diff --git a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
index e44464c463392f561830768e75d87a3c9d80157e..66c1615b1768eb3eef7379f48b82aa618e1e1a42 100644
--- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
+++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,21 +40,26 @@ description:
options:
setup_kra:
description: Configure a dogtag KRA
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
installer_ccache:
description: The installer ccache setting
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -67,7 +72,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_remote_api, api
)
@@ -84,15 +89,16 @@ def main():
# server
setup_kra=dict(required=True, type='bool'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
- installer_ccache=dict(required=True),
- _top_dir=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ installer_ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
index 0577cd5e8df04d027ac0719fc709e574c6d68421..582a4124bf3c0429fe71addad2737720d9eebbdb 100644
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,92 +40,123 @@ description:
options:
dm_password:
description: Directory Manager password
- required: yes
+ type: str
+ required: no
password:
description: Admin user kerberos password
- required: yes
+ type: str
+ required: no
ip_addresses:
description: List of Master Server IP Addresses
- required: yes
+ type: list
+ elements: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
no_host_dns:
description: Do not use DNS for hostname lookup during installation
- required: yes
+ type: bool
+ default: no
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
force_join:
description: Force client enrollment even if already enrolled
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
server:
description: Fully qualified name of IPA server to enroll to
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
config_ca_host_name:
description: The config ca_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
installer_ccache:
description: The installer ccache setting
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
_add_to_ipaservers:
description: The installer _add_to_ipaservers setting
- required: no
+ type: bool
+ required: yes
_ca_subject:
description: The installer _ca_subject setting
- required: no
+ type: str
+ required: yes
_subject_base:
description: The installer _subject_base setting
- required: no
+ type: str
+ required: yes
master:
description: Master host name
- required: yes
+ type: str
+ required: no
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -138,7 +169,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
ansible_module_get_parsed_ip_addresses, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, create_ipa_conf
@@ -149,13 +180,15 @@ def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# basic
- dm_password=dict(required=False, no_log=True),
- password=dict(required=False, no_log=True),
- ip_addresses=dict(required=False, type='list', default=[]),
- domain=dict(required=False),
- realm=dict(required=False),
- hostname=dict(required=False),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ dm_password=dict(required=False, type='str', no_log=True),
+ password=dict(required=False, type='str', no_log=True),
+ ip_addresses=dict(required=False, type='list', elements='str',
+ default=[]),
+ domain=dict(required=False, type='str'),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool'),
@@ -163,30 +196,32 @@ def main():
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=[]),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
# client
force_join=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- server=dict(required=True),
- config_master_host_name=dict(required=True),
- config_ca_host_name=dict(required=True),
- ccache=dict(required=True),
- installer_ccache=dict(required=True),
+ server=dict(required=True, type='str'),
+ config_master_host_name=dict(required=True, type='str'),
+ config_ca_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ installer_ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _top_dir=dict(required=True),
+ _top_dir=dict(required=True, type='str'),
_add_to_ipaservers=dict(required=True, type='bool'),
- _ca_subject=dict(required=True),
- _subject_base=dict(required=True),
- master=dict(required=False, default=None),
+ _ca_subject=dict(required=True, type='str'),
+ _subject_base=dict(required=True, type='str'),
+ master=dict(required=False, type='str', default=None),
dirman_password=dict(required=True, no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
index 28346e7e33a72b294c402ec78a9df6c9d877810c..8c14526cb4a1bdcfe63001340d3501570cfab300 100644
--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,53 +40,68 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
no_ui_redirect:
description: Do not automatically redirect to the Web UI
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_kra_enabled:
description: The installer _kra_enabled setting
- required: yes
+ type: bool
+ required: no
_kra_host_name:
description: The installer _kra_host_name setting
- required: yes
+ type: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
config_setup_ca:
description: The config setup_ca setting
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
config_ca_host_name:
description: The config ca_host_name setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -99,7 +114,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, redirect_stdout, custodiainstance,
getargspec
@@ -115,23 +130,24 @@ def main():
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- ccache=dict(required=True),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
+ _ca_file=dict(required=False, type='str'),
_kra_enabled=dict(required=False, type='bool'),
- _kra_host_name=dict(required=False),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _kra_host_name=dict(required=False, type='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
config_setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
- config_ca_host_name=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
+ config_ca_host_name=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 87e46a5d13e73b323cd74cc19e0131036d8fe262..44ec5285f3d55bd0f1fd0e0a6846f7f066fe7ea6 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,55 +40,72 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
no_ui_redirect:
description: Do not automatically redirect to the Web UI
- required: yes
+ type: bool
+ required: no
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
- required: yes
+ type: str
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
ds_ca_subject:
description: The ds.ca_subject setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -101,7 +118,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout,
replica_ds_init_info, dsinstance, upgradeinstance, installutils
@@ -116,24 +133,27 @@ def main():
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
- dirsrv_config_file=dict(required=False),
+ dirsrv_config_file=dict(required=False, type='str'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False, type='list'),
- _pkinit_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
- ds_ca_subject=dict(required=True),
+ _ca_file=dict(required=False, type='str'),
+ _dirsrv_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _pkinit_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
+ ds_ca_subject=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index e751f684f2beb3b9c30fa505e96496eb2528d557..74742fff071280772ca60920dac6aa8ca705c62e 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,52 +40,68 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
- required: yes
+ type: str
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
ds_ca_subject:
description: The ds.ca_subject setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -98,7 +114,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout,
replica_ds_init_info
@@ -112,24 +128,27 @@ def main():
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
- dirsrv_config_file=dict(required=False),
+ dirsrv_config_file=dict(required=False, type='str'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False, type='list'),
- _pkinit_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
- ds_ca_subject=dict(required=True),
+ _ca_file=dict(required=False, type='str'),
+ _dirsrv_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _pkinit_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
+ ds_ca_subject=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py
index b4cf5d5221541fe7bc5ba14ebda66f928aae1eb0..2b4fee53f4464ad8a92d15cb066d85cb131b0a0f 100644
--- a/roles/ipareplica/library/ipareplica_enable_ipa.py
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,32 +40,41 @@ description: Enable IPA
options:
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
hidden_replica:
description: Install a hidden replica
- required: yes
+ type: bool
+ default: no
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
setup_ca:
description: Configure a dogtag CA
- required: no
+ type: bool
+ required: yes
setup_kra:
description: Configure a dogtag KRA
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -78,7 +87,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, service,
find_providing_servers, services
@@ -88,22 +97,23 @@ from ansible.module_utils.ansible_ipa_replica import (
def main():
ansible_module = AnsibleModule(
argument_spec=dict(
- hostname=dict(required=False),
+ hostname=dict(required=False, type='str'),
hidden_replica=dict(required=False, type='bool', default=False),
# server
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- ccache=dict(required=True),
- _top_dir=dict(required=True),
+ ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
setup_ca=dict(required=True, type='bool'),
setup_kra=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py
index e47e0a6ddf89924298d47c3f97d18eb6adba2119..b6d42d6a4363540ce25cfadbd67403f70a8004a0 100644
--- a/roles/ipareplica/library/ipareplica_install_ca_certs.py
+++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -33,99 +33,131 @@ ANSIBLE_METADATA = {
DOCUMENTATION = '''
---
-module: ipareplica_install_ca_cert
+module: ipareplica_install_ca_certs
short_description: Install CA certs
description:
Install CA certs
options:
dm_password:
description: Directory Manager password
- required: yes
+ type: str
+ required: no
password:
description: Admin user kerberos password
- required: yes
+ type: str
+ required: no
ip_addresses:
description: List of Master Server IP Addresses
- required: yes
+ type: list
+ elements: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
no_host_dns:
description: Do not use DNS for hostname lookup during installation
- required: yes
+ type: bool
+ default: no
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
force_join:
description: Force client enrollment even if already enrolled
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
server:
description: Fully qualified name of IPA server to enroll to
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
installer_ccache:
description: The installer ccache setting
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
_add_to_ipaservers:
description: The installer _add_to_ipaservers setting
- required: no
+ type: bool
+ required: yes
_ca_subject:
description: The installer _ca_subject setting
- required: no
+ type: str
+ required: yes
_subject_base:
description: The installer _subject_base setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
config_setup_ca:
description: The config setup_ca setting
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
config_ca_host_name:
description: The config ca_host_name setting
- required: no
+ type: str
+ required: yes
config_ips:
description: The config ips setting
- required: yes
+ type: list
+ elements: str
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -138,7 +170,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
ansible_module_get_parsed_ip_addresses,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, ipaldap,
@@ -150,13 +182,15 @@ def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# basic
- dm_password=dict(required=False, no_log=True),
- password=dict(required=False, no_log=True),
- ip_addresses=dict(required=False, type='list', default=[]),
- domain=dict(required=False),
- realm=dict(required=False),
- hostname=dict(required=False),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ dm_password=dict(required=False, type='str', no_log=True),
+ password=dict(required=False, type='str', no_log=True),
+ ip_addresses=dict(required=False, type='list', elements='str',
+ default=[]),
+ domain=dict(required=False, type='str'),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool'),
@@ -164,29 +198,32 @@ def main():
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=[]),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
# client
force_join=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- server=dict(required=True),
- ccache=dict(required=True),
- installer_ccache=dict(required=True),
- _top_dir=dict(required=True),
+ server=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ installer_ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
_add_to_ipaservers=dict(required=True, type='bool'),
- _ca_subject=dict(required=True),
- _subject_base=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _ca_subject=dict(required=True, type='str'),
+ _subject_base=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
config_setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
- config_ca_host_name=dict(required=True),
- config_ips=dict(required=False, type='list', default=[]),
+ config_master_host_name=dict(required=True, type='str'),
+ config_ca_host_name=dict(required=True, type='str'),
+ config_ips=dict(required=False, type='list', elements='str',
+ default=[]),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 4380cbad22d4b41ef9a975fafe6b665634b1e639..589eb46b08370a4896d58e10723762cdbe1f2771 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,41 +40,53 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -87,6 +99,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
+ check_imports,
AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, krbinstance, redirect_stdout
@@ -101,20 +114,22 @@ def main():
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _ca_file=dict(required=False, type='str'),
+ _pkinit_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py
index f617716bdaa5e8b9662229025d998052616d5b75..16988244ae5d349718d7375ae673552a1273f6d8 100644
--- a/roles/ipareplica/library/ipareplica_master_password.py
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -5,7 +5,7 @@
#
# Based on ipa-server-install code
#
-# Copyright (C) 2017 Red Hat
+# Copyright (C) 2017-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,9 +40,10 @@ description:
options:
master_password:
description: kerberos master password (normally autogenerated)
- required: yes
+ type: str
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -51,12 +52,13 @@ EXAMPLES = '''
RETURN = '''
password:
description: The master password
+ type: str
returned: always
'''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- setup_logging, ipa_generate_password
+ check_imports, setup_logging, ipa_generate_password
)
@@ -64,12 +66,13 @@ def main():
module = AnsibleModule(
argument_spec=dict(
# basic
- master_password=dict(required=False, no_log=True),
+ master_password=dict(required=False, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
module._ansible_debug = True
+ check_imports(module)
setup_logging()
master_password = module.params.get('master_password')
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index c04ad63c8443f3529cc3103bf657ab6d908e74ec..bd28b9e21f919d3a54cc78f7b79b04370e543da3 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -42,151 +42,216 @@ description: |
options:
dm_password:
description: Directory Manager password
- required: yes
+ type: str
+ required: no
password:
description: Admin user kerberos password
- required: yes
+ type: str
+ required: no
ip_addresses:
description: List of Master Server IP Addresses
- required: yes
+ type: list
+ elements: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
principal:
description:
User Principal allowed to promote replicas and join IPA realm
- required: no
+ type: str
+ required: yes
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
no_host_dns:
description: Do not use DNS for hostname lookup during installation
- required: yes
+ type: bool
+ default: no
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
dirsrv_cert_name:
description: Name of the Directory Server SSL certificate to install
- required: yes
+ type: str
+ required: no
dirsrv_pin:
description: The password to unlock the Directory Server private key
- required: yes
+ type: str
+ required: no
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
http_cert_name:
description: Name of the Apache Server SSL certificate to install
- required: yes
+ type: str
+ required: no
http_pin:
description: The password to unlock the Apache Server private key
- required: yes
+ type: str
+ required: no
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
pkinit_cert_name:
description: Name of the Kerberos KDC SSL certificate to install
- required: yes
+ type: str
+ required: no
pkinit_pin:
description: The password to unlock the Kerberos KDC private key
- required: yes
+ type: str
+ required: no
keytab:
description: Path to backed up keytab from previous enrollment
- required: yes
+ type: str
+ required: no
mkhomedir:
description: Create home directories for users on their first login
- required: yes
+ type: bool
+ required: no
force_join:
description: Force client enrollment even if already enrolled
- required: yes
+ type: bool
+ required: no
no_ntp:
description: Do not configure ntp
- required: yes
+ type: bool
+ required: no
ssh_trust_dns:
description: Configure OpenSSH client to trust DNS SSHFP records
- required: yes
+ type: bool
+ required: no
no_ssh:
description: Do not configure OpenSSH client
- required: yes
+ type: bool
+ required: no
no_sshd:
description: Do not configure OpenSSH server
- required: yes
+ type: bool
+ required: no
no_dns_sshfp:
description: Do not automatically create DNS SSHFP records
- required: yes
+ type: bool
+ required: no
allow_zone_overlap:
description: Create DNS zone even if it already exists
- required: yes
+ type: bool
+ default: no
+ required: no
reverse_zones:
description: The reverse DNS zones to use
- required: yes
+ type: list
+ elements: str
+ required: no
no_reverse:
description: Do not create new reverse DNS zone
- required: yes
+ type: bool
+ default: no
+ required: no
auto_reverse:
description: Create necessary reverse zones
- required: yes
+ type: bool
+ default: no
+ required: no
forwarders:
description: Add DNS forwarders
- required: yes
+ type: list
+ elements: str
+ required: no
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
- required: yes
+ type: bool
+ default: no
+ required: no
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
+ type: bool
+ default: no
+ required: no
forward_policy:
description: DNS forwarding policy for global forwarders
- required: yes
+ type: str
+ choices: ['first', 'only']
+ required: no
no_dnssec_validation:
description: Disable DNSSEC validation
- required: yes
+ type: bool
+ default: no
+ required: no
enable_compat:
description: Enable support for trusted domains for old clients
- required: yes
+ type: bool
+ default: no
+ required: no
netbios_name:
description: NetBIOS name of the IPA domain
- required: yes
+ type: str
+ required: no
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
+ type: int
+ default: 1000
+ required: no
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
+ type: int
+ default: 100000000
+ required: no
server:
description: Fully qualified name of IPA server to enroll to
- required: no
+ type: str
+ required: yes
skip_conncheck:
description: Skip connection check to remote master
- required: yes
+ type: bool
+ required: no
sid_generation_always:
description: Enable SID generation always
- required: yes
+ type: bool
+ default: no
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -202,7 +267,7 @@ from shutil import copyfile
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, options, installer, DN, paths, sysrestore,
+ check_imports, AnsibleModuleLog, options, installer, DN, paths, sysrestore,
ansible_module_get_parsed_ip_addresses, Env, ipautil, ipaldap,
installutils, ReplicaConfig, load_pkcs12, kinit_keytab, create_api,
rpc_client, check_remote_version, parse_version, check_remote_fips_mode,
@@ -222,14 +287,16 @@ def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# basic
- dm_password=dict(required=False, no_log=True),
- password=dict(required=False, no_log=True),
- ip_addresses=dict(required=False, type='list', default=[]),
- domain=dict(required=False),
- realm=dict(required=False),
- hostname=dict(required=False),
- principal=dict(required=True),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ dm_password=dict(required=False, type='str', no_log=True),
+ password=dict(required=False, type='str', no_log=True),
+ ip_addresses=dict(required=False, type='list', elements='str',
+ default=[]),
+ domain=dict(required=False, type='str'),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ principal=dict(required=True, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool'),
@@ -237,17 +304,20 @@ def main():
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=[]),
- dirsrv_cert_name=dict(required=False),
- dirsrv_pin=dict(required=False),
- http_cert_files=dict(required=False, type='list', default=[]),
- http_cert_name=dict(required=False),
- http_pin=dict(required=False),
- pkinit_cert_files=dict(required=False, type='list', default=[]),
- pkinit_cert_name=dict(required=False),
- pkinit_pin=dict(required=False),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
+ dirsrv_cert_name=dict(required=False, type='str'),
+ dirsrv_pin=dict(required=False, type='str'),
+ http_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
+ http_cert_name=dict(required=False, type='str'),
+ http_pin=dict(required=False, type='str'),
+ pkinit_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
+ pkinit_cert_name=dict(required=False, type='str'),
+ pkinit_pin=dict(required=False, type='str'),
# client
- keytab=dict(required=False),
+ keytab=dict(required=False, type='str', no_log=False),
mkhomedir=dict(required=False, type='bool'),
force_join=dict(required=False, type='bool'),
no_ntp=dict(required=False, type='bool'),
@@ -260,31 +330,35 @@ def main():
# dns
allow_zone_overlap=dict(required=False, type='bool',
default=False),
- reverse_zones=dict(required=False, type='list', default=[]),
+ reverse_zones=dict(required=False, type='list', elements='str',
+ default=[]),
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
- forwarders=dict(required=False, type='list', default=[]),
+ forwarders=dict(required=False, type='list', elements='str',
+ default=[]),
no_forwarders=dict(required=False, type='bool', default=False),
auto_forwarders=dict(required=False, type='bool', default=False),
- forward_policy=dict(default=None, choices=['first', 'only']),
+ forward_policy=dict(required=False, type='str',
+ choices=['first', 'only'], default=None),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
# ad trust
enable_compat=dict(required=False, type='bool', default=False),
- netbios_name=dict(required=False),
+ netbios_name=dict(required=False, type='str'),
rid_base=dict(required=False, type='int', default=1000),
secondary_rid_base=dict(required=False, type='int',
default=100000000),
# additional
- server=dict(required=True),
+ server=dict(required=True, type='str'),
skip_conncheck=dict(required=False, type='bool'),
sid_generation_always=dict(required=False, type='bool',
default=False),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
index 4ff4a17644ec38d2a3e3aeaefc53bbe3719034c6..6f5681ba9bc73c332abdea83d42184672ebd8d1c 100644
--- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
+++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,26 +40,32 @@ description:
options:
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
config_setup_ca:
description: The config setup_ca setting
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -72,7 +78,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_openldap_conf
)
@@ -84,17 +90,18 @@ def main():
# server
setup_kra=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- ccache=dict(required=True),
- _top_dir=dict(required=True),
+ ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
config_setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_promote_sssd.py b/roles/ipareplica/library/ipareplica_promote_sssd.py
index 2ac27bd96549dfd9e98b48ed6e50ccf324c0cc26..65eb4b3bebb7576e069eaed270a9db97fd10b9f1 100644
--- a/roles/ipareplica/library/ipareplica_promote_sssd.py
+++ b/roles/ipareplica/library/ipareplica_promote_sssd.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,26 +40,32 @@ description:
options:
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
config_setup_ca:
description: The config setup_ca setting
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -72,7 +78,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_sssd
)
@@ -84,17 +90,18 @@ def main():
# server
setup_kra=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- ccache=dict(required=True),
- _top_dir=dict(required=True),
+ ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
config_setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_restart_kdc.py b/roles/ipareplica/library/ipareplica_restart_kdc.py
index 252dc9aa76309afdd11cc53c5b9e13e671fad4a1..603ec9a30739c4b3cf906a0d293e50207197067c 100644
--- a/roles/ipareplica/library/ipareplica_restart_kdc.py
+++ b/roles/ipareplica/library/ipareplica_restart_kdc.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,38 +40,48 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
no_ui_redirect:
description: Do not automatically redirect to the Web UI
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -84,6 +94,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
+ check_imports,
AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, service,
@@ -100,18 +111,19 @@ def main():
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
- _ca_file=dict(required=False),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ _ca_file=dict(required=False, type='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
index 722307832f343e39a246287b280433422c545fc1..01d1e06b818888a2b2d2f2f3aa7a8a54355fdb24 100644
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,45 +40,58 @@ description:
options:
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
enable_compat:
description: Enable support for trusted domains for old clients
- required: yes
+ type: bool
+ default: no
+ required: no
rid_base:
description: Start value for mapping UIDs and GIDs to RIDs
- required: yes
+ type: int
+ required: no
secondary_rid_base:
description:
Start value of the secondary range for mapping UIDs and GIDs to RIDs
- required: yes
+ type: int
+ required: no
adtrust_netbios_name:
description: The adtrust netbios_name setting
- required: no
+ type: str
+ required: yes
adtrust_reset_netbios_name:
description: The adtrust reset_netbios_name setting
- required: no
+ type: bool
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
setup_ca:
description: Configure a dogtag CA
- required: no
+ type: bool
+ required: yes
setup_adtrust:
description: Configure AD trust capability
+ type: bool
required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -93,7 +106,8 @@ from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
- gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust
+ gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust,
+ check_imports
)
@@ -103,25 +117,26 @@ def main():
# server
setup_kra=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# ad trust
enable_compat=dict(required=False, type='bool', default=False),
rid_base=dict(required=False, type='int'),
secondary_rid_base=dict(required=False, type='int'),
# additional
- adtrust_netbios_name=dict(required=True),
+ adtrust_netbios_name=dict(required=True, type='str'),
adtrust_reset_netbios_name=dict(required=True, type='bool'),
# additional
- ccache=dict(required=True),
- _top_dir=dict(required=True),
+ ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
setup_ca=dict(required=True, type='bool'),
setup_adtrust=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index c057e0b65ac7013f9fbdbd88f1ea61830e9028eb..cbecd797c6137543df125e05096a7d88afbd6d63 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,71 +40,95 @@ description:
options:
pki_config_override:
description: Path to ini file with config overrides
- required: yes
+ type: str
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_kra_enabled:
description: The installer _kra_enabled setting
- required: yes
+ type: bool
+ required: no
_kra_host_name:
description: The installer _kra_host_name setting
- required: yes
+ type: str
+ required: no
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
_ca_subject:
description: The installer _ca_subject setting
- required: no
+ type: str
+ required: yes
_subject_base:
description: The installer _subject_base setting
- required: no
+ type: str
+ required: yes
_random_serial_numbers:
description: The installer _random_serial_numbers setting
+ type: bool
required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
config_setup_ca:
description: The config setup_ca setting
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
config_ca_host_name:
description: The config ca_host_name setting
- required: no
+ type: str
+ required: yes
config_ips:
description: The config ips setting
- required: yes
+ type: list
+ elements: str
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -117,7 +141,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
ansible_module_get_parsed_ip_addresses,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, ca,
@@ -129,35 +153,39 @@ def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# basic
- pki_config_override=dict(required=False),
+ pki_config_override=dict(required=False, type='str'),
# server
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- ccache=dict(required=True),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
+ _ca_file=dict(required=False, type='str'),
_kra_enabled=dict(required=False, type='bool'),
- _kra_host_name=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False, type='list'),
- _pkinit_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- _ca_subject=dict(required=True),
- _subject_base=dict(required=True),
+ _kra_host_name=dict(required=False, type='str'),
+ _dirsrv_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _pkinit_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ _ca_subject=dict(required=True, type='str'),
+ _subject_base=dict(required=True, type='str'),
_random_serial_numbers=dict(required=True, type='bool'),
- dirman_password=dict(required=True, no_log=True),
+ dirman_password=dict(required=True, type='str', no_log=True),
config_setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
- config_ca_host_name=dict(required=True),
- config_ips=dict(required=False, type='list', default=[]),
+ config_master_host_name=dict(required=True, type='str'),
+ config_ca_host_name=dict(required=True, type='str'),
+ config_ips=dict(required=False, type='list', elements='str',
+ default=[]),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_certmonger.py b/roles/ipareplica/library/ipareplica_setup_certmonger.py
index 4029ed0088a7a8def126c61a09fa8e867d4beb97..74af0feefb062dab5af89075463a720e2d319485 100644
--- a/roles/ipareplica/library/ipareplica_setup_certmonger.py
+++ b/roles/ipareplica/library/ipareplica_setup_certmonger.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -37,9 +37,8 @@ module: ipareplica_setup_certmonger
short_description: Setup certmonger
description:
Setup certmonger
-options:
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -50,6 +49,7 @@ RETURN = '''
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
+ check_imports,
AnsibleModuleLog, setup_logging, redirect_stdout, configure_certmonger
)
@@ -57,10 +57,11 @@ from ansible.module_utils.ansible_ipa_replica import (
def main():
ansible_module = AnsibleModule(
argument_spec={},
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index 69b35d7c14c723759efdf646242ec27ea2df12e0..09ab172109b7ec84a70e85929c50c61e491c0a0a 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,50 +40,65 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
no_ui_redirect:
description: Do not automatically redirect to the Web UI
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_kra_enabled:
description: The installer _kra_enabled setting
- required: yes
+ type: bool
+ required: no
_kra_host_name:
description: The installer _kra_host_name setting
- required: yes
+ type: str
+ required: no
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -96,7 +111,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance
)
@@ -111,22 +126,24 @@ def main():
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
+ _ca_file=dict(required=False, type='str'),
_kra_enabled=dict(required=False, type='bool'),
- _kra_host_name=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _kra_host_name=dict(required=False, type='str'),
+ _pkinit_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py
index 741cf49761416fe6233a979d1d11814dec85128a..7dadafca8f4dbb781dd3776e4ce0e968df085bdb 100644
--- a/roles/ipareplica/library/ipareplica_setup_dns.py
+++ b/roles/ipareplica/library/ipareplica_setup_dns.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,47 +40,65 @@ description:
options:
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
zonemgr:
description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN
- required: yes
+ type: str
+ required: no
forwarders:
description: Add DNS forwarders
- required: yes
+ type: list
+ elements: str
+ required: no
forward_policy:
description: DNS forwarding policy for global forwarders
- required: yes
+ type: str
+ choices: ['first', 'only']
+ required: no
no_dnssec_validation:
description: Disable DNSSEC validation
- required: yes
+ type: bool
+ default: no
+ required: no
dns_ip_addresses:
description: The dns ip_addresses setting
- required: no
+ type: list
+ elements: str
+ required: yes
dns_reverse_zones:
description: The dns reverse_zones setting
- required: no
+ type: list
+ elements: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
setup_ca:
description: Configure a dogtag CA
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -93,7 +111,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, dns,
ansible_module_get_parsed_ip_addresses
@@ -107,25 +125,28 @@ def main():
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# dns
- zonemgr=dict(required=False),
- forwarders=dict(required=False, type='list', default=[]),
- forward_policy=dict(default=None, choices=['first', 'only']),
+ zonemgr=dict(required=False, type='str'),
+ forwarders=dict(required=False, type='list', elements='str',
+ default=[]),
+ forward_policy=dict(required=False, type='str',
+ choices=['first', 'only'], default=None),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
# additional
- dns_ip_addresses=dict(required=True, type='list'),
- dns_reverse_zones=dict(required=True, type='list'),
- ccache=dict(required=True),
- _top_dir=dict(required=True),
+ dns_ip_addresses=dict(required=True, type='list', elements='str'),
+ dns_reverse_zones=dict(required=True, type='list', elements='str'),
+ ccache=dict(required=True, type='str'),
+ _top_dir=dict(required=True, type='str'),
setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
+ config_master_host_name=dict(required=True, type='str'),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index ddcff5977e1b13731987671f7cbf910d3f33936d..67e73a7eb0ddc56dd8730f4eb7987dc8f6e55f16 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,106 +40,144 @@ description:
options:
dm_password:
description: Directory Manager password
- required: yes
+ type: str
+ required: no
password:
description: Admin user kerberos password
- required: yes
+ type: str
+ required: no
ip_addresses:
description: List of Master Server IP Addresses
- required: yes
+ type: list
+ elements: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
no_host_dns:
description: Do not use DNS for hostname lookup during installation
- required: yes
+ type: bool
+ default: no
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ default: no
+ required: no
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
- required: yes
+ type: str
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
force_join:
description: Force client enrollment even if already enrolled
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
server:
description: Fully qualified name of IPA server to enroll to
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
installer_ccache:
description: The installer ccache setting
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_dirsrv_pkcs12_info:
description: The installer _dirsrv_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
_add_to_ipaservers:
description: The installer _add_to_ipaservers setting
- required: no
+ type: bool
+ required: yes
_ca_subject:
description: The installer _ca_subject setting
- required: no
+ type: str
+ required: yes
_subject_base:
description: The installer _subject_base setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
config_setup_ca:
description: The config setup_ca setting
- required: no
+ type: bool
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
config_ca_host_name:
description: The config ca_host_name setting
- required: no
+ type: str
+ required: yes
config_ips:
description: The config ips setting
- required: yes
+ type: list
+ elements: str
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -152,8 +190,8 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
- ansible_module_get_parsed_ip_addresses,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
+ sysrestore, ansible_module_get_parsed_ip_addresses,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, redirect_stdout, ipaldap,
install_replica_ds, install_dns_records, ntpinstance, ScriptError,
@@ -165,13 +203,15 @@ def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# basic
- dm_password=dict(required=False, no_log=True),
- password=dict(required=False, no_log=True),
- ip_addresses=dict(required=False, type='list', default=[]),
- domain=dict(required=False),
- realm=dict(required=False),
- hostname=dict(required=False),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ dm_password=dict(required=False, type='str', no_log=True),
+ password=dict(required=False, type='str', no_log=True),
+ ip_addresses=dict(required=False, type='list', elements='str',
+ default=[]),
+ domain=dict(required=False, type='str'),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool'),
@@ -179,33 +219,37 @@ def main():
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool', default=False),
- dirsrv_config_file=dict(required=False),
+ dirsrv_config_file=dict(required=False, type='str'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=[]),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
# client
force_join=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- server=dict(required=True),
- ccache=dict(required=True),
- installer_ccache=dict(required=True),
+ server=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ installer_ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _dirsrv_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
+ _dirsrv_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
_add_to_ipaservers=dict(required=True, type='bool'),
- _ca_subject=dict(required=True),
- _subject_base=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _ca_subject=dict(required=True, type='str'),
+ _subject_base=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
config_setup_ca=dict(required=True, type='bool'),
- config_master_host_name=dict(required=True),
- config_ca_host_name=dict(required=True),
- config_ips=dict(required=False, type='list', default=[]),
+ config_master_host_name=dict(required=True, type='str'),
+ config_ca_host_name=dict(required=True, type='str'),
+ config_ips=dict(required=False, type='list', elements='str',
+ default=[]),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index 6e87a115b2fa3c57fcbb8c459caf5437d505269e..e14ae2e948669fa4b17cf834a0aa0af03bed58b1 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,47 +40,61 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
no_ui_redirect:
description: Do not automatically redirect to the Web UI
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
config_ca_host_name:
description: The config ca_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_http_pkcs12_info:
description: The installer _http_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -93,6 +107,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
+ check_imports,
AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, create_ipa_conf,
@@ -109,20 +124,22 @@ def main():
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
- config_master_host_name=dict(required=True),
- config_ca_host_name=dict(required=True),
- ccache=dict(required=True),
+ subject_base=dict(required=True, type='str'),
+ config_master_host_name=dict(required=True, type='str'),
+ config_ca_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
- _ca_file=dict(required=False),
- _http_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _ca_file=dict(required=False, type='str'),
+ _http_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index 49dab4dd1c3418342457bf18c9fd01c40aa3104e..92fdfec58d2ca4bea8bca4966eff99597200d6db 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,92 +40,127 @@ description:
options:
dm_password:
description: Directory Manager password
- required: yes
+ type: str
+ required: no
password:
description: Admin user kerberos password
- required: yes
+ type: str
+ required: no
ip_addresses:
description: List of Master Server IP Addresses
- required: yes
+ type: list
+ elements: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
no_host_dns:
description: Do not use DNS for hostname lookup during installation
- required: yes
+ type: bool
+ default: no
+ required: no
pki_config_override:
description: Path to ini file with config overrides
- required: yes
+ type: str
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
force_join:
description: Force client enrollment even if already enrolled
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
server:
description: Fully qualified name of IPA server to enroll to
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
installer_ccache:
description: The installer ccache setting
- required: no
+ type: str
+ required: yes
_ca_enabled:
description: The installer _ca_enabled setting
- required: yes
+ type: bool
+ required: no
_kra_enabled:
description: The installer _kra_enabled setting
- required: yes
+ type: bool
+ required: no
_kra_host_name:
description: The installer _kra_host_name setting
- required: yes
+ type: str
+ required: no
+ _ca_host_name:
+ description: The installer _ca_host_name setting
+ type: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
_add_to_ipaservers:
description: The installer _add_to_ipaservers setting
- required: no
+ type: bool
+ required: yes
_ca_subject:
description: The installer _ca_subject setting
- required: no
+ type: str
+ required: yes
_subject_base:
description: The installer _subject_base setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -138,7 +173,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
ansible_module_get_parsed_ip_addresses,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance,
@@ -150,44 +185,48 @@ def main():
ansible_module = AnsibleModule(
argument_spec=dict(
# basic
- dm_password=dict(required=False, no_log=True),
- password=dict(required=False, no_log=True),
- ip_addresses=dict(required=False, type='list', default=[]),
- domain=dict(required=False),
- realm=dict(required=False),
- hostname=dict(required=False),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ dm_password=dict(required=False, type='str', no_log=True),
+ password=dict(required=False, type='str', no_log=True),
+ ip_addresses=dict(required=False, type='list', elements='str',
+ default=[]),
+ domain=dict(required=False, type='str'),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
- pki_config_override=dict(required=False),
+ pki_config_override=dict(required=False, type='str'),
# server
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
setup_dns=dict(required=False, type='bool'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=[]),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
# client
force_join=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- server=dict(required=True),
- config_master_host_name=dict(required=True),
- installer_ccache=dict(required=True),
+ server=dict(required=True, type='str'),
+ config_master_host_name=dict(required=True, type='str'),
+ installer_ccache=dict(required=True, type='str'),
_ca_enabled=dict(required=False, type='bool'),
_kra_enabled=dict(required=False, type='bool'),
- _kra_host_name=dict(required=False),
- _ca_host_name=dict(required=False),
- _top_dir=dict(required=True),
+ _kra_host_name=dict(required=False, type='str'),
+ _ca_host_name=dict(required=False, type='str'),
+ _top_dir=dict(required=True, type='str'),
_add_to_ipaservers=dict(required=True, type='bool'),
- _ca_subject=dict(required=True),
- _subject_base=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ _ca_subject=dict(required=True, type='str'),
+ _subject_base=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 36c6578a46a4579931eddeb9de39304c0b186d89..2941443ee0cd2caf56fd62a1303a685add6b07aa 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,35 +40,45 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_pkinit_pkcs12_info:
description: The installer _pkinit_pkcs12_info setting
- required: yes
+ type: list
+ elements: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -81,6 +91,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
+ check_imports,
AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, api, redirect_stdout, install_krb, getargspec
@@ -95,18 +106,20 @@ def main():
setup_kra=dict(required=False, type='bool'),
no_pkinit=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
- _pkinit_pkcs12_info=dict(required=False, type='list'),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ _pkinit_pkcs12_info=dict(required=False, type='list',
+ elements='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_setup_otpd.py b/roles/ipareplica/library/ipareplica_setup_otpd.py
index a4b1c3892e41d75234e0824a1830ef0d7d7bff3e..3080f3e7ca4bb62c2e18bb0e636db7337d54c5e1 100644
--- a/roles/ipareplica/library/ipareplica_setup_otpd.py
+++ b/roles/ipareplica/library/ipareplica_setup_otpd.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -40,38 +40,48 @@ description:
options:
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ required: no
no_ui_redirect:
description: Do not automatically redirect to the Web UI
- required: yes
+ type: bool
+ required: no
subject_base:
description:
The certificate subject base (default O=<realm-name>).
RDNs are in LDAP order (most specific RDN first).
- required: no
+ type: str
+ required: yes
config_master_host_name:
description: The config master_host_name setting
- required: no
+ type: str
+ required: yes
ccache:
description: The local ccache
- required: no
+ type: str
+ required: yes
_ca_file:
description: The installer _ca_file setting
- required: yes
+ type: str
+ required: no
_top_dir:
description: The installer _top_dir setting
- required: no
+ type: str
+ required: yes
dirman_password:
description: Directory Manager (master) password
- required: no
+ type: str
+ required: yes
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -84,7 +94,7 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, installer, DN, paths,
+ check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths,
gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize,
gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, otpdinstance,
ipautil
@@ -100,18 +110,19 @@ def main():
no_pkinit=dict(required=False, type='bool'),
no_ui_redirect=dict(required=False, type='bool'),
# certificate system
- subject_base=dict(required=True),
+ subject_base=dict(required=True, type='str'),
# additional
- config_master_host_name=dict(required=True),
- ccache=dict(required=True),
- _ca_file=dict(required=False),
- _top_dir=dict(required=True),
- dirman_password=dict(required=True, no_log=True),
+ config_master_host_name=dict(required=True, type='str'),
+ ccache=dict(required=True, type='str'),
+ _ca_file=dict(required=False, type='str'),
+ _top_dir=dict(required=True, type='str'),
+ dirman_password=dict(required=True, type='str', no_log=True),
),
- supports_check_mode=True,
+ supports_check_mode=False,
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index 520502af4cef9207a392fad892956dc6d55c5bba..690d6fa726052382b53eeb7235ba75119ebafa0d 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -39,94 +39,142 @@ description: IPA replica deployment tests
options:
ip_addresses:
description: List of Master Server IP Addresses
- required: yes
+ type: list
+ elements: str
+ required: no
domain:
description: Primary DNS domain of the IPA deployment
- required: yes
+ type: str
+ required: no
servers:
description: Fully qualified name of IPA servers to enroll to
- required: yes
+ type: list
+ elements: str
+ required: no
realm:
description: Kerberos realm name of the IPA deployment
- required: yes
+ type: str
+ required: no
hostname:
description: Fully qualified name of this host
- required: yes
+ type: str
+ required: no
ca_cert_files:
description:
List of files containing CA certificates for the service certificate
files
- required: yes
+ type: list
+ elements: str
+ required: no
hidden_replica:
description: Install a hidden replica
- required: yes
+ type: bool
+ default: no
+ required: no
skip_mem_check:
description: Skip checking for minimum required memory
- required: yes
+ type: bool
+ default: no
+ required: no
setup_adtrust:
description: Configure AD trust capability
- required: yes
+ type: bool
+ default: no
+ required: no
setup_ca:
description: Configure a dogtag CA
- required: yes
+ type: bool
+ required: no
setup_kra:
description: Configure a dogtag KRA
- required: yes
+ type: bool
+ default: no
+ required: no
setup_dns:
description: Configure bind with our zone
- required: yes
+ type: bool
+ default: no
+ required: no
no_pkinit:
description: Disable pkinit setup steps
- required: yes
+ type: bool
+ default: no
+ required: no
dirsrv_config_file:
description:
The path to LDIF file that will be used to modify configuration of
dse.ldif during installation of the directory server instance
- required: yes
+ type: str
+ required: no
dirsrv_cert_files:
description:
Files containing the Directory Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
http_cert_files:
description:
File containing the Apache Server SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
pkinit_cert_files:
description:
File containing the Kerberos KDC SSL certificate and private key
- required: yes
+ type: list
+ elements: str
+ required: no
no_ntp:
description: Do not configure ntp
- required: yes
+ type: bool
+ default: no
+ required: no
ntp_servers:
description: ntp servers to use
- required: yes
+ type: list
+ elements: str
+ required: no
ntp_pool:
description: ntp server pool to use
- required: yes
+ type: str
+ required: no
no_reverse:
description: Do not create new reverse DNS zone
- required: yes
+ type: bool
+ default: no
+ required: no
auto_reverse:
description: Create necessary reverse zones
- required: yes
+ type: bool
+ default: no
+ required: no
forwarders:
description: Add DNS forwarders
- required: yes
+ type: list
+ elements: str
+ required: no
no_forwarders:
description: Do not add any DNS forwarders, use root servers instead
- required: yes
+ type: bool
+ default: no
+ required: no
auto_forwarders:
description: Use DNS forwarders configured in /etc/resolv.conf
- required: yes
+ type: bool
+ default: no
+ required: no
forward_policy:
description: DNS forwarding policy for global forwarders
- required: yes
+ type: str
+ choices: ['first', 'only']
+ required: no
no_dnssec_validation:
description: Disable DNSSEC validation
- required: yes
+ type: bool
+ default: no
+ required: no
author:
- - Thomas Woerner
+ - Thomas Woerner (@t-woerner)
'''
EXAMPLES = '''
@@ -139,8 +187,8 @@ import os
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
- AnsibleModuleLog, setup_logging, options, installer, paths, sysrestore,
- ansible_module_get_parsed_ip_addresses, service,
+ check_imports, AnsibleModuleLog, setup_logging, options, installer,
+ paths, sysrestore, ansible_module_get_parsed_ip_addresses, service,
redirect_stdout, create_ipa_conf, ipautil,
x509, validate_domain_name, common_check,
IPA_PYTHON_VERSION, getargspec, adtrustinstance
@@ -153,12 +201,15 @@ def main():
# basic
# dm_password=dict(required=False, no_log=True),
# password=dict(required=False, no_log=True),
- ip_addresses=dict(required=False, type='list', default=[]),
- domain=dict(required=False),
- servers=dict(required=False, type='list', default=[]),
- realm=dict(required=False),
- hostname=dict(required=False),
- ca_cert_files=dict(required=False, type='list', default=[]),
+ ip_addresses=dict(required=False, type='list', elements='str',
+ default=[]),
+ domain=dict(required=False, type='str'),
+ servers=dict(required=False, type='list', elements='str',
+ default=[]),
+ realm=dict(required=False, type='str'),
+ hostname=dict(required=False, type='str'),
+ ca_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
hidden_replica=dict(required=False, type='bool', default=False),
skip_mem_check=dict(required=False, type='bool', default=False),
# server
@@ -167,28 +218,35 @@ def main():
setup_kra=dict(required=False, type='bool', default=False),
setup_dns=dict(required=False, type='bool', default=False),
no_pkinit=dict(required=False, type='bool', default=False),
- dirsrv_config_file=dict(required=False),
+ dirsrv_config_file=dict(required=False, type='str'),
# ssl certificate
- dirsrv_cert_files=dict(required=False, type='list', default=[]),
- http_cert_files=dict(required=False, type='list', default=[]),
- pkinit_cert_files=dict(required=False, type='list', default=[]),
+ dirsrv_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
+ http_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
+ pkinit_cert_files=dict(required=False, type='list', elements='str',
+ default=[]),
# client
no_ntp=dict(required=False, type='bool', default=False),
- ntp_servers=dict(required=False, type='list', default=[]),
- ntp_pool=dict(required=False),
+ ntp_servers=dict(required=False, type='list', elements='str',
+ default=[]),
+ ntp_pool=dict(required=False, type='str'),
# dns
no_reverse=dict(required=False, type='bool', default=False),
auto_reverse=dict(required=False, type='bool', default=False),
- forwarders=dict(required=False, type='list', default=[]),
+ forwarders=dict(required=False, type='list', elements='str',
+ default=[]),
no_forwarders=dict(required=False, type='bool', default=False),
auto_forwarders=dict(required=False, type='bool', default=False),
- forward_policy=dict(default=None, choices=['first', 'only']),
+ forward_policy=dict(required=False, type='str',
+ choices=['first', 'only'], default=None),
no_dnssec_validation=dict(required=False, type='bool',
default=False),
),
)
ansible_module._ansible_debug = True
+ check_imports(ansible_module)
setup_logging()
ansible_log = AnsibleModuleLog(ansible_module)
diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py
index 27ee13d6548981da770f6f243d21d20d9c50beb3..b56ae86136948f05c462baab720be397824bd235 100644
--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -5,7 +5,7 @@
#
# Based on ipa-replica-install code
#
-# Copyright (C) 2018 Red Hat
+# Copyright (C) 2018-2022 Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
@@ -47,41 +47,38 @@ __all__ = ["contextlib", "dnsexception", "dnsresolver", "dnsreversename",
"check_domain_level_is_supported", "promotion_check_ipa_domain",
"SSSDConfig", "CalledProcessError", "timeconf", "ntpinstance",
"dnsname", "kernel_keyring", "krbinstance", "getargspec",
- "adtrustinstance"]
+ "adtrustinstance", "paths", "api", "dsinstance", "ipaldap", "Env",
+ "ipautil", "installutils", "IPA_PYTHON_VERSION", "NUM_VERSION",
+ "ReplicaConfig", "create_api"]
import sys
-
-# HACK: workaround for Ansible 2.9
-# https://github.com/ansible/ansible/issues/68361
-if 'ansible.executor' in sys.modules:
- for attr in __all__:
- setattr(sys.modules[__name__], attr, None)
-else:
- import logging
+import logging
+
+# Import getargspec from inspect or provide own getargspec for
+# Python 2 compatibility with Python 3.11+.
+try:
+ from inspect import getargspec
+except ImportError:
+ from collections import namedtuple
+ from inspect import getfullargspec
+
+ # The code is copied from Python 3.10 inspect.py
+ # Authors: Ka-Ping Yee <ping@lfw.org>
+ # Yury Selivanov <yselivanov@sprymix.com>
+ ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults')
+
+ def getargspec(func):
+ args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \
+ ann = getfullargspec(func)
+ if kwonlyargs or ann:
+ raise ValueError(
+ "Function has keyword-only parameters or annotations"
+ ", use inspect.signature() API which can support them")
+ return ArgSpec(args, varargs, varkw, defaults)
+
+
+try:
from contextlib import contextmanager as contextlib_contextmanager
-
- # Import getargspec from inspect or provide own getargspec for
- # Python 2 compatibility with Python 3.11+.
- try:
- from inspect import getargspec
- except ImportError:
- from collections import namedtuple
- from inspect import getfullargspec
-
- # The code is copied from Python 3.10 inspect.py
- # Authors: Ka-Ping Yee <ping@lfw.org>
- # Yury Selivanov <yselivanov@sprymix.com>
- ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults')
-
- def getargspec(func):
- args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \
- ann = getfullargspec(func)
- if kwonlyargs or ann:
- raise ValueError(
- "Function has keyword-only parameters or annotations"
- ", use inspect.signature() API which can support them")
- return ArgSpec(args, varargs, varkw, defaults)
-
from ipapython.version import NUM_VERSION, VERSION
if NUM_VERSION < 30201:
@@ -177,296 +174,323 @@ else:
raise Exception("freeipa version '%s' is too old" % VERSION)
- logger = logging.getLogger("ipa-server-install")
+except ImportError as _err:
+ ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR = str(_err)
- def setup_logging():
- # logger.setLevel(logging.DEBUG)
- standard_logging_setup(
- paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
- filemode='a', console_format='%(message)s')
+ for attr in __all__:
+ setattr(sys.modules[__name__], attr, None)
+
+else:
+ ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR = None
+
+
+logger = logging.getLogger("ipa-server-install")
- @contextlib_contextmanager
- def redirect_stdout(stream):
- sys.stdout = stream
- try:
- yield stream
- finally:
- sys.stdout = sys.__stdout__
-
- class AnsibleModuleLog():
- def __init__(self, module):
- self.module = module
- _ansible_module_log = self
-
- class AnsibleLoggingHandler(logging.Handler):
- def emit(self, record):
- _ansible_module_log.write(self.format(record))
-
- self.logging_handler = AnsibleLoggingHandler()
- logger.setLevel(logging.DEBUG)
- logger.root.addHandler(self.logging_handler)
-
- def close(self):
- self.flush()
-
- def flush(self):
- pass
-
- def log(self, msg):
- # self.write(msg+"\n")
- self.write(msg)
-
- def debug(self, msg):
- self.module.debug(msg)
-
- def info(self, msg):
- self.module.debug(msg)
-
- @staticmethod
- def isatty():
- return False
-
- def write(self, msg):
- self.module.debug(msg)
- # self.module.warn(msg)
-
- # pylint: disable=too-many-instance-attributes, useless-object-inheritance
- class installer_obj(object): # pylint: disable=invalid-name
- def __init__(self):
- # CompatServerReplicaInstall
- self.ca_cert_files = None
- self.all_ip_addresses = False
- self.no_wait_for_dns = True
- self.nisdomain = None
- self.no_nisdomain = False
- self.no_sudo = False
- self.request_cert = False
- self.ca_file = None
- self.zonemgr = None
- self.replica_file = None
- # ServerReplicaInstall
- self.subject_base = None
- self.ca_subject = None
- # others
- self._ccache = None
- self.password = None
- self.reverse_zones = []
- # def _is_promote(self):
- # return self.replica_file is None
- # self.skip_conncheck = False
- self._replica_install = False
- # self.dnssec_master = False # future unknown
- # self.disable_dnssec_master = False # future unknown
- # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
- # self.domain_level = self.domainlevel # deprecated
- self.interactive = False
- self.unattended = not self.interactive
- # self.promote = self.replica_file is None
- self.promote = True
- self.skip_schema_check = None
+
+def setup_logging():
+ # logger.setLevel(logging.DEBUG)
+ standard_logging_setup(
+ paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False,
+ filemode='a', console_format='%(message)s')
+
+
+@contextlib_contextmanager
+def redirect_stdout(stream):
+ sys.stdout = stream
+ try:
+ yield stream
+ finally:
+ sys.stdout = sys.__stdout__
+
+
+class AnsibleModuleLog():
+ def __init__(self, module):
+ self.module = module
+ _ansible_module_log = self
+
+ class AnsibleLoggingHandler(logging.Handler):
+ def emit(self, record):
+ _ansible_module_log.write(self.format(record))
+
+ self.logging_handler = AnsibleLoggingHandler()
+ logger.setLevel(logging.DEBUG)
+ logger.root.addHandler(self.logging_handler)
+
+ def close(self):
+ self.flush()
+
+ def flush(self):
+ pass
+
+ def log(self, msg):
+ # self.write(msg+"\n")
+ self.write(msg)
+
+ def debug(self, msg):
+ self.module.debug(msg)
+
+ def info(self, msg):
+ self.module.debug(msg)
+
+ @staticmethod
+ def isatty():
+ return False
+
+ def write(self, msg):
+ self.module.debug(msg)
+ # self.module.warn(msg)
+
+
+# pylint: disable=too-many-instance-attributes, useless-object-inheritance
+class installer_obj(object): # pylint: disable=invalid-name
+ def __init__(self):
+ # CompatServerReplicaInstall
+ self.ca_cert_files = None
+ self.all_ip_addresses = False
+ self.no_wait_for_dns = True
+ self.nisdomain = None
+ self.no_nisdomain = False
+ self.no_sudo = False
+ self.request_cert = False
+ self.ca_file = None
+ self.zonemgr = None
+ self.replica_file = None
+ # ServerReplicaInstall
+ self.subject_base = None
+ self.ca_subject = None
+ # others
+ self._ccache = None
+ self.password = None
+ self.reverse_zones = []
+ # def _is_promote(self):
+ # return self.replica_file is None
+ # self.skip_conncheck = False
+ self._replica_install = False
+ # self.dnssec_master = False # future unknown
+ # self.disable_dnssec_master = False # future unknown
+ # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated
+ # self.domain_level = self.domainlevel # deprecated
+ self.interactive = False
+ self.unattended = not self.interactive
+ # self.promote = self.replica_file is None
+ self.promote = True
+ self.skip_schema_check = None
+
+ # def __getattribute__(self, attr):
+ # value = super(installer_obj, self).__getattribute__(attr)
+ # if not attr.startswith("--") and not attr.endswith("--"):
+ # logger.debug(
+ # " <-- Accessing installer.%s (%s)" %
+ # (attr, repr(value)))
+ # return value
+
+ def __getattr__(self, attrname):
+ logger.info(" --> ADDING missing installer.%s", attrname)
+ setattr(self, attrname, None)
+ return getattr(self, attrname)
+
+ # def __setattr__(self, attr, value):
+ # logger.debug(" --> Setting installer.%s to %s" %
+ # (attr, repr(value)))
+ # return super(installer_obj, self).__setattr__(attr, value)
+
+ def knobs(self):
+ for name in self.__dict__:
+ yield self, name
+
+
+# pylint: enable=too-many-instance-attributes, useless-object-inheritance
+
+
+# pylint: disable=attribute-defined-outside-init
+installer = installer_obj()
+options = installer
+
+# DNSInstallInterface
+options.dnssec_master = False
+options.disable_dnssec_master = False
+options.kasp_db_file = None
+options.force = False
+
+# ServerMasterInstall
+options.add_sids = False
+options.add_agents = False
+
+# ServerReplicaInstall
+options.subject_base = None
+options.ca_subject = None
+# pylint: enable=attribute-defined-outside-init
+
+
+def gen_env_boostrap_finalize_core(etc_ipa, default_config):
+ env = Env()
+ # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
+ # env._finalize_core(**dict(constants.DEFAULT_CONFIG))
+ env._bootstrap(context='installer', confdir=etc_ipa, log=None)
+ env._finalize_core(**dict(default_config))
+ return env
+
+
+def api_bootstrap_finalize(env):
+ # pylint: disable=no-member
+ xmlrpc_uri = \
+ 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))
+ api.bootstrap(in_server=True,
+ context='installer',
+ confdir=paths.ETC_IPA,
+ ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
+ xmlrpc_uri=xmlrpc_uri)
+ # pylint: enable=no-member
+ api.finalize()
+
+
+def gen_ReplicaConfig(): # pylint: disable=invalid-name
+ # pylint: disable=too-many-instance-attributes
+ class ExtendedReplicaConfig(ReplicaConfig):
+ # pylint: disable=useless-super-delegation
+ def __init__(self, top_dir=None):
+ # pylint: disable=super-with-arguments
+ super(ExtendedReplicaConfig, self).__init__(top_dir)
# def __getattribute__(self, attr):
- # value = super(installer_obj, self).__getattribute__(attr)
- # if not attr.startswith("--") and not attr.endswith("--"):
- # logger.debug(
- # " <-- Accessing installer.%s (%s)" %
- # (attr, repr(value)))
- # return value
+ # value = super(ExtendedReplicaConfig, self).__getattribute__(
+ # attr)
+ # if attr not in ["__dict__", "knobs"]:
+ # logger.debug(" <== Accessing config.%s (%s)" %
+ # (attr, repr(value)))
+ # return value\
+ # pylint: enable=useless-super-delegation
def __getattr__(self, attrname):
- logger.info(" --> ADDING missing installer.%s", attrname)
+ logger.info(" ==> ADDING missing config.%s", attrname)
setattr(self, attrname, None)
return getattr(self, attrname)
# def __setattr__(self, attr, value):
- # logger.debug(" --> Setting installer.%s to %s" %
- # (attr, repr(value)))
- # return super(installer_obj, self).__setattr__(attr, value)
+ # logger.debug(" ==> Setting config.%s to %s" %
+ # (attr, repr(value)))
+ # return super(ExtendedReplicaConfig, self).__setattr__(attr,
+ # value)
def knobs(self):
for name in self.__dict__:
yield self, name
-
- # pylint: enable=too-many-instance-attributes, useless-object-inheritance
+ # pylint: enable=too-many-instance-attributes
# pylint: disable=attribute-defined-outside-init
- installer = installer_obj()
- options = installer
-
- # DNSInstallInterface
- options.dnssec_master = False
- options.disable_dnssec_master = False
- options.kasp_db_file = None
- options.force = False
-
- # ServerMasterInstall
- options.add_sids = False
- options.add_agents = False
-
- # ServerReplicaInstall
- options.subject_base = None
- options.ca_subject = None
+ # config = ReplicaConfig()
+ config = ExtendedReplicaConfig()
+ config.realm_name = api.env.realm
+ config.host_name = api.env.host
+ config.domain_name = api.env.domain
+ config.master_host_name = api.env.server
+ config.ca_host_name = api.env.ca_host
+ config.kra_host_name = config.ca_host_name
+ config.ca_ds_port = 389
+ config.setup_ca = options.setup_ca
+ config.setup_kra = options.setup_kra
+ config.dir = options._top_dir
+ config.basedn = api.env.basedn
+ # config.subject_base = options.subject_base
+
# pylint: enable=attribute-defined-outside-init
- def gen_env_boostrap_finalize_core(etc_ipa, default_config):
- env = Env()
- # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None)
- # env._finalize_core(**dict(constants.DEFAULT_CONFIG))
- env._bootstrap(context='installer', confdir=etc_ipa, log=None)
- env._finalize_core(**dict(default_config))
- return env
-
- def api_bootstrap_finalize(env):
- # pylint: disable=no-member
- xmlrpc_uri = \
- 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host))
- api.bootstrap(in_server=True,
- context='installer',
- confdir=paths.ETC_IPA,
- ldap_uri=installutils.realm_to_ldapi_uri(env.realm),
- xmlrpc_uri=xmlrpc_uri)
- # pylint: enable=no-member
- api.finalize()
-
- def gen_ReplicaConfig(): # pylint: disable=invalid-name
- # pylint: disable=too-many-instance-attributes
- class ExtendedReplicaConfig(ReplicaConfig):
- # pylint: disable=useless-super-delegation
- def __init__(self, top_dir=None):
- # pylint: disable=super-with-arguments
- super(ExtendedReplicaConfig, self).__init__(top_dir)
-
- # def __getattribute__(self, attr):
- # value = super(ExtendedReplicaConfig, self).__getattribute__(
- # attr)
- # if attr not in ["__dict__", "knobs"]:
- # logger.debug(" <== Accessing config.%s (%s)" %
- # (attr, repr(value)))
- # return value\
- # pylint: enable=useless-super-delegation
-
- def __getattr__(self, attrname):
- logger.info(" ==> ADDING missing config.%s", attrname)
- setattr(self, attrname, None)
- return getattr(self, attrname)
-
- # def __setattr__(self, attr, value):
- # logger.debug(" ==> Setting config.%s to %s" %
- # (attr, repr(value)))
- # return super(ExtendedReplicaConfig, self).__setattr__(attr,
- # value)
-
- def knobs(self):
- for name in self.__dict__:
- yield self, name
- # pylint: enable=too-many-instance-attributes
-
- # pylint: disable=attribute-defined-outside-init
- # config = ReplicaConfig()
- config = ExtendedReplicaConfig()
- config.realm_name = api.env.realm
- config.host_name = api.env.host
- config.domain_name = api.env.domain
- config.master_host_name = api.env.server
- config.ca_host_name = api.env.ca_host
- config.kra_host_name = config.ca_host_name
- config.ca_ds_port = 389
- config.setup_ca = options.setup_ca
- config.setup_kra = options.setup_kra
- config.dir = options._top_dir
- config.basedn = api.env.basedn
- # config.subject_base = options.subject_base
-
- # pylint: enable=attribute-defined-outside-init
-
- return config
-
- def replica_ds_init_info(ansible_log,
- config, options_, ca_is_configured, remote_api,
- ds_ca_subject, ca_file,
- promote=False, pkcs12_info=None):
-
- dsinstance.check_ports()
-
- # if we have a pkcs12 file, create the cert db from
- # that. Otherwise the ds setup will create the CA
- # cert
- if pkcs12_info is None:
- pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
- "dirsrv_pin.txt")
-
- # during replica install, this gets invoked before local DS is
- # available, so use the remote api.
- # if ca_is_configured:
- # ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
- # else:
- # ca_subject = installutils.default_ca_subject_dn(
- # config.subject_base)
- ca_subject = ds_ca_subject
-
- ds = dsinstance.DsInstance(
- config_ldif=options_.dirsrv_config_file)
- ds.set_output(ansible_log)
-
- # Source: ipaserver/install/dsinstance.py
-
- # idstart and idmax are configured so that the range is seen as
- # depleted by the DNA plugin and the replica will go and get a
- # new range from the master.
- # This way all servers use the initially defined range by default.
- idstart = 1101
- idmax = 1100
-
- with redirect_stdout(ansible_log):
- ds.init_info(
- realm_name=config.realm_name,
- fqdn=config.host_name,
- domain_name=config.domain_name,
- dm_password=config.dirman_password,
- subject_base=config.subject_base,
- ca_subject=ca_subject,
- idstart=idstart,
- idmax=idmax,
- pkcs12_info=pkcs12_info,
- ca_file=ca_file,
- setup_pkinit=not options.no_pkinit,
- )
- ds.master_fqdn = config.master_host_name
- if ca_is_configured is not None:
- ds.ca_is_configured = ca_is_configured
- ds.promote = promote
- ds.api = remote_api
-
- # from __setup_replica
-
- # Always connect to ds over ldapi
- ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
- conn = ipaldap.LDAPClient(ldap_uri)
- conn.external_bind()
-
- return ds
-
- def ansible_module_get_parsed_ip_addresses(ansible_module,
- param='ip_addresses'):
- ip_addrs = []
- for ip in ansible_module.params.get(param):
- try:
- ip_parsed = ipautil.CheckedIPAddress(ip)
- except Exception as e:
- ansible_module.fail_json(
- msg="Invalid IP Address %s: %s" % (ip, e))
- ip_addrs.append(ip_parsed)
- return ip_addrs
-
- def gen_remote_api(master_host_name, etc_ipa):
- ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
- xmlrpc_uri = 'https://{}/ipa/xml'.format(
- ipautil.format_netloc(master_host_name))
- remote_api = create_api(mode=None)
- remote_api.bootstrap(in_server=True,
- context='installer',
- confdir=etc_ipa,
- ldap_uri=ldapuri,
- xmlrpc_uri=xmlrpc_uri)
- remote_api.finalize()
- return remote_api
+ return config
+
+
+def replica_ds_init_info(ansible_log,
+ config, options_, ca_is_configured, remote_api,
+ ds_ca_subject, ca_file,
+ promote=False, pkcs12_info=None):
+
+ dsinstance.check_ports()
+
+ # if we have a pkcs12 file, create the cert db from
+ # that. Otherwise the ds setup will create the CA
+ # cert
+ if pkcs12_info is None:
+ pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
+ "dirsrv_pin.txt")
+
+ # during replica install, this gets invoked before local DS is
+ # available, so use the remote api.
+ # if ca_is_configured:
+ # ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
+ # else:
+ # ca_subject = installutils.default_ca_subject_dn(
+ # config.subject_base)
+ ca_subject = ds_ca_subject
+
+ ds = dsinstance.DsInstance(
+ config_ldif=options_.dirsrv_config_file)
+ ds.set_output(ansible_log)
+
+ # Source: ipaserver/install/dsinstance.py
+
+ # idstart and idmax are configured so that the range is seen as
+ # depleted by the DNA plugin and the replica will go and get a
+ # new range from the master.
+ # This way all servers use the initially defined range by default.
+ idstart = 1101
+ idmax = 1100
+
+ with redirect_stdout(ansible_log):
+ ds.init_info(
+ realm_name=config.realm_name,
+ fqdn=config.host_name,
+ domain_name=config.domain_name,
+ dm_password=config.dirman_password,
+ subject_base=config.subject_base,
+ ca_subject=ca_subject,
+ idstart=idstart,
+ idmax=idmax,
+ pkcs12_info=pkcs12_info,
+ ca_file=ca_file,
+ setup_pkinit=not options.no_pkinit,
+ )
+ ds.master_fqdn = config.master_host_name
+ if ca_is_configured is not None:
+ ds.ca_is_configured = ca_is_configured
+ ds.promote = promote
+ ds.api = remote_api
+
+ # from __setup_replica
+
+ # Always connect to ds over ldapi
+ ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
+ conn = ipaldap.LDAPClient(ldap_uri)
+ conn.external_bind()
+
+ return ds
+
+
+def ansible_module_get_parsed_ip_addresses(ansible_module,
+ param='ip_addresses'):
+ ip_addrs = []
+ for ip in ansible_module.params.get(param):
+ try:
+ ip_parsed = ipautil.CheckedIPAddress(ip)
+ except Exception as e:
+ ansible_module.fail_json(
+ msg="Invalid IP Address %s: %s" % (ip, e))
+ ip_addrs.append(ip_parsed)
+ return ip_addrs
+
+
+def gen_remote_api(master_host_name, etc_ipa):
+ ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name)
+ xmlrpc_uri = 'https://{}/ipa/xml'.format(
+ ipautil.format_netloc(master_host_name))
+ remote_api = create_api(mode=None)
+ remote_api.bootstrap(in_server=True,
+ context='installer',
+ confdir=etc_ipa,
+ ldap_uri=ldapuri,
+ xmlrpc_uri=xmlrpc_uri)
+ remote_api.finalize()
+ return remote_api
+
+
+def check_imports(module):
+ if ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR is not None:
+ module.fail_json(msg=ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR)