From 4b2fc33b357b62aff6683649e359b86104ddaeb2 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 21 Mar 2019 14:06:48 +0100
Subject: [PATCH] ipaclient: Replace extras module with ssh, automount, firefox
and nis modules
ipaclient_extras could configure several things internally according to
provided settings. These have been ssh, sshd, automount, firefox an also
nis. The ssh and sshd configuration is now plocated in ipaclient_setup_ssh,
the automount configuration in ipaclient_setup_automount, the firefox
configuration in ipaclient_setup_firefox and the nis configuration in
ipaclient_setup_nis.
The following additional settings have been added to
roles/ipaclient/defaults/main.yml to provide the same configruation options
as ipa-client-install does:
ipaclient_no_ssh: no
ipaclient_no_sshd: no
ipaclient_no_nisdomain: no
ipaclient_configure_firefox: no
---
roles/ipaclient/defaults/main.yml | 6 +-
roles/ipaclient/library/ipaclient_extras.py | 209 ------------------
.../library/ipaclient_setup_automount.py | 88 ++++++++
.../library/ipaclient_setup_firefox.py | 82 +++++++
.../ipaclient/library/ipaclient_setup_nis.py | 88 ++++++++
.../ipaclient/library/ipaclient_setup_ssh.py | 119 ++++++++++
roles/ipaclient/tasks/install.yml | 37 ++--
7 files changed, 404 insertions(+), 225 deletions(-)
delete mode 100644 roles/ipaclient/library/ipaclient_extras.py
create mode 100644 roles/ipaclient/library/ipaclient_setup_automount.py
create mode 100644 roles/ipaclient/library/ipaclient_setup_firefox.py
create mode 100644 roles/ipaclient/library/ipaclient_setup_nis.py
create mode 100644 roles/ipaclient/library/ipaclient_setup_ssh.py
diff --git a/roles/ipaclient/defaults/main.yml b/roles/ipaclient/defaults/main.yml
index 70fba022..710bac9d 100644
--- a/roles/ipaclient/defaults/main.yml
+++ b/roles/ipaclient/defaults/main.yml
@@ -11,6 +11,10 @@ ipaclient_on_master: no
ipaclient_no_ntp: no
ipaclient_no_dns_lookup: no
ipaclient_ssh_trust_dns: no
+ipaclient_no_ssh: no
+ipaclient_no_sshd: no
+ipaclient_no_nisdomain: no
+ipaclient_configure_firefox: no
### packages ###
-ipaclient_install_packages: yes
\ No newline at end of file
+ipaclient_install_packages: yes
diff --git a/roles/ipaclient/library/ipaclient_extras.py b/roles/ipaclient/library/ipaclient_extras.py
deleted file mode 100644
index 65142eb0..00000000
--- a/roles/ipaclient/library/ipaclient_extras.py
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/usr/bin/python
-# -*- coding: utf-8 -*-
-
-# Authors:
-# Thomas Woerner <twoerner@redhat.com>
-#
-# Based on ipa-client-install code
-#
-# Copyright (C) 2017 Red Hat
-# see file 'COPYING' for use and warranty information
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program. If not, see <http://www.gnu.org/licenses/>.
-
-ANSIBLE_METADATA = {
- 'metadata_version': '1.0',
- 'supported_by': 'community',
- 'status': ['preview'],
-}
-
-DOCUMENTATION = '''
----
-module: ipaclient_extras
-short description: Configure IPA extras
-description:
-Configure IPA extras
-options:
- servers:
- description: The FQDN of the IPA servers to connect to.
- required: true
- type: list
- domain:
- description: The primary DNS domain of an existing IPA deployment.
- required: true
- ntp:
- description: Set to no to not configure and enable NTP
- required: false
- type: bool
- default: no
- force_ntpd:
- description: Stop and disable any time&date synchronization services besides ntpd.
- required: false
- type: bool
- default: no
- ntp_servers:
- description: The ntp servers to configure if ntp is enabled.
- required: false
- type: list
- ssh:
- description: Configure OpenSSH client
- required: false
- type: bool
- default: yes
- sssd:
- description: Configure the client to use SSSD for authentication
- required: false
- type: bool
- default: yes
- trust_sshfp:
- description: Configure OpenSSH client to trust DNS SSHFP records
- required: false
- type: bool
- default: yes
- sshd:
- description: Configure OpenSSH server
- required: false
- type: bool
- default: yes
- automount_location:
- description: Automount location
- required: false
- firefox:
- description: Configure Firefox to use IPA domain credentials
- required: false
- type: bool
- default: no
- firefox_dir:
- description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
- required: false
- no_nisdomain:
- description: Do not configure NIS domain name
- required: false
- type: bool
- default: no
- nisdomain:
- description: NIS domain name
- required: false
- on_master:
- description: Whether the configuration is done on the master or not.
- required: false
- type: bool
- default: no
-author:
- - Thomas Woerner
-'''
-
-EXAMPLES = '''
-- name: IPA extras configurations
- ipaclient_extras:
- servers: ["server1.example.com","server2.example.com"]
- domain: example.com
-'''
-
-RETURN = '''
-'''
-
-import os
-
-from ansible.module_utils.basic import AnsibleModule
-from ansible.module_utils.ansible_ipa_client import *
-
-def main():
- module = AnsibleModule(
- argument_spec = dict(
- servers=dict(required=True, type='list'),
- domain=dict(required=True),
- ntp=dict(required=False, type='bool', default='no'),
- force_ntpd=dict(required=False, type='bool', default='no'),
- ntp_servers=dict(required=False, type='list'),
- ssh=dict(required=False, type='bool', default='yes'),
- sssd=dict(required=False, type='bool', default='yes'),
- trust_sshfp=dict(required=False, type='bool', default='yes'),
- sshd=dict(required=False, type='bool', default='yes'),
- automount_location=dict(required=False),
- firefox=dict(required=False, type='bool', default='no'),
- firefox_dir=dict(required=False),
- no_nisdomain=dict(required=False, type='bool', default='no'),
- nisdomain=dict(required=False),
- on_master=dict(required=False, type='bool', default='no'),
- ),
- supports_check_mode = True,
- )
-
- module._ansible_debug = True
- servers = module.params.get('servers')
- domain = module.params.get('domain')
- ntp = module.params.get('ntp')
- force_ntpd = module.params.get('force_ntpd')
- ntp_servers = module.params.get('ntp_servers')
- ssh = module.params.get('ssh')
- sssd = module.params.get('sssd')
- trust_sshfp = module.params.get('trust_sshfp')
- sshd = module.params.get('sshd')
- automount_location = module.params.get('automount_location')
- firefox = module.params.get('firefox')
- firefox_dir = module.params.get('firefox_dir')
- no_nisdomain = module.params.get('no_nisdomain')
- nisdomain = module.params.get('nisdomain')
- on_master = module.params.get('on_master')
-
- fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
- statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
-
- os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
-
- options.sssd = sssd
- options.trust_sshfp = trust_sshfp
- options.location = automount_location
- options.server = servers
- options.firefox_dir = firefox_dir
- options.nisdomain = nisdomain
-
- if ntp and not on_master:
- # disable other time&date services first
- if force_ntpd:
- ntpconf.force_ntpd(statestore)
-
- ntpconf.config_ntp(ntp_servers, fstore, statestore)
- module.log("NTP enabled")
-
- if ssh:
- configure_ssh_config(fstore, options)
-
- if sshd:
- configure_sshd_config(fstore, options)
-
- if automount_location:
- configure_automount(options)
-
- if firefox:
- configure_firefox(options, statestore, domain)
-
- if not no_nisdomain:
- if NUM_VERSION < 40500:
- configure_nisdomain(options=options, domain=domain)
- else:
- configure_nisdomain(options=options, domain=domain,
- statestore=statestore)
-
- # Cleanup: Remove CCACHE_FILE
- try:
- os.remove(paths.IPA_DNS_CCACHE)
- except Exception:
- pass
-
- module.exit_json(changed=True)
-
-if __name__ == '__main__':
- main()
diff --git a/roles/ipaclient/library/ipaclient_setup_automount.py b/roles/ipaclient/library/ipaclient_setup_automount.py
new file mode 100644
index 00000000..8b94f5b2
--- /dev/null
+++ b/roles/ipaclient/library/ipaclient_setup_automount.py
@@ -0,0 +1,88 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-client-install code
+#
+# Copyright (C) 2017 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipaclient_setup_automount
+short description: Setup automount for IPA client
+description:
+ Setup automount for IPA client
+options:
+ servers:
+ description: The FQDN of the IPA servers to connect to.
+ required: true
+ type: list
+ automount_location:
+ description: Automount location
+ required: false
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+- name: IPA extras configurations
+ ipaclient_setup_automount:
+ servers: ["server1.example.com","server2.example.com"]
+'''
+
+RETURN = '''
+'''
+
+import os
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ansible_ipa_client import *
+
+def main():
+ module = AnsibleModule(
+ argument_spec = dict(
+ servers=dict(required=True, type='list'),
+ sssd=dict(required=False, type='bool', default='yes'),
+ automount_location=dict(required=False, default=None),
+ ),
+ supports_check_mode = True,
+ )
+
+ #os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
+
+ module._ansible_debug = True
+ options.servers = module.params.get('servers')
+ options.server = options.servers
+ options.sssd = module.params.get('sssd')
+ options.automount_location = module.params.get('automount_location')
+ options.location = options.automount_location
+
+ if options.automount_location:
+ configure_automount(options)
+
+ module.exit_json(changed=True)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipaclient/library/ipaclient_setup_firefox.py b/roles/ipaclient/library/ipaclient_setup_firefox.py
new file mode 100644
index 00000000..3a9b1b11
--- /dev/null
+++ b/roles/ipaclient/library/ipaclient_setup_firefox.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-client-install code
+#
+# Copyright (C) 2017 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipaclient_setup_firefox
+short description: Setup firefox for IPA client
+description:
+ Setup firefox for IPA client
+options:
+ domain:
+ description: The primary DNS domain of an existing IPA deployment.
+ required: true
+ firefox_dir:
+ description: Specify directory where Firefox is installed (for example: '/usr/lib/firefox')
+ required: false
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+- name: Setup firefox for IPA client
+ ipaclient_setup_firefox:
+ servers: ["server1.example.com","server2.example.com"]
+ domain: example.com
+ firefox_dir: /usr/lib/firefox
+'''
+
+RETURN = '''
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ansible_ipa_client import *
+
+def main():
+ module = AnsibleModule(
+ argument_spec = dict(
+ domain=dict(required=True),
+ firefox_dir=dict(required=False),
+ ),
+ supports_check_mode = True,
+ )
+
+ module._ansible_debug = True
+ domain = module.params.get('domain')
+ options.firefox_dir = module.params.get('firefox_dir')
+
+ statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
+
+ configure_firefox(options, statestore, domain)
+
+ module.exit_json(changed=True)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipaclient/library/ipaclient_setup_nis.py b/roles/ipaclient/library/ipaclient_setup_nis.py
new file mode 100644
index 00000000..9ef3da50
--- /dev/null
+++ b/roles/ipaclient/library/ipaclient_setup_nis.py
@@ -0,0 +1,88 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-client-install code
+#
+# Copyright (C) 2017 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipaclient_setup_nis
+short description: Setup NIS for IPA client
+description:
+ Setup NIS for IPA client
+options:
+ domain:
+ description: The primary DNS domain of an existing IPA deployment.
+ required: true
+ nisdomain:
+ description: NIS domain name
+ required: false
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+- name: Setup NIS for IPA client
+ ipaclient_setup_nis:
+ domain: example.com
+'''
+
+RETURN = '''
+'''
+
+import os
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ansible_ipa_client import *
+
+def main():
+ module = AnsibleModule(
+ argument_spec = dict(
+ domain=dict(required=True),
+ nisdomain=dict(required=False),
+ ),
+ supports_check_mode = True,
+ )
+
+ module._ansible_debug = True
+ domain = module.params.get('domain')
+ options.nisdomain = module.params.get('nisdomain')
+
+ statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
+
+ argspec = inspect.getargspec(configure_nisdomain)
+ if not "statestore" in argspec.args:
+ # NUM_VERSION < 40500:
+ configure_nisdomain(options=options, domain=domain)
+ else:
+ configure_nisdomain(options=options, domain=domain,
+ statestore=statestore)
+
+ module.exit_json(changed=True)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipaclient/library/ipaclient_setup_ssh.py b/roles/ipaclient/library/ipaclient_setup_ssh.py
new file mode 100644
index 00000000..ec886bfc
--- /dev/null
+++ b/roles/ipaclient/library/ipaclient_setup_ssh.py
@@ -0,0 +1,119 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-client-install code
+#
+# Copyright (C) 2017 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipaclient_setup_ssh
+short description: Configure ssh and sshd for IPA client
+description:
+ Configure ssh and sshd for IPA client
+options:
+ servers:
+ description: The FQDN of the IPA servers to connect to.
+ required: true
+ type: list
+ ssh:
+ description: Configure OpenSSH client
+ required: false
+ type: bool
+ default: no
+ trust_sshfp:
+ description: Configure OpenSSH client to trust DNS SSHFP records
+ required: false
+ type: bool
+ default: no
+ sshd:
+ description: Configure OpenSSH server
+ required: false
+ type: bool
+ default: no
+ sssd:
+ description: Configure SSSD server
+ required: false
+ type: bool
+ default: no
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+- name: Configure ssh and sshd for IPA client
+ ipaclient_setup_ssh:
+ servers: ["server1.example.com","server2.example.com"]
+ ssh: yes
+ sshd: yes
+ sssd: yes
+'''
+
+RETURN = '''
+'''
+
+import os
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ansible_ipa_client import *
+
+def main():
+ module = AnsibleModule(
+ argument_spec = dict(
+ servers=dict(required=True, type='list'),
+ ssh=dict(required=False, type='bool', default='no'),
+ trust_sshfp=dict(required=False, type='bool', default='no'),
+ sshd=dict(required=False, type='bool', default='no'),
+ sssd=dict(required=False, type='bool', default='no'),
+ ),
+ supports_check_mode = True,
+ )
+
+ module._ansible_debug = True
+ options.servers = module.params.get('servers')
+ options.server = options.servers
+ options.conf_ssh = module.params.get('ssh')
+ options.trust_sshfp = module.params.get('trust_sshfp')
+ options.conf_sshd = module.params.get('sshd')
+ options.sssd = module.params.get('sssd')
+
+ fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
+
+ #os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
+
+ changed = False
+ if options.conf_ssh:
+ configure_ssh_config(fstore, options)
+ changed = True
+
+ if options.conf_sshd:
+ configure_sshd_config(fstore, options)
+ changed = True
+
+ module.exit_json(changed=changed)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index 14304bfe..6a9da760 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -249,23 +249,30 @@
ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}"
on_master: "{{ ipaclient_on_master }}"
- - name: Install - IPA extras configuration
- ipaclient_extras:
+ - name: Install - Configure SSH and SSHD
+ ipaclient_setup_ssh:
servers: "{{ result_ipaclient_test.servers }}"
+ sssd: "{{ result_ipaclient_test.sssd }}"
+ ssh: "{{ not ipaclient_no_ssh }}"
+ trust_sshfp: "{{ ipaclient_ssh_trust_dns }}"
+ sshd: "{{ not ipaclient_no_sshd }}"
+
+ - name: Install - Configure automount
+ ipaclient_setup_automount:
+ servers: "{{ result_ipaclient_test.servers }}"
+ sssd: "{{ result_ipaclient_test.sssd }}"
+ automount_location: "{{ ipaautomount_location | default(omit) }}"
+
+ - name: Install - Configure firefox
+ ipaclient_setup_firefox:
+ firefox_dir: "{{ ipaclient_firefox_dir | default(omit) }}"
+ when: ipaclient_configure_firefox | bool
+
+ - name: Install - Configure NIS
+ ipaclient_setup_nis:
domain: "{{ result_ipaclient_test.domain }}"
- ntp_servers: "{{ result_ipaclient_test.ntp_servers }}"
- ntp: "{{ ipaclient_ntp | default(omit) }}"
- on_master: "{{ ipaclient_on_master }}"
- #force_ntpd: no
- #sssd: yes
- #ssh: yes
- #trust_sshfp: yes
- #sshd: yes
- #automount_location:
- #firefox: no
- #firefox_dir:
- #no_nisdomain: no
- #nisdomain:
+ nisdomain: "{{ ipaclient_nisdomain | default(omit)}}"
+ when: not ipaclient_no_nisdomain | bool
always:
- name: Cleanup leftover ccache
--
GitLab