Skip to content
Snippets Groups Projects
Commit 8459e1c4 authored by Rafael Guterres Jeffman's avatar Rafael Guterres Jeffman
Browse files

utils: Remove deprecated shell scripts used to deploy IPA. 

The deprecated shell scripts used to deplay IPA are outdated and are
not needed to deploy IPA. There is no documentation about them, and
they would need to be updated and maintained in the future.
parent 460adff1
No related branches found
No related tags found
No related merge requests found
Expand all Show whitespace changes
Inline Side-by-side
tests/sanity/ignore-2.12.txt
+ 0
3
View file @ 8459e1c4
......@@ -41,9 +41,6 @@ tests/user/users.sh shebang!skip
tests/user/users_absent.sh shebang!skip
tests/utils.py pylint:ansible-format-automatic-specification
utils/ansible-doc-test shebang!skip
utils/ansible-ipa-client-install shebang!skip
utils/ansible-ipa-replica-install shebang!skip
utils/ansible-ipa-server-install shebang!skip
utils/build-galaxy-release.sh shebang!skip
utils/build-srpm.sh shebang!skip
utils/changelog shebang!skip
......
tests/sanity/ignore-2.13.txt
+ 0
3
View file @ 8459e1c4
......@@ -23,9 +23,6 @@ tests/user/users.sh shebang!skip
tests/user/users_absent.sh shebang!skip
tests/utils.py pylint:ansible-format-automatic-specification
utils/ansible-doc-test shebang!skip
utils/ansible-ipa-client-install shebang!skip
utils/ansible-ipa-replica-install shebang!skip
utils/ansible-ipa-server-install shebang!skip
utils/build-galaxy-release.sh shebang!skip
utils/build-srpm.sh shebang!skip
utils/changelog shebang!skip
......
utils/ansible-freeipa.spec.in
+ 1
2
View file @ 8459e1c4
......@@ -122,8 +122,7 @@ for i in roles/ipa*/library/*.py roles/ipa*/module_utils/*.py plugins/*/*.py; do
chmod a-x $i
done
for i in utils/*.py utils/ansible-ipa-*-install utils/new_module \
utils/changelog utils/ansible-doc-test;
for i in utils/*.py utils/new_module utils/changelog utils/ansible-doc-test
do
sed -i '{s@/usr/bin/python*@%{python}@}' $i
done
......
utils/ansible-ipa-client-install deleted 100755 → 0
+ 0
412
View file @ 460adff1
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Authors:
# Thomas Woerner <twoerner@redhat.com>
#
# Copyright (C) 2019 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import sys
import shutil
import tempfile
import argparse
import traceback
import subprocess
def parse_options():
usage = "Usage: ansible-ipa-client-install [options] <ansible host>"
parser = argparse.ArgumentParser(usage=usage)
parser.add_argument("--version", dest="version",
action="store_true",
help="show program's version number and exit")
parser.add_argument("-U", "--unattended", dest="unattended",
action="store_true",
help="unattended (un)installation never prompts the "
"user")
parser.add_argument("--uninstall", dest="uninstall",
action="store_true",
help="uninstall an existing installation. The "
"uninstall can be run with --unattended option")
# basic
parser.add_argument("-p", "--principal", dest="principal",
default=None,
help="principal to use to join the IPA realm")
parser.add_argument("--ca-cert-file", dest="ca_cert_file",
default=None,
help="load the CA certificate from this file")
parser.add_argument("--ip-address", dest="ip_addresses",
metavar="IP_ADDRESS",
action='append', default=None,
help="Specify IP address that should be added to DNS. "
"This option can be used multiple times")
parser.add_argument("--all-ip-addresses", dest="all_ip_addresses",
action='store_true',
help="All routable IP addresses configured on any "
"interface will be added to DNS")
parser.add_argument("--domain", dest="domain",
default=None,
help="primary DNS domain of the IPA deployment (not "
"necessarily related to the current hostname)")
parser.add_argument("--server", dest="servers",
metavar="SERVER",
action='append', default=None,
help="FQDN of IPA server")
parser.add_argument("--realm", dest="realm",
default=None,
help="Kerberos realm name of the IPA deployment "
"(typically an upper-cased name of the primary DNS "
"domain)")
parser.add_argument("--hostname", dest="hostname",
default=None,
help="The hostname of this machine (FQDN). If "
"specified, the hostname will be set and the system "
"configuration will be updated to persist over "
"reboot. By default the result of getfqdn() call "
"from Python's socket module is used.")
# client
parser.add_argument("-w", "--password", dest="password",
default=None,
help="password to join the IPA realm (assumes bulk "
"password unless principal is also set)")
parser.add_argument("-W", dest="password_prompt",
action="store_true",
help="Prompt for a password to join the IPA realm")
parser.add_argument("-f", "--force", dest="force",
action="store_true",
help="force setting of LDAP/Kerberos conf")
parser.add_argument("--configure-firefox", dest="configure_firefox",
action="store_true",
help="configure Firefox to use IPA domain credentials")
parser.add_argument("--firefox-dir", dest="firefox_dir",
default=None,
help="specify directory where Firefox is installed "
"(for example: '/usr/lib/firefox')")
parser.add_argument("-k", "--keytab", dest="keytab",
default=None,
help="path to backed up keytab from previous "
"enrollment")
parser.add_argument("--mkhomedir", dest="mkhomedir",
action="store_true",
help="create home directories for users on their "
"first login")
parser.add_argument("--force-join", dest="force_join",
action="store_true",
help="Force client enrollment even if already "
"enrolled")
parser.add_argument("--ntp-server", dest="ntp_servers",
metavar="NTP_SERVER",
action='append', default=None,
help="ntp server to use. This option can be used "
"multiple times")
parser.add_argument("--ntp-pool", dest="ntp_pool",
default=None,
help="ntp server pool to use")
parser.add_argument("-N", "--no-ntp", dest="no_ntp",
action="store_true",
help="do not configure ntp")
parser.add_argument("--nisdomain", dest="nisdomain",
default=None,
help="NIS domain name")
parser.add_argument("--no-nisdomain", dest="no_nisdomain",
action="store_true",
help="do not configure NIS domain name")
parser.add_argument("--ssh-trust-dns", dest="ssh_trust_dns",
action="store_true",
help="configure OpenSSH client to trust DNS SSHFP "
"records")
parser.add_argument("--no-ssh", dest="no_ssh",
action="store_true",
help="do not configure OpenSSH client")
parser.add_argument("--no-sshd", dest="no_sshd",
action="store_true",
help="do not configure OpenSSH server")
parser.add_argument("--no-sudo", dest="no_sudo",
action="store_true",
help="do not configure SSSD as data source for sudo")
parser.add_argument("--no-dns-sshfp", dest="no_dns_sshfp",
action="store_true",
help="do not automatically create DNS SSHFP records")
parser.add_argument("--kinit-attempts", dest="kinit_attempts",
type=int, default=None,
help="number of attempts to obtain host TGT (defaults "
"to 5)")
# sssd
parser.add_argument("--fixed-primary", dest="fixed_primary",
action="store_true",
help="Configure sssd to use fixed server as primary "
"IPA server")
parser.add_argument("--permit", dest="permit",
action="store_true",
help="disable access rules by default, permit all "
"access")
parser.add_argument("--enable-dns-updates", dest="enable_dns_updates",
action="store_true",
help="Configures the machine to attempt dns updates "
"when the ip address changes")
parser.add_argument("--no-krb5-offline-passwords",
dest="no_krb5_offline_passwords",
action="store_true",
help="Configure SSSD not to store user password when "
"the server is offline")
parser.add_argument("--preserve-sssd", dest="preserve_sssd",
action="store_true",
help="Preserve old SSSD configuration if possible")
# automount
parser.add_argument("--automount-location", dest="automount_location",
default=None,
help="Automount location")
# logging and output
parser.add_argument("-v", "--verbose", dest="verbose",
action="store_true",
help="print debugging information")
parser.add_argument("-d", "--debug", dest="verbose",
action="store_true",
help="alias for --verbose (deprecated)")
parser.add_argument("-q", "--quiet", dest="quiet",
action="store_true",
help="output only errors")
parser.add_argument("--log-file", dest="log_file",
help="log to the given file")
# ansible
parser.add_argument("--ipaclient-use-otp", dest="ipaclient_use_otp",
choices=("yes", "no"), default=None,
help="The bool value defines if a one-time password "
"will be generated to join a new or existing host. "
"Default: no")
parser.add_argument("--ipaclient-allow-repair",
dest="ipaclient_allow_repair",
choices=("yes", "no"), default=None,
help="The bool value defines if an already joined or "
"partly set-up client can be repaired. Default: no")
parser.add_argument("--ipaclient-install-packages",
dest="ipaclient_install_packages",
choices=("yes", "no"), default=None,
help="The bool value defines if the needed packages "
"are installed on the node. Default: yes")
# playbook
parser.add_argument("--playbook-dir",
dest="playbook_dir",
default=None,
help="If defined will be used as to create inventory "
"file and playbook in. The files will not be removed "
"after the playbook processing ended.")
parser.add_argument("--become-method",
dest="become_method",
default="sudo",
help="privilege escalation method to use "
"(default=sudo), use `ansible-doc -t become -l` to "
"list valid choices.")
parser.add_argument("--ansible-verbose",
dest="ansible_verbose",
type=int, default=None,
help="privilege escalation method to use "
"(default=sudo), use `ansible-doc -t become -l` to "
"list valid choices.")
options, args = parser.parse_known_args()
if options.playbook_dir and not os.path.isdir(options.playbook_dir):
parser.error("playbook dir does not exist")
if options.password_prompt:
parser.error("password prompt is not possible with ansible")
if options.log_file:
parser.error("log_file is not supported")
if len(args) < 1:
parser.error("ansible host not set")
elif len(args) > 1:
parser.error("too many arguments: %s" % ",".join(args))
return options, args
def run_cmd(args):
"""
Execute an external command.
"""
p_out = subprocess.PIPE
p_err = subprocess.STDOUT
try:
p = subprocess.Popen(args, stdout=p_out, stderr=p_err,
close_fds=True, bufsize=1,
universal_newlines=True)
while True:
line = p.stdout.readline()
if p.poll() is not None and line == "":
break
sys.stdout.write(line)
except KeyboardInterrupt:
p.wait()
raise
else:
p.wait()
return p.returncode
def main(options, args):
if options.playbook_dir:
playbook_dir = options.playbook_dir
else:
temp_dir = tempfile.mkdtemp(prefix='ansible-ipa-client')
playbook_dir = temp_dir
inventory = os.path.join(playbook_dir, "ipaclient-inventory")
playbook = os.path.join(playbook_dir, "ipaclient-playbook.yml")
with open(inventory, 'w') as f:
if options.servers:
f.write("[ipaservers]\n")
for server in options.servers:
f.write("%s\n" % server)
f.write("\n")
f.write("[ipaclients]\n")
f.write("%s\n" % args[0])
f.write("\n")
f.write("[ipaclients:vars]\n")
# basic
if options.principal:
f.write("ipaadmin_principal=%s\n" % options.principal)
if options.ca_cert_file:
f.write("ipaclient_ca_cert_file=%s\n" % options.ca_cert_file)
if options.ip_addresses:
f.write("ipaclient_ip_addresses=%s\n" %
",".join(options.ip_addresses))
if options.all_ip_addresses:
f.write("ipaclient_all_ip_addresses=yes\n")
if options.domain:
f.write("ipaclient_domain=%s\n" % options.domain)
# --servers are handled above
if options.realm:
f.write("ipaclient_realm=%s\n" % options.realm)
if options.hostname:
f.write("ipaclient_hostname=%s\n" % options.hostname)
# client
if options.password:
f.write("ipaadmin_password=%s\n" % options.password)
if options.force:
f.write("ipaclient_force=yes\n")
if options.configure_firefox:
f.write("ipaclient_configure_firefox=yes\n")
if options.firefox_dir:
f.write("ipaclient_firefox_dir=%s\n" % options.firefox_dir)
if options.keytab:
f.write("ipaclient_keytab=%s\n" % options.keytab)
if options.mkhomedir:
f.write("ipaclient_mkhomedir=yes\n")
if options.force_join:
f.write("ipaclient_force_join=%s\n" % options.force_join)
if options.ntp_servers:
f.write("ipaclient_ntp_servers=%s\n" %
",".join(options.ntp_servers))
if options.ntp_pool:
f.write("ipaclient_ntp_pool=%s\n" % options.ntp_pool)
if options.no_ntp:
f.write("ipaclient_no_ntp=yes\n")
if options.nisdomain:
f.write("ipaclient_nisdomain=%s\n" % options.nisdomain)
if options.no_nisdomain:
f.write("ipaclient_no_nisdomain=yes\n")
if options.ssh_trust_dns:
f.write("ipaclient_ssh_trust_dns=yes\n")
if options.no_ssh:
f.write("ipaclient_no_ssh=yes\n")
if options.no_sshd:
f.write("ipaclient_no_sshd=yes\n")
if options.no_sudo:
f.write("ipaclient_no_sudo=yes\n")
if options.no_dns_sshfp:
f.write("ipaclient_no_dns_sshfp=yes\n")
if options.kinit_attempts:
f.write("ipaclient_kinit_attempts=%d\n" % options.kinit_attempts)
# sssd
if options.fixed_primary:
f.write("ipasssd_fixed_primary=yes\n")
if options.permit:
f.write("ipasssd_permit=yes\n")
if options.enable_dns_updates:
f.write("ipasssd_enable_dns_updates=yes\n")
if options.no_krb5_offline_passwords:
f.write("ipasssd_no_krb5_offline_passwords=yes\n")
if options.preserve_sssd:
f.write("ipasssd_preserve_sssd=yes\n")
# automount
if options.automount_location:
f.write("ipaclient_automount_location=%s\n" %
options.automount_location)
# ansible
if options.ipaclient_use_otp:
f.write("ipaclient_use_otp=%s\n" % options.ipaclient_use_otp)
if options.ipaclient_allow_repair:
f.write("ipaclient_allow_repair=%s\n" %
options.ipaclient_allow_repair)
if options.ipaclient_install_packages:
f.write("ipaclient_install_packages=%s\n" %
options.ipaclient_install_packages)
if options.uninstall:
state = "absent"
else:
state = "present"
with open(playbook, 'w') as f:
f.write("---\n")
f.write("- name: Playbook to configure IPA clients\n")
f.write(" hosts: ipaclients\n")
f.write(" become: true\n")
if options.become_method:
f.write(" become_method: %s\n" % options.become_method)
f.write("\n")
f.write(" roles:\n")
f.write(" - role: ipaclient\n")
f.write(" state: %s\n" % state)
cmd = [ 'ansible-playbook' ]
if options.ansible_verbose:
cmd.append("-"+"v"*options.ansible_verbose)
cmd.extend(['-i', inventory, playbook])
try:
returncode = run_cmd(cmd)
if returncode != 0:
raise RuntimeError()
finally:
if not options.playbook_dir:
shutil.rmtree(temp_dir, ignore_errors=True)
options, args = parse_options()
try:
main(options, args)
except KeyboardInterrupt:
sys.exit(1)
except SystemExit as e:
sys.exit(e)
except RuntimeError as e:
sys.exit(e)
except Exception as e:
if options.verbose:
traceback.print_exc(file=sys.stdout)
else:
print("Re-run %s with --verbose option to get more information" %
sys.argv[0])
print("Unexpected error: %s" % str(e))
sys.exit(1)
utils/ansible-ipa-replica-install deleted 100755 → 0
+ 0
528
View file @ 460adff1
This diff is collapsed.
utils/ansible-ipa-server-install deleted 100755 → 0
+ 0
588
View file @ 460adff1
This diff is collapsed.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment