Skip to content
Snippets Groups Projects
Commit 4b2fc33b authored by Thomas Woerner's avatar Thomas Woerner
Browse files

ipaclient: Replace extras module with ssh, automount, firefox and nis modules

ipaclient_extras could configure several things internally according to
provided settings. These have been ssh, sshd, automount, firefox an also
nis. The ssh and sshd configuration is now plocated in ipaclient_setup_ssh,
the automount configuration in ipaclient_setup_automount, the firefox
configuration in ipaclient_setup_firefox and the nis configuration in
ipaclient_setup_nis.

The following additional settings have been added to
roles/ipaclient/defaults/main.yml to provide the same configruation options
as ipa-client-install does:

ipaclient_no_ssh: no
ipaclient_no_sshd: no
ipaclient_no_nisdomain: no
ipaclient_configure_firefox: no
parent 7c378d9c
Branches main
No related tags found
No related merge requests found
...@@ -11,6 +11,10 @@ ipaclient_on_master: no ...@@ -11,6 +11,10 @@ ipaclient_on_master: no
ipaclient_no_ntp: no ipaclient_no_ntp: no
ipaclient_no_dns_lookup: no ipaclient_no_dns_lookup: no
ipaclient_ssh_trust_dns: no ipaclient_ssh_trust_dns: no
ipaclient_no_ssh: no
ipaclient_no_sshd: no
ipaclient_no_nisdomain: no
ipaclient_configure_firefox: no
### packages ### ### packages ###
ipaclient_install_packages: yes ipaclient_install_packages: yes
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_automount
short description: Setup automount for IPA client
description:
Setup automount for IPA client
options:
servers:
description: The FQDN of the IPA servers to connect to.
required: true
type: list
automount_location:
description: Automount location
required: false
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: IPA extras configurations
ipaclient_setup_automount:
servers: ["server1.example.com","server2.example.com"]
'''
RETURN = '''
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
servers=dict(required=True, type='list'),
sssd=dict(required=False, type='bool', default='yes'),
automount_location=dict(required=False, default=None),
),
supports_check_mode = True,
)
#os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
module._ansible_debug = True
options.servers = module.params.get('servers')
options.server = options.servers
options.sssd = module.params.get('sssd')
options.automount_location = module.params.get('automount_location')
options.location = options.automount_location
if options.automount_location:
configure_automount(options)
module.exit_json(changed=True)
if __name__ == '__main__':
main()
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_firefox
short description: Setup firefox for IPA client
description:
Setup firefox for IPA client
options:
domain:
description: The primary DNS domain of an existing IPA deployment.
required: true
firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
required: false
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: Setup firefox for IPA client
ipaclient_setup_firefox:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
firefox_dir: /usr/lib/firefox
'''
RETURN = '''
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
domain=dict(required=True),
firefox_dir=dict(required=False),
),
supports_check_mode = True,
)
module._ansible_debug = True
domain = module.params.get('domain')
options.firefox_dir = module.params.get('firefox_dir')
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
configure_firefox(options, statestore, domain)
module.exit_json(changed=True)
if __name__ == '__main__':
main()
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Based on ipa-client-install code
#
# Copyright (C) 2017 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ANSIBLE_METADATA = {
'metadata_version': '1.0',
'supported_by': 'community',
'status': ['preview'],
}
DOCUMENTATION = '''
---
module: ipaclient_setup_nis
short description: Setup NIS for IPA client
description:
Setup NIS for IPA client
options:
domain:
description: The primary DNS domain of an existing IPA deployment.
required: true
nisdomain:
description: NIS domain name
required: false
author:
- Thomas Woerner
'''
EXAMPLES = '''
- name: Setup NIS for IPA client
ipaclient_setup_nis:
domain: example.com
'''
RETURN = '''
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
argument_spec = dict(
domain=dict(required=True),
nisdomain=dict(required=False),
),
supports_check_mode = True,
)
module._ansible_debug = True
domain = module.params.get('domain')
options.nisdomain = module.params.get('nisdomain')
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
argspec = inspect.getargspec(configure_nisdomain)
if not "statestore" in argspec.args:
# NUM_VERSION < 40500:
configure_nisdomain(options=options, domain=domain)
else:
configure_nisdomain(options=options, domain=domain,
statestore=statestore)
module.exit_json(changed=True)
if __name__ == '__main__':
main()
...@@ -30,73 +30,32 @@ ANSIBLE_METADATA = { ...@@ -30,73 +30,32 @@ ANSIBLE_METADATA = {
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: ipaclient_extras module: ipaclient_setup_ssh
short description: Configure IPA extras short description: Configure ssh and sshd for IPA client
description: description:
Configure IPA extras Configure ssh and sshd for IPA client
options: options:
servers: servers:
description: The FQDN of the IPA servers to connect to. description: The FQDN of the IPA servers to connect to.
required: true required: true
type: list type: list
domain:
description: The primary DNS domain of an existing IPA deployment.
required: true
ntp:
description: Set to no to not configure and enable NTP
required: false
type: bool
default: no
force_ntpd:
description: Stop and disable any time&date synchronization services besides ntpd.
required: false
type: bool
default: no
ntp_servers:
description: The ntp servers to configure if ntp is enabled.
required: false
type: list
ssh: ssh:
description: Configure OpenSSH client description: Configure OpenSSH client
required: false required: false
type: bool type: bool
default: yes default: no
sssd:
description: Configure the client to use SSSD for authentication
required: false
type: bool
default: yes
trust_sshfp: trust_sshfp:
description: Configure OpenSSH client to trust DNS SSHFP records description: Configure OpenSSH client to trust DNS SSHFP records
required: false required: false
type: bool type: bool
default: yes default: no
sshd: sshd:
description: Configure OpenSSH server description: Configure OpenSSH server
required: false required: false
type: bool type: bool
default: yes
automount_location:
description: Automount location
required: false
firefox:
description: Configure Firefox to use IPA domain credentials
required: false
type: bool
default: no
firefox_dir:
description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
required: false
no_nisdomain:
description: Do not configure NIS domain name
required: false
type: bool
default: no default: no
nisdomain: sssd:
description: NIS domain name description: Configure SSSD server
required: false
on_master:
description: Whether the configuration is done on the master or not.
required: false required: false
type: bool type: bool
default: no default: no
...@@ -105,10 +64,12 @@ author: ...@@ -105,10 +64,12 @@ author:
''' '''
EXAMPLES = ''' EXAMPLES = '''
- name: IPA extras configurations - name: Configure ssh and sshd for IPA client
ipaclient_extras: ipaclient_setup_ssh:
servers: ["server1.example.com","server2.example.com"] servers: ["server1.example.com","server2.example.com"]
domain: example.com ssh: yes
sshd: yes
sssd: yes
''' '''
RETURN = ''' RETURN = '''
...@@ -123,87 +84,36 @@ def main(): ...@@ -123,87 +84,36 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec = dict( argument_spec = dict(
servers=dict(required=True, type='list'), servers=dict(required=True, type='list'),
domain=dict(required=True), ssh=dict(required=False, type='bool', default='no'),
ntp=dict(required=False, type='bool', default='no'), trust_sshfp=dict(required=False, type='bool', default='no'),
force_ntpd=dict(required=False, type='bool', default='no'), sshd=dict(required=False, type='bool', default='no'),
ntp_servers=dict(required=False, type='list'), sssd=dict(required=False, type='bool', default='no'),
ssh=dict(required=False, type='bool', default='yes'),
sssd=dict(required=False, type='bool', default='yes'),
trust_sshfp=dict(required=False, type='bool', default='yes'),
sshd=dict(required=False, type='bool', default='yes'),
automount_location=dict(required=False),
firefox=dict(required=False, type='bool', default='no'),
firefox_dir=dict(required=False),
no_nisdomain=dict(required=False, type='bool', default='no'),
nisdomain=dict(required=False),
on_master=dict(required=False, type='bool', default='no'),
), ),
supports_check_mode = True, supports_check_mode = True,
) )
module._ansible_debug = True module._ansible_debug = True
servers = module.params.get('servers') options.servers = module.params.get('servers')
domain = module.params.get('domain') options.server = options.servers
ntp = module.params.get('ntp') options.conf_ssh = module.params.get('ssh')
force_ntpd = module.params.get('force_ntpd') options.trust_sshfp = module.params.get('trust_sshfp')
ntp_servers = module.params.get('ntp_servers') options.conf_sshd = module.params.get('sshd')
ssh = module.params.get('ssh') options.sssd = module.params.get('sssd')
sssd = module.params.get('sssd')
trust_sshfp = module.params.get('trust_sshfp')
sshd = module.params.get('sshd')
automount_location = module.params.get('automount_location')
firefox = module.params.get('firefox')
firefox_dir = module.params.get('firefox_dir')
no_nisdomain = module.params.get('no_nisdomain')
nisdomain = module.params.get('nisdomain')
on_master = module.params.get('on_master')
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE #os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
options.sssd = sssd changed = False
options.trust_sshfp = trust_sshfp if options.conf_ssh:
options.location = automount_location
options.server = servers
options.firefox_dir = firefox_dir
options.nisdomain = nisdomain
if ntp and not on_master:
# disable other time&date services first
if force_ntpd:
ntpconf.force_ntpd(statestore)
ntpconf.config_ntp(ntp_servers, fstore, statestore)
module.log("NTP enabled")
if ssh:
configure_ssh_config(fstore, options) configure_ssh_config(fstore, options)
changed = True
if sshd: if options.conf_sshd:
configure_sshd_config(fstore, options) configure_sshd_config(fstore, options)
changed = True
if automount_location: module.exit_json(changed=changed)
configure_automount(options)
if firefox:
configure_firefox(options, statestore, domain)
if not no_nisdomain:
if NUM_VERSION < 40500:
configure_nisdomain(options=options, domain=domain)
else:
configure_nisdomain(options=options, domain=domain,
statestore=statestore)
# Cleanup: Remove CCACHE_FILE
try:
os.remove(paths.IPA_DNS_CCACHE)
except Exception:
pass
module.exit_json(changed=True)
if __name__ == '__main__': if __name__ == '__main__':
main() main()
...@@ -249,23 +249,30 @@ ...@@ -249,23 +249,30 @@
ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}" ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}"
on_master: "{{ ipaclient_on_master }}" on_master: "{{ ipaclient_on_master }}"
- name: Install - IPA extras configuration - name: Install - Configure SSH and SSHD
ipaclient_extras: ipaclient_setup_ssh:
servers: "{{ result_ipaclient_test.servers }}" servers: "{{ result_ipaclient_test.servers }}"
sssd: "{{ result_ipaclient_test.sssd }}"
ssh: "{{ not ipaclient_no_ssh }}"
trust_sshfp: "{{ ipaclient_ssh_trust_dns }}"
sshd: "{{ not ipaclient_no_sshd }}"
- name: Install - Configure automount
ipaclient_setup_automount:
servers: "{{ result_ipaclient_test.servers }}"
sssd: "{{ result_ipaclient_test.sssd }}"
automount_location: "{{ ipaautomount_location | default(omit) }}"
- name: Install - Configure firefox
ipaclient_setup_firefox:
firefox_dir: "{{ ipaclient_firefox_dir | default(omit) }}"
when: ipaclient_configure_firefox | bool
- name: Install - Configure NIS
ipaclient_setup_nis:
domain: "{{ result_ipaclient_test.domain }}" domain: "{{ result_ipaclient_test.domain }}"
ntp_servers: "{{ result_ipaclient_test.ntp_servers }}" nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
ntp: "{{ ipaclient_ntp | default(omit) }}" when: not ipaclient_no_nisdomain | bool
on_master: "{{ ipaclient_on_master }}"
#force_ntpd: no
#sssd: yes
#ssh: yes
#trust_sshfp: yes
#sshd: yes
#automount_location:
#firefox: no
#firefox_dir:
#no_nisdomain: no
#nisdomain:
always: always:
- name: Cleanup leftover ccache - name: Cleanup leftover ccache
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment