From 88f5a68e1022ff9609730b3dc4e0a5a64f058dcd Mon Sep 17 00:00:00 2001 From: Thomas Woerner <twoerner@redhat.com> Date: Wed, 3 Apr 2019 15:14:14 +0200 Subject: [PATCH] ipareplica: Replace ipaserver_master_password, remove ipaserver_setup_ntp ipaserver_master_password and ipaserver_setup_ntp have been linked from the ipaserver role before. With the move of the module_utils parts to the specific role locations the use of ipaserver modules leads to the missing dependency ansible_ipa_server, that is now only available in the server role. The ipaserver_master_password module has been replaced by the ipareplica specific ipareplica_master_password module. The ipaserver_setup_ntp module has been removed as the time related changes for replica are done in the client install part. Fixes: #59 (Module is missing interpreter line) --- .../library/ipareplica_master_password.py | 93 +++++++++++++++++++ .../library/ipaserver_master_password.py | 1 - .../ipareplica/library/ipaserver_setup_ntp.py | 1 - .../module_utils/ansible_ipa_replica.py | 13 +-- roles/ipareplica/tasks/install.yml | 12 +-- 5 files changed, 98 insertions(+), 22 deletions(-) create mode 100644 roles/ipareplica/library/ipareplica_master_password.py delete mode 120000 roles/ipareplica/library/ipaserver_master_password.py delete mode 120000 roles/ipareplica/library/ipaserver_setup_ntp.py diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py new file mode 100644 index 00000000..77f6f8ec --- /dev/null +++ b/roles/ipareplica/library/ipareplica_master_password.py @@ -0,0 +1,93 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Authors: +# Thomas Woerner <twoerner@redhat.com> +# +# Based on ipa-server-install code +# +# Copyright (C) 2017 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +ANSIBLE_METADATA = { + 'metadata_version': '1.0', + 'supported_by': 'community', + 'status': ['preview'], +} + +DOCUMENTATION = ''' +--- +module: ipareplica_master_password +short description: Generate kerberos master password if not given +description: + Generate kerberos master password if not given +options: + master_password: + description: kerberos master password (normally autogenerated) + required: false +author: + - Thomas Woerner +''' + +EXAMPLES = ''' +''' + +RETURN = ''' +password: + description: The master password + returned: always +''' + +import os + +from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.ansible_ipa_replica import * + +def main(): + module = AnsibleModule( + argument_spec = dict( + #basic + dm_password=dict(required=True, no_log=True), + master_password=dict(required=False, no_log=True), + ), + supports_check_mode = True, + ) + + module._ansible_debug = True + + options.dm_password = module.params.get('dm_password') + options.master_password = module.params.get('master_password') + + fstore = sysrestore.FileStore(paths.SYSRESTORE) + sstore = sysrestore.StateFile(paths.SYSRESTORE) + + # This will override any settings passed in on the cmdline + if os.path.isfile(paths.ROOT_IPA_CACHE): + # dm_password check removed, checked already + try: + cache_vars = read_cache(options.dm_password) + options.__dict__.update(cache_vars) + except Exception as e: + module.fail_json(msg="Cannot process the cache file: %s" % str(e)) + + if not options.master_password: + options.master_password = ipa_generate_password() + + module.exit_json(changed=True, + password=options.master_password) + +if __name__ == '__main__': + main() diff --git a/roles/ipareplica/library/ipaserver_master_password.py b/roles/ipareplica/library/ipaserver_master_password.py deleted file mode 120000 index 61911972..00000000 --- a/roles/ipareplica/library/ipaserver_master_password.py +++ /dev/null @@ -1 +0,0 @@ -../../ipaserver/library/ipaserver_master_password.py \ No newline at end of file diff --git a/roles/ipareplica/library/ipaserver_setup_ntp.py b/roles/ipareplica/library/ipaserver_setup_ntp.py deleted file mode 120000 index 22817971..00000000 --- a/roles/ipareplica/library/ipaserver_setup_ntp.py +++ /dev/null @@ -1 +0,0 @@ -../../ipaserver/library/ipaserver_setup_ntp.py \ No newline at end of file diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py index 312c6aa5..3c64b044 100644 --- a/roles/ipareplica/module_utils/ansible_ipa_replica.py +++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py @@ -59,6 +59,7 @@ if NUM_VERSION >= 40600: from ipaclient.install.ipachangeconf import IPAChangeConf from ipalib.install import certstore, sysrestore + from ipapython.ipautil import ipa_generate_password from ipalib.install.kinit import kinit_keytab from ipapython import ipaldap, ipautil, kernel_keyring from ipapython.certdb import IPA_CA_TRUST_FLAGS, EXTERNAL_CA_TRUST_FLAGS @@ -101,18 +102,6 @@ if NUM_VERSION >= 40600: if six.PY3: unicode = str - try: - from ipaclient.install import timeconf - time_service = "chronyd" - ntpinstance = None - except ImportError: - try: - from ipaclient.install import ntpconf as timeconf - except ImportError: - from ipaclient import ntpconf as timeconf - from ipaserver.install import ntpinstance - time_service = "ntpd" - else: # IPA version < 4.6 diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml index 4c5b86b0..dc249675 100644 --- a/roles/ipareplica/tasks/install.yml +++ b/roles/ipareplica/tasks/install.yml @@ -158,10 +158,6 @@ skip_conncheck: "{{ ipareplica_skip_conncheck }}" register: result_ipareplica_prepare - - name: Install - Setup NTP - ipaserver_setup_ntp: - when: not ipaclient_no_ntp | bool - - name: Install - Add to ipaservers ipareplica_add_to_ipaservers: ### server ### @@ -175,15 +171,15 @@ - name: Install - Create dirman password no_log: yes - ipaserver_master_password: + ipareplica_master_password: dm_password: "{{ ipadm_password }}" - master_password: "{{ ipaserver_master_password | default(omit) }}" - register: result_ipaserver_master_password + master_password: "{{ ipareplica_master_password | default(omit) }}" + register: result_ipareplica_master_password - name: Install - Set dirman password no_log: yes set_fact: - ipareplica_dirman_password: "{{ result_ipaserver_master_password.password }}" + ipareplica_dirman_password: "{{ result_ipareplica_master_password.password }}" - name: Install - Setup certmonger ipareplica_setup_certmonger: -- GitLab