC_IPA,
constants.DEFAULT_CONFIG)
api_bootstrap_finalize(env)
- #config = gen_ReplicaConfig()
+ # config = gen_ReplicaConfig()
remote_api = gen_remote_api(config_master_host_name, paths.ETC_IPA)
- #installer._remote_api = remote_api
+ # installer._remote_api = remote_api
conn = remote_api.Backend.ldap2
ccache = os.environ['KRB5CCNAME']
@@ -141,5 +142,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
index 076acc77..684691cb 100644
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -141,10 +141,11 @@ from ansible.module_utils.ansible_ipa_replica import (
gen_ReplicaConfig, gen_remote_api, create_ipa_conf
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=False, no_log=True),
password=dict(required=False, no_log=True),
ip_addresses=dict(required=False, type='list', default=[]),
@@ -153,33 +154,33 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
- ### client ###
+ # client
force_join=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
server=dict(required=True),
config_master_host_name=dict(required=True),
config_ca_host_name=dict(required=True),
ccache=dict(required=True),
installer_ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
- _top_dir = dict(required=True),
- _add_to_ipaservers = dict(required=True, type='bool'),
+ _top_dir=dict(required=True),
+ _add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
master=dict(required=False, default=None),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -198,16 +199,16 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.no_host_dns = ansible_module.params.get('no_host_dns')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
- ### ssl certificate ###
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- ### client ###
+ # client
options.force_join = ansible_module.params.get('force_join')
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
@@ -215,15 +216,15 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options.ca_subject = ansible_module.params.get('ca_subject')
- ### additional ###
- #options._host_name_overridden = ansible_module.params.get(
- # '_hostname_overridden')
+ # additional
+ # options._host_name_overridden = ansible_module.params.get(
+ # '_hostname_overridden')
options.server = ansible_module.params.get('server')
master_host_name = ansible_module.params.get('config_master_host_name')
ca_host_name = ansible_module.params.get('config_ca_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
@@ -231,7 +232,8 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options._top_dir = ansible_module.params.get('_top_dir')
- options._add_to_ipaservers = ansible_module.params.get('_add_to_ipaservers')
+ options._add_to_ipaservers = ansible_module.params.get(
+ '_add_to_ipaservers')
options._ca_subject = ansible_module.params.get('_ca_subject')
options._subject_base = ansible_module.params.get('_subject_base')
@@ -277,5 +279,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
index 4701ec65..1902a74c 100644
--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -96,29 +96,30 @@ from ansible.module_utils.ansible_ipa_replica import (
gen_ReplicaConfig, gen_remote_api, redirect_stdout, custodiainstance
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
config_setup_ca=dict(required=True, type='bool'),
config_master_host_name=dict(required=True),
config_ca_host_name=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -127,20 +128,20 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
kra_enabled = ansible_module.params.get('_kra_enabled')
kra_host_name = ansible_module.params.get('_kra_host_name')
@@ -198,5 +199,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 1651335b..8f3fc759 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -50,36 +50,37 @@ RETURN = '''
import os
from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.ansible_ipa_replica import (
+from ansible.module_utils.ansible_ipa_replica import (
AnsibleModuleLog, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout,
replica_ds_init_info, dsinstance, upgradeinstance, installutils
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
dirsrv_config_file=dict(required=False),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _dirsrv_pkcs12_info = dict(required=False),
- _pkinit_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _dirsrv_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
ds_ca_subject=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -88,24 +89,27 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
- ### certificate system ###
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
- installer._dirsrv_pkcs12_info = ansible_module.params.get('_dirsrv_pkcs12_info')
- installer._pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
+ installer._dirsrv_pkcs12_info = ansible_module.params.get(
+ '_dirsrv_pkcs12_info')
+ installer._pkinit_pkcs12_info = ansible_module.params.get(
+ '_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
dirman_password = ansible_module.params.get('dirman_password')
ds_ca_subject = ansible_module.params.get('ds_ca_subject')
@@ -146,8 +150,8 @@ def main():
# Apply any LDAP updates. Needs to be done after the replica is
# synced-up
- #service.print_msg("Applying LDAP updates")
- #ds.apply_updates()
+ # service.print_msg("Applying LDAP updates")
+ # ds.apply_updates()
schema_files = dsinstance.get_all_external_schema_files(
paths.EXTERNAL_SCHEMA_DIR)
data_upgrade = upgradeinstance.IPAUpgrade(ds.realm,
@@ -164,5 +168,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index 1a265085..44b28563 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -96,28 +96,29 @@ from ansible.module_utils.ansible_ipa_replica import (
replica_ds_init_info
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
dirsrv_config_file=dict(required=False),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _dirsrv_pkcs12_info = dict(required=False),
- _pkinit_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _dirsrv_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
ds_ca_subject=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -126,24 +127,27 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
- ### certificate system ###
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
- options._dirsrv_pkcs12_info = ansible_module.params.get('_dirsrv_pkcs12_info')
- options._pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
+ options._dirsrv_pkcs12_info = ansible_module.params.get(
+ '_dirsrv_pkcs12_info')
+ options._pkinit_pkcs12_info = ansible_module.params.get(
+ '_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
dirman_password = ansible_module.params.get('dirman_password')
ds_ca_subject = ansible_module.params.get('ds_ca_subject')
@@ -163,7 +167,7 @@ def main():
config.subject_base = options.subject_base
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
- #installer._remote_api = remote_api
+ # installer._remote_api = remote_api
conn = remote_api.Backend.ldap2
ccache = os.environ['KRB5CCNAME']
@@ -190,5 +194,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py
index 82ae2e6e..846880e0 100644
--- a/roles/ipareplica/library/ipareplica_enable_ipa.py
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -75,22 +75,23 @@ from ansible.module_utils.ansible_ipa_replica import (
find_providing_servers, services
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
hostname=dict(required=False),
hidden_replica=dict(required=False, type='bool', default=False),
- ### server ###
- ### certificate system ###
+ # server
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
ccache=dict(required=True),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
setup_ca=dict(required=True, type='bool'),
setup_kra=dict(required=True, type='bool'),
config_master_host_name=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -101,18 +102,19 @@ def main():
options = installer
options.host_name = ansible_module.params.get('hostname')
options.hidden_replica = ansible_module.params.get('hidden_replica')
- ### server ###
- ### certificate system ###
+ # server
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
options._top_dir = ansible_module.params.get('_top_dir')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
# init #
@@ -159,5 +161,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py
index 89128608..7ea3228e 100644
--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -109,10 +109,11 @@ from ansible.module_utils.ansible_ipa_replica import (
install_ca_cert
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=False, no_log=True),
password=dict(required=False, no_log=True),
ip_addresses=dict(required=False, type='list', default=[]),
@@ -121,23 +122,23 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
- ### client ###
+ # client
force_join=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
server=dict(required=True),
ccache=dict(required=True),
installer_ccache=dict(required=True),
- _top_dir = dict(required=True),
- _add_to_ipaservers = dict(required=True, type='bool'),
+ _top_dir=dict(required=True),
+ _add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
dirman_password=dict(required=True, no_log=True),
@@ -146,7 +147,7 @@ def main():
config_ca_host_name=dict(required=True),
config_ips=dict(required=False, type='list', default=[]),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -155,7 +156,7 @@ def main():
# get parameters #
options = installer
- ### basic ###
+ # basic
options.dm_password = ansible_module.params.get('dm_password')
options.password = options.dm_password
options.admin_password = ansible_module.params.get('password')
@@ -166,16 +167,16 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.no_host_dns = ansible_module.params.get('no_host_dns')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
- ### ssl certificate ###
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- ### client ###
+ # client
options.force_join = ansible_module.params.get('force_join')
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
@@ -183,22 +184,24 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options.ca_subject = ansible_module.params.get('ca_subject')
- ### additional ###
+ # additional
options.server = ansible_module.params.get('server')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
installer._ccache = ansible_module.params.get('installer_ccache')
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options._top_dir = ansible_module.params.get('_top_dir')
- options._add_to_ipaservers = ansible_module.params.get('_add_to_ipaservers')
+ options._add_to_ipaservers = ansible_module.params.get(
+ '_add_to_ipaservers')
options._ca_subject = ansible_module.params.get('_ca_subject')
options._subject_base = ansible_module.params.get('_subject_base')
dirman_password = ansible_module.params.get('dirman_password')
config_setup_ca = ansible_module.params.get('config_setup_ca')
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
config_ca_host_name = ansible_module.params.get('config_ca_host_name')
config_ips = ansible_module_get_parsed_ip_addresses(ansible_module,
"config_ips")
@@ -242,7 +245,8 @@ def main():
ansible_log.debug("-- INSTALL_CA_CERT --")
# Update and istall updated CA file
- cafile = install_ca_cert(conn, api.env.basedn, api.env.realm, cafile)
+ cafile = install_ca_cert(conn, api.env.basedn, api.env.realm,
+ cafile)
install_ca_cert(conn, api.env.basedn, api.env.realm, cafile,
destfile=paths.KDC_CA_BUNDLE_PEM)
install_ca_cert(conn, api.env.basedn, api.env.realm, cafile,
@@ -259,5 +263,6 @@ def main():
config_master_host_name=config.master_host_name,
config_ca_host_name=config.ca_host_name)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 6df27457..2217bb0f 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -56,25 +56,26 @@ from ansible.module_utils.ansible_ipa_replica import (
gen_ReplicaConfig, gen_remote_api, api, krbinstance, redirect_stdout
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _pkinit_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _pkinit_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -83,21 +84,22 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
- options._pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
+ options._pkinit_pkcs12_info = ansible_module.params.get(
+ '_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
dirman_password = ansible_module.params.get('dirman_password')
@@ -116,7 +118,7 @@ def main():
config.dirman_password = dirman_password
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
- #installer._remote_api = remote_api
+ # installer._remote_api = remote_api
conn = remote_api.Backend.ldap2
ccache = os.environ['KRB5CCNAME']
@@ -145,5 +147,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py
index 7f3a2d5f..65738574 100644
--- a/roles/ipareplica/library/ipareplica_master_password.py
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -56,13 +56,14 @@ from ansible.module_utils.ansible_ipa_replica import (
ipa_generate_password
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
- #basic
+ argument_spec=dict(
+ # basic
master_password=dict(required=False, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -75,5 +76,6 @@ def main():
module.exit_json(changed=True,
password=master_password)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 7393d9fe..9ef4279a 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -157,8 +157,8 @@ if six.PY3:
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=False, no_log=True),
password=dict(required=False, no_log=True),
ip_addresses=dict(required=False, type='list', default=[]),
@@ -168,12 +168,12 @@ def main():
principal=dict(required=True),
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
dirsrv_cert_name=dict(required=False),
dirsrv_pin=dict(required=False),
@@ -183,7 +183,7 @@ def main():
pkinit_cert_files=dict(required=False, type='list', default=[]),
pkinit_cert_name=dict(required=False),
pkinit_pin=dict(required=False),
- ### client ###
+ # client
keytab=dict(required=False),
mkhomedir=dict(required=False, type='bool'),
force_join=dict(required=False, type='bool'),
@@ -192,11 +192,12 @@ def main():
no_ssh=dict(required=False, type='bool'),
no_sshd=dict(required=False, type='bool'),
no_dns_sshfp=dict(required=False, type='bool'),
- ### certificate system ###
- #subject_base=dict(required=False),
- ### dns ###
- allow_zone_overlap=dict(required=False, type='bool', default=False),
- reverse_zones=dict(required=False,type='list',default=[]),
+ # certificate system
+ # subject_base=dict(required=False),
+ # dns
+ allow_zone_overlap=dict(required=False, type='bool',
+ default=False),
+ reverse_zones=dict(required=False, type='list', default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
forwarders=dict(required=False, type='list', default=[]),
@@ -205,17 +206,17 @@ def main():
forward_policy=dict(default=None, choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
- ### ad trust ###
+ # ad trust
enable_compat=dict(required=False, type='bool', default=False),
netbios_name=dict(required=False),
rid_base=dict(required=False, type='int', default=1000),
secondary_rid_base=dict(required=False, type='int',
default=100000000),
- ### additional ###
+ # additional
server=dict(required=True),
skip_conncheck=dict(required=False, type='bool'),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -234,12 +235,12 @@ def main():
options.principal = ansible_module.params.get('principal')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.no_host_dns = ansible_module.params.get('no_host_dns')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
- ### ssl certificate ###
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
options.dirsrv_cert_name = ansible_module.params.get('dirsrv_cert_name')
options.dirsrv_pin = ansible_module.params.get('dirsrv_pin')
@@ -249,7 +250,7 @@ def main():
options.pkinit_cert_files = ansible_module.params.get('pkinit_cert_files')
options.pkinit_cert_name = ansible_module.params.get('pkinit_cert_name')
options.pkinit_pin = ansible_module.params.get('pkinit_pin')
- ### client ###
+ # client
options.keytab = ansible_module.params.get('keytab')
options.mkhomedir = ansible_module.params.get('mkhomedir')
options.force_join = ansible_module.params.get('force_join')
@@ -258,15 +259,17 @@ def main():
options.no_ssh = ansible_module.params.get('no_ssh')
options.no_sshd = ansible_module.params.get('no_sshd')
options.no_dns_sshfp = ansible_module.params.get('no_dns_sshfp')
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
- #options.subject_base = ansible_module.params.get('subject_base')
- #options.ca_subject = ansible_module.params.get('ca_subject')
- options.no_dnssec_validation = ansible_module.params.get('no_dnssec_validation')
- ### dns ###
- options.allow_zone_overlap = ansible_module.params.get('allow_zone_overlap')
+ # options.subject_base = ansible_module.params.get('subject_base')
+ # options.ca_subject = ansible_module.params.get('ca_subject')
+ options.no_dnssec_validation = ansible_module.params.get(
+ 'no_dnssec_validation')
+ # dns
+ options.allow_zone_overlap = ansible_module.params.get(
+ 'allow_zone_overlap')
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
@@ -276,15 +279,16 @@ def main():
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validationdnssec_validation')
- ### ad trust ###
+ # ad trust
options.enable_compat = ansible_module.params.get('enable_compat')
options.netbios_name = ansible_module.params.get('netbios_name')
options.rid_base = ansible_module.params.get('rid_base')
- options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')
+ options.secondary_rid_base = ansible_module.params.get(
+ 'secondary_rid_base')
- ### additional ###
- #options._host_name_overridden = ansible_module.params.get(
- # '_hostname_overridden')
+ # additional
+ # options._host_name_overridden = ansible_module.params.get(
+ # '_hostname_overridden')
options.server = ansible_module.params.get('server')
options.skip_conncheck = ansible_module.params.get('skip_conncheck')
@@ -301,15 +305,15 @@ def main():
ansible_log.debug("== PROMOTE CHECK ==")
- #ansible_log.debug("-- NO_NTP --") # already done in test
+ # ansible_log.debug("-- NO_NTP --") # already done in test
- ## check selinux status, http and DS ports, NTP conflicting services
- #common_check(options.no_ntp)
+ # check selinux status, http and DS ports, NTP conflicting services
+ # common_check(options.no_ntp)
installer._enrollment_performed = False
installer._top_dir = tempfile.mkdtemp("ipa")
- #with ipautil.private_ccache():
+ # with ipautil.private_ccache():
dir_path = tempfile.mkdtemp(prefix='krbcc')
os.environ['KRB5CCNAME'] = os.path.join(dir_path, 'ccache')
@@ -352,7 +356,7 @@ def main():
config.setup_kra = options.setup_kra
config.dir = installer._top_dir
config.basedn = api.env.basedn
- #config.hidden_replica = options.hidden_replica
+ # config.hidden_replica = options.hidden_replica
# load and check certificates #
@@ -371,8 +375,8 @@ def main():
if options.http_cert_files:
ansible_log.debug("-- HTTP_CERT_FILES --")
if options.http_pin is None:
- ansible_module.fail_json(msg=
- "Apache Server private key unlock password required")
+ ansible_module.fail_json(
+ msg="Apache Server private key unlock password required")
http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
cert_files=options.http_cert_files,
key_password=options.http_pin,
@@ -384,8 +388,8 @@ def main():
if options.dirsrv_cert_files:
ansible_log.debug("-- DIRSRV_CERT_FILES --")
if options.dirsrv_pin is None:
- ansible_module.fail_json(msg=
- "Directory Server private key unlock password required")
+ ansible_module.fail_json(
+ msg="Directory Server private key unlock password required")
dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
cert_files=options.dirsrv_cert_files,
key_password=options.dirsrv_pin,
@@ -397,8 +401,8 @@ def main():
if options.pkinit_cert_files:
ansible_log.debug("-- PKINIT_CERT_FILES --")
if options.pkinit_pin is None:
- ansible_module.fail_json(msg=
- "Kerberos KDC private key unlock password required")
+ ansible_module.fail_json(
+ msg="Kerberos KDC private key unlock password required")
pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
cert_files=options.pkinit_cert_files,
key_password=options.pkinit_pin,
@@ -483,8 +487,8 @@ def main():
check_domain_level_is_supported(domain_level)
if domain_level < constants.MIN_DOMAIN_LEVEL:
ansible_module.fail_json(
- msg=
- "Cannot promote this client to a replica. The domain level "
+ msg="Cannot promote this client to a replica. The domain "
+ "level "
"must be raised to {mindomainlevel} before the replica can be "
"installed".format(
mindomainlevel=constants.MIN_DOMAIN_LEVEL))
@@ -641,8 +645,10 @@ def main():
options.host_name = config.host_name
ca.install_check(False, config, options)
- ansible_log.debug(" ca.external_cert_file=%s" % repr(ca.external_cert_file))
- ansible_log.debug(" ca.external_ca_file=%s" % repr(ca.external_ca_file))
+ ansible_log.debug(" ca.external_cert_file=%s" %
+ repr(ca.external_cert_file))
+ ansible_log.debug(" ca.external_ca_file=%s" %
+ repr(ca.external_ca_file))
# TODO
# TODO
@@ -681,11 +687,11 @@ def main():
except errors.ACIError:
logger.debug("%s", traceback.format_exc())
ansible_module.fail_json(
- msg = ("\nInsufficient privileges to promote the server."
- "\nPossible issues:"
- "\n- A user has insufficient privileges"
- "\n- This client has insufficient privileges "
- "to become an IPA replica"))
+ msg=("\nInsufficient privileges to promote the server."
+ "\nPossible issues:"
+ "\n- A user has insufficient privileges"
+ "\n- This client has insufficient privileges "
+ "to become an IPA replica"))
except errors.LDAPError:
logger.debug("%s", traceback.format_exc())
ansible_module.fail_json(msg="\nUnable to connect to LDAP server %s" %
@@ -738,41 +744,42 @@ def main():
# done #
- ansible_module.exit_json(changed=True,
- ccache=ccache,
- installer_ccache=installer._ccache,
- subject_base=str(config.subject_base),
- forward_policy=options.forward_policy,
- _ca_enabled=ca_enabled,
- _ca_subject=str(options._ca_subject),
- _subject_base=str(options._subject_base) if options._subject_base is not None else None,
- _kra_enabled=kra_enabled,
- _ca_file=cafile,
- _top_dir=installer._top_dir,
- _add_to_ipaservers=add_to_ipaservers,
- _dirsrv_pkcs12_file=dirsrv_pkcs12_file,
- _dirsrv_pkcs12_info=dirsrv_pkcs12_info,
- _dirsrv_ca_cert=dirsrv_ca_cert,
- _http_pkcs12_file=http_pkcs12_file,
- _http_pkcs12_info=http_pkcs12_info,
- _http_ca_cert=http_ca_cert,
- _pkinit_pkcs12_file=pkinit_pkcs12_file,
- _pkinit_pkcs12_info=pkinit_pkcs12_info,
- _pkinit_ca_cert=pkinit_ca_cert,
- no_dnssec_validation=options.no_dnssec_validation,
- config_setup_ca=config.setup_ca,
- config_master_host_name=config.master_host_name,
- config_ca_host_name=config.ca_host_name,
- config_kra_host_name=config.kra_host_name,
- config_ips=[ str(ip) for ip in config.ips ],
- ### ad trust ###
- dns_ip_addresses=[ str(ip) for ip
- in dns.ip_addresses ],
- dns_reverse_zones=dns.reverse_zones,
- rid_base=options.rid_base,
- secondary_rid_base=options.secondary_rid_base,
- adtrust_netbios_name=adtrust.netbios_name,
- adtrust_reset_netbios_name=adtrust.reset_netbios_name)
+ ansible_module.exit_json(
+ changed=True,
+ ccache=ccache,
+ installer_ccache=installer._ccache,
+ subject_base=str(config.subject_base),
+ forward_policy=options.forward_policy,
+ _ca_enabled=ca_enabled,
+ _ca_subject=str(options._ca_subject),
+ _subject_base=str(options._subject_base) if options._subject_base
+ is not None else None,
+ _kra_enabled=kra_enabled,
+ _ca_file=cafile,
+ _top_dir=installer._top_dir,
+ _add_to_ipaservers=add_to_ipaservers,
+ _dirsrv_pkcs12_file=dirsrv_pkcs12_file,
+ _dirsrv_pkcs12_info=dirsrv_pkcs12_info,
+ _dirsrv_ca_cert=dirsrv_ca_cert,
+ _http_pkcs12_file=http_pkcs12_file,
+ _http_pkcs12_info=http_pkcs12_info,
+ _http_ca_cert=http_ca_cert,
+ _pkinit_pkcs12_file=pkinit_pkcs12_file,
+ _pkinit_pkcs12_info=pkinit_pkcs12_info,
+ _pkinit_ca_cert=pkinit_ca_cert,
+ no_dnssec_validation=options.no_dnssec_validation,
+ config_setup_ca=config.setup_ca,
+ config_master_host_name=config.master_host_name,
+ config_ca_host_name=config.ca_host_name,
+ config_kra_host_name=config.kra_host_name,
+ config_ips=[str(ip) for ip in config.ips],
+ # ad trust
+ dns_ip_addresses=[str(ip) for ip in dns.ip_addresses],
+ dns_reverse_zones=dns.reverse_zones,
+ rid_base=options.rid_base,
+ secondary_rid_base=options.secondary_rid_base,
+ adtrust_netbios_name=adtrust.netbios_name,
+ adtrust_reset_netbios_name=adtrust.reset_netbios_name)
if __name__ == '__main__':
diff --git a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
index 50adabc2..b16dacec 100644
--- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
+++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
@@ -69,25 +69,26 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, installer, DN, paths, # sysrestore,
+ AnsibleModuleLog, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_openldap_conf
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### server ###
+ argument_spec=dict(
+ # server
setup_kra=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
ccache=dict(required=True),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
config_setup_ca=dict(required=True, type='bool'),
config_master_host_name=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -96,19 +97,20 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_kra = ansible_module.params.get('setup_kra')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
options._top_dir = ansible_module.params.get('_top_dir')
config_setup_ca = ansible_module.params.get('config_setup_ca')
installer.setup_ca = config_setup_ca
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
# init #
@@ -136,5 +138,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_promote_sssd.py b/roles/ipareplica/library/ipareplica_promote_sssd.py
index f3fe67e5..f8be21d6 100644
--- a/roles/ipareplica/library/ipareplica_promote_sssd.py
+++ b/roles/ipareplica/library/ipareplica_promote_sssd.py
@@ -74,20 +74,21 @@ from ansible.module_utils.ansible_ipa_replica import (
gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_sssd
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### server ###
+ argument_spec=dict(
+ # server
setup_kra=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
ccache=dict(required=True),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
config_setup_ca=dict(required=True, type='bool'),
config_master_host_name=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -96,19 +97,20 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_kra = ansible_module.params.get('setup_kra')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
options._top_dir = ansible_module.params.get('_top_dir')
config_setup_ca = ansible_module.params.get('config_setup_ca')
installer.setup_ca = config_setup_ca
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
# init #
@@ -136,5 +138,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_restart_kdc.py b/roles/ipareplica/library/ipareplica_restart_kdc.py
index 56934184..67070985 100644
--- a/roles/ipareplica/library/ipareplica_restart_kdc.py
+++ b/roles/ipareplica/library/ipareplica_restart_kdc.py
@@ -57,24 +57,25 @@ from ansible.module_utils.ansible_ipa_replica import (
krbinstance
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
_ca_file=dict(required=False),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -83,15 +84,15 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
@@ -139,5 +140,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
index ec4fd58d..8380bc81 100644
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -74,27 +74,28 @@ from ansible.module_utils.ansible_ipa_replica import (
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### server ###
+ argument_spec=dict(
+ # server
setup_kra=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### ad trust ###
+ # ad trust
enable_compat=dict(required=False, type='bool', default=False),
rid_base=dict(required=False, type='int'),
secondary_rid_base=dict(required=False, type='int'),
- ### additional ###
+ # additional
adtrust_netbios_name=dict(required=True),
adtrust_reset_netbios_name=dict(required=True, type='bool'),
- ### additional ###
+ # additional
ccache=dict(required=True),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
setup_ca=dict(required=True),
config_master_host_name=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -103,24 +104,27 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_kra = ansible_module.params.get('setup_kra')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### ad trust ###
+ # ad trust
options.enable_compat = ansible_module.params.get('enable_compat')
options.rid_base = ansible_module.params.get('rid_base')
- options.secondary_rid_base = ansible_module.params.get('secondary_rid_base') ### additional ###
+ options.secondary_rid_base = ansible_module.params.get(
+ 'secondary_rid_base')
+ # additional
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
options._top_dir = ansible_module.params.get('_top_dir')
options.setup_ca = ansible_module.params.get('setup_ca')
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
- adtrust.reset_netbios_name = \
- ansible_module.params.get('adtrust_reset_netbios_name')
+ adtrust.reset_netbios_name = ansible_module.params.get(
+ 'adtrust_reset_netbios_name')
# init #
@@ -151,5 +155,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index b278deb2..8d34b7bc 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -118,26 +118,27 @@ from ansible.module_utils.ansible_ipa_replica import (
custodiainstance
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
pki_config_override=dict(required=False),
- #### server ###
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _dirsrv_pkcs12_info = dict(required=False),
- _pkinit_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _dirsrv_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
dirman_password=dict(required=True, no_log=True),
@@ -146,7 +147,7 @@ def main():
config_ca_host_name=dict(required=True),
config_ips=dict(required=False, type='list', default=[]),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -155,27 +156,29 @@ def main():
# get parameters #
options = installer
- ### basic ###
+ # basic
options.pki_config_override = ansible_module.params.get(
'pki_config_override')
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
kra_enabled = ansible_module.params.get('_kra_enabled')
kra_host_name = ansible_module.params.get('_kra_host_name')
- installer._dirsrv_pkcs12_info = ansible_module.params.get('_dirsrv_pkcs12_info')
- installer._pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
+ installer._dirsrv_pkcs12_info = ansible_module.params.get(
+ '_dirsrv_pkcs12_info')
+ installer._pkinit_pkcs12_info = ansible_module.params.get(
+ '_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
options._ca_subject = ansible_module.params.get('_ca_subject')
if options._ca_subject is not None:
@@ -185,7 +188,8 @@ def main():
options._subject_base = DN(options._subject_base)
dirman_password = ansible_module.params.get('dirman_password')
config_setup_ca = ansible_module.params.get('config_setup_ca')
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
config_ca_host_name = ansible_module.params.get('config_ca_host_name')
config_ips = ansible_module_get_parsed_ip_addresses(ansible_module,
"config_ips")
@@ -218,7 +222,7 @@ def main():
# There is a api.Backend.ldap2.connect call somewhere in ca, ds, dns or
# ntpinstance
api.Backend.ldap2.connect()
- #conn.connect(ccache=ccache)
+ # conn.connect(ccache=ccache)
ansible_log.debug("-- INSTALL CA --")
@@ -246,5 +250,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_certmonger.py b/roles/ipareplica/library/ipareplica_setup_certmonger.py
index 412c5bc8..b889d100 100644
--- a/roles/ipareplica/library/ipareplica_setup_certmonger.py
+++ b/roles/ipareplica/library/ipareplica_setup_certmonger.py
@@ -52,11 +52,12 @@ from ansible.module_utils.ansible_ipa_replica import (
AnsibleModuleLog, redirect_stdout, configure_certmonger
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -74,5 +75,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index cde1580e..55921092 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -95,28 +95,29 @@ from ansible.module_utils.ansible_ipa_replica import (
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _pkinit_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _pkinit_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -125,24 +126,25 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
kra_enabled = ansible_module.params.get('_kra_enabled')
kra_host_name = ansible_module.params.get('_kra_host_name')
- options._pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
+ options._pkinit_pkcs12_info = ansible_module.params.get(
+ '_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
dirman_password = ansible_module.params.get('dirman_password')
@@ -199,5 +201,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 67fe8c68..9d77e97f 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -78,29 +78,30 @@ from ansible.module_utils.ansible_ipa_replica import (
ansible_module_get_parsed_ip_addresses
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### server ###
+ argument_spec=dict(
+ # server
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### dns ###
+ # dns
zonemgr=dict(required=False),
forwarders=dict(required=False, type='list', default=[]),
forward_policy=dict(default=None, choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
- ### additional ###
+ # additional
dns_ip_addresses=dict(required=True, type='list'),
dns_reverse_zones=dict(required=True, type='list'),
ccache=dict(required=True),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
setup_ca=dict(required=True, type='bool'),
config_master_host_name=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -109,20 +110,20 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### dns ###
+ # dns
options.zonemgr = ansible_module.params.get('zonemgr')
options.forwarders = ansible_module.params.get('forwarders')
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validationdnssec_validation')
- ### additional ###
+ # additional
dns.ip_addresses = ansible_module_get_parsed_ip_addresses(
ansible_module, 'dns_ip_addresses')
dns.reverse_zones = ansible_module.params.get('dns_reverse_zones')
@@ -130,7 +131,8 @@ def main():
os.environ['KRB5CCNAME'] = ccache
options._top_dir = ansible_module.params.get('_top_dir')
options.setup_ca = ansible_module.params.get('setup_ca')
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
# init #
@@ -164,5 +166,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index a849c068..4f766f5b 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -146,10 +146,11 @@ from ansible.module_utils.ansible_ipa_replica import (
install_replica_ds, install_dns_records, ntpinstance, ScriptError
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=False, no_log=True),
password=dict(required=False, no_log=True),
ip_addresses=dict(required=False, type='list', default=[]),
@@ -158,27 +159,27 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool', default=False),
dirsrv_config_file=dict(required=False),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
- ### client ###
+ # client
force_join=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
server=dict(required=True),
ccache=dict(required=True),
installer_ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
- _dirsrv_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
- _add_to_ipaservers = dict(required=True, type='bool'),
+ _dirsrv_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
+ _add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
dirman_password=dict(required=True, no_log=True),
@@ -187,7 +188,7 @@ def main():
config_ca_host_name=dict(required=True),
config_ips=dict(required=False, type='list', default=[]),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -206,18 +207,19 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.no_host_dns = ansible_module.params.get('no_host_dns')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
- ### ssl certificate ###
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- ### client ###
+ # client
options.force_join = ansible_module.params.get('force_join')
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
@@ -225,14 +227,14 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options.ca_subject = ansible_module.params.get('ca_subject')
- ### additional ###
- #options._host_name_overridden = ansible_module.params.get(
- # '_hostname_overridden')
+ # additional
+ # options._host_name_overridden = ansible_module.params.get(
+ # '_hostname_overridden')
options.server = ansible_module.params.get('server')
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
@@ -242,14 +244,16 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options._top_dir = ansible_module.params.get('_top_dir')
- options._add_to_ipaservers = ansible_module.params.get('_add_to_ipaservers')
+ options._add_to_ipaservers = ansible_module.params.get(
+ '_add_to_ipaservers')
options._ca_subject = ansible_module.params.get('_ca_subject')
options._subject_base = ansible_module.params.get('_subject_base')
dirman_password = ansible_module.params.get('dirman_password')
config_setup_ca = ansible_module.params.get('config_setup_ca')
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
config_ca_host_name = ansible_module.params.get('config_ca_host_name')
config_ips = ansible_module_get_parsed_ip_addresses(ansible_module,
"config_ips")
@@ -345,5 +349,6 @@ def main():
ds_suffix=str(ds.suffix),
ds_ca_subject=str(ds.ca_subject))
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index b644239e..c5738e25 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -94,26 +94,27 @@ from ansible.module_utils.ansible_ipa_replica import (
install_http
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
config_master_host_name=dict(required=True),
config_ca_host_name=dict(required=True),
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _http_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _http_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -126,17 +127,17 @@ def main():
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
options.no_ui_redirect = ansible_module.params.get('no_ui_redirect')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ca_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
http_pkcs12_info = ansible_module.params.get('_http_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
@@ -157,12 +158,12 @@ def main():
config.subject_base = options.subject_base
config.dirman_password = dirman_password
config.setup_ca = options.setup_ca
- #config.master_host_name = master_host_name
+ # config.master_host_name = master_host_name
config.ca_host_name = ca_host_name
config.promote = installer.promote
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
- #installer._remote_api = remote_api
+ # installer._remote_api = remote_api
conn = remote_api.Backend.ldap2
ccache = os.environ['KRB5CCNAME']
@@ -227,5 +228,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index ee1ca6d2..ebeb6f91 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -93,10 +93,11 @@ from ansible.module_utils.ansible_ipa_replica import (
kra
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=False, no_log=True),
password=dict(required=False, no_log=True),
ip_addresses=dict(required=False, type='list', default=[]),
@@ -106,18 +107,18 @@ def main():
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
pki_config_override=dict(required=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
- ### client ###
+ # client
force_join=dict(required=False, type='bool'),
- ### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- ### additional ###
+ # additional
server=dict(required=True),
config_master_host_name=dict(required=True),
ccache=dict(required=True),
@@ -125,12 +126,12 @@ def main():
_ca_enabled=dict(required=False, type='bool'),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _top_dir = dict(required=True),
- _add_to_ipaservers = dict(required=True, type='bool'),
+ _top_dir=dict(required=True),
+ _add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -151,16 +152,16 @@ def main():
options.no_host_dns = ansible_module.params.get('no_host_dns')
options.pki_config_override = ansible_module.params.get(
'pki_config_override')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
- ### ssl certificate ###
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- ### client ###
+ # client
options.force_join = ansible_module.params.get('force_join')
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
@@ -168,7 +169,7 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options.ca_subject = ansible_module.params.get('ca_subject')
- ### dns ###
+ # dns
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
@@ -176,11 +177,11 @@ def main():
options.no_forwarders = ansible_module.params.get('no_forwarders')
options.auto_forwarders = ansible_module.params.get('auto_forwarders')
options.forward_policy = ansible_module.params.get('forward_policy')
- ### additional ###
+ # additional
options.server = ansible_module.params.get('server')
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
- #os.environ['KRB5CCNAME'] = ccache
+ # os.environ['KRB5CCNAME'] = ccache
os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
installer._ccache = ansible_module.params.get('installer_ccache')
ca_enabled = ansible_module.params.get('_ca_enabled')
@@ -191,7 +192,8 @@ def main():
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
options._top_dir = ansible_module.params.get('_top_dir')
- options._add_to_ipaservers = ansible_module.params.get('_add_to_ipaservers')
+ options._add_to_ipaservers = ansible_module.params.get(
+ '_add_to_ipaservers')
options._ca_subject = ansible_module.params.get('_ca_subject')
options._subject_base = ansible_module.params.get('_subject_base')
@@ -214,7 +216,7 @@ def main():
remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
installer._remote_api = remote_api
- ccache = os.environ['KRB5CCNAME']
+ # ccache = os.environ['KRB5CCNAME']
with redirect_stdout(ansible_log):
ansible_log.debug("-- INSTALL KRA --")
@@ -234,5 +236,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 5abb0f0b..01604738 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -78,26 +78,26 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
AnsibleModuleLog, installer, DN, paths, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
- gen_ReplicaConfig, # gen_remote_api,
- api, redirect_stdout, install_krb
+ gen_ReplicaConfig, api, redirect_stdout, install_krb
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
- _pkinit_pkcs12_info = dict(required=False),
- _top_dir = dict(required=True),
+ _pkinit_pkcs12_info=dict(required=False),
+ _top_dir=dict(required=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -106,19 +106,21 @@ def main():
# get parameters #
options = installer
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
- config_master_host_name = ansible_module.params.get('config_master_host_name')
+ # additional
+ config_master_host_name = ansible_module.params.get(
+ 'config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- installer._pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
+ installer._pkinit_pkcs12_info = ansible_module.params.get(
+ '_pkinit_pkcs12_info')
options._top_dir = ansible_module.params.get('_top_dir')
@@ -173,5 +175,6 @@ def main():
ansible_module.exit_json(changed=True,
config_master_host_name=config.master_host_name)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_setup_otpd.py b/roles/ipareplica/library/ipareplica_setup_otpd.py
index abf82717..d7a2212a 100644
--- a/roles/ipareplica/library/ipareplica_setup_otpd.py
+++ b/roles/ipareplica/library/ipareplica_setup_otpd.py
@@ -87,24 +87,25 @@ from ansible.module_utils.ansible_ipa_replica import (
ipautil
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- #### server ###
+ argument_spec=dict(
+ # server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
- #### certificate system ###
+ # certificate system
subject_base=dict(required=True),
- #### additional ###
+ # additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
_ca_file=dict(required=False),
- _top_dir = dict(required=True),
+ _top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -116,16 +117,16 @@ def main():
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### certificate system ###
+ # certificate system
options.subject_base = ansible_module.params.get('subject_base')
if options.subject_base is not None:
options.subject_base = DN(options.subject_base)
- ### additional ###
+ # additional
master_host_name = ansible_module.params.get('config_master_host_name')
ccache = ansible_module.params.get('ccache')
os.environ['KRB5CCNAME'] = ccache
- #os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
- #installer._ccache = ansible_module.params.get('installer_ccache')
+ # os.environ['KRB5CCNAME'] = ansible_module.params.get('installer_ccache')
+ # installer._ccache = ansible_module.params.get('installer_ccache')
options._top_dir = ansible_module.params.get('_top_dir')
dirman_password = ansible_module.params.get('dirman_password')
@@ -163,5 +164,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index 5c38c8ef..c747002b 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -56,12 +56,13 @@ from ansible.module_utils.ansible_ipa_replica import (
IPA_PYTHON_VERSION
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
- #dm_password=dict(required=False, no_log=True),
- #password=dict(required=False, no_log=True),
+ argument_spec=dict(
+ # basic
+ # dm_password=dict(required=False, no_log=True),
+ # password=dict(required=False, no_log=True),
ip_addresses=dict(required=False, type='list', default=[]),
domain=dict(required=False),
servers=dict(required=False, type='list', default=[]),
@@ -69,21 +70,21 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
hidden_replica=dict(required=False, type='bool', default=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool', default=False),
setup_kra=dict(required=False, type='bool', default=False),
setup_dns=dict(required=False, type='bool', default=False),
no_pkinit=dict(required=False, type='bool', default=False),
dirsrv_config_file=dict(required=False),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
http_cert_files=dict(required=False, type='list', default=[]),
pkinit_cert_files=dict(required=False, type='list', default=[]),
- ### client ###
+ # client
no_ntp=dict(required=False, type='bool', default=False),
ntp_servers=dict(required=False, type='list', default=[]),
ntp_pool=dict(required=False),
- ### dns ###
+ # dns
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
forwarders=dict(required=False, type='list', default=[]),
@@ -100,10 +101,10 @@ def main():
# get parameters #
- ### basic ###
- #options.dm_password = ansible_module.params.get('dm_password')
- ##options.password = ansible_module.params.get('password')
- #options.password = options.dm_password
+ # basic
+ # options.dm_password = ansible_module.params.get('dm_password')
+ # # options.password = ansible_module.params.get('password')
+ # options.password = options.dm_password
options.ip_addresses = ansible_module_get_parsed_ip_addresses(
ansible_module)
options.domain_name = ansible_module.params.get('domain')
@@ -112,21 +113,22 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.hidden_replica = ansible_module.params.get('hidden_replica')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
- ### ssl certificate ###
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
options.http_cert_files = ansible_module.params.get('http_cert_files')
options.pkinit_cert_files = ansible_module.params.get('pkinit_cert_files')
- ### client ###
+ # client
options.no_ntp = ansible_module.params.get('no_ntp')
options.ntp_servers = ansible_module.params.get('ntp_servers')
options.ntp_pool = ansible_module.params.get('ntp_pool')
- ### dns ###
+ # dns
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
options.forwarders = ansible_module.params.get('forwarders')
@@ -145,12 +147,12 @@ def main():
else:
installer.server = None
# TODO: Kills ipa-client-install
- #if installer.replica_file is None:
- # installer.password = installer.admin_password
- #else:
- # installer.password = installer.dm_password
+ # if installer.replica_file is None:
+ # installer.password = installer.admin_password
+ # else:
+ # installer.password = installer.dm_password
- #installer._ccache = os.environ.get('KRB5CCNAME')
+ # installer._ccache = os.environ.get('KRB5CCNAME')
# If not defined, set domain from server name
if installer.domain_name is None and installer.server is not None:
@@ -165,17 +167,17 @@ def main():
# version specific tests #
- #if options.setup_adtrust and not adtrust_imported:
- # #if "adtrust" not in options._allow_missing:
+ # if options.setup_adtrust and not adtrust_imported:
+ # # if "adtrust" not in options._allow_missing:
# ansible_module.fail_json(msg="adtrust can not be imported")
- # #else:
+ # # else:
# # options.setup_adtrust = False
# # ansible_module.warn(msg="adtrust is not supported, disabling")
- #if options.setup_kra and not kra_imported:
- # #if "kra" not in options._allow_missing:
+ # if options.setup_kra and not kra_imported:
+ # # if "kra" not in options._allow_missing:
# ansible_module.fail_json(msg="kra can not be imported")
- # #else:
+ # # else:
# # options.setup_kra = False
# # ansible_module.warn(msg="kra is not supported, disabling")
@@ -276,32 +278,38 @@ def main():
msg="You must specify at least one of --forwarder, "
"--auto-forwarders, or --no-forwarders options")
- if installer.dirsrv_config_file is not None and not os.path.exists(installer.dirsrv_config_file):
- ansible_module.fail_json(msg="File %s does not exist." % installer.dirsrv_config_file)
+ if installer.dirsrv_config_file is not None and \
+ not os.path.exists(installer.dirsrv_config_file):
+ ansible_module.fail_json(
+ msg="File %s does not exist." % installer.dirsrv_config_file)
if installer.ca_cert_files is not None:
if not isinstance(installer.ca_cert_files, list):
- ansible_module.fail_json(msg="Expected list, got {!r}".format(installer.ca_cert_files))
+ ansible_module.fail_json(
+ msg="Expected list, got {!r}".format(installer.ca_cert_files))
for cert in installer.ca_cert_files:
if not os.path.exists(cert):
ansible_module.fail_json(msg="'%s' does not exist" % cert)
if not os.path.isfile(cert):
ansible_module.fail_json(msg="'%s' is not a file" % cert)
if not os.path.isabs(cert):
- ansible_module.fail_json(msg="'%s' is not an absolute file path" % cert)
+ ansible_module.fail_json(
+ msg="'%s' is not an absolute file path" % cert)
try:
x509.load_certificate_from_file(cert)
except Exception:
- ansible_module.fail_json(msg="'%s' is not a valid certificate file" % cert)
+ ansible_module.fail_json(
+ msg="'%s' is not a valid certificate file" % cert)
if installer.ip_addresses is not None:
for value in installer.ip_addresses:
try:
ipautil.CheckedIPAddress(value)
except Exception as e:
- ansible_module.fail_json(msg="invalid IP address {0}: {1}".format(
- value, e))
+ ansible_module.fail_json(
+ msg="invalid IP address {0}: {1}".format(
+ value, e))
if installer.domain_name is not None:
validate_domain_name(installer.domain_name)
@@ -314,7 +322,7 @@ def main():
try:
with redirect_stdout(ansible_log):
common_check(options.no_ntp)
- except Exception as msg: #ScriptError as msg:
+ except Exception as msg: # ScriptError as msg:
_msg = str(msg)
if "server is already configured" in _msg:
ansible_module.exit_json(changed=False,
@@ -330,8 +338,8 @@ def main():
client_enrolled = client_fstore.has_files()
if not client_enrolled:
- ## One-step replica installation
- #if options.dm_password and options.password:
+ # # One-step replica installation
+ # if options.dm_password and options.password:
# ansible_module.fail_json(
# msg="--password and --admin-password options are "
# "mutually exclusive")
@@ -347,18 +355,19 @@ def main():
ansible_module.exit_json(
changed=False,
ipa_python_version=IPA_PYTHON_VERSION,
- ### basic ###
+ # basic
domain=options.domain_name,
realm=options.realm_name,
hostname=options.host_name,
- ### server ###
+ # server
setup_adtrust=options.setup_adtrust,
setup_kra=options.setup_kra,
server=options.server,
- ### additional ###
+ # additional
client_enrolled=client_enrolled,
change_master_for_certmonger=change_master_for_certmonger,
)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py
index b8aa1038..d6f6c272 100644
--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -33,7 +33,7 @@ from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 30201:
# See ipapython/version.py
- IPA_MAJOR,IPA_MINOR,IPA_RELEASE = [ int(x) for x in VERSION.split(".", 2) ]
+ IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else:
IPA_PYTHON_VERSION = NUM_VERSION
@@ -92,13 +92,13 @@ if NUM_VERSION >= 40600:
make_pkcs12_info, install_replica_ds, install_krb, install_ca_cert,
install_http, install_dns_records, create_ipa_conf, check_dirsrv,
check_dns_resolution, configure_certmonger, remove_replica_info_dir,
- #common_cleanup,
+ # common_cleanup,
preserve_enrollment_state, uninstall_client,
promote_sssd, promote_openldap_conf, rpc_client,
check_remote_fips_mode, check_remote_version, common_check,
current_domain_level, check_domain_level_is_supported,
- #enroll_dl0_replica,
- #ensure_enrolled,
+ # enroll_dl0_replica,
+ # ensure_enrolled,
promotion_check_ipa_domain
)
import SSSDConfig
@@ -124,11 +124,12 @@ else:
logger = logging.getLogger("ipa-server-install")
-#logger.setLevel(logging.DEBUG)
+# logger.setLevel(logging.DEBUG)
standard_logging_setup(
paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
filemode='a', console_format='%(message)s')
+
@contextlib_contextmanager
def redirect_stdout(f):
sys.stdout = f
@@ -158,7 +159,7 @@ class AnsibleModuleLog():
pass
def log(self, msg):
- #self.write(msg+"\n")
+ # self.write(msg+"\n")
self.write(msg)
def debug(self, msg):
@@ -169,7 +170,7 @@ class AnsibleModuleLog():
def write(self, msg):
self.module.debug(msg)
- #self.module.warn(msg)
+ # self.module.warn(msg)
class installer_obj(object):
@@ -191,34 +192,34 @@ class installer_obj(object):
# others
self._ccache = None
self.password = None
- self.reverse_zones = [ ]
- #def _is_promote(self):
- # return self.replica_file is None
- #self.skip_conncheck = False
+ self.reverse_zones = []
+ # def _is_promote(self):
+ # return self.replica_file is None
+ # self.skip_conncheck = False
self._replica_install = False
- #self.dnssec_master = False # future unknown
- #self.disable_dnssec_master = False # future unknown
- #self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
- #self.domain_level = self.domainlevel # deprecated
+ # self.dnssec_master = False # future unknown
+ # self.disable_dnssec_master = False # future unknown
+ # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
+ # self.domain_level = self.domainlevel # deprecated
self.interactive = False
self.unattended = not self.interactive
- #self.promote = self.replica_file is None
+ # self.promote = self.replica_file is None
self.promote = True
self.skip_schema_check = None
- #def __getattribute__(self, attr):
- # value = super(installer_obj, self).__getattribute__(attr)
- # if not attr.startswith("--") and not attr.endswith("--"):
- # logger.debug(
- # " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
- # return value
+ # def __getattribute__(self, attr):
+ # value = super(installer_obj, self).__getattribute__(attr)
+ # if not attr.startswith("--") and not attr.endswith("--"):
+ # logger.debug(
+ # " <-- Accessing installer.%s (%s)" % (attr, repr(value)))
+ # return value
def __getattr__(self, attr):
- logger.info(" --> ADDING missing installer.%s" % attr)
+ logger.info(" --> ADDING missing installer.%s", attr)
setattr(self, attr, None)
return getattr(self, attr)
- #def __setattr__(self, attr, value):
+ # def __setattr__(self, attr, value):
# logger.debug(" --> Setting installer.%s to %s" % (attr, repr(value)))
# return super(installer_obj, self).__setattr__(attr, value)
@@ -245,25 +246,10 @@ options.subject_base = None
options.ca_subject = None
-def api_Backend_ldap2(host_name, setup_ca, connect=False):
- # we are sure we have the configuration file ready.
- cfg = dict(context='installer', confdir=paths.ETC_IPA, in_server=True,
- host=host_name,
- )
- if setup_ca:
- # we have an IPA-integrated CA
- cfg['ca_host'] = host_name
-
- api.bootstrap(**cfg)
- api.finalize()
- if connect:
- api.Backend.ldap2.connect()
-
-
def gen_env_boostrap_finalize_core(etc_ipa, default_config):
env = Env()
- #env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
- #env._finalize_core(**dict(constants.DEFAULT_CONFIG))
+ # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
+ # env._finalize_core(**dict(constants.DEFAULT_CONFIG))
env._bootstrap(context='installer', confdir=etc_ipa, log=None)
env._finalize_core(**dict(default_config))
return env
@@ -286,26 +272,27 @@ def gen_ReplicaConfig():
def __init__(self, top_dir=None):
super(ExtendedReplicaConfig, self).__init__(top_dir)
- #def __getattribute__(self, attr):
+ # def __getattribute__(self, attr):
# value = super(ExtendedReplicaConfig, self).__getattribute__(attr)
- # if attr not in [ "__dict__", "knobs" ]:
- # logger.debug(" <== Accessing config.%s (%s)" % (attr, repr(value)))
+ # if attr not in ["__dict__", "knobs"]:
+ # logger.debug(" <== Accessing config.%s (%s)" %
+ # (attr, repr(value)))
# return value
def __getattr__(self, attr):
- logger.info(" ==> ADDING missing config.%s" % attr)
+ logger.info(" ==> ADDING missing config.%s", attr)
setattr(self, attr, None)
return getattr(self, attr)
- #def __setattr__(self, attr, value):
- # logger.debug(" ==> Setting config.%s to %s" % (attr, repr(value)))
- # return super(ExtendedReplicaConfig, self).__setattr__(attr, value)
+ # def __setattr__(self, attr, value):
+ # logger.debug(" ==> Setting config.%s to %s" % (attr, repr(value)))
+ # return super(ExtendedReplicaConfig, self).__setattr__(attr, value)
def knobs(self):
for name in self.__dict__:
yield self, name
- #config = ReplicaConfig()
+ # config = ReplicaConfig()
config = ExtendedReplicaConfig()
config.realm_name = api.env.realm
config.host_name = api.env.host
@@ -318,7 +305,7 @@ def gen_ReplicaConfig():
config.setup_kra = options.setup_kra
config.dir = options._top_dir
config.basedn = api.env.basedn
- #config.subject_base = options.subject_base
+ # config.subject_base = options.subject_base
return config
@@ -373,10 +360,10 @@ def replica_ds_init_info(ansible_log,
# during replica install, this gets invoked before local DS is
# available, so use the remote api.
- #if ca_is_configured:
- # ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
- #else:
- # ca_subject = installutils.default_ca_subject_dn(config.subject_base)
+ # if ca_is_configured:
+ # ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
+ # else:
+ # ca_subject = installutils.default_ca_subject_dn(config.subject_base)
ca_subject = ds_ca_subject
ds = dsinstance.DsInstance(
@@ -527,7 +514,7 @@ def replica_krb_init_info(ansible_log, fstore, realm_name, master_host_name,
def ansible_module_get_parsed_ip_addresses(ansible_module,
param='ip_addresses'):
- ip_addrs = [ ]
+ ip_addrs = []
for ip in ansible_module.params.get(param):
try:
ip_parsed = ipautil.CheckedIPAddress(ip)
@@ -539,7 +526,8 @@ def ansible_module_get_parsed_ip_addresses(ansible_module,
def gen_remote_api(master_host_name, etc_ipa):
ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
- xmlrpc_uri = 'https://{}/ipa/xml'.format(ipautil.format_netloc(master_host_name))
+ xmlrpc_uri = 'https://{}/ipa/xml'.format(
+ ipautil.format_netloc(master_host_name))
remote_api = create_api(mode=None)
remote_api.bootstrap(in_server=True,
context='installer',
diff --git a/roles/ipaserver/library/ipaserver_enable_ipa.py b/roles/ipaserver/library/ipaserver_enable_ipa.py
index a0aa9620..13f1b280 100644
--- a/roles/ipaserver/library/ipaserver_enable_ipa.py
+++ b/roles/ipaserver/library/ipaserver_enable_ipa.py
@@ -52,9 +52,10 @@ from ansible.module_utils.ansible_ipa_server import (
service, bindinstance, redirect_stdout, services
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
hostname=dict(required=False),
setup_dns=dict(required=True, type='bool'),
setup_ca=dict(required=True, type='bool'),
@@ -111,5 +112,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_load_cache.py b/roles/ipaserver/library/ipaserver_load_cache.py
index 00b5b5ff..c231e5f4 100644
--- a/roles/ipaserver/library/ipaserver_load_cache.py
+++ b/roles/ipaserver/library/ipaserver_load_cache.py
@@ -51,14 +51,14 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_server import (
- #AnsibleModuleLog,
options, paths, read_cache
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=True, no_log=True),
),
)
@@ -67,7 +67,7 @@ def main():
# set values ############################################################
- ### basic ###
+ # basic
options.dm_password = ansible_module.params.get('dm_password')
# restore cache #########################################################
@@ -85,7 +85,7 @@ def main():
ansible_module.fail_json(
msg="Cannot process the cache file: %s" % str(e))
- kwargs = { "changed": True }
+ kwargs = {"changed": True}
for name in options.__dict__:
kwargs[name] = options.__dict__[name]
ansible_module.exit_json(**kwargs)
@@ -94,5 +94,6 @@ def main():
ansible_module.exit_json(changed=False)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_master_password.py b/roles/ipaserver/library/ipaserver_master_password.py
index 1675b6cd..5a0f3c27 100644
--- a/roles/ipaserver/library/ipaserver_master_password.py
+++ b/roles/ipaserver/library/ipaserver_master_password.py
@@ -58,14 +58,15 @@ from ansible.module_utils.ansible_ipa_server import (
options, paths, read_cache, ipa_generate_password
)
+
def main():
module = AnsibleModule(
- argument_spec = dict(
- #basic
+ argument_spec=dict(
+ # basic
dm_password=dict(required=True, no_log=True),
master_password=dict(required=False, no_log=True),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
module._ansible_debug = True
@@ -88,5 +89,6 @@ def main():
module.exit_json(changed=True,
password=options.master_password)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py
index 649b2ca9..fa83a661 100644
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -86,10 +86,11 @@ from ansible.module_utils.ansible_ipa_server import (
services, logger, tasks, update_hosts_file, ScriptError
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
force=dict(required=False, type='bool', default=False),
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
@@ -99,21 +100,22 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool', default=False),
setup_kra=dict(required=False, type='bool', default=False),
setup_dns=dict(required=False, type='bool', default=False),
- ### ssl certificate ###
- ### client ###
- ### certificate system ###
+ # ssl certificate
+ # client
+ # certificate system
external_ca=dict(required=False, type='bool'),
external_ca_type=dict(required=False),
external_ca_profile=dict(required=False),
external_cert_files=dict(required=False, type='list', default=[]),
subject_base=dict(required=False),
ca_subject=dict(required=False),
- ### dns ###
- allow_zone_overlap=dict(required=False, type='bool', default=False),
+ # dns
+ allow_zone_overlap=dict(required=False, type='bool',
+ default=False),
reverse_zones=dict(required=False, type='list', default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
@@ -123,18 +125,18 @@ def main():
forward_policy=dict(default=None, choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
- ### ad trust ###
+ # ad trust
enable_compat=dict(required=False, type='bool', default=False),
netbios_name=dict(required=False),
rid_base=dict(required=False, type='int'),
secondary_rid_base=dict(required=False, type='int'),
- ### additional ###
+ # additional
setup_ca=dict(required=False, type='bool', default=False),
_hostname_overridden=dict(required=False, type='bool',
- default=False),
+ default=False),
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -152,16 +154,17 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.no_host_dns = ansible_module.params.get('no_host_dns')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
- #options.no_pkinit = ansible_module.params.get('no_pkinit')
- ### ssl certificate ###
- #options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- ### client ###
- #options.no_ntp = ansible_module.params.get('no_ntp')
- ### certificate system ###
+ # options.no_pkinit = ansible_module.params.get('no_pkinit')
+ # ssl certificate
+ # options.dirsrv_cert_files = ansible_module.params.get(
+ # 'dirsrv_cert_files')
+ # client
+ # options.no_ntp = ansible_module.params.get('no_ntp')
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_ca_type = ansible_module.params.get('external_ca_type')
options.external_ca_profile = ansible_module.params.get(
@@ -170,8 +173,9 @@ def main():
'external_cert_files')
options.subject_base = ansible_module.params.get('subject_base')
options.ca_subject = ansible_module.params.get('ca_subject')
- ### dns ###
- options.allow_zone_overlap = ansible_module.params.get('allow_zone_overlap')
+ # dns
+ options.allow_zone_overlap = ansible_module.params.get(
+ 'allow_zone_overlap')
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
@@ -181,10 +185,10 @@ def main():
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validation')
- ### ad trust ###
+ # ad trust
options.enable_compat = ansible_module.params.get('enable_compat')
options.netbios_name = ansible_module.params.get('netbios_name')
- ### additional ###
+ # additional
options.setup_ca = ansible_module.params.get('setup_ca')
options._host_name_overridden = ansible_module.params.get(
'_hostname_overridden')
@@ -227,9 +231,9 @@ def main():
fd.write("basedn=%s\n" % ipautil.realm_to_suffix(options.realm_name))
fd.write("realm=%s\n" % options.realm_name)
fd.write("domain=%s\n" % options.domain_name)
- fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % \
+ fd.write("xmlrpc_uri=https://%s/ipa/xml\n" %
ipautil.format_netloc(options.host_name))
- fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % \
+ fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" %
installutils.realm_to_serverid(options.realm_name))
if options.setup_ca:
fd.write("enable_ra=True\n")
@@ -256,11 +260,13 @@ def main():
if options.setup_dns:
with redirect_stdout(ansible_log):
- dns.install_check(False, api, False, options, options.host_name)
+ dns.install_check(False, api, False, options,
+ options.host_name)
ip_addresses = dns.ip_addresses
else:
ip_addresses = get_server_ip_address(options.host_name,
- not options.interactive, False,
+ not options.interactive,
+ False,
options.ip_addresses)
# check addresses here, dns module is doing own check
@@ -270,9 +276,9 @@ def main():
instance_name = "-".join(options.realm_name.split("."))
dirsrv = services.knownservices.dirsrv
- if (options.external_cert_files
- and dirsrv.is_installed(instance_name)
- and not dirsrv.is_running(instance_name)):
+ if options.external_cert_files \
+ and dirsrv.is_installed(instance_name) \
+ and not dirsrv.is_running(instance_name):
logger.debug('Starting Directory Server')
services.knownservices.dirsrv.start(instance_name)
@@ -301,25 +307,27 @@ def main():
ipautil.CalledProcessError) as e:
ansible_module.fail_json(msg=str(e))
- ansible_module.exit_json(changed=True,
- ### basic ###
- ip_addresses=[ str(ip) for ip in ip_addresses ],
- ### certificate system ###
- subject_base=options.subject_base,
- _subject_base=options._subject_base,
- ca_subject=options.ca_subject,
- _ca_subject=options._ca_subject,
- ### dns ###
- reverse_zones=options.reverse_zones,
- forward_policy=options.forward_policy,
- forwarders=options.forwarders,
- no_dnssec_validation=options.no_dnssec_validation,
- ### additional ###
- dns_ip_addresses=[ str(ip) for ip
- in dns.ip_addresses ],
- dns_reverse_zones=dns.reverse_zones,
- adtrust_netbios_name=adtrust.netbios_name,
- adtrust_reset_netbios_name=adtrust.reset_netbios_name)
+ ansible_module.exit_json(
+ changed=True,
+ # basic
+ ip_addresses=[str(ip) for ip in ip_addresses],
+ # certificate system
+ subject_base=options.subject_base,
+ _subject_base=options._subject_base,
+ ca_subject=options.ca_subject,
+ _ca_subject=options._ca_subject,
+ # dns
+ reverse_zones=options.reverse_zones,
+ forward_policy=options.forward_policy,
+ forwarders=options.forwarders,
+ no_dnssec_validation=options.no_dnssec_validation,
+ # additional
+ dns_ip_addresses=[str(ip) for ip
+ in dns.ip_addresses],
+ dns_reverse_zones=dns.reverse_zones,
+ adtrust_netbios_name=adtrust.netbios_name,
+ adtrust_reset_netbios_name=adtrust.reset_netbios_name)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_set_ds_password.py b/roles/ipaserver/library/ipaserver_set_ds_password.py
index c18be108..c2e6285b 100644
--- a/roles/ipaserver/library/ipaserver_set_ds_password.py
+++ b/roles/ipaserver/library/ipaserver_set_ds_password.py
@@ -55,14 +55,14 @@ from ansible.module_utils.ansible_ipa_server import (
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
domain=dict(required=True),
realm=dict(required=True),
hostname=dict(required=True),
- ### server ###
+ # server
setup_ca=dict(required=True, type='bool'),
idstart=dict(required=True, type='int'),
idmax=dict(required=True, type='int'),
@@ -70,13 +70,13 @@ def main():
no_pkinit=dict(required=False, type='bool', default=False),
dirsrv_config_file=dict(required=False),
_dirsrv_pkcs12_info=dict(required=False),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
subject_base=dict(required=False),
ca_subject=dict(required=False),
- ### certificate system ###
+ # certificate system
external_cert_files=dict(required=False, type='list', default=[]),
- ### additional ###
+ # additional
domainlevel=dict(required=False, type='int',
default=MAX_DOMAIN_LEVEL),
),
@@ -87,29 +87,30 @@ def main():
# set values ####################################################
- ### basic ###
+ # basic
options.dm_password = ansible_module.params.get('dm_password')
options.admin_password = ansible_module.params.get('password')
options.domain_name = ansible_module.params.get('domain')
options.realm_name = ansible_module.params.get('realm')
options.host_name = ansible_module.params.get('hostname')
- ### server ###
+ # server
options.setup_ca = ansible_module.params.get('setup_ca')
options.idstart = ansible_module.params.get('idstart')
options.idmax = ansible_module.params.get('idmax')
options.no_hbac_allow = ansible_module.params.get('no_hbac_allow')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
options._dirsrv_pkcs12_info = ansible_module.params.get(
'_dirsrv_pkcs12_info')
- ### ssl certificate ###
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
options.subject_base = ansible_module.params.get('subject_base')
options.ca_subject = ansible_module.params.get('ca_subject')
- ### certificate system ###
+ # certificate system
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
- ### additional ###
+ # additional
options.domainlevel = ansible_module.params.get('domainlevel')
options.domain_level = options.domainlevel
@@ -137,5 +138,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_adtrust.py b/roles/ipaserver/library/ipaserver_setup_adtrust.py
index 7c85d875..914e4f33 100644
--- a/roles/ipaserver/library/ipaserver_setup_adtrust.py
+++ b/roles/ipaserver/library/ipaserver_setup_adtrust.py
@@ -52,20 +52,21 @@ from ansible.module_utils.ansible_ipa_server import (
api_Backend_ldap2, redirect_stdout, adtrust, api
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
# basic
hostname=dict(required=False),
setup_ca=dict(required=False, type='bool', default=False),
setup_adtrust=dict(required=False, type='bool', default=False),
- ### ad trust ###
+ # ad trust
enable_compat=dict(required=False, type='bool', default=False),
rid_base=dict(required=False, type='int'),
secondary_rid_base=dict(required=False, type='int'),
- ### additional ###
+ # additional
adtrust_netbios_name=dict(required=True),
- adtrust_reset_netbios_name=dict(required=True, type='bool')
+ adtrust_reset_netbios_name=dict(required=True, type='bool'),
),
)
@@ -77,14 +78,15 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
- ### ad trust ###
+ # ad trust
options.enable_compat = ansible_module.params.get('enable_compat')
options.rid_base = ansible_module.params.get('rid_base')
- options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')
- ### additional ###
+ options.secondary_rid_base = ansible_module.params.get(
+ 'secondary_rid_base')
+ # additional
adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
- adtrust.reset_netbios_name = \
- ansible_module.params.get('adtrust_reset_netbios_name')
+ adtrust.reset_netbios_name = ansible_module.params.get(
+ 'adtrust_reset_netbios_name')
# init ##########################################################
@@ -101,5 +103,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index f13fb265..42f01d87 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -86,10 +86,11 @@ from ansible.module_utils.ansible_ipa_server import (
custodiainstance, write_cache, x509
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
master_password=dict(required=True, no_log=True),
@@ -99,7 +100,7 @@ def main():
hostname=dict(required=False),
no_host_dns=dict(required=False, type='bool', default=False),
pki_config_override=dict(required=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool', default=False),
setup_kra=dict(required=False, type='bool', default=False),
setup_dns=dict(required=False, type='bool', default=False),
@@ -111,21 +112,22 @@ def main():
dirsrv_config_file=dict(required=False),
dirsrv_cert_files=dict(required=False, type='list'),
_dirsrv_pkcs12_info=dict(required=False),
- ### certificate system ###
+ # certificate system
external_ca=dict(required=False, type='bool', default=False),
external_ca_type=dict(required=False),
external_ca_profile=dict(required=False),
- external_cert_files=dict(required=False, type='list', default=None),
+ external_cert_files=dict(required=False, type='list',
+ default=None),
subject_base=dict(required=False),
_subject_base=dict(required=False),
ca_subject=dict(required=False),
_ca_subject=dict(required=False),
ca_signing_algorithm=dict(required=False),
- ### dns ###
+ # dns
reverse_zones=dict(required=False, type='list', default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_forwarders=dict(required=False, type='bool', default=False),
- ### additional ###
+ # additional
domainlevel=dict(required=False, type='int'),
_http_ca_cert=dict(required=False),
),
@@ -136,7 +138,7 @@ def main():
# set values ############################################################
- ### basic ###
+ # basic
options.dm_password = ansible_module.params.get('dm_password')
options.admin_password = ansible_module.params.get('password')
options.master_password = ansible_module.params.get('master_password')
@@ -148,7 +150,7 @@ def main():
options.no_host_dns = ansible_module.params.get('no_host_dns')
options.pki_config_override = ansible_module.params.get(
'pki_config_override')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
@@ -157,11 +159,12 @@ def main():
options.idmax = ansible_module.params.get('idmax')
options.no_hbac_allow = ansible_module.params.get('no_hbac_allow')
options.no_pkinit = ansible_module.params.get('no_pkinit')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
options._dirsrv_pkcs12_info = ansible_module.params.get(
'_dirsrv_pkcs12_info')
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_ca_type = ansible_module.params.get('external_ca_type')
options.external_ca_profile = ansible_module.params.get(
@@ -174,14 +177,15 @@ def main():
options._ca_subject = ansible_module.params.get('_ca_subject')
options.ca_signing_algorithm = ansible_module.params.get(
'ca_signing_algorithm')
- ### dns ###
+ # dns
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_forwarders = ansible_module.params.get('auto_forwarders')
- ### additional ###
+ # additional
options.domainlevel = ansible_module.params.get('domainlevel')
options._http_ca_cert = ansible_module.params.get('_http_ca_cert')
- #options._update_hosts_file = ansible_module.params.get('update_hosts_file')
+ # tions._update_hosts_file = ansible_module.params.get(
+ # 'update_hosts_file')
# init #################################################################
@@ -265,5 +269,6 @@ def main():
ansible_module.exit_json(changed=True,
csr_generated=False)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_custodia.py b/roles/ipaserver/library/ipaserver_setup_custodia.py
index 2f6392c1..48074ccf 100644
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -50,15 +50,16 @@ RETURN = '''
'''
from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.ansible_ipa_server import (
- AnsibleModuleLog, options, # sysrestore, paths,
+from ansible.module_utils.ansible_ipa_server import (
+ AnsibleModuleLog, options,
api_Backend_ldap2,
custodiainstance, redirect_stdout
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
# basic
realm=dict(required=True),
hostname=dict(required=False),
@@ -99,5 +100,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_dns.py b/roles/ipaserver/library/ipaserver_setup_dns.py
index e4f1d365..d61f3b78 100644
--- a/roles/ipaserver/library/ipaserver_setup_dns.py
+++ b/roles/ipaserver/library/ipaserver_setup_dns.py
@@ -60,24 +60,25 @@ from ansible.module_utils.ansible_ipa_server import (
redirect_stdout, bindinstance
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
ip_addresses=dict(required=False, type='list', default=[]),
domain=dict(required=True),
realm=dict(required=True),
hostname=dict(required=True),
- ### server ###
+ # server
setup_dns=dict(required=True, type='bool'),
setup_ca=dict(required=True, type='bool'),
- ### dns ###
+ # dns
zonemgr=dict(required=False),
forwarders=dict(required=True, type='list'),
forward_policy=dict(default='first', choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
- ### additional ###
+ # additional
dns_ip_addresses=dict(required=True, type='list'),
dns_reverse_zones=dict(required=True, type='list'),
),
@@ -88,22 +89,22 @@ def main():
# set values ############################################################
- ### basic ###
+ # basic
options.ip_addresses = ansible_module_get_parsed_ip_addresses(
ansible_module)
options.domain_name = ansible_module.params.get('domain')
options.realm_name = ansible_module.params.get('realm')
options.host_name = ansible_module.params.get('hostname')
- ### server ###
+ # server
options.setup_dns = ansible_module.params.get('setup_dns')
options.setup_ca = ansible_module.params.get('setup_ca')
- ### dns ###
+ # dns
options.zonemgr = ansible_module.params.get('zonemgr')
options.forwarders = ansible_module.params.get('forwarders')
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validation')
- ### additional ###
+ # additional
dns.ip_addresses = ansible_module_get_parsed_ip_addresses(
ansible_module, 'dns_ip_addresses')
dns.reverse_zones = ansible_module.params.get('dns_reverse_zones')
@@ -134,5 +135,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_ds.py b/roles/ipaserver/library/ipaserver_setup_ds.py
index 0e27a49a..8d3b2442 100644
--- a/roles/ipaserver/library/ipaserver_setup_ds.py
+++ b/roles/ipaserver/library/ipaserver_setup_ds.py
@@ -65,30 +65,31 @@ from ansible.module_utils.ansible_ipa_server import (
dsinstance, ntpinstance, IPAAPI_USER
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
domain=dict(required=True),
realm=dict(required=True),
hostname=dict(required=False),
- ### server ###
+ # server
idstart=dict(required=True, type='int'),
idmax=dict(required=True, type='int'),
no_hbac_allow=dict(required=False, type='bool', default=False),
no_pkinit=dict(required=False, type='bool', default=False),
dirsrv_config_file=dict(required=False),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=[]),
_dirsrv_pkcs12_info=dict(required=False),
- ### certificate system ###
+ # certificate system
external_cert_files=dict(required=False, type='list', default=[]),
subject_base=dict(required=False),
ca_subject=dict(required=False),
- ### additional ###
+ # additional
setup_ca=dict(required=False, type='bool', default=False),
),
)
@@ -98,28 +99,29 @@ def main():
# set values ############################################################
- ### basic ###
+ # basic
options.dm_password = ansible_module.params.get('dm_password')
options.domain_name = ansible_module.params.get('domain')
options.realm_name = ansible_module.params.get('realm')
options.host_name = ansible_module.params.get('hostname')
- ### server ###
+ # server
options.idstart = ansible_module.params.get('idstart')
options.idmax = ansible_module.params.get('idmax')
options.no_pkinit = ansible_module.params.get('no_pkinit')
options.no_hbac_allow = ansible_module.params.get('no_hbac_allow')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
options._dirsrv_pkcs12_info = ansible_module.params.get(
'_dirsrv_pkcs12_info')
- ### ssl certificate ###
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- ### certificate system ###
+ # certificate system
options.external_cert_files = ansible_module.params.get(
'external_cert_files')
options.subject_base = ansible_module.params.get('subject_base')
options.ca_subject = ansible_module.params.get('ca_subject')
- ### additional ###
+ # additional
options.setup_ca = ansible_module.params.get('setup_ca')
# init ##################################################################
@@ -145,9 +147,9 @@ def main():
ds.set_output(ansible_log)
if options.dirsrv_cert_files:
- _dirsrv_pkcs12_info=options._dirsrv_pkcs12_info
+ _dirsrv_pkcs12_info = options._dirsrv_pkcs12_info
else:
- _dirsrv_pkcs12_info=None
+ _dirsrv_pkcs12_info = None
with redirect_stdout(ansible_log):
ds.create_instance(options.realm_name, options.host_name,
@@ -180,5 +182,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_http.py b/roles/ipaserver/library/ipaserver_setup_http.py
index e7235f22..781aa9af 100644
--- a/roles/ipaserver/library/ipaserver_setup_http.py
+++ b/roles/ipaserver/library/ipaserver_setup_http.py
@@ -54,9 +54,10 @@ from ansible.module_utils.ansible_ipa_server import (
krbinstance, httpinstance, ca, service, tasks
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
# basic
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
@@ -95,7 +96,8 @@ def main():
no_reverse=dict(required=False, type='bool', default=False),
auto_forwarders=dict(required=False, type='bool', default=False),
- #_update_hosts_file=dict(required=False, type='bool', default=False),
+ # _update_hosts_file=dict(required=False, type='bool',
+ # default=False),
_dirsrv_pkcs12_info=dict(required=False),
_http_pkcs12_info=dict(required=False),
),
@@ -141,10 +143,12 @@ def main():
options.idstart = ansible_module.params.get('idstart')
options.idmax = ansible_module.params.get('idmax')
options.domainlevel = ansible_module.params.get('domainlevel')
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
- #options._update_hosts_file = ansible_module.params.get('_update_hosts_file')
+ # options._update_hosts_file = ansible_module.params.get(
+ # '_update_hosts_file')
options._dirsrv_pkcs12_info = ansible_module.params.get(
'_dirsrv_pkcs12_info')
options._http_pkcs12_info = ansible_module.params.get(
@@ -181,13 +185,16 @@ def main():
with redirect_stdout(ansible_log):
if options.http_cert_files:
http.create_instance(
- options.realm_name, options.host_name, options.domain_name, options.dm_password,
- pkcs12_info=options._http_pkcs12_info, subject_base=options.subject_base,
+ options.realm_name, options.host_name, options.domain_name,
+ options.dm_password,
+ pkcs12_info=options._http_pkcs12_info,
+ subject_base=options.subject_base,
auto_redirect=not options.no_ui_redirect,
ca_is_configured=options.setup_ca)
else:
http.create_instance(
- options.realm_name, options.host_name, options.domain_name, options.dm_password,
+ options.realm_name, options.host_name, options.domain_name,
+ options.dm_password,
subject_base=options.subject_base,
auto_redirect=not options.no_ui_redirect,
ca_is_configured=options.setup_ca)
@@ -212,5 +219,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_kra.py b/roles/ipaserver/library/ipaserver_setup_kra.py
index 9da8b841..08cf6f44 100644
--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -52,9 +52,10 @@ from ansible.module_utils.ansible_ipa_server import (
api_Backend_ldap2, redirect_stdout, api, custodiainstance, kra
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
# basic
dm_password=dict(required=True, no_log=True),
hostname=dict(required=True),
@@ -101,5 +102,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_krb.py b/roles/ipaserver/library/ipaserver_setup_krb.py
index d2f3663b..0b217dfc 100644
--- a/roles/ipaserver/library/ipaserver_setup_krb.py
+++ b/roles/ipaserver/library/ipaserver_setup_krb.py
@@ -53,9 +53,10 @@ from ansible.module_utils.ansible_ipa_server import (
api_Backend_ldap2, redirect_stdout, krbinstance
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
# basic
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
@@ -129,7 +130,8 @@ def main():
options._pkinit_pkcs12_info = ansible_module.params.get(
'_pkinit_pkcs12_info')
- #options._update_hosts_file = ansible_module.params.get('update_hosts_file')
+ # options._update_hosts_file = ansible_module.params.get(
+ # 'update_hosts_file')
# init ##################################################################
@@ -156,5 +158,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_ntp.py b/roles/ipaserver/library/ipaserver_setup_ntp.py
index a3a6954e..7ebf7fc5 100644
--- a/roles/ipaserver/library/ipaserver_setup_ntp.py
+++ b/roles/ipaserver/library/ipaserver_setup_ntp.py
@@ -54,9 +54,10 @@ from ansible.module_utils.ansible_ipa_server import (
redirect_stdout, time_service, sync_time, ntpinstance, timeconf
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
ntp_servers=dict(required=False, type='list', default=None),
ntp_pool=dict(required=False, default=None),
),
@@ -109,5 +110,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_setup_otpd.py b/roles/ipaserver/library/ipaserver_setup_otpd.py
index d5aa6075..c05c3f9a 100644
--- a/roles/ipaserver/library/ipaserver_setup_otpd.py
+++ b/roles/ipaserver/library/ipaserver_setup_otpd.py
@@ -48,13 +48,14 @@ RETURN = '''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_server import (
- AnsibleModuleLog, options, # sysrestore, paths,
+ AnsibleModuleLog, options,
api_Backend_ldap2, redirect_stdout, otpdinstance, ipautil
)
+
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
+ argument_spec=dict(
# basic
realm=dict(required=True),
hostname=dict(required=False),
@@ -87,5 +88,6 @@ def main():
ansible_module.exit_json(changed=True)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index 70a0606d..15fba1b4 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -52,7 +52,7 @@ import inspect
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_server import (
AnsibleModuleLog, options, adtrust_imported, kra_imported, PKIIniLoader,
- random, MIN_DOMAIN_LEVEL, MAX_DOMAIN_LEVEL, check_zone_overlap,
+ MIN_DOMAIN_LEVEL, MAX_DOMAIN_LEVEL, check_zone_overlap,
redirect_stdout, validate_dm_password, validate_admin_password,
NUM_VERSION, is_ipa_configured, sysrestore, paths, bindinstance,
read_cache, ca, tasks, check_ldap_conf, timeconf, httpinstance,
@@ -66,8 +66,8 @@ if six.PY3:
def main():
ansible_module = AnsibleModule(
- argument_spec = dict(
- ### basic ###
+ argument_spec=dict(
+ # basic
force=dict(required=False, type='bool', default=False),
dm_password=dict(required=True, no_log=True),
password=dict(required=True, no_log=True),
@@ -78,7 +78,7 @@ def main():
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
pki_config_override=dict(required=False),
- ### server ###
+ # server
setup_adtrust=dict(required=False, type='bool', default=False),
setup_kra=dict(required=False, type='bool', default=False),
setup_dns=dict(required=False, type='bool', default=False),
@@ -88,7 +88,7 @@ def main():
no_pkinit=dict(required=False, type='bool', default=False),
# no_ui_redirect
dirsrv_config_file=dict(required=False),
- ### ssl certificate ###
+ # ssl certificate
dirsrv_cert_files=dict(required=False, type='list', default=None),
http_cert_files=dict(required=False, type='list', defaullt=None),
pkinit_cert_files=dict(required=False, type='list', default=None),
@@ -98,7 +98,7 @@ def main():
dirsrv_cert_name=dict(required=False),
http_cert_name=dict(required=False),
pkinit_cert_name=dict(required=False),
- ### client ###
+ # client
# mkhomedir
ntp_servers=dict(required=False, type='list', default=None),
ntp_pool=dict(required=False, default=None),
@@ -107,16 +107,18 @@ def main():
# no_ssh
# no_sshd
# no_dns_sshfp
- ### certificate system ###
+ # certificate system
external_ca=dict(required=False, type='bool', default=False),
external_ca_type=dict(required=False),
external_ca_profile=dict(required=False),
- external_cert_files=dict(required=False, type='list', default=None),
+ external_cert_files=dict(required=False, type='list',
+ default=None),
subject_base=dict(required=False),
ca_subject=dict(required=False),
# ca_signing_algorithm
- ### dns ###
- allow_zone_overlap=dict(required=False, type='bool', default=False),
+ # dns
+ allow_zone_overlap=dict(required=False, type='bool',
+ default=False),
reverse_zones=dict(required=False, type='list', default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
@@ -127,16 +129,15 @@ def main():
forward_policy=dict(default=None, choices=['first', 'only']),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
- ### ad trust ###
+ # ad trust
enable_compat=dict(required=False, type='bool', default=False),
netbios_name=dict(required=False),
rid_base=dict(required=False, type='int', default=1000),
secondary_rid_base=dict(required=False, type='int',
default=100000000),
-
- ### additional ###
+ # additional
),
- supports_check_mode = True,
+ supports_check_mode=True,
)
ansible_module._ansible_debug = True
@@ -144,7 +145,7 @@ def main():
# set values ############################################################
- ### basic ###
+ # basic
options.force = ansible_module.params.get('force')
options.dm_password = ansible_module.params.get('dm_password')
options.admin_password = ansible_module.params.get('password')
@@ -156,7 +157,7 @@ def main():
options.no_host_dns = ansible_module.params.get('no_host_dns')
options.pki_config_override = ansible_module.params.get(
'pki_config_override')
- ### server ###
+ # server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_dns = ansible_module.params.get('setup_dns')
options.setup_kra = ansible_module.params.get('setup_kra')
@@ -165,8 +166,9 @@ def main():
# no_hbac_allow
options.no_pkinit = ansible_module.params.get('no_pkinit')
# no_ui_redirect
- options.dirsrv_config_file = ansible_module.params.get('dirsrv_config_file')
- ### ssl certificate ###
+ options.dirsrv_config_file = ansible_module.params.get(
+ 'dirsrv_config_file')
+ # ssl certificate
options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
options.http_cert_files = ansible_module.params.get('http_cert_files')
options.pkinit_cert_files = ansible_module.params.get('pkinit_cert_files')
@@ -176,7 +178,7 @@ def main():
options.dirsrv_cert_name = ansible_module.params.get('dirsrv_cert_name')
options.http_cert_name = ansible_module.params.get('http_cert_name')
options.pkinit_cert_name = ansible_module.params.get('pkinit_cert_name')
- ### client ###
+ # client
# mkhomedir
options.ntp_servers = ansible_module.params.get('ntp_servers')
options.ntp_pool = ansible_module.params.get('ntp_pool')
@@ -185,7 +187,7 @@ def main():
# no_ssh
# no_sshd
# no_dns_sshfp
- ### certificate system ###
+ # certificate system
options.external_ca = ansible_module.params.get('external_ca')
options.external_ca_type = ansible_module.params.get('external_ca_type')
options.external_ca_profile = ansible_module.params.get(
@@ -195,8 +197,9 @@ def main():
options.subject_base = ansible_module.params.get('subject_base')
options.ca_subject = ansible_module.params.get('ca_subject')
# ca_signing_algorithm
- ### dns ###
- options.allow_zone_overlap = ansible_module.params.get('allow_zone_overlap')
+ # dns
+ options.allow_zone_overlap = ansible_module.params.get(
+ 'allow_zone_overlap')
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
options.auto_reverse = ansible_module.params.get('auto_reverse')
@@ -207,30 +210,31 @@ def main():
options.forward_policy = ansible_module.params.get('forward_policy')
options.no_dnssec_validation = ansible_module.params.get(
'no_dnssec_validation')
- ### ad trust ###
+ # ad trust
options.enable_compat = ansible_module.params.get('enable_compat')
options.netbios_name = ansible_module.params.get('netbios_name')
options.rid_base = ansible_module.params.get('rid_base')
- options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')
+ options.secondary_rid_base = ansible_module.params.get(
+ 'secondary_rid_base')
- ### additional ###
+ # additional
options.kasp_db_file = None
# version specific ######################################################
if options.setup_adtrust and not adtrust_imported:
- #if "adtrust" not in options._allow_missing:
+ # if "adtrust" not in options._allow_missing:
ansible_module.fail_json(msg="adtrust can not be imported")
- #else:
- # options.setup_adtrust = False
- # ansible_module.warn(msg="adtrust is not supported, disabling")
+ # else:
+ # options.setup_adtrust = False
+ # ansible_module.warn(msg="adtrust is not supported, disabling")
if options.setup_kra and not kra_imported:
- #if "kra" not in options._allow_missing:
+ # if "kra" not in options._allow_missing:
ansible_module.fail_json(msg="kra can not be imported")
- #else:
- # options.setup_kra = False
- # ansible_module.warn(msg="kra is not supported, disabling")
+ # else:
+ # options.setup_kra = False
+ # ansible_module.warn(msg="kra is not supported, disabling")
if options.pki_config_override is not None:
if PKIIniLoader is None:
@@ -253,15 +257,6 @@ def main():
if options.idmax is None or options.idmax == 0:
options.idmax = options.idstart + 199999
- #class ServerInstallInterface(ServerCertificateInstallInterface,
- # client.ClientInstallInterface,
- # ca.CAInstallInterface,
- # kra.KRAInstallInterface,
- # dns.DNSInstallInterface,
- # adtrust.ADTrustInstallInterface,
- # conncheck.ConnCheckInterface,
- # ServerUninstallInterface):
-
# ServerInstallInterface.__init__ #######################################
try:
self = options
@@ -429,13 +424,6 @@ def main():
except RuntimeError as e:
ansible_module.fail_json(msg=e)
-
-
-
-
-
-
-
# #######################################################################
# If any of the key file options are selected, all are required.
@@ -466,15 +454,15 @@ def main():
if not options.setup_dns:
# lists
- for x in [ "forwarders", "reverse_zones" ]:
+ for x in ["forwarders", "reverse_zones"]:
if len(getattr(options, x)) > 1:
ansible_module.fail_json(
msg="You cannot specify %s without setting setup-dns" % x)
# bool and str values
- for x in [ "auto_forwarders", "no_forwarders",
- "auto_reverse", "no_reverse", "no_dnssec_validation",
- "forward_policy" ]:
- if getattr(options, x) == True:
+ for x in ["auto_forwarders", "no_forwarders",
+ "auto_reverse", "no_reverse", "no_dnssec_validation",
+ "forward_policy"]:
+ if getattr(options, x):
ansible_module.fail_json(
msg="You cannot specify %s without setting setup-dns" % x)
@@ -483,7 +471,8 @@ def main():
msg="You cannot specify forwarders together with no-forwarders")
elif options.auto_forwarders and options.no_forwarders:
ansible_module.fail_json(
- msg="You cannot specify auto-forwarders together with no-forwarders")
+ msg="You cannot specify auto-forwarders together with "
+ "no-forwarders")
elif len(options.reverse_zones) > 0 and options.no_reverse:
ansible_module.fail_json(
msg="You cannot specify reverse-zones together with no-reverse")
@@ -501,13 +490,13 @@ def main():
ansible_module.fail_json(
msg="You cannot specify external-ca-type without external-ca")
- #if options.uninstalling:
+ # if options.uninstalling:
# if (options.realm_name or options.admin_password or
# options.master_password):
# ansible_module.fail_json(
# msg="In uninstall mode, -a, -r and -P options are not "
# "allowed")
- #elif not options.interactive:
+ # elif not options.interactive:
# if (not options.realm_name or not options.dm_password or
# not options.admin_password):
# ansible_module.fail_json(msg=
@@ -532,9 +521,9 @@ def main():
msg="You must specify at least one of forwarders, "
"auto-forwarders or no-forwarders")
- #any_ignore_option_true = any(
+ # any_ignore_option_true = any(
# [options.ignore_topology_disconnect, options.ignore_last_of_role])
- #if any_ignore_option_true and not options.uninstalling:
+ # if any_ignore_option_true and not options.uninstalling:
# ansible_module.fail_json(
# msg="ignore-topology-disconnect and ignore-last-of-role "
# "can be used only during uninstallation")
@@ -569,8 +558,8 @@ def main():
msg="File %s does not exist." % options.dirsrv_config_file)
# domain_name
- if (options.setup_dns and not options.allow_zone_overlap and \
- options.domain_name is not None):
+ if options.setup_dns and not options.allow_zone_overlap and \
+ options.domain_name is not None:
try:
check_zone_overlap(options.domain_name, False)
except ValueError as e:
@@ -599,8 +588,6 @@ def main():
options.no_pkinit = True
"""
-
-
if options.setup_dns:
if len(options.forwarders) < 1 and not options.no_forwarders and \
not options.auto_forwarders:
@@ -610,7 +597,8 @@ def main():
if NUM_VERSION >= 40200 and options.master_password and \
not options.external_cert_files:
- ansible_module.warn("Specifying kerberos master-password is deprecated")
+ ansible_module.warn(
+ "Specifying kerberos master-password is deprecated")
options._installation_cleanup = True
if not options.external_ca and not options.external_cert_files and \
@@ -669,7 +657,8 @@ def main():
for path in options.external_cert_files:
if not os.path.isabs(path):
ansible_module.fail_json(
- msg="External cert file '%s' must use an absolute path" % path)
+ msg="External cert file '%s' must use an absolute "
+ "path" % path)
options.setup_ca = True
# We only set up the CA if the PKCS#12 options are not given.
@@ -679,14 +668,14 @@ def main():
options.setup_ca = True
if not options.setup_ca and options.ca_subject:
- ansible_module.fail_json(msg=
- "--ca-subject cannot be used with CA-less installation")
+ ansible_module.fail_json(
+ msg="--ca-subject cannot be used with CA-less installation")
if not options.setup_ca and options.subject_base:
- ansible_module.fail_json(msg=
- "--subject-base cannot be used with CA-less installation")
+ ansible_module.fail_json(
+ msg="--subject-base cannot be used with CA-less installation")
if not options.setup_ca and options.setup_kra:
- ansible_module.fail_json(msg=
- "--setup-kra cannot be used with CA-less installation")
+ ansible_module.fail_json(
+ msg="--setup-kra cannot be used with CA-less installation")
# This will override any settings passed in on the cmdline
if os.path.isfile(paths.ROOT_IPA_CACHE):
@@ -698,7 +687,8 @@ def main():
options.external_ca = False
options.interactive = False
except Exception as e:
- ansible_module.fail_json(msg="Cannot process the cache file: %s" % str(e))
+ ansible_module.fail_json(
+ msg="Cannot process the cache file: %s" % str(e))
# ca_subject
if options.ca_subject:
@@ -715,7 +705,8 @@ def main():
if not options.external_ca and not options.external_cert_files and \
is_ipa_configured():
_installation_cleanup = False
- ansible_module.fail_json(msg="IPA server is already configured on this system.")
+ ansible_module.fail_json(
+ msg="IPA server is already configured on this system.")
if not options.no_ntp:
try:
@@ -723,7 +714,7 @@ def main():
except timeconf.NTPConflictingService as e:
ansible_module.log(
"WARNING: conflicting time&date synchronization service "
- "'%s' will be disabled in favor of chronyd" % \
+ "'%s' will be disabled in favor of chronyd" %
e.conflicting_service)
except timeconf.NTPConfigurationError:
pass
@@ -731,7 +722,8 @@ def main():
if hasattr(httpinstance, "httpd_443_configured"):
# Check to see if httpd is already configured to listen on 443
if httpinstance.httpd_443_configured():
- ansible_module.fail_json(msg="httpd is already configured to listen on 443.")
+ ansible_module.fail_json(
+ msg="httpd is already configured to listen on 443.")
if not options.external_cert_files:
# Make sure the 389-ds ports are available
@@ -765,7 +757,8 @@ def main():
try:
validate_domain_name(domain_name)
except ValueError as e:
- ansible_module.fail_json(msg="Invalid domain name: %s" % unicode(e))
+ ansible_module.fail_json(
+ msg="Invalid domain name: %s" % unicode(e))
else:
domain_name = options.domain_name
@@ -795,7 +788,7 @@ def main():
"Directory.")
# Do not ask for time source
- #if not options.no_ntp and not options.unattended and not (
+ # if not options.no_ntp and not options.unattended and not (
# options.ntp_servers or options.ntp_pool):
# options.ntp_servers, options.ntp_pool = timeconf.get_time_source()
@@ -813,8 +806,8 @@ def main():
if options.http_cert_files:
if options.http_pin is None:
- ansible_module.fail_json(msg=
- "Apache Server private key unlock password required")
+ ansible_module.fail_json(
+ msg="Apache Server private key unlock password required")
http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
cert_files=options.http_cert_files,
key_password=options.http_pin,
@@ -825,8 +818,8 @@ def main():
if options.dirsrv_cert_files:
if options.dirsrv_pin is None:
- ansible_module.fail_json(msg=
- "Directory Server private key unlock password required")
+ ansible_module.fail_json(
+ msg="Directory Server private key unlock password required")
dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
cert_files=options.dirsrv_cert_files,
key_password=options.dirsrv_pin,
@@ -837,8 +830,8 @@ def main():
if options.pkinit_cert_files:
if options.pkinit_pin is None:
- ansible_module.fail_json(msg=
- "Kerberos KDC private key unlock password required")
+ ansible_module.fail_json(
+ msg="Kerberos KDC private key unlock password required")
pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
cert_files=options.pkinit_cert_files,
key_password=options.pkinit_pin,
@@ -847,36 +840,36 @@ def main():
realm_name=realm_name)
pkinit_pkcs12_info = (pkinit_pkcs12_file.name, pkinit_pin)
- if (options.http_cert_files and options.dirsrv_cert_files and
- http_ca_cert != dirsrv_ca_cert):
- ansible_module.fail_json(msg=
- "Apache Server SSL certificate and Directory Server SSL "
+ if options.http_cert_files and options.dirsrv_cert_files and \
+ http_ca_cert != dirsrv_ca_cert:
+ ansible_module.fail_json(
+ msg="Apache Server SSL certificate and Directory Server SSL "
"certificate are not signed by the same CA certificate")
- if (options.http_cert_files and options.pkinit_cert_files and
- http_ca_cert != pkinit_ca_cert):
- ansible_module.fail_json(msg=
- "Apache Server SSL certificate and PKINIT KDC "
+ if options.http_cert_files and options.pkinit_cert_files and \
+ http_ca_cert != pkinit_ca_cert:
+ ansible_module.fail_json(
+ msg="Apache Server SSL certificate and PKINIT KDC "
"certificate are not signed by the same CA certificate")
# done ##################################################################
ansible_module.exit_json(changed=False,
ipa_python_version=IPA_PYTHON_VERSION,
- ### basic ###
+ # basic
domain=options.domain_name,
realm=realm_name,
hostname=host_name,
_hostname_overridden=bool(options.host_name),
no_host_dns=options.no_host_dns,
- ### server ###
+ # server
setup_adtrust=options.setup_adtrust,
setup_kra=options.setup_kra,
setup_ca=options.setup_ca,
idstart=options.idstart,
idmax=options.idmax,
no_pkinit=options.no_pkinit,
- ### ssl certificate ###
+ # ssl certificate
_dirsrv_pkcs12_file=dirsrv_pkcs12_file,
_dirsrv_pkcs12_info=dirsrv_pkcs12_info,
_dirsrv_ca_cert=dirsrv_ca_cert,
@@ -886,19 +879,20 @@ def main():
_pkinit_pkcs12_file=pkinit_pkcs12_file,
_pkinit_pkcs12_info=pkinit_pkcs12_info,
_pkinit_ca_cert=pkinit_ca_cert,
- ### certificate system ###
+ # certificate system
external_ca=options.external_ca,
external_ca_type=options.external_ca_type,
external_ca_profile=options.external_ca_profile,
- ### ad trust ###
+ # ad trust
rid_base=options.rid_base,
secondary_rid_base=options.secondary_rid_base,
- ### client ###
+ # client
ntp_servers=options.ntp_servers,
ntp_pool=options.ntp_pool,
- ### additional ###
+ # additional
_installation_cleanup=_installation_cleanup,
domainlevel=options.domainlevel)
+
if __name__ == '__main__':
main()
diff --git a/roles/ipaserver/module_utils/ansible_ipa_server.py b/roles/ipaserver/module_utils/ansible_ipa_server.py
index 2eba3ca0..bca91731 100644
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -34,7 +34,7 @@ from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 30201:
# See ipapython/version.py
- IPA_MAJOR,IPA_MINOR,IPA_RELEASE = [ int(x) for x in VERSION.split(".", 2) ]
+ IPA_MAJOR, IPA_MINOR, IPA_RELEASE = [int(x) for x in VERSION.split(".", 2)]
IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
else:
IPA_PYTHON_VERSION = NUM_VERSION
@@ -136,7 +136,7 @@ else:
logger = logging.getLogger("ipa-server-install")
-#logger.setLevel(logging.DEBUG)
+# logger.setLevel(logging.DEBUG)
standard_logging_setup(
paths.IPASERVER_INSTALL_LOG, verbose=False, debug=False,
filemode='a', console_format='%(message)s')
@@ -171,7 +171,7 @@ class AnsibleModuleLog():
pass
def log(self, msg):
- #self.write(msg+"\n")
+ # self.write(msg+"\n")
self.write(msg)
def debug(self, msg):
@@ -182,24 +182,24 @@ class AnsibleModuleLog():
def write(self, msg):
self.module.debug(msg)
- #self.module.warn(msg)
+ # self.module.warn(msg)
class options_obj(object):
def __init__(self):
self._replica_install = False
- self.dnssec_master = False # future unknown
- self.disable_dnssec_master = False # future unknown
- self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
- self.domain_level = self.domainlevel # deprecated
+ self.dnssec_master = False # future unknown
+ self.disable_dnssec_master = False # future unknown
+ self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
+ self.domain_level = self.domainlevel # deprecated
self.interactive = False
self.unattended = not self.interactive
- #def __getattribute__(self, attr):
+ # def __getattribute__(self, attr):
# logger.info(" <-- Accessing options.%s" % attr)
# return super(options_obj, self).__getattribute__(attr)
- #def __getattr__(self, attr):
+ # def __getattr__(self, attr):
# logger.info(" --> Adding missing options.%s" % attr)
# setattr(self, attr, None)
# return getattr(self, attr)
@@ -250,11 +250,11 @@ options.no_msdcs = False
options.ignore_topology_disconnect = False
options.ignore_last_of_role = False
+
def api_Backend_ldap2(host_name, setup_ca, connect=False):
# we are sure we have the configuration file ready.
cfg = dict(context='installer', confdir=paths.ETC_IPA, in_server=True,
- host=host_name,
- )
+ host=host_name)
if setup_ca:
# we have an IPA-integrated CA
cfg['ca_host'] = host_name
@@ -283,7 +283,7 @@ def ds_init_info(ansible_log, fstore, domainlevel, dirsrv_config_file,
with redirect_stdout(ansible_log):
ds.init_info(realm_name, host_name, domain_name, dm_password,
subject_base, ca_subject, idstart, idmax,
- #hbac_allow=not no_hbac_allow,
+ # hbac_allow=not no_hbac_allow,
_dirsrv_pkcs12_info, setup_pkinit=not no_pkinit)
else:
ds = dsinstance.DsInstance(fstore=fstore, domainlevel=domainlevel)
@@ -296,9 +296,10 @@ def ds_init_info(ansible_log, fstore, domainlevel, dirsrv_config_file,
return ds
+
def ansible_module_get_parsed_ip_addresses(ansible_module,
param='ip_addresses'):
- ip_addrs = [ ]
+ ip_addrs = []
for ip in ansible_module.params.get(param):
try:
ip_parsed = ipautil.CheckedIPAddress(ip)
--
GitLab