Skip to content
Commits on Source (2)
Hide whitespace changes
Inline Side-by-side
roles/ipaclient/library/ipaclient_setup_nss.py
View file @ 03c65bd7
......@@ -152,6 +152,10 @@ options:
The dist of nss_ldap or nss-pam-ldapd files if sssd is disabled
required: yes
type: dict
selinux_works:
description: True if selinux status check passed
required: false
type: bool
krb_name:
description: The krb5 config file name
type: str
......@@ -189,7 +193,7 @@ from ansible.module_utils.ansible_ipa_client import (
CalledProcessError, tasks, client_dns, services,
update_ssh_keys, save_state, configure_ldap_conf, configure_nslcd_conf,
configure_openldap_conf, hardcode_ldap_server, getargspec, NUM_VERSION,
serialization
serialization, configure_selinux_for_client
)
......@@ -224,6 +228,7 @@ def main():
no_dns_sshfp=dict(required=False, type='bool', default=False),
nosssd_files=dict(required=True, type='dict'),
krb_name=dict(required=True, type='str'),
selinux_works=dict(required=False, type='bool', default=False),
),
supports_check_mode=False,
)
......@@ -274,6 +279,7 @@ def main():
options.sssd = not options.no_sssd
options.no_ac = False
nosssd_files = module.params.get('nosssd_files')
selinux_works = module.params.get('selinux_works')
krb_name = module.params.get('krb_name')
os.environ['KRB5_CONFIG'] = krb_name
......@@ -474,6 +480,9 @@ def main():
logger.info("%s enabled", "SSSD" if options.sssd else "LDAP")
if options.sssd:
if selinux_works and configure_selinux_for_client is not None:
configure_selinux_for_client(statestore)
sssd = services.service('sssd', api)
try:
sssd.restart()
......
roles/ipaclient/library/ipaclient_test.py
View file @ 03c65bd7
......@@ -226,6 +226,10 @@ nosssd_files:
returned: always
type: list
elements: str
selinux_works:
description: True if the selinux status check passed.
returned: always
type: bool
'''
import os
......@@ -495,6 +499,8 @@ def main():
# not installer.no_krb5_offline_passwords
installer.sssd = not installer.no_sssd
selinux_works = False
try:
# client
......@@ -529,7 +535,7 @@ def main():
"You must be root to run ipa-client-install.",
rval=CLIENT_INSTALL_ERROR)
tasks.check_selinux_status()
selinux_works = tasks.check_selinux_status()
# if is_ipa_client_installed(fstore, on_master=options.on_master):
# logger.error("IPA client is already configured on this system.")
......@@ -971,7 +977,8 @@ def main():
ntp_pool=options.ntp_pool,
client_already_configured=client_already_configured,
ipa_python_version=IPA_PYTHON_VERSION,
nosssd_files=nosssd_files)
nosssd_files=nosssd_files,
selinux_works=selinux_works)
if __name__ == '__main__':
......
roles/ipaclient/module_utils/ansible_ipa_client.py
View file @ 03c65bd7
......@@ -46,7 +46,8 @@ __all__ = ["gssapi", "version", "ipadiscovery", "api", "errors", "x509",
"configure_nslcd_conf", "configure_ssh_config",
"configure_sshd_config", "configure_automount",
"configure_firefox", "sync_time", "check_ldap_conf",
"sssd_enable_ifp", "getargspec", "paths", "options",
"sssd_enable_ifp", "configure_selinux_for_client",
"getargspec", "paths", "options",
"IPA_PYTHON_VERSION", "NUM_VERSION", "certdb", "get_ca_cert",
"ipalib", "logger", "ipautil", "installer"]
......@@ -302,6 +303,11 @@ try:
except ImportError:
sssd_enable_ifp = None
try:
from ipaclient.install.client import configure_selinux_for_client
except ImportError:
configure_selinux_for_client = None
logger = logging.getLogger("ipa-client-install")
root_logger = logger
......
roles/ipaclient/tasks/install.yml
View file @ 03c65bd7
......@@ -384,6 +384,7 @@
| default(ipasssd_no_krb5_offline_passwords) }}"
no_dns_sshfp: "{{ ipaclient_no_dns_sshfp }}"
nosssd_files: "{{ result_ipaclient_test.nosssd_files }}"
selinux_works: "{{ result_ipaclient_test.selinux_works }}"
krb_name: "{{ result_ipaclient_temp_krb5.krb_name }}"
- name: Install - Configure SSH and SSHD
......