ipaclient_test: More tests from ipaclient installer, updated ansible_ipa_client

The ipaclient_test module was not doing all tests that should be done with the provided settings. All tests from ipaclient installer parts are now part of ipaclient_test. There are some minor changes though to make sure that the repair mode could still be used. ansible_ipa_client bindings have been updated to fullfill new needs.

ipaclient_test: More tests from ipaclient installer, updated ansible_ipa_client
c5ce7548 · Thomas Woerner · bf1f8bff · c5ce7548 · c5ce7548 · c5ce7548
Commit c5ce7548 authored Mar 25, 2019 by Thomas Woerner
--- a/roles/ipaclient/defaults/main.yml
+++ b/roles/ipaclient/defaults/main.yml
@@ -12,8 +12,12 @@ ipaclient_no_dns_lookup: no
 ipaclient_ssh_trust_dns: no
 ipaclient_no_ssh: no
 ipaclient_no_sshd: no
+#ipaclient_no_dns_sshfp: no
+#ipaclient_force: no
+ipaclient_force_ntpd: no
 ipaclient_no_nisdomain: no
 ipaclient_configure_firefox: no
+ipahost_all_ip_addresses: no
 ### packages ###
 ipaclient_install_packages: yes
--- a/roles/ipaclient/library/ipaclient_test.py
+++ b/roles/ipaclient/library/ipaclient_test.py
--- a/roles/ipaclient/module_utils/ansible_ipa_client.py
+++ b/roles/ipaclient/module_utils/ansible_ipa_client.py
@@ -31,19 +31,51 @@ if NUM_VERSION < 30201:
 else:
    IPA_PYTHON_VERSION = NUM_VERSION
-class options_obj(object):
+class installer_obj(object):
+    def __init__(self):
        pass
-options = options_obj()
+    def set_logger(self, logger):
+        self.logger = logger
+    #def __getattribute__(self, attr):
+    #    value = super(installer_obj, self).__getattribute__(attr)
+    #    if not attr.startswith("--") and not attr.endswith("--"):
+    #        logger.debug(
+    #            "  <-- Accessing installer.%s (%s)" % (attr, repr(value)))
+    #    return value
+    def __getattr__(self, attr):
+        #logger.info("  --> ADDING missing installer.%s" % attr)
+        self.logger.warn("  --> ADDING missing installer.%s" % attr)
+        setattr(self, attr, None)
+        return getattr(self, attr)
+    #def __setattr__(self, attr, value):
+    #    logger.debug("  --> Setting installer.%s to %s" % (attr, repr(value)))
+    #    return super(installer_obj, self).__setattr__(attr, value)
+    def knobs(self):
+        for name in self.__dict__:
+            yield self, name
+# Initialize installer settings
+installer = installer_obj()
+# Create options
+options = installer
+options.interactive = False
 if NUM_VERSION >= 40400:
    # IPA version >= 4.4
    import sys
    import inspect
+    import gssapi
    import logging
    import six
+    from ipapython import version
    try:
        from ipaclient.install import ipadiscovery
    except ImportError:
@@ -63,6 +95,9 @@ if NUM_VERSION >= 40400:
        from ipalib import certstore
    from ipalib.rpc import delete_persistent_client_session_data
    from ipapython import certdb, ipautil
+    from ipapython.admintool import ScriptError
+    from ipapython.ipautil import CheckedIPAddress
+    from ipalib.util import validate_domain_name, normalize_hostname
    from ipaplatform import services
    from ipaplatform.paths import paths
    from ipaplatform.tasks import tasks
@@ -84,7 +119,11 @@ if NUM_VERSION >= 40400:
            configure_certmonger, update_ssh_keys, configure_openldap_conf, \
            hardcode_ldap_server, get_certs_from_ldap, save_state, \
            create_ipa_nssdb, configure_ssh_config, configure_sshd_config, \
-            configure_automount, configure_firefox, configure_nisdomain
+            configure_automount, configure_firefox, configure_nisdomain, \
+            CLIENT_INSTALL_ERROR, is_ipa_client_installed, \
+            CLIENT_ALREADY_CONFIGURED, nssldap_exists, remove_file, \
+            check_ip_addresses, print_port_conf_info, configure_ipa_conf, \
+            purge_host_keytab, configure_sssd_conf
    except ImportError:
        # Create temporary copy of ipa-client-install script (as
        # ipa_client_install.py) to be able to import the script easily
@@ -125,6 +164,7 @@ if NUM_VERSION >= 40400:
            configure_krb5_conf = ipa_client_install.configure_krb5_conf
        if NUM_VERSION < 40100:
            get_ca_cert = ipa_client_install.get_ca_cert
+            get_ca_certs = None
        else:
            get_ca_certs = ipa_client_install.get_ca_certs
        SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
@@ -179,9 +219,16 @@ if NUM_VERSION >= 40400:
    except ImportError:
        check_ldap_conf = None
+    try:
+        from ipaclient.install.client import sssd_enable_ifp
+    except ImportError:
+        sssd_enable_ifp = None
    logger = logging.getLogger("ipa-client-install")
+    root_logger = logger
 else:
    # IPA version < 4.4
    raise Exception("freeipa version '%s' is too old" % VERSION)
--- a/roles/ipaclient/tasks/install.yml
+++ b/roles/ipaclient/tasks/install.yml
@@ -21,17 +21,36 @@
    ipaclient_servers: "{{ groups['ipaserver'] | list }}"
  when: ipaclient_no_dns_lookup | bool and groups.ipaserver is defined and ipaclient_servers is not defined
- name: Install - IPA discovery
+- fail: msg="ipaadmin_principal and ipaadmin_keytab cannot be used together"
+  when: ipaadmin_keytab is defined and ipaadmin_principal is defined
+- name: Install - Set default principal if no keytab is given
+  set_fact:
+    ipaadmin_principal: admin
+  when: ipaadmin_principal is undefined and ipaclient_keytab is undefined
+- name: Install - IPA client test
  ipaclient_test:
+    ### basic ###
    domain: "{{ ipaserver_domain | default(ipaclient_domain) | default(omit) }}"
    servers: "{{ ipaclient_servers | default(omit) }}"
    realm: "{{ ipaserver_realm | default(ipaclient_realm) | default(omit) }}"
    hostname: "{{ ipaclient_hostname | default(ansible_fqdn) }}"
-    ca_cert_file: "{{ ipaclient_ca_cert_file | default(omit) }}"
+    ntp_servers: "{{ ipaclient_ntp_servers | default(omit) }}"
-    on_master: "{{ ipaclient_on_master }}"
-    ntp_servers: "{{ ipaclient_ntp_servers | default([]) }}"
    ntp_pool: "{{ ipaclient_ntp_pool | default(omit) }}"
    no_ntp: "{{ ipaclient_no_ntp }}"
+    force_ntpd: "{{ ipaclient_force_ntpd }}"
+    nisdomain: "{{ ipaclient_nisdomain | default(omit) }}"
+    no_nisdomain: "{{ ipaclient_no_nisdomain }}"
+    kinit_attempts: "{{ ipaclient_kinit_attempts }}"
+    ca_cert_files: "{{ ipaclient_ca_cert_file | default(omit) }}"
+    configure_firefox: "{{ ipaclient_configure_firefox }}"
+    firefox_dir: "{{ ipaclient_firefox_dir | default(omit) }}"
+    ip_addresses: "{{ ipaclient_ip_addresses | default(omit) }}"
+    all_ip_addresses: "{{ ipahost_all_ip_addresses }}"
+    on_master: "{{ ipaclient_on_master }}"
+    ### sssd ###
+    enable_dns_updates: "{{ ipassd_enable_dns_updates }}"
  register: result_ipaclient_test
 - name: Install - Set default principal if no keytab is given