diff --git a/library/ipaapi.py b/library/ipaapi.py
index 78818e7e348d3fa8870abed9f807e2b3bef1c807..95901b4ebbce815454f48ce692b50e59722f2739 100644
--- a/library/ipaapi.py
+++ b/library/ipaapi.py
@@ -72,56 +72,11 @@ subject_base:
import os
import sys
import time
-import gssapi
import tempfile
import inspect
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-from ipaplatform.paths import paths
-if NUM_VERSION >= 40500 and NUM_VERSION < 40590:
- from cryptography.hazmat.primitives import serialization
-from ipalib import api, errors, x509
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-from ipalib.rpc import delete_persistent_client_session_data
-from ipapython import certdb
-from ipapython.ipautil import CalledProcessError, write_tmp_file, \
- ipa_generate_password
-from ipapython.dn import DN
-ipa_client_install = None
-try:
- from ipaclient.install.client import SECURE_PATH, disable_ra
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily and also
- # to remove the global finally clause in which the generated ccache file
- # gets removed. The ccache file will be needed in the next step.
- # This is done in a temporary directory that gets removed right after
- # ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
- disable_ra = ipa_client_install.disable_ra
-
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
diff --git a/library/ipadiscovery.py b/library/ipadiscovery.py
index 05a3bd0199c9f9c2f898205e01a480ec02622ee6..fd11544868aae79c0968fbc1693b120bdbc3b152 100644
--- a/library/ipadiscovery.py
+++ b/library/ipadiscovery.py
@@ -150,25 +150,7 @@ import socket
from six.moves.configparser import RawConfigParser
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-if NUM_VERSION < 30201:
- # See ipapython/version.py
- IPA_MAJOR,IPA_MINOR,IPA_RELEASE = [ int(x) for x in VERSION.split(".", 2) ]
- IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
-else:
- IPA_PYTHON_VERSION = NUM_VERSION
-from ipaplatform.paths import paths
-try:
- from ipaclient.install import ipadiscovery
-except ImportError:
- from ipaclient import ipadiscovery
-try:
- from ipalib.install.sysrestore import SYSRESTORE_STATEFILE
-except ImportError:
- from ipapython.sysrestore import SYSRESTORE_STATEFILE
-
+from ansible.module_utils.ansible_ipa_client import *
def get_cert_path(cert_path):
"""
@@ -198,7 +180,7 @@ def is_client_configured():
return (os.path.isfile(paths.IPA_DEFAULT_CONF) and
os.path.isfile(os.path.join(paths.IPA_CLIENT_SYSRESTORE,
- SYSRESTORE_STATEFILE)))
+ sysrestore.SYSRESTORE_STATEFILE)))
def get_ipa_conf():
"""
diff --git a/library/ipaextras.py b/library/ipaextras.py
index dd85c1dd84da65e99ac7843c0ecc8664d1140a79..b6792949917114597546e191e85e0f04ad8e2ae1 100644
--- a/library/ipaextras.py
+++ b/library/ipaextras.py
@@ -115,63 +115,9 @@ RETURN = '''
'''
import os
-import sys
-import tempfile
-import inspect
-import logging
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-from ipaplatform.paths import paths
-try:
- from ipaclient.install.client import CCACHE_FILE, configure_ssh_config, \
- configure_sshd_config, configure_automount, configure_firefox, \
- configure_nisdomain
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily and also
- # to remove the global finally clause in which the generated ccache file
- # gets removed. The ccache file will be needed in the next step.
- # This is done in a temporary directory that gets removed right after
- # ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- argspec = inspect.getargspec(ipa_client_install.configure_nisdomain)
- if len(argspec.args) == 3:
- configure_nisdomain = ipa_client_install.configure_nisdomain
- else:
- def configure_nisdomain(options, domain, statestore=None):
- return ipa_client_install.configure_nisdomain(options, domain)
-
- CCACHE_FILE = paths.IPA_DNS_CCACHE
- configure_ssh_config = ipa_client_install.configure_ssh_config
- configure_sshd_config = ipa_client_install.configure_sshd_config
- configure_automount = ipa_client_install.configure_automount
- configure_firefox = ipa_client_install.configure_firefox
-try:
- from ipaclient.install import ntpconf
-except ImportError:
- from ipaclient import ntpconf
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
@@ -214,13 +160,9 @@ def main():
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
- logger = logging.getLogger("ipa-client-install")
- os.environ['KRB5CCNAME'] = CCACHE_FILE
+ os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
- class Object(object):
- pass
- options = Object()
options.sssd = sssd
options.trust_sshfp = trust_sshfp
options.location = automount_location
@@ -254,7 +196,7 @@ def main():
# Cleanup: Remove CCACHE_FILE
try:
- os.remove(CCACHE_FILE)
+ os.remove(paths.IPA_DNS_CCACHE)
except Exception:
pass
diff --git a/library/ipafixca.py b/library/ipafixca.py
index 7499f3d8f113a140841d6eda4bcc2beeb05d6bae..030f60ebf3189fcd6973bf9fcdbac67333b7b136 100644
--- a/library/ipafixca.py
+++ b/library/ipafixca.py
@@ -64,56 +64,10 @@ EXAMPLES = '''
RETURN = '''
'''
-iclass Object(object):
- pass
-options = Object()
-
import os
-import sys
-import tempfile
-import inspect
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-from ipalib import errors
-from ipaplatform.paths import paths
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-try:
- from ipaclient.install.client import get_ca_certs, SECURE_PATH
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily and also
- # to remove the global finally clause in which the generated ccache file
- # gets removed. The ccache file will be needed in the next step.
- # This is done in a temporary directory that gets removed right after
- # ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- if NUM_VERSION < 40100:
- get_ca_cert = ipa_client_install.get_ca_cert
- else:
- get_ca_certs = ipa_client_install.get_ca_certs
- SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
-
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
@@ -144,12 +98,11 @@ def main():
changed = False
if not os.path.exists(paths.IPA_CA_CRT):
if not allow_repair:
- module.fail_json(msg="%s missing, enable allow_repair to fix it." % paths.IPA_CA_CRT)
-
- # Repair missing ca.crt file
-
- from ipaclient.install.client import get_ca_certs
+ module.fail_json(
+ msg="%s missing, enable allow_repair to fix it." % \
+ paths.IPA_CA_CRT)
+ # Repair missing ca.crt file
try:
os.environ['KRB5_CONFIG'] = env['KRB5_CONFIG'] = "/etc/krb5.conf"
env['KRB5CCNAME'] = os.environ['KRB5CCNAME']
diff --git a/library/ipafstore.py b/library/ipafstore.py
index 73fffc30b33827b50364518c2e3dde6ad9a4cfac..c611346c65368f90cf54cfd36b506a277f5709dd 100644
--- a/library/ipafstore.py
+++ b/library/ipafstore.py
@@ -52,14 +52,7 @@ RETURN = '''
'''
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-from ipaplatform.paths import paths
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
diff --git a/library/ipajoin.py b/library/ipajoin.py
index 741b0c3442e135b9c69327952556f1fc902033ea..e559f3cf9c94b5719706264a762f7c539625f32d 100644
--- a/library/ipajoin.py
+++ b/library/ipajoin.py
@@ -120,81 +120,11 @@ already_joined:
type: bool
'''
-class Object(object):
- pass
-options = Object()
-
import os
-import sys
-import gssapi
import tempfile
-import inspect
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-from ipalib import errors
-from ipaplatform.paths import paths
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-try:
- from ipalib.install.kinit import kinit_keytab, kinit_password
-except ImportError:
- from ipapython.ipautil import kinit_keytab, kinit_password
-try:
- from ipaclient.install.client import configure_krb5_conf, get_ca_certs, \
- SECURE_PATH
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily
- # and also to remove the global finally clause in which the
- # generated ccache file gets removed. The ccache file will be
- # needed in the next step.
- # This is done in a temporary directory that gets removed right
- # after ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
- if argspec.keywords is None:
- def configure_krb5_conf(
- cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
- filename, client_domain, client_hostname, force,
- configure_sssd):
- global options
- options.force = force
- options.sssd = configure_sssd
- return ipa_client_install.configure_krb5_conf(
- cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
- filename, client_domain, client_hostname)
- else:
- configure_krb5_conf = ipa_client_install.configure_krb5_conf
- if NUM_VERSION < 40100:
- get_ca_cert = ipa_client_install.get_ca_cert
- else:
- get_ca_certs = ipa_client_install.get_ca_certs
- SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
-from ipapython.ipautil import realm_to_suffix, run
-
-
-import logging
-logger = logging.getLogger("ipa-client-install")
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
@@ -295,7 +225,7 @@ def main():
ccache_name,
config=krb_name,
attempts=kinit_attempts)
- except gssapi.exceptions.GSSError as e:
+ except GSSError as e:
module.fail_json(
msg="Kerberos authentication failed: {}".format(e))
else:
@@ -356,7 +286,7 @@ def main():
config=krb_name,
attempts=kinit_attempts)
env['KRB5CCNAME'] = os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
- except gssapi.exceptions.GSSError as e:
+ except GSSError as e:
# failure to get ticket makes it impossible to login and
# bind from sssd to LDAP, abort installation
module.fail_json(msg="Failed to obtain host TGT: %s" % e)
diff --git a/library/ipanss.py b/library/ipanss.py
index ab725874d5c03f0cc92c827973af1a468bd16534..31fdf80e6135993026ff299944735b978c2c9db0 100644
--- a/library/ipanss.py
+++ b/library/ipanss.py
@@ -93,79 +93,10 @@ RETURN = '''
'''
import os
-import sys
import time
-import gssapi
-import tempfile
-import inspect
-import logging
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-from ipalib import api, errors, x509
-try:
- from ipalib.install import certmonger
-except ImportError:
- from ipapython import certmonger
-try:
- from ipalib.install import certstore
-except ImportError:
- from ipalib import certstore
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-try:
- from ipalib.install.kinit import kinit_keytab, kinit_password
-except ImportError:
- from ipapython.ipautil import kinit_keytab, kinit_password
-from ipalib.rpc import delete_persistent_client_session_data
-from ipapython.dn import DN
-from ipaplatform import services
-from ipaplatform.paths import paths
-from ipaplatform.tasks import tasks
-from ipapython import certdb, ipautil
-from ipapython.ipautil import CalledProcessError
-from ipapython.ipa_log_manager import standard_logging_setup
-
-try:
- from ipaclient.install.client import CCACHE_FILE, client_dns, configure_certmonger, update_ssh_keys, configure_openldap_conf, hardcode_ldap_server, get_certs_from_ldap, save_state, disable_ra, create_ipa_nssdb
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily and also
- # to remove the global finally clause in which the generated ccache file
- # gets removed. The ccache file will be needed in the next step.
- # This is done in a temporary directory that gets removed right after
- # ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- CCACHE_FILE = paths.IPA_DNS_CCACHE
- client_dns = ipa_client_install.client_dns
- configure_certmonger = ipa_client_install.configure_certmonger
- update_ssh_keys = ipa_client_install.update_ssh_keys
- configure_openldap_conf = ipa_client_install.configure_openldap_conf
- hardcode_ldap_server = ipa_client_install.hardcode_ldap_server
- get_certs_from_ldap = ipa_client_install.get_certs_from_ldap
- save_state = ipa_client_install.save_state
- disable_ra = ipa_client_install.disable_ra
-
- from ipapython.certdb import create_ipa_nssdb
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
@@ -198,16 +129,12 @@ def main():
fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE)
- logger = logging.getLogger("ipa-client-install")
standard_logging_setup(
paths.IPACLIENT_INSTALL_LOG, verbose=True, debug=False,
filemode='a', console_format='%(message)s')
- os.environ['KRB5CCNAME'] = CCACHE_FILE
+ os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE
- class Object(object):
- pass
- options = Object()
options.dns_updates = False
options.all_ip_addresses = False
options.ip_addresses = None
@@ -278,7 +205,7 @@ def main():
update_ssh_keys(hostname, ssh_config_dir, options.create_sshfp)
try:
- os.remove(CCACHE_FILE)
+ os.remove(paths.IPA_DNS_CCACHE)
except Exception:
pass
diff --git a/library/ipasssd.py b/library/ipasssd.py
index 8a72711510a2c5f93589514485f6bb26338d23c8..3b2a567f1c17a7d549087ca39ecfcd6c7073f28a 100644
--- a/library/ipasssd.py
+++ b/library/ipasssd.py
@@ -112,40 +112,7 @@ import tempfile
import SSSDConfig
from ansible.module_utils.basic import AnsibleModule
-try:
- from ipalib.install import sysrestore
-except ImportError:
- from ipapython import sysrestore
-from ipaplatform.paths import paths
-from ipapython.ipautil import file_exists
-try:
- from ipaclient.install.client import get_server_connection_interface, \
- configure_nsswitch_database
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily and also
- # to remove the global finally clause in which the generated ccache file
- # gets removed. The ccache file will be needed in the next step.
- # This is done in a temporary directory that gets removed right after
- # ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- get_server_connection_interface = ipa_client_install.get_server_connection_interface
- configure_nsswitch_database = ipa_client_install.configure_nsswitch_database
+from ansible.module_utils.ansible_ipa_client import *
def sssd_enable_service(module, sssdconfig, service):
try:
diff --git a/library/ipatest.py b/library/ipatest.py
index 500dffb12bd7d73b85efb8f6305e3f7e2c2f4ed8..9dc5e42e2bfc2f4569b81116822fff95a6f6beed 100644
--- a/library/ipatest.py
+++ b/library/ipatest.py
@@ -105,65 +105,10 @@ class Object(object):
options = Object()
import os
-import sys
-import gssapi
import tempfile
-import inspect
from ansible.module_utils.basic import AnsibleModule
-from ipapython.version import NUM_VERSION, VERSION
-if NUM_VERSION < 40400:
- raise Exception("freeipa version '%s' is too old" % VERSION)
-from ipaplatform.paths import paths
-try:
- from ipalib.install.kinit import kinit_keytab
-except ImportError:
- from ipapython.ipautil import kinit_keytab
-try:
- from ipaclient.install.client import configure_krb5_conf, SECURE_PATH
-except ImportError:
- # Create temporary copy of ipa-client-install script (as
- # ipa_client_install.py) to be able to import the script easily and also
- # to remove the global finally clause in which the generated ccache file
- # gets removed. The ccache file will be needed in the next step.
- # This is done in a temporary directory that gets removed right after
- # ipa_client_install has been imported.
- import shutil
- temp_dir = tempfile.mkdtemp(dir="/tmp")
- sys.path.append(temp_dir)
- temp_file = "%s/ipa_client_install.py" % temp_dir
-
- with open("/usr/sbin/ipa-client-install", "r") as f_in:
- with open(temp_file, "w") as f_out:
- for line in f_in:
- if line.startswith("finally:"):
- break
- f_out.write(line)
- import ipa_client_install
-
- shutil.rmtree(temp_dir, ignore_errors=True)
- sys.path.remove(temp_dir)
-
- argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
- if argspec.keywords is None:
- def configure_krb5_conf(
- cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
- filename, client_domain, client_hostname, force,
- configure_sssd):
- global options
- options.force = force
- options.sssd = configure_sssd
- return ipa_client_install.configure_krb5_conf(
- cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
- filename, client_domain, client_hostname)
- else:
- configure_krb5_conf = ipa_client_install.configure_krb5_conf
- SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
-from ipapython.ipautil import realm_to_suffix, run
-
-
-import logging
-logger = logging.getLogger("ipa-client-install")
+from ansible.module_utils.ansible_ipa_client import *
def main():
module = AnsibleModule(
@@ -218,7 +163,7 @@ def main():
ipa_test_ok = True
except OSError:
pass
- except gssapi.exceptions.GSSError as e:
+ except GSSError as e:
pass
# Second try: Validate krb5 keytab with temporary krb5
@@ -256,7 +201,7 @@ def main():
except OSError:
pass
- except gssapi.exceptions.GSSError as e:
+ except GSSError as e:
pass
finally:
diff --git a/module_utils/ansible_ipa_client.py b/module_utils/ansible_ipa_client.py
new file mode 100644
index 0000000000000000000000000000000000000000..5a7798c117c4f6bf90ff24cc154f7137ddc576e2
--- /dev/null
+++ b/module_utils/ansible_ipa_client.py
@@ -0,0 +1,167 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-client-install code
+#
+# Copyright (C) 2017 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from ipapython.version import NUM_VERSION, VERSION
+
+if NUM_VERSION < 30201:
+ # See ipapython/version.py
+ IPA_MAJOR,IPA_MINOR,IPA_RELEASE = [ int(x) for x in VERSION.split(".", 2) ]
+ IPA_PYTHON_VERSION = IPA_MAJOR*10000 + IPA_MINOR*100 + IPA_RELEASE
+else:
+ IPA_PYTHON_VERSION = NUM_VERSION
+
+class options_obj(object):
+ pass
+options = options_obj()
+
+if NUM_VERSION >= 40400:
+ # IPA version >= 4.4
+
+ import sys
+ import inspect
+ import logging
+
+ try:
+ from ipaclient.install import ipadiscovery
+ except ImportError:
+ from ipaclient import ipadiscovery
+ from ipalib import api, errors, x509
+ try:
+ from ipalib.install import sysrestore
+ except ImportError:
+ from ipapython import sysrestore
+ try:
+ from ipalib.install import certmonger
+ except ImportError:
+ from ipapython import certmonger
+ try:
+ from ipalib.install import certstore
+ except ImportError:
+ from ipalib import certstore
+ from ipalib.rpc import delete_persistent_client_session_data
+ from ipapython import certdb, ipautil
+ from ipaplatform import services
+ from ipaplatform.paths import paths
+ from ipaplatform.tasks import tasks
+ if NUM_VERSION >= 40500 and NUM_VERSION < 40590:
+ from cryptography.hazmat.primitives import serialization
+ from ipapython.ipautil import CalledProcessError, write_tmp_file, \
+ ipa_generate_password, file_exists
+ from ipapython.dn import DN
+ try:
+ from ipalib.install.kinit import kinit_keytab, kinit_password
+ except ImportError:
+ from ipapython.ipautil import kinit_keytab, kinit_password
+ from ipapython.ipa_log_manager import standard_logging_setup
+ from gssapi.exceptions import GSSError
+ try:
+ from ipaclient.install.client import configure_krb5_conf, \
+ get_ca_certs, SECURE_PATH, get_server_connection_interface, \
+ configure_nsswitch_database, disable_ra, client_dns, \
+ configure_certmonger, update_ssh_keys, configure_openldap_conf, \
+ hardcode_ldap_server, get_certs_from_ldap, save_state, \
+ create_ipa_nssdb, configure_ssh_config, configure_sshd_config, \
+ configure_automount, configure_firefox, configure_nisdomain
+ except ImportError:
+ # Create temporary copy of ipa-client-install script (as
+ # ipa_client_install.py) to be able to import the script easily
+ # and also to remove the global finally clause in which the
+ # generated ccache file gets removed. The ccache file will be
+ # needed in the next step.
+ # This is done in a temporary directory that gets removed right
+ # after ipa_client_install has been imported.
+ import shutil, tempfile
+ temp_dir = tempfile.mkdtemp(dir="/tmp")
+ sys.path.append(temp_dir)
+ temp_file = "%s/ipa_client_install.py" % temp_dir
+
+ with open("/usr/sbin/ipa-client-install", "r") as f_in:
+ with open(temp_file, "w") as f_out:
+ for line in f_in:
+ if line.startswith("finally:"):
+ break
+ f_out.write(line)
+ import ipa_client_install
+
+ shutil.rmtree(temp_dir, ignore_errors=True)
+ sys.path.remove(temp_dir)
+
+ argspec = inspect.getargspec(ipa_client_install.configure_krb5_conf)
+ if argspec.keywords is None:
+ def configure_krb5_conf(
+ cli_realm, cli_domain, cli_server, cli_kdc, dnsok,
+ filename, client_domain, client_hostname, force=False,
+ configure_sssd=True):
+ global options
+ options.force = force
+ options.sssd = configure_sssd
+ return ipa_client_install.configure_krb5_conf(
+ cli_realm, cli_domain, cli_server, cli_kdc, dnsok, options,
+ filename, client_domain, client_hostname)
+ else:
+ configure_krb5_conf = ipa_client_install.configure_krb5_conf
+ if NUM_VERSION < 40100:
+ get_ca_cert = ipa_client_install.get_ca_cert
+ else:
+ get_ca_certs = ipa_client_install.get_ca_certs
+ SECURE_PATH = ("/bin:/sbin:/usr/kerberos/bin:/usr/kerberos/sbin:/usr/bin:/usr/sbin")
+
+ get_server_connection_interface = ipa_client_install.get_server_connection_interface
+ configure_nsswitch_database = ipa_client_install.configure_nsswitch_database
+ disable_ra = ipa_client_install.disable_ra
+ client_dns = ipa_client_install.client_dns
+ configure_certmonger = ipa_client_install.configure_certmonger
+ update_ssh_keys = ipa_client_install.update_ssh_keys
+ configure_openldap_conf = ipa_client_install.configure_openldap_conf
+ hardcode_ldap_server = ipa_client_install.hardcode_ldap_server
+ get_certs_from_ldap = ipa_client_install.get_certs_from_ldap
+ save_state = ipa_client_install.save_state
+
+ create_ipa_nssdb = certdb.create_ipa_nssdb
+
+ argspec = inspect.getargspec(ipa_client_install.configure_nisdomain)
+ if len(argspec.args) == 3:
+ configure_nisdomain = ipa_client_install.configure_nisdomain
+ else:
+ def configure_nisdomain(options, domain, statestore=None):
+ return ipa_client_install.configure_nisdomain(options, domain)
+
+ configure_ssh_config = ipa_client_install.configure_ssh_config
+ configure_sshd_config = ipa_client_install.configure_sshd_config
+ configure_automount = ipa_client_install.configure_automount
+ configure_firefox = ipa_client_install.configure_firefox
+
+ from ipapython.ipautil import realm_to_suffix, run
+
+ try:
+ from ipaclient.install import ntpconf
+ except ImportError:
+ from ipaclient import ntpconf
+
+ logger = logging.getLogger("ipa-client-install")
+
+else:
+ # IPA version < 4.4
+
+ raise Exception("freeipa version '%s' is too old" % VERSION)
diff --git a/roles/ipaclient/meta/main.yml b/roles/ipaclient/meta/main.yml
index 6e713b45d1ee39ff96be8e8e275202db0f2048c2..13f398d739db3a51986b512ed1cd3ed7be566346 100644
--- a/roles/ipaclient/meta/main.yml
+++ b/roles/ipaclient/meta/main.yml
@@ -1,5 +1,5 @@
galaxy_info:
- author: Florence Blanc-Renaud
+ author: Florence Blanc-Renaud, Thomas Woerner
description: A role to join a machine to an IPA domain
company: Red Hat, Inc
@@ -7,7 +7,7 @@ galaxy_info:
license: GPLv3
- min_ansible_version: 2.0
+ min_ansible_version: 2.3.1
#github_branch: