ipareplica_setup_adtrust: Add missing settings for adtrust and module

There have been missing settings that have not been provided to ipareplica_setup_adtrust. These are: enable_compat, rid_base and secondary_rid_base. The settings rid_base and secondary_rid_base are now initialized in ipareplica_prepare and propagated in the results. The two settings netbios_name and reset_netbios_name are placed in the adtrust binding in the adtrust.install_check call. These are now saved when ipareplica_prepare finishes and are written back in the fist steps of ipareplica_setup_adtrust to make adtrust.install working. The settings add_sids and add_agents are now initialized in ansible_ipa_replica in the same way as in ServerMasterInstall. These settings are fixed in the replica deployment. Related: #73 (ipaserver_setup_adtrust fails on default smb.conf)

ipareplica_setup_adtrust: Add missing settings for adtrust and module
832d2333 · Thomas Woerner · a980aec1 · 832d2333 · 832d2333 · 832d2333
Commit 832d2333 authored Apr 18, 2019 by Thomas Woerner
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -184,6 +184,11 @@ def main():
            no_dnssec_validation=dict(required=False, type='bool',
                                      default=False),
            ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            netbios_name=dict(required=False),
+            rid_base=dict(required=False, type='int', default=1000),
+            secondary_rid_base=dict(required=False, type='int',
+                                    default=100000000),
            ### additional ###
            server=dict(required=True),
            skip_conncheck=dict(required=False, type='bool'),
@@ -243,6 +248,11 @@ def main():
    options.forward_policy = ansible_module.params.get('forward_policy')
    options.no_dnssec_validation = ansible_module.params.get(
        'no_dnssec_validationdnssec_validation')
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.netbios_name = ansible_module.params.get('netbios_name')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')
    ### additional ###
    #options._host_name_overridden = ansible_module.params.get(
@@ -701,7 +711,12 @@ def main():
                             config_setup_ca=config.setup_ca,
                             config_master_host_name=config.master_host_name,
                             config_ca_host_name=config.ca_host_name,
-                             config_ips=[ str(ip) for ip in config.ips ])
+                             config_ips=[ str(ip) for ip in config.ips ],
+                             ### ad trust ###
+                             rid_base=options.rid_base,
+                             secondary_rid_base=options.secondary_rid_base,
+                             adtrust_netbios_name=adtrust.netbios_name,
+                             adtrust_reset_netbios_name=adtrust.reset_netbios_name)
 if __name__ == '__main__':
    main()
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -37,9 +37,6 @@ short description: Setup adtrust
 description:
  Setup adtrust
 options:
-  setup_adtrust:
-    description: 
-    required: yes
  setup_kra:
    description: 
    required: yes
@@ -75,10 +72,16 @@ def main():
    ansible_module = AnsibleModule(
        argument_spec = dict(
            ### server ###
-            setup_adtrust=dict(required=False, type='bool'),
            setup_kra=dict(required=False, type='bool'),
            ### certificate system ###
            subject_base=dict(required=True),
+            ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            rid_base=dict(required=False, type='int'),
+            secondary_rid_base=dict(required=False, type='int'),
+            ### additional ###
+            adtrust_netbios_name=dict(required=True),
+            adtrust_reset_netbios_name=dict(required=True, type='bool'),
            ### additional ###
            ccache=dict(required=True),
            _top_dir = dict(required=True),
@@ -95,18 +98,23 @@ def main():
    options = installer
    ### server ###
-    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
    options.setup_kra = ansible_module.params.get('setup_kra')
    ### certificate system ###
    options.subject_base = ansible_module.params.get('subject_base')
    if options.subject_base is not None:
        options.subject_base = DN(options.subject_base)
-    ### additional ###
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')    ### additional ###
    ccache = ansible_module.params.get('ccache')
    os.environ['KRB5CCNAME'] = ccache
    options._top_dir = ansible_module.params.get('_top_dir')
    options.setup_ca = ansible_module.params.get('setup_ca')
    config_master_host_name = ansible_module.params.get('config_master_host_name')
+    adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
+    adtrust.reset_netbios_name = \
+        ansible_module.params.get('adtrust_reset_netbios_name')
    # init #
@@ -133,7 +141,6 @@ def main():
    api.Backend.ldap2.connect()
    with redirect_stdout(ansible_log):
-        #if options.setup_adtrust:
        ansible_log.debug("-- INSTALL ADTRUST --")
        adtrust.install(False, options, fstore, api)

--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -230,6 +230,10 @@ options.disable_dnssec_master = False
 options.kasp_db_file = None
 options.force = False
+# ServerMasterInstall
+options.add_sids = True
+options.add_agents = False
 # ServerReplicaInstall
 options.subject_base = None
 options.ca_subject = None

--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -159,6 +159,7 @@
      forward_policy: "{{ ipareplica_forward_policy | default(omit) }}"
      no_dnssec_validation: "{{ ipareplica_no_dnssec_validation }}"
      ### ad trust ###
+      enable_compat: "{{ ipareplica_enable_compat }}"
      netbios_name: "{{ ipareplica_netbios_name | default(omit) }}"
      rid_base: "{{ ipareplica_rid_base | default(omit) }}"
      secondary_rid_base: "{{ ipareplica_secondary_rid_base | default(omit) }}"
@@ -595,15 +596,20 @@
  - name: Install - Setup adtrust
    ipareplica_setup_adtrust:
      ### replica ###
-      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
+      ### ad trust ###
+      enable_compat: "{{ ipareplica_enable_compat }}"
+      rid_base: "{{ result_ipareplica_prepare.rid_base }}"
+      secondary_rid_base: "{{ result_ipareplica_prepare.secondary_rid_base }}"
      ### additional ###
      ccache: "{{ result_ipareplica_prepare.ccache }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}"
+      adtrust_netbios_name: "{{ result_ipareplica_prepare.adtrust_netbios_name }}"
+      adtrust_reset_netbios_name: "{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}"
    when: result_ipareplica_test.setup_adtrust
  #- name: Install - Disconnect backend