From 7c378d9c4df144680ad9fc464ab7f8f3c5153a30 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 21 Mar 2019 13:11:40 +0100
Subject: [PATCH] ipaclient role: Fix naming of modules, action_plugins and
registered vars
The naming in the ipaclient role has not been following the naming scheme
and conventions used in the ipaserver and ipareplica roles. Also registered
results of modules and commands have not been unsing the result_ prefix as
in the other roles. All this has been fixed and the naming is consistent
now.
These are the renames:
ipahost -> ipaclient_get_otp
ipaapi -> ipaclient_api
ipaextras -> ipaclient_extras
ipafixca -> ipaclient_fix_ca
ipafstore -> ipaclient_fstore
ipa_facts -> ipaclient_get_facts
ipahost -> ipaclient_get_otp
ipajoin -> ipaclient_join
ipanss -> ipaclient_setup_nss
ipasssd -> ipaclient_setup_sssd
ipadiscovery -> ipaclient_test
ipatest -> ipaclient_test_keytab
---
roles/ipa-krb5/tasks/main.yml | 2 +-
.../{ipahost.py => ipaclient_get_otp.py} | 2 +-
.../library/{ipaapi.py => ipaclient_api.py} | 6 +-
.../{ipaextras.py => ipaclient_extras.py} | 4 +-
.../{ipafixca.py => ipaclient_fix_ca.py} | 4 +-
.../{ipafstore.py => ipaclient_fstore.py} | 4 +-
.../{ipa_facts.py => ipaclient_get_facts.py} | 20 +--
.../{ipahost.py => ipaclient_get_otp.py} | 14 +-
.../library/{ipajoin.py => ipaclient_join.py} | 6 +-
.../{ipanss.py => ipaclient_setup_nss.py} | 8 +-
.../{ipasssd.py => ipaclient_setup_sssd.py} | 8 +-
.../{ipadiscovery.py => ipaclient_test.py} | 32 ++--
.../{ipatest.py => ipaclient_test_keytab.py} | 16 +-
roles/ipaclient/tasks/install.yml | 164 +++++++++---------
roles/ipaconf/tasks/main.yml | 2 +-
15 files changed, 146 insertions(+), 146 deletions(-)
rename roles/ipaclient/action_plugins/{ipahost.py => ipaclient_get_otp.py} (98%)
rename roles/ipaclient/library/{ipaapi.py => ipaclient_api.py} (99%)
rename roles/ipaclient/library/{ipaextras.py => ipaclient_extras.py} (99%)
rename roles/ipaclient/library/{ipafixca.py => ipaclient_fix_ca.py} (98%)
rename roles/ipaclient/library/{ipafstore.py => ipaclient_fstore.py} (97%)
rename roles/ipaclient/library/{ipa_facts.py => ipaclient_get_facts.py} (89%)
rename roles/ipaclient/library/{ipahost.py => ipaclient_get_otp.py} (98%)
rename roles/ipaclient/library/{ipajoin.py => ipaclient_join.py} (99%)
rename roles/ipaclient/library/{ipanss.py => ipaclient_setup_nss.py} (98%)
rename roles/ipaclient/library/{ipasssd.py => ipaclient_setup_sssd.py} (98%)
rename roles/ipaclient/library/{ipadiscovery.py => ipaclient_test.py} (96%)
rename roles/ipaclient/library/{ipatest.py => ipaclient_test_keytab.py} (96%)
diff --git a/roles/ipa-krb5/tasks/main.yml b/roles/ipa-krb5/tasks/main.yml
index 2bbca6b0..9d7e0fe2 100644
--- a/roles/ipa-krb5/tasks/main.yml
+++ b/roles/ipa-krb5/tasks/main.yml
@@ -8,7 +8,7 @@
failed_when: false
- name: Install - Backup krb5.conf
- ipafstore:
+ ipaclient_fstore:
backup: "{{ krb5_conf }}"
- name: Template krb5.conf
diff --git a/roles/ipaclient/action_plugins/ipahost.py b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
similarity index 98%
rename from roles/ipaclient/action_plugins/ipahost.py
rename to roles/ipaclient/action_plugins/ipaclient_get_otp.py
index 92f3a5b6..2a85e727 100644
--- a/roles/ipaclient/action_plugins/ipahost.py
+++ b/roles/ipaclient/action_plugins/ipaclient_get_otp.py
@@ -162,7 +162,7 @@ class ActionModule(ActionBase):
result['msg'] = "principal is required"
return result
- data = self._execute_module(module_name='ipa_facts', module_args=dict(),
+ data = self._execute_module(module_name='ipaclient_get_facts', module_args=dict(),
task_vars={ "ansible_python_interpreter": ansible_python_interpreter })
try:
domain = data['ansible_facts']['ipa']['domain']
diff --git a/roles/ipaclient/library/ipaapi.py b/roles/ipaclient/library/ipaclient_api.py
similarity index 99%
rename from roles/ipaclient/library/ipaapi.py
rename to roles/ipaclient/library/ipaclient_api.py
index f46b9d86..01aa26cc 100644
--- a/roles/ipaclient/library/ipaapi.py
+++ b/roles/ipaclient/library/ipaclient_api.py
@@ -28,7 +28,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
-module: ipaapi
+module: ipaclient_api
short description: Create temporary NSS database, call IPA API for remaining enrollment parts
description:
Create temporary NSS database, call IPA API for remaining enrollment parts
@@ -50,11 +50,11 @@ author:
EXAMPLES = '''
- name: IPA API calls for remaining enrollment parts
- ipaapi:
+ ipaclient_api:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
hostname: client1.example.com
- register: ipaapi
+ register: result_ipaclient_api
'''
RETURN = '''
diff --git a/roles/ipaclient/library/ipaextras.py b/roles/ipaclient/library/ipaclient_extras.py
similarity index 99%
rename from roles/ipaclient/library/ipaextras.py
rename to roles/ipaclient/library/ipaclient_extras.py
index 5b315312..65142eb0 100644
--- a/roles/ipaclient/library/ipaextras.py
+++ b/roles/ipaclient/library/ipaclient_extras.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipaextras
+module: ipaclient_extras
short description: Configure IPA extras
description:
Configure IPA extras
@@ -106,7 +106,7 @@ author:
EXAMPLES = '''
- name: IPA extras configurations
- ipaextras:
+ ipaclient_extras:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
'''
diff --git a/roles/ipaclient/library/ipafixca.py b/roles/ipaclient/library/ipaclient_fix_ca.py
similarity index 98%
rename from roles/ipaclient/library/ipafixca.py
rename to roles/ipaclient/library/ipaclient_fix_ca.py
index 030f60eb..8e8794b8 100644
--- a/roles/ipaclient/library/ipafixca.py
+++ b/roles/ipaclient/library/ipaclient_fix_ca.py
@@ -28,7 +28,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
-module: ipafixca
+module: ipaclient_fix_ca
short description: Fix IPA ca certificate
description:
Repair Fix IPA ca certificate
@@ -54,7 +54,7 @@ author:
EXAMPLES = '''
- name: Fix IPA ca certificate
- ipafixca:
+ ipaclient_fix_ca:
servers: ["server1.example.com","server2.example.com"]
realm: EXAMPLE.COM
basedn: dc=example,dc=com
diff --git a/roles/ipaclient/library/ipafstore.py b/roles/ipaclient/library/ipaclient_fstore.py
similarity index 97%
rename from roles/ipaclient/library/ipafstore.py
rename to roles/ipaclient/library/ipaclient_fstore.py
index c611346c..b74cf445 100644
--- a/roles/ipaclient/library/ipafstore.py
+++ b/roles/ipaclient/library/ipaclient_fstore.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: fstore
+module: ipaclient_fstore
short description: Backup files using IPA client sysrestore
description:
Backup files using IPA client sysrestore
@@ -44,7 +44,7 @@ author:
EXAMPLES = '''
- name: Backup /etc/krb5.conf
- ipafstore:
+ ipaclient_fstore:
backup: "/etc/krb5.conf"
'''
diff --git a/roles/ipaclient/library/ipa_facts.py b/roles/ipaclient/library/ipaclient_get_facts.py
similarity index 89%
rename from roles/ipaclient/library/ipa_facts.py
rename to roles/ipaclient/library/ipaclient_get_facts.py
index cad876d8..8a70257e 100644
--- a/roles/ipaclient/library/ipa_facts.py
+++ b/roles/ipaclient/library/ipaclient_get_facts.py
@@ -136,7 +136,7 @@ def main():
# The module does not change anything, meaning that
# check mode is supported
- ipa_facts = dict(
+ facts = dict(
packages= dict(
ipalib=HAS_IPALIB,
ipaserver=HAS_IPASERVER,
@@ -153,23 +153,23 @@ def main():
if HAS_IPALIB:
if is_client_configured():
- ipa_facts['configured']['client'] = True
+ facts['configured']['client'] = True
- ipa_facts['version'] = get_ipa_version()
+ facts['version'] = get_ipa_version()
for key,value in six.iteritems(get_ipa_conf()):
- ipa_facts[key] = value
+ facts[key] = value
if HAS_IPASERVER:
if is_server_configured():
- ipa_facts['configured']['server'] = True
- ipa_facts['configured']['dns'] = is_dns_configured()
- ipa_facts['configured']['ca'] = is_ca_configured()
- ipa_facts['configured']['kra'] = is_kra_configured()
- ipa_facts['configured']['ntpd'] = is_ntpd_configured()
+ facts['configured']['server'] = True
+ facts['configured']['dns'] = is_dns_configured()
+ facts['configured']['ca'] = is_ca_configured()
+ facts['configured']['kra'] = is_kra_configured()
+ facts['configured']['ntpd'] = is_ntpd_configured()
module.exit_json(
changed=False,
- ansible_facts=dict(ipa=ipa_facts)
+ ansible_facts=dict(ipa=facts)
)
if __name__ == '__main__':
diff --git a/roles/ipaclient/library/ipahost.py b/roles/ipaclient/library/ipaclient_get_otp.py
similarity index 98%
rename from roles/ipaclient/library/ipahost.py
rename to roles/ipaclient/library/ipaclient_get_otp.py
index b6da08e5..84356993 100644
--- a/roles/ipaclient/library/ipahost.py
+++ b/roles/ipaclient/library/ipaclient_get_otp.py
@@ -26,7 +26,7 @@ ANSIBLE_METADATA = {'metadata_version': '1.0',
DOCUMENTATION = '''
---
-module: ipahost
+module: ipaclient_get_otp
short description: Manage IPA hosts
description:
Manage hosts in a IPA domain.
@@ -84,28 +84,28 @@ author:
EXAMPLES = '''
# Example from Ansible Playbooks
# Add a new host with a random OTP, authenticate using principal/password
-- ipahost:
+- ipaclient_get_otp:
principal: admin
password: MySecretPassword
fqdn: ipaclient.ipa.domain.com
ipaddress: 192.168.100.23
random: True
- register: ipahost
+ register: result_ipaclient_get_otp
# Add a new host, authenticate with a keytab stored on the controller node
-- ipahost:
+- ipaclient_get_otp:
keytab: admin.keytab
fqdn: ipaclient.ipa.domain.com
# Remove a host, authenticate using principal/password
-- ipahost:
+- ipaclient_get_otp:
principal: admin
password: MySecretPassword
fqdn: ipaclient.ipa.domain.com
state: absent
# Modify a host, add ssh public key:
-- ipahost:
+- ipaclient_get_otp:
principal: admin
password: MySecretPassword
fqdn: ipaclient.ipa.domain.com
@@ -355,7 +355,7 @@ def main():
changed = ensure_host_absent(module, api, host)
except Exception as e:
- module.fail_json(msg="ipahost module failed : %s" % str(e))
+ module.fail_json(msg="ipaclient_get_otp module failed : %s" % str(e))
finally:
run([paths.KDESTROY], raiseonerr=False, env=os.environ)
diff --git a/roles/ipaclient/library/ipajoin.py b/roles/ipaclient/library/ipaclient_join.py
similarity index 99%
rename from roles/ipaclient/library/ipajoin.py
rename to roles/ipaclient/library/ipaclient_join.py
index 11a3fc14..5b58858d 100644
--- a/roles/ipaclient/library/ipajoin.py
+++ b/roles/ipaclient/library/ipaclient_join.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipajoin
+module: ipaclient_join
short description: Join a machine to an IPA realm and get a keytab for the host service principal
description:
Join a machine to an IPA realm and get a keytab for the host service principal
@@ -88,7 +88,7 @@ author:
EXAMPLES = '''
# Join IPA to get the keytab
- name: Join IPA in force mode with maximum 5 kinit attempts
- ipajoin:
+ ipaclient_join:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
@@ -102,7 +102,7 @@ EXAMPLES = '''
# Join IPA to get the keytab using ipadiscovery return values
- name: Join IPA
- ipajoin:
+ ipaclient_join:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
diff --git a/roles/ipaclient/library/ipanss.py b/roles/ipaclient/library/ipaclient_setup_nss.py
similarity index 98%
rename from roles/ipaclient/library/ipanss.py
rename to roles/ipaclient/library/ipaclient_setup_nss.py
index 46a7caac..4c12ae1f 100644
--- a/roles/ipaclient/library/ipanss.py
+++ b/roles/ipaclient/library/ipaclient_setup_nss.py
@@ -30,8 +30,8 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipanss
-short description: Create IPA NSS database
+module: ipaclient_setup_nss
+short description: Create IPA client NSS database
description:
Create IPA NSS database
options:
@@ -77,8 +77,8 @@ author:
'''
EXAMPLES = '''
-- name: Create IPA NSS database
- ipanss:
+- name: Create IPA client NSS database
+ ipaclient_setup_nss:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
diff --git a/roles/ipaclient/library/ipasssd.py b/roles/ipaclient/library/ipaclient_setup_sssd.py
similarity index 98%
rename from roles/ipaclient/library/ipasssd.py
rename to roles/ipaclient/library/ipaclient_setup_sssd.py
index 4320a6bc..e486f354 100644
--- a/roles/ipaclient/library/ipasssd.py
+++ b/roles/ipaclient/library/ipaclient_setup_sssd.py
@@ -30,10 +30,10 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: sssd_conf
-short description: Configure sssd
+module: ipaclient_setup_sssd
+short description: Configure sssd for IPA client
description:
-Configure sssd
+ Configure sssd for IPA client
options:
servers:
description: The FQDN of the IPA servers to connect to.
@@ -93,7 +93,7 @@ author:
EXAMPLES = '''
- name: Configure SSSD
- sssd:
+ ipaclient_setup_sssd:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
diff --git a/roles/ipaclient/library/ipadiscovery.py b/roles/ipaclient/library/ipaclient_test.py
similarity index 96%
rename from roles/ipaclient/library/ipadiscovery.py
rename to roles/ipaclient/library/ipaclient_test.py
index 418c7528..6a0d1e64 100644
--- a/roles/ipaclient/library/ipadiscovery.py
+++ b/roles/ipaclient/library/ipaclient_test.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipadiscovery
+module: ipaclient_test
short description: Tries to discover IPA server
description:
Tries to discover IPA server using DNS or host name
@@ -85,34 +85,34 @@ author:
'''
EXAMPLES = '''
-# Complete autodiscovery, register return values as ipadiscovery
+# Complete autodiscovery, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
- register: ipadiscovery
+ ipaclient_test:
+ register: register_ipaclient_test
-# Discovery using servers, register return values as ipadiscovery
+# Discovery using servers, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
servers: server1.domain.com,server2.domain.com
- register: ipadiscovery
+ register: register_ipaclient_test
-# Discovery using domain name, register return values as ipadiscovery
+# Discovery using domain name, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
domain: domain.com
- register: ipadiscovery
+ register: register_ipaclient_test
-# Discovery using realm, register return values as ipadiscovery
+# Discovery using realm, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
realm: DOMAIN.COM
- register: ipadiscovery
+ register: register_ipaclient_test
-# Discovery using hostname, register return values as ipadiscovery
+# Discovery using hostname, register return values as ipaclient_test
- name: IPA discovery
- ipadiscovery:
+ ipaclient_test:
hostname: host.domain.com
- register: ipadiscovery
+ register: register_ipaclient_test
'''
RETURN = '''
diff --git a/roles/ipaclient/library/ipatest.py b/roles/ipaclient/library/ipaclient_test_keytab.py
similarity index 96%
rename from roles/ipaclient/library/ipatest.py
rename to roles/ipaclient/library/ipaclient_test_keytab.py
index 9dc5e42e..37851deb 100644
--- a/roles/ipaclient/library/ipatest.py
+++ b/roles/ipaclient/library/ipaclient_test_keytab.py
@@ -30,7 +30,7 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipatest
+module: ipaclient_test_keytab
short description: Test if the krb5.keytab on the machine is valid and can be used.
description:
Test if the krb5.keytab on the machine is valid and can be used.
@@ -64,7 +64,7 @@ author:
EXAMPLES = '''
# Test IPA with local keytab
- name: Test IPA in force mode with maximum 5 kinit attempts
- ipatest:
+ ipaclient_test_keytab:
servers: ["server1.example.com","server2.example.com"]
domain: example.com
realm: EXAMPLE.COM
@@ -74,7 +74,7 @@ EXAMPLES = '''
# Test IPA with ipadiscovery return values
- name: Join IPA
- ipajoin:
+ ipaclient_test_keytab:
servers: "{{ ipadiscovery.servers }}"
domain: "{{ ipadiscovery.domain }}"
realm: "{{ ipadiscovery.realm }}"
@@ -94,7 +94,7 @@ krb5_conf_ok:
description: The flag describes if krb5.conf on the host is usable.
returned: always
type: bool
-ipa_test_ok:
+ping_test_ok:
description: The flag describes if ipa ping test succeded.
returned: always
type: bool
@@ -143,7 +143,7 @@ def main():
krb5_keytab_ok = False
krb5_conf_ok = False
- ipa_test_ok = False
+ ping_test_ok = False
ca_crt_exists = os.path.exists(paths.IPA_CA_CRT)
env = {'PATH': SECURE_PATH, 'KRB5CCNAME': paths.IPA_DNS_CCACHE}
@@ -160,7 +160,7 @@ def main():
try:
result = run(["/usr/bin/ipa", "ping"], raiseonerr=False, env=env)
if result.returncode == 0:
- ipa_test_ok = True
+ ping_test_ok = True
except OSError:
pass
except GSSError as e:
@@ -197,7 +197,7 @@ def main():
result = run(["/usr/bin/ipa", "ping"], raiseonerr=False,
env=env)
if result.returncode == 0:
- ipa_test_ok = True
+ ping_test_ok = True
except OSError:
pass
@@ -214,7 +214,7 @@ def main():
krb5_keytab_ok=krb5_keytab_ok,
krb5_conf_ok=krb5_conf_ok,
ca_crt_exists=ca_crt_exists,
- ipa_test_ok=ipa_test_ok)
+ ping_test_ok=ping_test_ok)
if __name__ == '__main__':
main()
diff --git a/roles/ipaclient/tasks/install.yml b/roles/ipaclient/tasks/install.yml
index f609fbb2..14304bfe 100644
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -22,7 +22,7 @@
when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined
- name: Install - IPA discovery
- ipadiscovery:
+ ipaclient_test:
domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}"
servers: "{{ ipaclient_servers | default(omit) }}"
realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}"
@@ -32,7 +32,7 @@
ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
no_ntp: "{{ ipaclient_no_ntp }}"
- register: ipadiscovery
+ register: result_ipaclient_test
- name: Install - Set default principal if no keytab is given
set_fact:
@@ -46,19 +46,19 @@
- block:
- name: Install - Test if IPA client has working krb5.keytab
- ipatest:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- hostname: "{{ ipadiscovery.hostname }}"
- kdc: "{{ ipadiscovery.kdc }}"
+ ipaclient_test_keytab:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
+ kdc: "{{ result_ipaclient_test.kdc }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
- register: ipatest
+ register: result_ipaclient_test_keytab
- name: Install - Disable One-Time Password for client with working krb5.keytab
set_fact:
ipaclient_use_otp: "no"
- when: ipaclient_use_otp | bool and ipatest.krb5_keytab_ok and not ipaclient_force_join | bool
+ when: ipaclient_use_otp | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not ipaclient_force_join | bool
# The following block is executed when using OTP to enroll IPA client
@@ -77,30 +77,30 @@
- name: Install - Include Python2/3 import test
import_tasks: "{{role_path}}/tasks/python_2_3_test.yml"
- delegate_to: "{{ ipadiscovery.servers[0] }}"
+ delegate_to: "{{ result_ipaclient_test.servers[0] }}"
- name: Install - Get One-Time Password for client enrollment
#no_log: yes
- ipahost:
+ ipaclient_get_otp:
state: present
principal: "{{ ipaadmin_principal | default('admin') }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaadmin_keytab | default(omit) }}"
- fqdn: "{{ ipadiscovery.hostname }}"
+ fqdn: "{{ result_ipaclient_test.hostname }}"
lifetime: "{{ ipaclient_lifetime | default(omit) }}"
random: True
ansible_python_interpreter: "{{ ansible_python_interpreter }}"
- register: ipahost_output
+ register: result_ipaclient_get_otp
# If the host is already enrolled, this command will exit on error
# The error can be ignored
- failed_when: ipahost_output is failed and "Password cannot be set on enrolled host" not in ipahost_output.msg
- delegate_to: "{{ ipadiscovery.servers[0] }}"
+ failed_when: result_ipaclient_get_otp is failed and "Password cannot be set on enrolled host" not in result_ipaclient_get_otp.msg
+ delegate_to: "{{ result_ipaclient_test.servers[0] }}"
delegate_facts: True
- name: Install - Store the previously obtained OTP
no_log: yes
set_fact:
- ipaadmin_password: "{{ ipahost_output.host.randompassword if ipahost_output.host is defined }}"
+ ipaadmin_password: "{{ result_ipaclient_get_otp.host.randompassword if result_ipaclient_get_otp.host is defined }}"
- name: Install - Restore client ansible_python_interpreter setting
set_fact:
@@ -115,42 +115,42 @@
- name: Install - Check if one of password and keytab are set
fail: msg="At least one of password or keytab must be specified"
- when: not ipatest.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
+ when: not result_ipaclient_test_keytab.krb5_keytab_ok and (ipaadmin_password is undefined or ipaadmin_password == "") and (ipaclient_keytab is undefined or ipaclient_keytab == "")
when: not ipaclient_on_master | bool
- - name: Install - Purge {{ ipadiscovery.realm }} from host keytab
+ - name: Install - Purge {{ result_ipaclient_test.realm }} from host keytab
command: >
/usr/sbin/ipa-rmkeytab
-k /etc/krb5.keytab
- -r "{{ ipadiscovery.realm }}"
- register: iparmkeytab
+ -r "{{ result_ipaclient_test.realm }}"
+ register: result_ipa_rmkeytab
# Do not fail on error codes 3 and 5:
# 3 - Unable to open keytab
# 5 - Principal name or realm not found in keytab
- failed_when: iparmkeytab.rc != 0 and iparmkeytab.rc != 3 and iparmkeytab.rc != 5
+ failed_when: result_ipa_rmkeytab.rc != 0 and result_ipa_rmkeytab.rc != 3 and result_ipa_rmkeytab.rc != 5
when: ipaclient_use_otp | bool or ipaclient_force_join | bool
- name: Install - Backup and set hostname
ipaclient_set_hostname:
- hostname: "{{ ipadiscovery.hostname }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
when: not ipaclient_on_master | bool
- name: Install - Join IPA
- ipajoin:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- kdc: "{{ ipadiscovery.kdc }}"
- basedn: "{{ ipadiscovery.basedn }}"
- hostname: "{{ ipadiscovery.hostname }}"
+ ipaclient_join:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ kdc: "{{ result_ipaclient_test.kdc }}"
+ basedn: "{{ result_ipaclient_test.basedn }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
force_join: "{{ ipaclient_force_join | default(omit) }}"
principal: "{{ ipaadmin_principal if not ipaclient_use_otp | bool and ipaclient_keytab is not defined else '' }}"
password: "{{ ipaadmin_password | default(omit) }}"
keytab: "{{ ipaclient_keytab | default(omit) }}"
#ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
kinit_attempts: "{{ ipaclient_kinit_attempts | default(omit) }}"
- register: ipajoin
- when: not ipaclient_on_master | bool and (not ipatest.krb5_keytab_ok or ipaclient_force_join)
+ register: result_ipaclient_join
+ when: not ipaclient_on_master | bool and (not result_ipaclient_test_keytab.krb5_keytab_ok or ipaclient_force_join)
- block:
- name: Install - End playbook processing
@@ -159,33 +159,33 @@
state: absent
- fail:
msg: "The krb5 configuration is not correct, please enable allow_repair to fix this."
- when: not ipatest.krb5_conf_ok
+ when: not result_ipaclient_test_keytab.krb5_conf_ok
- fail:
msg: "The IPA test failed, please enable allow_repair to fix this."
- when: not ipatest.ipa_test_ok
+ when: not result_ipaclient_test_keytab.ping_test_ok
- fail:
msg: "The ca.crt file is missing, please enable allow_repair to fix this."
- when: not ipatest.ca_crt_exists
+ when: not result_ipaclient_test_keytab.ca_crt_exists
- meta: end_play
- when: not ipaclient_on_master | bool and not ipajoin.changed and not ipaclient_allow_repair | bool and (ipatest.krb5_keytab_ok or (ipajoin.already_joined is defined and ipajoin.already_joined))
+ when: not ipaclient_on_master | bool and not result_ipaclient_join.changed and not ipaclient_allow_repair | bool and (result_ipaclient_test_keytab.krb5_keytab_ok or (result_ipaclient_join.already_joined is defined and result_ipaclient_join.already_joined))
- name: Install - Configure IPA default.conf
include_role:
name: ipaconf
vars:
- ipaconf_server: "{{ ipadiscovery.servers[0] }}"
- ipaconf_domain: "{{ ipadiscovery.domain }}"
- ipaconf_realm: "{{ ipadiscovery.realm }}"
- ipaconf_hostname: "{{ ipadiscovery.hostname }}"
- ipaconf_basedn: "{{ ipadiscovery.basedn }}"
+ ipaconf_server: "{{ result_ipaclient_test.servers[0] }}"
+ ipaconf_domain: "{{ result_ipaclient_test.domain }}"
+ ipaconf_realm: "{{ result_ipaclient_test.realm }}"
+ ipaconf_hostname: "{{ result_ipaclient_test.hostname }}"
+ ipaconf_basedn: "{{ result_ipaclient_test.basedn }}"
when: not ipaclient_on_master | bool
- name: Install - Configure SSSD
- ipasssd:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- hostname: "{{ ipadiscovery.hostname }}"
+ ipaclient_setup_sssd:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
services: ["ssh", "sudo"]
krb5_offline_passwords: yes
on_master: "{{ ipaclient_on_master }}"
@@ -194,66 +194,66 @@
#dns_updates: no
#all_ip_addresses: no
- - name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }} <= 4.4"
+ - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} <= 4.4"
include_role:
name: ipa-krb5
vars:
- krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
- krb5_realm: "{{ ipadiscovery.realm }}"
- krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
+ krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
+ krb5_realm: "{{ result_ipaclient_test.realm }}"
+ krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
krb5_pkinit_anchors: "FILE:/etc/ipa/ca.crt"
- when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version <= 40400
+ when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version <= 40400
- - name: Install - Configure krb5 for IPA realm "{{ ipadiscovery.realm }} > 4.4"
+ - name: Install - Configure krb5 for IPA realm "{{ result_ipaclient_test.realm }} > 4.4"
include_role:
name: ipa-krb5
vars:
- krb5_servers: "{{ ipadiscovery.servers if not ipadiscovery.dnsok or not ipadiscovery.kdc else [ ] }}"
- krb5_realm: "{{ ipadiscovery.realm }}"
- krb5_dns_lookup_realm: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_dns_lookup_kdc: "{{ 'false' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'true' }}"
- krb5_default_domain: "{{ 'true' if not ipadiscovery.dnsok or not ipadiscovery.kdc else 'false' }}"
+ krb5_servers: "{{ result_ipaclient_test.servers if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else [ ] }}"
+ krb5_realm: "{{ result_ipaclient_test.realm }}"
+ krb5_dns_lookup_realm: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_dns_lookup_kdc: "{{ 'false' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'true' }}"
+ krb5_default_domain: "{{ 'true' if not result_ipaclient_test.dnsok or not result_ipaclient_test.kdc else 'false' }}"
krb5_dns_canonicalize_hostname: "false"
krb5_pkinit_pool: "FILE:/var/lib/ipa-client/pki/ca-bundle.pem"
krb5_pkinit_anchors: "FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
- when: not ipaclient_on_master | bool and ipadiscovery.ipa_python_version > 40400
+ when: not ipaclient_on_master | bool and result_ipaclient_test.ipa_python_version > 40400
- name: Install - IPA API calls for remaining enrollment parts
- ipaapi:
- servers: "{{ ipadiscovery.servers }}"
- realm: "{{ ipadiscovery.realm }}"
- hostname: "{{ ipadiscovery.hostname }}"
+ ipaclient_api:
+ servers: "{{ result_ipaclient_test.servers }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
#debug: yes
- register: ipaapi
+ register: result_ipaclient_api
- name: Install - Fix IPA ca
- ipafixca:
- servers: "{{ ipadiscovery.servers }}"
- realm: "{{ ipadiscovery.realm }}"
- basedn: "{{ ipadiscovery.basedn }}"
+ ipaclient_fix_ca:
+ servers: "{{ result_ipaclient_test.servers }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ basedn: "{{ result_ipaclient_test.basedn }}"
allow_repair: "{{ ipaclient_allow_repair }}"
- when: not ipaclient_on_master | bool and ipatest.krb5_keytab_ok and not ipatest.ca_crt_exists
+ when: not ipaclient_on_master | bool and result_ipaclient_test_keytab.krb5_keytab_ok and not result_ipaclient_test_keytab.ca_crt_exists
- name: Install - Create IPA NSS database
- ipanss:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- realm: "{{ ipadiscovery.realm }}"
- basedn: "{{ ipadiscovery.basedn }}"
- hostname: "{{ ipadiscovery.hostname }}"
- subject_base: "{{ ipaapi.subject_base }}"
+ ipaclient_setup_nss:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ realm: "{{ result_ipaclient_test.realm }}"
+ basedn: "{{ result_ipaclient_test.basedn }}"
+ hostname: "{{ result_ipaclient_test.hostname }}"
+ subject_base: "{{ result_ipaclient_api.subject_base }}"
principal: "{{ ipaadmin_principal | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
- ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"
+ ca_enabled: "{{ result_ipaclient_api.ca_enabled | default(omit) }}"
on_master: "{{ ipaclient_on_master }}"
- name: Install - IPA extras configuration
- ipaextras:
- servers: "{{ ipadiscovery.servers }}"
- domain: "{{ ipadiscovery.domain }}"
- ntp_servers: "{{ ipadiscovery.ntp_servers }}"
+ ipaclient_extras:
+ servers: "{{ result_ipaclient_test.servers }}"
+ domain: "{{ result_ipaclient_test.domain }}"
+ ntp_servers: "{{ result_ipaclient_test.ntp_servers }}"
ntp: "{{ ipaclient_ntp | default(omit) }}"
on_master: "{{ ipaclient_on_master }}"
#force_ntpd: no
diff --git a/roles/ipaconf/tasks/main.yml b/roles/ipaconf/tasks/main.yml
index d01a2617..a4969dbf 100644
--- a/roles/ipaconf/tasks/main.yml
+++ b/roles/ipaconf/tasks/main.yml
@@ -1,6 +1,6 @@
---
- name: Backup IPA default.conf
- ipafstore:
+ ipaclient_fstore:
backup: "{{ ipaconf_default_conf }}"
- name: Template IPA default.conf
--
GitLab