Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
Ansible FreeIPA
Manage
Activity
Members
Code
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Deploy
Model registry
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Mirror
Ansible FreeIPA
Commits
71b19d3f
Commit
71b19d3f
authored
7 years ago
by
Thomas Woerner
Browse files
Options
Downloads
Patches
Plain Diff
library/ipanss.py: Compatibilty to ipa 4.4 and later, new version check
parent
2c2ae77b
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
library/ipanss.py
+76
-15
76 additions, 15 deletions
library/ipanss.py
with
76 additions
and
15 deletions
library/ipanss.py
+
76
−
15
View file @
71b19d3f
...
@@ -86,14 +86,33 @@ RETURN = '''
...
@@ -86,14 +86,33 @@ RETURN = '''
'''
'''
import
os
import
os
import
sys
import
time
import
time
import
gssapi
import
gssapi
import
tempfile
import
inspect
#from six.moves.configparser import RawConfigParser
from
ansible.module_utils.basic
import
AnsibleModule
from
ansible.module_utils.basic
import
AnsibleModule
from
ipapython.version
import
NUM_VERSION
,
VERSION
if
NUM_VERSION
<
40400
:
raise
Exception
,
"
freeipa version
'
%s
'
is too old
"
%
VERSION
from
ipalib
import
api
,
errors
,
x509
from
ipalib
import
api
,
errors
,
x509
from
ipalib.install
import
certmonger
,
certstore
,
service
,
sysrestore
try
:
from
ipalib.install
import
certmonger
except
ImportError
:
from
ipapython
import
certmonger
try
:
from
ipalib.install
import
certstore
except
ImportError
:
from
ipalib
import
certstore
try
:
from
ipalib.install
import
sysrestore
except
ImportError
:
from
ipapython
import
sysrestore
try
:
from
ipalib.install.kinit
import
kinit_keytab
,
kinit_password
from
ipalib.install.kinit
import
kinit_keytab
,
kinit_password
except
ImportError
:
from
ipapython.ipautil
import
kinit_keytab
,
kinit_password
from
ipalib.rpc
import
delete_persistent_client_session_data
from
ipalib.rpc
import
delete_persistent_client_session_data
from
ipapython.dn
import
DN
from
ipapython.dn
import
DN
from
ipaplatform
import
services
from
ipaplatform
import
services
...
@@ -102,10 +121,42 @@ from ipaplatform.tasks import tasks
...
@@ -102,10 +121,42 @@ from ipaplatform.tasks import tasks
from
ipapython
import
certdb
,
ipautil
from
ipapython
import
certdb
,
ipautil
from
ipapython.ipautil
import
CalledProcessError
from
ipapython.ipautil
import
CalledProcessError
from
ipaclient.install.client
import
SECURE_PATH
,
CCACHE_FILE
,
client_dns
,
configure_certmonger
,
update_ssh_keys
,
configure_openldap_conf
,
hardcode_ldap_server
,
get_certs_from_ldap
,
save_state
,
configure_sssd_conf
,
configure_krb5_conf
try
:
from
ipaclient.install.client
import
CCACHE_FILE
,
client_dns
,
configure_certmonger
,
update_ssh_keys
,
configure_openldap_conf
,
hardcode_ldap_server
,
get_certs_from_ldap
,
save_state
,
disable_ra
,
create_ipa_nssdb
from
ipaclient.install.client
import
disable_ra
except
ImportError
:
from
ipaclient.install.client
import
create_ipa_nssdb
# Create temporary copy of ipa-client-install script (as
# ipa_client_install.py) to be able to import the script easily and also
# to remove the global finally clause in which the generated ccache file
# gets removed. The ccache file will be needed in the next step.
# This is done in a temporary directory that gets removed right after
# ipa_client_install has been imported.
import
shutil
temp_dir
=
tempfile
.
mkdtemp
(
dir
=
"
/tmp
"
)
sys
.
path
.
append
(
temp_dir
)
temp_file
=
"
%s/ipa_client_install.py
"
%
temp_dir
with
open
(
"
/usr/sbin/ipa-client-install
"
,
"
r
"
)
as
f_in
:
with
open
(
temp_file
,
"
w
"
)
as
f_out
:
for
line
in
f_in
:
if
line
.
startswith
(
"
finally:
"
):
break
f_out
.
write
(
line
)
import
ipa_client_install
shutil
.
rmtree
(
temp_dir
,
ignore_errors
=
True
)
sys
.
path
.
remove
(
temp_dir
)
CCACHE_FILE
=
paths
.
IPA_DNS_CCACHE
client_dns
=
ipa_client_install
.
client_dns
configure_certmonger
=
ipa_client_install
.
configure_certmonger
update_ssh_keys
=
ipa_client_install
.
update_ssh_keys
configure_openldap_conf
=
ipa_client_install
.
configure_openldap_conf
hardcode_ldap_server
=
ipa_client_install
.
hardcode_ldap_server
get_certs_from_ldap
=
ipa_client_install
.
get_certs_from_ldap
save_state
=
ipa_client_install
.
save_state
disable_ra
=
ipa_client_install
.
disable_ra
from
ipapython.certdb
import
create_ipa_nssdb
def
main
():
def
main
():
module
=
AnsibleModule
(
module
=
AnsibleModule
(
...
@@ -184,9 +235,11 @@ def main():
...
@@ -184,9 +235,11 @@ def main():
ca_certs_trust
=
[(
c
,
n
,
certstore
.
key_policy_to_trust_flags
(
t
,
True
,
u
))
ca_certs_trust
=
[(
c
,
n
,
certstore
.
key_policy_to_trust_flags
(
t
,
True
,
u
))
for
(
c
,
n
,
t
,
u
)
in
ca_certs
]
for
(
c
,
n
,
t
,
u
)
in
ca_certs
]
if
hasattr
(
paths
,
"
KDC_CA_BUNDLE_PEM
"
):
x509
.
write_certificate_list
(
x509
.
write_certificate_list
(
[
c
for
c
,
n
,
t
,
u
in
ca_certs
if
t
is
not
False
],
[
c
for
c
,
n
,
t
,
u
in
ca_certs
if
t
is
not
False
],
paths
.
KDC_CA_BUNDLE_PEM
)
paths
.
KDC_CA_BUNDLE_PEM
)
if
hasattr
(
paths
,
"
CA_BUNDLE_PEM
"
):
x509
.
write_certificate_list
(
x509
.
write_certificate_list
(
[
c
for
c
,
n
,
t
,
u
in
ca_certs
if
t
is
not
False
],
[
c
for
c
,
n
,
t
,
u
in
ca_certs
if
t
is
not
False
],
paths
.
CA_BUNDLE_PEM
)
paths
.
CA_BUNDLE_PEM
)
...
@@ -208,7 +261,11 @@ def main():
...
@@ -208,7 +261,11 @@ def main():
configure_certmonger
(
fstore
,
subject_base
,
realm
,
hostname
,
configure_certmonger
(
fstore
,
subject_base
,
realm
,
hostname
,
options
,
ca_enabled
)
options
,
ca_enabled
)
update_ssh_keys
(
hostname
,
paths
.
SSH_CONFIG_DIR
,
options
.
create_sshfp
)
if
hasattr
(
paths
,
"
SSH_CONFIG_DIR
"
):
ssh_config_dir
=
paths
.
SSH_CONFIG_DIR
else
:
ssh_config_dir
=
services
.
knownservices
.
sshd
.
get_config_dir
()
update_ssh_keys
(
hostname
,
ssh_config_dir
,
options
.
create_sshfp
)
try
:
try
:
os
.
remove
(
CCACHE_FILE
)
os
.
remove
(
CCACHE_FILE
)
...
@@ -251,7 +308,11 @@ def main():
...
@@ -251,7 +308,11 @@ def main():
module
.
log
(
"
SSSD enabled
"
)
module
.
log
(
"
SSSD enabled
"
)
argspec
=
inspect
.
getargspec
(
services
.
service
)
if
len
(
argspec
.
args
)
>
1
:
sssd
=
services
.
service
(
'
sssd
'
,
api
)
sssd
=
services
.
service
(
'
sssd
'
,
api
)
else
:
sssd
=
services
.
service
(
'
sssd
'
)
try
:
try
:
sssd
.
restart
()
sssd
.
restart
()
except
CalledProcessError
:
except
CalledProcessError
:
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment