From a980aec1f83bc4c3fb8679a8c67d180aec223f7e Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 17 Apr 2019 17:05:44 +0200
Subject: [PATCH] ipaserver_setup_adtrust: Add missing settings for adtrust and
 module

There have been missing settings that have not been provided to
ipaserver_setup_adtrust. These are: enable_compat, rid_base and
secondary_rid_base.

The settings rid_base and secondary_rid_base are now initialized in
ipaserver_test and propagated in the results.

The two settings netbios_name and reset_netbios_name are placed in the
adtrust binding in the adtrust.install_check call. These are now saved
when ipaserver_test finishes and are written back in the fist steps of
ipaserver_setup_adtrust to make adtrust.install working.

The settings add_sids and add_agents are now initialized in
ansible_ipa_server in the same way as in ServerMasterInstall. These
settings are fixed in the server deployment.
---
 roles/ipaserver/library/ipaserver_prepare.py  |  3 +++
 .../library/ipaserver_setup_adtrust.py        | 19 +++++++++++++++++--
 roles/ipaserver/library/ipaserver_test.py     | 12 +++++++++---
 .../module_utils/ansible_ipa_server.py        |  5 +++++
 roles/ipaserver/tasks/install.yml             | 11 +++++++++--
 5 files changed, 43 insertions(+), 7 deletions(-)

diff --git a/roles/ipaserver/library/ipaserver_prepare.py b/roles/ipaserver/library/ipaserver_prepare.py
index 51ad8b86..8bf5738e 100644
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -167,6 +167,9 @@ def main():
     options.forward_policy = ansible_module.params.get('forward_policy')
     options.no_dnssec_validation = ansible_module.params.get(
         'no_dnssec_validation')
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.netbios_name = ansible_module.params.get('netbios_name')
     ### additional ###
     options.setup_ca = ansible_module.params.get('setup_ca')
     options._host_name_overridden = ansible_module.params.get(
diff --git a/roles/ipaserver/library/ipaserver_setup_adtrust.py b/roles/ipaserver/library/ipaserver_setup_adtrust.py
index fdc559d3..29166e11 100644
--- a/roles/ipaserver/library/ipaserver_setup_adtrust.py
+++ b/roles/ipaserver/library/ipaserver_setup_adtrust.py
@@ -54,8 +54,15 @@ def main():
         argument_spec = dict(
             # basic
             hostname=dict(required=False),
-            setup_ca=dict(required=True, type='bool', default=False),
-            setup_adtrust=dict(required=True, type='bool', default=False),
+            setup_ca=dict(required=False, type='bool', default=False),
+            setup_adtrust=dict(required=False, type='bool', default=False),
+            ### ad trust ###
+            enable_compat=dict(required=False, type='bool', default=False),
+            rid_base=dict(required=False, type='int'),
+            secondary_rid_base=dict(required=False, type='int'),
+            ### additional ###
+            adtrust_netbios_name=dict(required=True),
+            adtrust_reset_netbios_name=dict(required=True, type='bool')
         ),
     )
 
@@ -67,6 +74,14 @@ def main():
     options.host_name = ansible_module.params.get('hostname')
     options.setup_ca = ansible_module.params.get('setup_ca')
     options.setup_adtrust = ansible_module.params.get('setup_adtrust')
+    ### ad trust ###
+    options.enable_compat = ansible_module.params.get('enable_compat')
+    options.rid_base = ansible_module.params.get('rid_base')
+    options.secondary_rid_base = ansible_module.params.get('secondary_rid_base')
+    ### additional ###
+    adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
+    adtrust.reset_netbios_name = \
+        ansible_module.params.get('adtrust_reset_netbios_name')
 
     # init ##########################################################
 
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index a451b9f5..63856511 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -115,8 +115,9 @@ def main():
             ### ad trust ###
             enable_compat=dict(required=False, type='bool', default=False),
             netbios_name=dict(required=False),
-            rid_base=dict(required=False, type='int'),
-            secondary_rid_base=dict(required=False, type='int'),
+            rid_base=dict(required=False, type='int', default=1000),
+            secondary_rid_base=dict(required=False, type='int',
+                                    default=100000000),
 
             ### additional ###
         ),
@@ -779,12 +780,17 @@ def main():
                              forward_policy=options.forward_policy,
                              forwarders=options.forwarders,
                              no_dnssec_validation=options.no_dnssec_validation,
+                             ### ad trust ###
+                             rid_base=options.rid_base,
+                             secondary_rid_base=options.secondary_rid_base,
                              ### additional ###
                              _installation_cleanup=_installation_cleanup,
                              domainlevel=options.domainlevel,
                              dns_ip_addresses=[ str(ip) for ip
                                                 in dns.ip_addresses ],
-                             dns_reverse_zones=dns.reverse_zones)
+                             dns_reverse_zones=dns.reverse_zones,
+                             adtrust_netbios_name=adtrust.netbios_name,
+                             adtrust_reset_netbios_name=adtrust.reset_netbios_name)
 
 if __name__ == '__main__':
     main()
diff --git a/roles/ipaserver/module_utils/ansible_ipa_server.py b/roles/ipaserver/module_utils/ansible_ipa_server.py
index ae5d16af..dfa26031 100644
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -199,6 +199,11 @@ class options_obj(object):
 options = options_obj()
 installer = options
 
+# ServerMasterInstall
+options.add_sids = True
+options.add_agents = False
+
+
 def api_Backend_ldap2(host_name, setup_ca, connect=False):
     # we are sure we have the configuration file ready.
     cfg = dict(context='installer', confdir=paths.ETC_IPA, in_server=True,
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index aaf07800..f482bc08 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -144,8 +144,8 @@
       auto_forwarders: "{{ ipaserver_auto_forwarders }}"
       no_dnssec_validation: "{{ result_ipaserver_test.no_dnssec_validation }}"
       ### ad trust ###
-      # enable_compat
-      # netbios_name
+      enable_compat: "{{ ipaserver_enable_compat }}"
+      netbios_name: "{{ ipaserver_netbios_name | default(omit) }}"
       # rid_base
       # secondary_rid_base
       ### additional ###
@@ -313,6 +313,13 @@
       hostname: "{{ result_ipaserver_test.hostname }}"
       setup_ca: "{{ result_ipaserver_test.setup_ca }}"
       setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
+      ### ad trust ###
+      enable_compat: "{{ ipaserver_enable_compat }}"
+      rid_base: "{{ result_ipaserver_test.rid_base }}"
+      secondary_rid_base: "{{ result_ipaserver_test.secondary_rid_base }}"
+      ### additional ###
+      adtrust_netbios_name: "{{ result_ipaserver_test.adtrust_netbios_name }}"
+      adtrust_reset_netbios_name: "{{ result_ipaserver_test.adtrust_reset_netbios_name }}"
     when: result_ipaserver_test.setup_adtrust
 
   - name: Install - Set DS password
-- 
GitLab