diff --git a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py index e44464c463..66c1615b17 100644 --- a/roles/ipareplica/library/ipareplica_add_to_ipaservers.py +++ b/roles/ipareplica/library/ipareplica_add_to_ipaservers.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,21 +40,26 @@ options: setup_kra: description: Configure a dogtag KRA - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes installer_ccache: description: The installer ccache setting - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -67,7 +72,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_remote_api, api ) @@ -84,15 +89,16 @@ def main(): # server setup_kra=dict(required=True, type='bool'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), - installer_ccache=dict(required=True), - _top_dir=dict(required=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + installer_ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py index 0577cd5e8d..582a4124bf 100644 --- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py +++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,92 +40,123 @@ options: dm_password: description: Directory Manager password - required: yes + type: str + required: no password: description: Admin user kerberos password - required: yes + type: str + required: no ip_addresses: description: List of Master Server IP Addresses - required: yes + type: list + elements: str + required: no domain: description: Primary DNS domain of the IPA deployment - required: yes + type: str + required: no realm: description: Kerberos realm name of the IPA deployment - required: yes + type: str + required: no hostname: description: Fully qualified name of this host - required: yes + type: str + required: no ca_cert_files: description: List of files containing CA certificates for the service certificate files - required: yes + type: list + elements: str + required: no no_host_dns: description: Do not use DNS for hostname lookup during installation - required: yes + type: bool + default: no + required: no setup_adtrust: description: Configure AD trust capability - required: yes + type: bool + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + required: no dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key - required: yes + type: list + elements: str + required: no force_join: description: Force client enrollment even if already enrolled - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes server: description: Fully qualified name of IPA server to enroll to - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes config_ca_host_name: description: The config ca_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes installer_ccache: description: The installer ccache setting - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes _add_to_ipaservers: description: The installer _add_to_ipaservers setting - required: no + type: bool + required: yes _ca_subject: description: The installer _ca_subject setting - required: no + type: str + required: yes _subject_base: description: The installer _subject_base setting - required: no + type: str + required: yes master: description: Master host name - required: yes + type: str + required: no dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -138,7 +169,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, ansible_module_get_parsed_ip_addresses, sysrestore, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, create_ipa_conf @@ -149,13 +180,15 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( # basic - dm_password=dict(required=False, no_log=True), - password=dict(required=False, no_log=True), - ip_addresses=dict(required=False, type='list', default=[]), - domain=dict(required=False), - realm=dict(required=False), - hostname=dict(required=False), - ca_cert_files=dict(required=False, type='list', default=[]), + dm_password=dict(required=False, type='str', no_log=True), + password=dict(required=False, type='str', no_log=True), + ip_addresses=dict(required=False, type='list', elements='str', + default=[]), + domain=dict(required=False, type='str'), + realm=dict(required=False, type='str'), + hostname=dict(required=False, type='str'), + ca_cert_files=dict(required=False, type='list', elements='str', + default=[]), no_host_dns=dict(required=False, type='bool', default=False), # server setup_adtrust=dict(required=False, type='bool'), @@ -163,30 +196,32 @@ def main(): setup_kra=dict(required=False, type='bool'), setup_dns=dict(required=False, type='bool'), # ssl certificate - dirsrv_cert_files=dict(required=False, type='list', default=[]), + dirsrv_cert_files=dict(required=False, type='list', elements='str', + default=[]), # client force_join=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - server=dict(required=True), - config_master_host_name=dict(required=True), - config_ca_host_name=dict(required=True), - ccache=dict(required=True), - installer_ccache=dict(required=True), + server=dict(required=True, type='str'), + config_master_host_name=dict(required=True, type='str'), + config_ca_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + installer_ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _top_dir=dict(required=True), + _top_dir=dict(required=True, type='str'), _add_to_ipaservers=dict(required=True, type='bool'), - _ca_subject=dict(required=True), - _subject_base=dict(required=True), - master=dict(required=False, default=None), + _ca_subject=dict(required=True, type='str'), + _subject_base=dict(required=True, type='str'), + master=dict(required=False, type='str', default=None), dirman_password=dict(required=True, no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py index 28346e7e33..8c14526cb4 100644 --- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py +++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,53 +40,68 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no no_ui_redirect: description: Do not automatically redirect to the Web UI - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _kra_enabled: description: The installer _kra_enabled setting - required: yes + type: bool + required: no _kra_host_name: description: The installer _kra_host_name setting - required: yes + type: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes config_setup_ca: description: The config setup_ca setting - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes config_ca_host_name: description: The config ca_host_name setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -99,7 +114,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, redirect_stdout, custodiainstance, getargspec @@ -115,23 +130,24 @@ def main(): no_pkinit=dict(required=False, type='bool'), no_ui_redirect=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - ccache=dict(required=True), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), + _ca_file=dict(required=False, type='str'), _kra_enabled=dict(required=False, type='bool'), - _kra_host_name=dict(required=False), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _kra_host_name=dict(required=False, type='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), config_setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), - config_ca_host_name=dict(required=True), + config_master_host_name=dict(required=True, type='str'), + config_ca_host_name=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py index 87e46a5d13..44ec5285f3 100644 --- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py +++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,55 +40,72 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no no_ui_redirect: description: Do not automatically redirect to the Web UI - required: yes + type: bool + required: no dirsrv_config_file: description: The path to LDIF file that will be used to modify configuration of dse.ldif during installation of the directory server instance - required: yes + type: str + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _dirsrv_pkcs12_info: description: The installer _dirsrv_pkcs12_info setting - required: yes + type: list + elements: str + required: no _pkinit_pkcs12_info: description: The installer _pkinit_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes ds_ca_subject: description: The ds.ca_subject setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -101,7 +118,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, replica_ds_init_info, dsinstance, upgradeinstance, installutils @@ -116,24 +133,27 @@ def main(): setup_kra=dict(required=False, type='bool'), no_pkinit=dict(required=False, type='bool'), no_ui_redirect=dict(required=False, type='bool'), - dirsrv_config_file=dict(required=False), + dirsrv_config_file=dict(required=False, type='str'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), - _dirsrv_pkcs12_info=dict(required=False, type='list'), - _pkinit_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), - ds_ca_subject=dict(required=True), + _ca_file=dict(required=False, type='str'), + _dirsrv_pkcs12_info=dict(required=False, type='list', + elements='str'), + _pkinit_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), + ds_ca_subject=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py index e751f684f2..74742fff07 100644 --- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py +++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,52 +40,68 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no dirsrv_config_file: description: The path to LDIF file that will be used to modify configuration of dse.ldif during installation of the directory server instance - required: yes + type: str + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _dirsrv_pkcs12_info: description: The installer _dirsrv_pkcs12_info setting - required: yes + type: list + elements: str + required: no _pkinit_pkcs12_info: description: The installer _pkinit_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes ds_ca_subject: description: The ds.ca_subject setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -98,7 +114,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, replica_ds_init_info @@ -112,24 +128,27 @@ def main(): setup_ca=dict(required=False, type='bool'), setup_kra=dict(required=False, type='bool'), no_pkinit=dict(required=False, type='bool'), - dirsrv_config_file=dict(required=False), + dirsrv_config_file=dict(required=False, type='str'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), - _dirsrv_pkcs12_info=dict(required=False, type='list'), - _pkinit_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), - ds_ca_subject=dict(required=True), + _ca_file=dict(required=False, type='str'), + _dirsrv_pkcs12_info=dict(required=False, type='list', + elements='str'), + _pkinit_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), + ds_ca_subject=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py index b4cf5d5221..2b4fee53f4 100644 --- a/roles/ipareplica/library/ipareplica_enable_ipa.py +++ b/roles/ipareplica/library/ipareplica_enable_ipa.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,32 +40,41 @@ options: hostname: description: Fully qualified name of this host - required: yes + type: str + required: no hidden_replica: description: Install a hidden replica - required: yes + type: bool + default: no + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes setup_ca: description: Configure a dogtag CA - required: no + type: bool + required: yes setup_kra: description: Configure a dogtag KRA - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -78,7 +87,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, service, find_providing_servers, services @@ -88,22 +97,23 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( - hostname=dict(required=False), + hostname=dict(required=False, type='str'), hidden_replica=dict(required=False, type='bool', default=False), # server # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - ccache=dict(required=True), - _top_dir=dict(required=True), + ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), setup_ca=dict(required=True, type='bool'), setup_kra=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), + config_master_host_name=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_install_ca_certs.py b/roles/ipareplica/library/ipareplica_install_ca_certs.py index e47e0a6ddf..b6d42d6a43 100644 --- a/roles/ipareplica/library/ipareplica_install_ca_certs.py +++ b/roles/ipareplica/library/ipareplica_install_ca_certs.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -33,99 +33,131 @@ DOCUMENTATION = ''' --- -module: ipareplica_install_ca_cert +module: ipareplica_install_ca_certs short_description: Install CA certs description: Install CA certs options: dm_password: description: Directory Manager password - required: yes + type: str + required: no password: description: Admin user kerberos password - required: yes + type: str + required: no ip_addresses: description: List of Master Server IP Addresses - required: yes + type: list + elements: str + required: no domain: description: Primary DNS domain of the IPA deployment - required: yes + type: str + required: no realm: description: Kerberos realm name of the IPA deployment - required: yes + type: str + required: no hostname: description: Fully qualified name of this host - required: yes + type: str + required: no ca_cert_files: description: List of files containing CA certificates for the service certificate files - required: yes + type: list + elements: str + required: no no_host_dns: description: Do not use DNS for hostname lookup during installation - required: yes + type: bool + default: no + required: no setup_adtrust: description: Configure AD trust capability - required: yes + type: bool + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + required: no dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key - required: yes + type: list + elements: str + required: no force_join: description: Force client enrollment even if already enrolled - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes server: description: Fully qualified name of IPA server to enroll to - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes installer_ccache: description: The installer ccache setting - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes _add_to_ipaservers: description: The installer _add_to_ipaservers setting - required: no + type: bool + required: yes _ca_subject: description: The installer _ca_subject setting - required: no + type: str + required: yes _subject_base: description: The installer _subject_base setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes config_setup_ca: description: The config setup_ca setting - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes config_ca_host_name: description: The config ca_host_name setting - required: no + type: str + required: yes config_ips: description: The config ips setting - required: yes + type: list + elements: str + required: no author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -138,7 +170,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, ansible_module_get_parsed_ip_addresses, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, ipaldap, @@ -150,13 +182,15 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( # basic - dm_password=dict(required=False, no_log=True), - password=dict(required=False, no_log=True), - ip_addresses=dict(required=False, type='list', default=[]), - domain=dict(required=False), - realm=dict(required=False), - hostname=dict(required=False), - ca_cert_files=dict(required=False, type='list', default=[]), + dm_password=dict(required=False, type='str', no_log=True), + password=dict(required=False, type='str', no_log=True), + ip_addresses=dict(required=False, type='list', elements='str', + default=[]), + domain=dict(required=False, type='str'), + realm=dict(required=False, type='str'), + hostname=dict(required=False, type='str'), + ca_cert_files=dict(required=False, type='list', elements='str', + default=[]), no_host_dns=dict(required=False, type='bool', default=False), # server setup_adtrust=dict(required=False, type='bool'), @@ -164,29 +198,32 @@ def main(): setup_kra=dict(required=False, type='bool'), setup_dns=dict(required=False, type='bool'), # ssl certificate - dirsrv_cert_files=dict(required=False, type='list', default=[]), + dirsrv_cert_files=dict(required=False, type='list', elements='str', + default=[]), # client force_join=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - server=dict(required=True), - ccache=dict(required=True), - installer_ccache=dict(required=True), - _top_dir=dict(required=True), + server=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + installer_ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), _add_to_ipaservers=dict(required=True, type='bool'), - _ca_subject=dict(required=True), - _subject_base=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _ca_subject=dict(required=True, type='str'), + _subject_base=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), config_setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), - config_ca_host_name=dict(required=True), - config_ips=dict(required=False, type='list', default=[]), + config_master_host_name=dict(required=True, type='str'), + config_ca_host_name=dict(required=True, type='str'), + config_ips=dict(required=False, type='list', elements='str', + default=[]), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py index 4380cbad22..589eb46b08 100644 --- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py +++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,41 +40,53 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _pkinit_pkcs12_info: description: The installer _pkinit_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -87,6 +99,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, krbinstance, redirect_stdout @@ -101,20 +114,22 @@ def main(): setup_kra=dict(required=False, type='bool'), no_pkinit=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), - _pkinit_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _ca_file=dict(required=False, type='str'), + _pkinit_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py index f617716bda..16988244ae 100644 --- a/roles/ipareplica/library/ipareplica_master_password.py +++ b/roles/ipareplica/library/ipareplica_master_password.py @@ -5,7 +5,7 @@ # # Based on ipa-server-install code # -# Copyright (C) 2017 Red Hat +# Copyright (C) 2017-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,9 +40,10 @@ options: master_password: description: kerberos master password (normally autogenerated) - required: yes + type: str + required: no author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -51,12 +52,13 @@ RETURN = ''' password: description: The master password + type: str returned: always ''' from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - setup_logging, ipa_generate_password + check_imports, setup_logging, ipa_generate_password ) @@ -64,12 +66,13 @@ def main(): module = AnsibleModule( argument_spec=dict( # basic - master_password=dict(required=False, no_log=True), + master_password=dict(required=False, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) module._ansible_debug = True + check_imports(module) setup_logging() master_password = module.params.get('master_password') diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py index c04ad63c84..bd28b9e21f 100644 --- a/roles/ipareplica/library/ipareplica_prepare.py +++ b/roles/ipareplica/library/ipareplica_prepare.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -42,151 +42,216 @@ options: dm_password: description: Directory Manager password - required: yes + type: str + required: no password: description: Admin user kerberos password - required: yes + type: str + required: no ip_addresses: description: List of Master Server IP Addresses - required: yes + type: list + elements: str + required: no domain: description: Primary DNS domain of the IPA deployment - required: yes + type: str + required: no realm: description: Kerberos realm name of the IPA deployment - required: yes + type: str + required: no hostname: description: Fully qualified name of this host - required: yes + type: str + required: no principal: description: User Principal allowed to promote replicas and join IPA realm - required: no + type: str + required: yes ca_cert_files: description: List of files containing CA certificates for the service certificate files - required: yes + type: list + elements: str + required: no no_host_dns: description: Do not use DNS for hostname lookup during installation - required: yes + type: bool + default: no + required: no setup_adtrust: description: Configure AD trust capability - required: yes + type: bool + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + required: no dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key - required: yes + type: list + elements: str + required: no dirsrv_cert_name: description: Name of the Directory Server SSL certificate to install - required: yes + type: str + required: no dirsrv_pin: description: The password to unlock the Directory Server private key - required: yes + type: str + required: no http_cert_files: description: File containing the Apache Server SSL certificate and private key - required: yes + type: list + elements: str + required: no http_cert_name: description: Name of the Apache Server SSL certificate to install - required: yes + type: str + required: no http_pin: description: The password to unlock the Apache Server private key - required: yes + type: str + required: no pkinit_cert_files: description: File containing the Kerberos KDC SSL certificate and private key - required: yes + type: list + elements: str + required: no pkinit_cert_name: description: Name of the Kerberos KDC SSL certificate to install - required: yes + type: str + required: no pkinit_pin: description: The password to unlock the Kerberos KDC private key - required: yes + type: str + required: no keytab: description: Path to backed up keytab from previous enrollment - required: yes + type: str + required: no mkhomedir: description: Create home directories for users on their first login - required: yes + type: bool + required: no force_join: description: Force client enrollment even if already enrolled - required: yes + type: bool + required: no no_ntp: description: Do not configure ntp - required: yes + type: bool + required: no ssh_trust_dns: description: Configure OpenSSH client to trust DNS SSHFP records - required: yes + type: bool + required: no no_ssh: description: Do not configure OpenSSH client - required: yes + type: bool + required: no no_sshd: description: Do not configure OpenSSH server - required: yes + type: bool + required: no no_dns_sshfp: description: Do not automatically create DNS SSHFP records - required: yes + type: bool + required: no allow_zone_overlap: description: Create DNS zone even if it already exists - required: yes + type: bool + default: no + required: no reverse_zones: description: The reverse DNS zones to use - required: yes + type: list + elements: str + required: no no_reverse: description: Do not create new reverse DNS zone - required: yes + type: bool + default: no + required: no auto_reverse: description: Create necessary reverse zones - required: yes + type: bool + default: no + required: no forwarders: description: Add DNS forwarders - required: yes + type: list + elements: str + required: no no_forwarders: description: Do not add any DNS forwarders, use root servers instead - required: yes + type: bool + default: no + required: no auto_forwarders: description: Use DNS forwarders configured in /etc/resolv.conf - required: yes + type: bool + default: no + required: no forward_policy: description: DNS forwarding policy for global forwarders - required: yes + type: str + choices: ['first', 'only'] + required: no no_dnssec_validation: description: Disable DNSSEC validation - required: yes + type: bool + default: no + required: no enable_compat: description: Enable support for trusted domains for old clients - required: yes + type: bool + default: no + required: no netbios_name: description: NetBIOS name of the IPA domain - required: yes + type: str + required: no rid_base: description: Start value for mapping UIDs and GIDs to RIDs - required: yes + type: int + default: 1000 + required: no secondary_rid_base: description: Start value of the secondary range for mapping UIDs and GIDs to RIDs - required: yes + type: int + default: 100000000 + required: no server: description: Fully qualified name of IPA server to enroll to - required: no + type: str + required: yes skip_conncheck: description: Skip connection check to remote master - required: yes + type: bool + required: no sid_generation_always: description: Enable SID generation always - required: yes + type: bool + default: no + required: no author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -202,7 +267,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, options, installer, DN, paths, sysrestore, + check_imports, AnsibleModuleLog, options, installer, DN, paths, sysrestore, ansible_module_get_parsed_ip_addresses, Env, ipautil, ipaldap, installutils, ReplicaConfig, load_pkcs12, kinit_keytab, create_api, rpc_client, check_remote_version, parse_version, check_remote_fips_mode, @@ -222,14 +287,16 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( # basic - dm_password=dict(required=False, no_log=True), - password=dict(required=False, no_log=True), - ip_addresses=dict(required=False, type='list', default=[]), - domain=dict(required=False), - realm=dict(required=False), - hostname=dict(required=False), - principal=dict(required=True), - ca_cert_files=dict(required=False, type='list', default=[]), + dm_password=dict(required=False, type='str', no_log=True), + password=dict(required=False, type='str', no_log=True), + ip_addresses=dict(required=False, type='list', elements='str', + default=[]), + domain=dict(required=False, type='str'), + realm=dict(required=False, type='str'), + hostname=dict(required=False, type='str'), + principal=dict(required=True, type='str'), + ca_cert_files=dict(required=False, type='list', elements='str', + default=[]), no_host_dns=dict(required=False, type='bool', default=False), # server setup_adtrust=dict(required=False, type='bool'), @@ -237,17 +304,20 @@ def main(): setup_kra=dict(required=False, type='bool'), setup_dns=dict(required=False, type='bool'), # ssl certificate - dirsrv_cert_files=dict(required=False, type='list', default=[]), - dirsrv_cert_name=dict(required=False), - dirsrv_pin=dict(required=False), - http_cert_files=dict(required=False, type='list', default=[]), - http_cert_name=dict(required=False), - http_pin=dict(required=False), - pkinit_cert_files=dict(required=False, type='list', default=[]), - pkinit_cert_name=dict(required=False), - pkinit_pin=dict(required=False), + dirsrv_cert_files=dict(required=False, type='list', elements='str', + default=[]), + dirsrv_cert_name=dict(required=False, type='str'), + dirsrv_pin=dict(required=False, type='str'), + http_cert_files=dict(required=False, type='list', elements='str', + default=[]), + http_cert_name=dict(required=False, type='str'), + http_pin=dict(required=False, type='str'), + pkinit_cert_files=dict(required=False, type='list', elements='str', + default=[]), + pkinit_cert_name=dict(required=False, type='str'), + pkinit_pin=dict(required=False, type='str'), # client - keytab=dict(required=False), + keytab=dict(required=False, type='str', no_log=False), mkhomedir=dict(required=False, type='bool'), force_join=dict(required=False, type='bool'), no_ntp=dict(required=False, type='bool'), @@ -260,31 +330,35 @@ def main(): # dns allow_zone_overlap=dict(required=False, type='bool', default=False), - reverse_zones=dict(required=False, type='list', default=[]), + reverse_zones=dict(required=False, type='list', elements='str', + default=[]), no_reverse=dict(required=False, type='bool', default=False), auto_reverse=dict(required=False, type='bool', default=False), - forwarders=dict(required=False, type='list', default=[]), + forwarders=dict(required=False, type='list', elements='str', + default=[]), no_forwarders=dict(required=False, type='bool', default=False), auto_forwarders=dict(required=False, type='bool', default=False), - forward_policy=dict(default=None, choices=['first', 'only']), + forward_policy=dict(required=False, type='str', + choices=['first', 'only'], default=None), no_dnssec_validation=dict(required=False, type='bool', default=False), # ad trust enable_compat=dict(required=False, type='bool', default=False), - netbios_name=dict(required=False), + netbios_name=dict(required=False, type='str'), rid_base=dict(required=False, type='int', default=1000), secondary_rid_base=dict(required=False, type='int', default=100000000), # additional - server=dict(required=True), + server=dict(required=True, type='str'), skip_conncheck=dict(required=False, type='bool'), sid_generation_always=dict(required=False, type='bool', default=False), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py index 4ff4a17644..6f5681ba9b 100644 --- a/roles/ipareplica/library/ipareplica_promote_openldap_conf.py +++ b/roles/ipareplica/library/ipareplica_promote_openldap_conf.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,26 +40,32 @@ options: setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes config_setup_ca: description: The config setup_ca setting - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -72,7 +78,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_openldap_conf ) @@ -84,17 +90,18 @@ def main(): # server setup_kra=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - ccache=dict(required=True), - _top_dir=dict(required=True), + ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), config_setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), + config_master_host_name=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_promote_sssd.py b/roles/ipareplica/library/ipareplica_promote_sssd.py index 2ac27bd965..65eb4b3beb 100644 --- a/roles/ipareplica/library/ipareplica_promote_sssd.py +++ b/roles/ipareplica/library/ipareplica_promote_sssd.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,26 +40,32 @@ options: setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes config_setup_ca: description: The config setup_ca setting - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -72,7 +78,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, redirect_stdout, promote_sssd ) @@ -84,17 +90,18 @@ def main(): # server setup_kra=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - ccache=dict(required=True), - _top_dir=dict(required=True), + ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), config_setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), + config_master_host_name=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_restart_kdc.py b/roles/ipareplica/library/ipareplica_restart_kdc.py index 252dc9aa76..603ec9a307 100644 --- a/roles/ipareplica/library/ipareplica_restart_kdc.py +++ b/roles/ipareplica/library/ipareplica_restart_kdc.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,38 +40,48 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no no_ui_redirect: description: Do not automatically redirect to the Web UI - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -84,6 +94,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, service, @@ -100,18 +111,19 @@ def main(): no_pkinit=dict(required=False, type='bool'), no_ui_redirect=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), - _ca_file=dict(required=False), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + _ca_file=dict(required=False, type='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py index 722307832f..01d1e06b81 100644 --- a/roles/ipareplica/library/ipareplica_setup_adtrust.py +++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,45 +40,58 @@ options: setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes enable_compat: description: Enable support for trusted domains for old clients - required: yes + type: bool + default: no + required: no rid_base: description: Start value for mapping UIDs and GIDs to RIDs - required: yes + type: int + required: no secondary_rid_base: description: Start value of the secondary range for mapping UIDs and GIDs to RIDs - required: yes + type: int + required: no adtrust_netbios_name: description: The adtrust netbios_name setting - required: no + type: str + required: yes adtrust_reset_netbios_name: description: The adtrust reset_netbios_name setting - required: no + type: bool + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes setup_ca: description: Configure a dogtag CA - required: no + type: bool + required: yes setup_adtrust: description: Configure AD trust capability + type: bool required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -93,7 +106,8 @@ from ansible.module_utils.ansible_ipa_replica import ( AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, - gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust + gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, adtrust, + check_imports ) @@ -103,25 +117,26 @@ def main(): # server setup_kra=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # ad trust enable_compat=dict(required=False, type='bool', default=False), rid_base=dict(required=False, type='int'), secondary_rid_base=dict(required=False, type='int'), # additional - adtrust_netbios_name=dict(required=True), + adtrust_netbios_name=dict(required=True, type='str'), adtrust_reset_netbios_name=dict(required=True, type='bool'), # additional - ccache=dict(required=True), - _top_dir=dict(required=True), + ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), setup_ca=dict(required=True, type='bool'), setup_adtrust=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), + config_master_host_name=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py index c057e0b65a..cbecd797c6 100644 --- a/roles/ipareplica/library/ipareplica_setup_ca.py +++ b/roles/ipareplica/library/ipareplica_setup_ca.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,71 +40,95 @@ options: pki_config_override: description: Path to ini file with config overrides - required: yes + type: str + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _kra_enabled: description: The installer _kra_enabled setting - required: yes + type: bool + required: no _kra_host_name: description: The installer _kra_host_name setting - required: yes + type: str + required: no _dirsrv_pkcs12_info: description: The installer _dirsrv_pkcs12_info setting - required: yes + type: list + elements: str + required: no _pkinit_pkcs12_info: description: The installer _pkinit_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes _ca_subject: description: The installer _ca_subject setting - required: no + type: str + required: yes _subject_base: description: The installer _subject_base setting - required: no + type: str + required: yes _random_serial_numbers: description: The installer _random_serial_numbers setting + type: bool required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes config_setup_ca: description: The config setup_ca setting - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes config_ca_host_name: description: The config ca_host_name setting - required: no + type: str + required: yes config_ips: description: The config ips setting - required: yes + type: list + elements: str + required: no author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -117,7 +141,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, ansible_module_get_parsed_ip_addresses, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, ca, @@ -129,35 +153,39 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( # basic - pki_config_override=dict(required=False), + pki_config_override=dict(required=False, type='str'), # server setup_ca=dict(required=False, type='bool'), setup_kra=dict(required=False, type='bool'), no_pkinit=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - ccache=dict(required=True), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), + _ca_file=dict(required=False, type='str'), _kra_enabled=dict(required=False, type='bool'), - _kra_host_name=dict(required=False), - _dirsrv_pkcs12_info=dict(required=False, type='list'), - _pkinit_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - _ca_subject=dict(required=True), - _subject_base=dict(required=True), + _kra_host_name=dict(required=False, type='str'), + _dirsrv_pkcs12_info=dict(required=False, type='list', + elements='str'), + _pkinit_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + _ca_subject=dict(required=True, type='str'), + _subject_base=dict(required=True, type='str'), _random_serial_numbers=dict(required=True, type='bool'), - dirman_password=dict(required=True, no_log=True), + dirman_password=dict(required=True, type='str', no_log=True), config_setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), - config_ca_host_name=dict(required=True), - config_ips=dict(required=False, type='list', default=[]), + config_master_host_name=dict(required=True, type='str'), + config_ca_host_name=dict(required=True, type='str'), + config_ips=dict(required=False, type='list', elements='str', + default=[]), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_certmonger.py b/roles/ipareplica/library/ipareplica_setup_certmonger.py index 4029ed0088..74af0feefb 100644 --- a/roles/ipareplica/library/ipareplica_setup_certmonger.py +++ b/roles/ipareplica/library/ipareplica_setup_certmonger.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -37,9 +37,8 @@ short_description: Setup certmonger description: Setup certmonger -options: author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -50,6 +49,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( + check_imports, AnsibleModuleLog, setup_logging, redirect_stdout, configure_certmonger ) @@ -57,10 +57,11 @@ def main(): ansible_module = AnsibleModule( argument_spec={}, - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py index 69b35d7c14..09ab172109 100644 --- a/roles/ipareplica/library/ipareplica_setup_custodia.py +++ b/roles/ipareplica/library/ipareplica_setup_custodia.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,50 +40,65 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no no_ui_redirect: description: Do not automatically redirect to the Web UI - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _kra_enabled: description: The installer _kra_enabled setting - required: yes + type: bool + required: no _kra_host_name: description: The installer _kra_host_name setting - required: yes + type: str + required: no _pkinit_pkcs12_info: description: The installer _pkinit_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -96,7 +111,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance ) @@ -111,22 +126,24 @@ def main(): no_pkinit=dict(required=False, type='bool'), no_ui_redirect=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), + _ca_file=dict(required=False, type='str'), _kra_enabled=dict(required=False, type='bool'), - _kra_host_name=dict(required=False), - _pkinit_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _kra_host_name=dict(required=False, type='str'), + _pkinit_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_dns.py b/roles/ipareplica/library/ipareplica_setup_dns.py index 741cf49761..7dadafca8f 100644 --- a/roles/ipareplica/library/ipareplica_setup_dns.py +++ b/roles/ipareplica/library/ipareplica_setup_dns.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,47 +40,65 @@ options: setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes zonemgr: description: DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN - required: yes + type: str + required: no forwarders: description: Add DNS forwarders - required: yes + type: list + elements: str + required: no forward_policy: description: DNS forwarding policy for global forwarders - required: yes + type: str + choices: ['first', 'only'] + required: no no_dnssec_validation: description: Disable DNSSEC validation - required: yes + type: bool + default: no + required: no dns_ip_addresses: description: The dns ip_addresses setting - required: no + type: list + elements: str + required: yes dns_reverse_zones: description: The dns reverse_zones setting - required: no + type: list + elements: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes setup_ca: description: Configure a dogtag CA - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -93,7 +111,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, dns, ansible_module_get_parsed_ip_addresses @@ -107,25 +125,28 @@ def main(): setup_kra=dict(required=False, type='bool'), setup_dns=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # dns - zonemgr=dict(required=False), - forwarders=dict(required=False, type='list', default=[]), - forward_policy=dict(default=None, choices=['first', 'only']), + zonemgr=dict(required=False, type='str'), + forwarders=dict(required=False, type='list', elements='str', + default=[]), + forward_policy=dict(required=False, type='str', + choices=['first', 'only'], default=None), no_dnssec_validation=dict(required=False, type='bool', default=False), # additional - dns_ip_addresses=dict(required=True, type='list'), - dns_reverse_zones=dict(required=True, type='list'), - ccache=dict(required=True), - _top_dir=dict(required=True), + dns_ip_addresses=dict(required=True, type='list', elements='str'), + dns_reverse_zones=dict(required=True, type='list', elements='str'), + ccache=dict(required=True, type='str'), + _top_dir=dict(required=True, type='str'), setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), + config_master_host_name=dict(required=True, type='str'), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py index ddcff5977e..67e73a7eb0 100644 --- a/roles/ipareplica/library/ipareplica_setup_ds.py +++ b/roles/ipareplica/library/ipareplica_setup_ds.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,106 +40,144 @@ options: dm_password: description: Directory Manager password - required: yes + type: str + required: no password: description: Admin user kerberos password - required: yes + type: str + required: no ip_addresses: description: List of Master Server IP Addresses - required: yes + type: list + elements: str + required: no domain: description: Primary DNS domain of the IPA deployment - required: yes + type: str + required: no realm: description: Kerberos realm name of the IPA deployment - required: yes + type: str + required: no hostname: description: Fully qualified name of this host - required: yes + type: str + required: no ca_cert_files: description: List of files containing CA certificates for the service certificate files - required: yes + type: list + elements: str + required: no no_host_dns: description: Do not use DNS for hostname lookup during installation - required: yes + type: bool + default: no + required: no setup_adtrust: description: Configure AD trust capability - required: yes + type: bool + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + default: no + required: no dirsrv_config_file: description: The path to LDIF file that will be used to modify configuration of dse.ldif during installation of the directory server instance - required: yes + type: str + required: no dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key - required: yes + type: list + elements: str + required: no force_join: description: Force client enrollment even if already enrolled - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes server: description: Fully qualified name of IPA server to enroll to - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes installer_ccache: description: The installer ccache setting - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _dirsrv_pkcs12_info: description: The installer _dirsrv_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes _add_to_ipaservers: description: The installer _add_to_ipaservers setting - required: no + type: bool + required: yes _ca_subject: description: The installer _ca_subject setting - required: no + type: str + required: yes _subject_base: description: The installer _subject_base setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes config_setup_ca: description: The config setup_ca setting - required: no + type: bool + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes config_ca_host_name: description: The config ca_host_name setting - required: no + type: str + required: yes config_ips: description: The config ips setting - required: yes + type: list + elements: str + required: no author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -152,8 +190,8 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore, - ansible_module_get_parsed_ip_addresses, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, + sysrestore, ansible_module_get_parsed_ip_addresses, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, redirect_stdout, ipaldap, install_replica_ds, install_dns_records, ntpinstance, ScriptError, @@ -165,13 +203,15 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( # basic - dm_password=dict(required=False, no_log=True), - password=dict(required=False, no_log=True), - ip_addresses=dict(required=False, type='list', default=[]), - domain=dict(required=False), - realm=dict(required=False), - hostname=dict(required=False), - ca_cert_files=dict(required=False, type='list', default=[]), + dm_password=dict(required=False, type='str', no_log=True), + password=dict(required=False, type='str', no_log=True), + ip_addresses=dict(required=False, type='list', elements='str', + default=[]), + domain=dict(required=False, type='str'), + realm=dict(required=False, type='str'), + hostname=dict(required=False, type='str'), + ca_cert_files=dict(required=False, type='list', elements='str', + default=[]), no_host_dns=dict(required=False, type='bool', default=False), # server setup_adtrust=dict(required=False, type='bool'), @@ -179,33 +219,37 @@ def main(): setup_kra=dict(required=False, type='bool'), setup_dns=dict(required=False, type='bool'), no_pkinit=dict(required=False, type='bool', default=False), - dirsrv_config_file=dict(required=False), + dirsrv_config_file=dict(required=False, type='str'), # ssl certificate - dirsrv_cert_files=dict(required=False, type='list', default=[]), + dirsrv_cert_files=dict(required=False, type='list', elements='str', + default=[]), # client force_join=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - server=dict(required=True), - ccache=dict(required=True), - installer_ccache=dict(required=True), + server=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + installer_ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _dirsrv_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), + _dirsrv_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), _add_to_ipaservers=dict(required=True, type='bool'), - _ca_subject=dict(required=True), - _subject_base=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _ca_subject=dict(required=True, type='str'), + _subject_base=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), config_setup_ca=dict(required=True, type='bool'), - config_master_host_name=dict(required=True), - config_ca_host_name=dict(required=True), - config_ips=dict(required=False, type='list', default=[]), + config_master_host_name=dict(required=True, type='str'), + config_ca_host_name=dict(required=True, type='str'), + config_ips=dict(required=False, type='list', elements='str', + default=[]), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py index 6e87a115b2..e14ae2e948 100644 --- a/roles/ipareplica/library/ipareplica_setup_http.py +++ b/roles/ipareplica/library/ipareplica_setup_http.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,47 +40,61 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no no_ui_redirect: description: Do not automatically redirect to the Web UI - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes config_ca_host_name: description: The config ca_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _http_pkcs12_info: description: The installer _http_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -93,6 +107,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, create_ipa_conf, @@ -109,20 +124,22 @@ def main(): no_pkinit=dict(required=False, type='bool'), no_ui_redirect=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), - config_master_host_name=dict(required=True), - config_ca_host_name=dict(required=True), - ccache=dict(required=True), + subject_base=dict(required=True, type='str'), + config_master_host_name=dict(required=True, type='str'), + config_ca_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), - _ca_file=dict(required=False), - _http_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _ca_file=dict(required=False, type='str'), + _http_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py index 49dab4dd1c..92fdfec58d 100644 --- a/roles/ipareplica/library/ipareplica_setup_kra.py +++ b/roles/ipareplica/library/ipareplica_setup_kra.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,92 +40,127 @@ options: dm_password: description: Directory Manager password - required: yes + type: str + required: no password: description: Admin user kerberos password - required: yes + type: str + required: no ip_addresses: description: List of Master Server IP Addresses - required: yes + type: list + elements: str + required: no domain: description: Primary DNS domain of the IPA deployment - required: yes + type: str + required: no realm: description: Kerberos realm name of the IPA deployment - required: yes + type: str + required: no hostname: description: Fully qualified name of this host - required: yes + type: str + required: no ca_cert_files: description: List of files containing CA certificates for the service certificate files - required: yes + type: list + elements: str + required: no no_host_dns: description: Do not use DNS for hostname lookup during installation - required: yes + type: bool + default: no + required: no pki_config_override: description: Path to ini file with config overrides - required: yes + type: str + required: no setup_adtrust: description: Configure AD trust capability - required: yes + type: bool + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + required: no dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key - required: yes + type: list + elements: str + required: no force_join: description: Force client enrollment even if already enrolled - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes server: description: Fully qualified name of IPA server to enroll to - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes installer_ccache: description: The installer ccache setting - required: no + type: str + required: yes _ca_enabled: description: The installer _ca_enabled setting - required: yes + type: bool + required: no _kra_enabled: description: The installer _kra_enabled setting - required: yes + type: bool + required: no _kra_host_name: description: The installer _kra_host_name setting - required: yes + type: str + required: no + _ca_host_name: + description: The installer _ca_host_name setting + type: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes _add_to_ipaservers: description: The installer _add_to_ipaservers setting - required: no + type: bool + required: yes _ca_subject: description: The installer _ca_subject setting - required: no + type: str + required: yes _subject_base: description: The installer _subject_base setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -138,7 +173,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, ansible_module_get_parsed_ip_addresses, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, custodiainstance, @@ -150,44 +185,48 @@ def main(): ansible_module = AnsibleModule( argument_spec=dict( # basic - dm_password=dict(required=False, no_log=True), - password=dict(required=False, no_log=True), - ip_addresses=dict(required=False, type='list', default=[]), - domain=dict(required=False), - realm=dict(required=False), - hostname=dict(required=False), - ca_cert_files=dict(required=False, type='list', default=[]), + dm_password=dict(required=False, type='str', no_log=True), + password=dict(required=False, type='str', no_log=True), + ip_addresses=dict(required=False, type='list', elements='str', + default=[]), + domain=dict(required=False, type='str'), + realm=dict(required=False, type='str'), + hostname=dict(required=False, type='str'), + ca_cert_files=dict(required=False, type='list', elements='str', + default=[]), no_host_dns=dict(required=False, type='bool', default=False), - pki_config_override=dict(required=False), + pki_config_override=dict(required=False, type='str'), # server setup_adtrust=dict(required=False, type='bool'), setup_ca=dict(required=False, type='bool'), setup_kra=dict(required=False, type='bool'), setup_dns=dict(required=False, type='bool'), # ssl certificate - dirsrv_cert_files=dict(required=False, type='list', default=[]), + dirsrv_cert_files=dict(required=False, type='list', elements='str', + default=[]), # client force_join=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - server=dict(required=True), - config_master_host_name=dict(required=True), - installer_ccache=dict(required=True), + server=dict(required=True, type='str'), + config_master_host_name=dict(required=True, type='str'), + installer_ccache=dict(required=True, type='str'), _ca_enabled=dict(required=False, type='bool'), _kra_enabled=dict(required=False, type='bool'), - _kra_host_name=dict(required=False), - _ca_host_name=dict(required=False), - _top_dir=dict(required=True), + _kra_host_name=dict(required=False, type='str'), + _ca_host_name=dict(required=False, type='str'), + _top_dir=dict(required=True, type='str'), _add_to_ipaservers=dict(required=True, type='bool'), - _ca_subject=dict(required=True), - _subject_base=dict(required=True), - dirman_password=dict(required=True, no_log=True), + _ca_subject=dict(required=True, type='str'), + _subject_base=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py index 36c6578a46..2941443ee0 100644 --- a/roles/ipareplica/library/ipareplica_setup_krb.py +++ b/roles/ipareplica/library/ipareplica_setup_krb.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,35 +40,45 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _pkinit_pkcs12_info: description: The installer _pkinit_pkcs12_info setting - required: yes + type: list + elements: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -81,6 +91,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, sysrestore, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, api, redirect_stdout, install_krb, getargspec @@ -95,18 +106,20 @@ def main(): setup_kra=dict(required=False, type='bool'), no_pkinit=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), - _pkinit_pkcs12_info=dict(required=False, type='list'), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + _pkinit_pkcs12_info=dict(required=False, type='list', + elements='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_setup_otpd.py b/roles/ipareplica/library/ipareplica_setup_otpd.py index a4b1c3892e..3080f3e7ca 100644 --- a/roles/ipareplica/library/ipareplica_setup_otpd.py +++ b/roles/ipareplica/library/ipareplica_setup_otpd.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -40,38 +40,48 @@ options: setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + required: no no_ui_redirect: description: Do not automatically redirect to the Web UI - required: yes + type: bool + required: no subject_base: description: The certificate subject base (default O=). RDNs are in LDAP order (most specific RDN first). - required: no + type: str + required: yes config_master_host_name: description: The config master_host_name setting - required: no + type: str + required: yes ccache: description: The local ccache - required: no + type: str + required: yes _ca_file: description: The installer _ca_file setting - required: yes + type: str + required: no _top_dir: description: The installer _top_dir setting - required: no + type: str + required: yes dirman_password: description: Directory Manager (master) password - required: no + type: str + required: yes author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -84,7 +94,7 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, installer, DN, paths, + check_imports, AnsibleModuleLog, setup_logging, installer, DN, paths, gen_env_boostrap_finalize_core, constants, api_bootstrap_finalize, gen_ReplicaConfig, gen_remote_api, api, redirect_stdout, otpdinstance, ipautil @@ -100,18 +110,19 @@ def main(): no_pkinit=dict(required=False, type='bool'), no_ui_redirect=dict(required=False, type='bool'), # certificate system - subject_base=dict(required=True), + subject_base=dict(required=True, type='str'), # additional - config_master_host_name=dict(required=True), - ccache=dict(required=True), - _ca_file=dict(required=False), - _top_dir=dict(required=True), - dirman_password=dict(required=True, no_log=True), + config_master_host_name=dict(required=True, type='str'), + ccache=dict(required=True, type='str'), + _ca_file=dict(required=False, type='str'), + _top_dir=dict(required=True, type='str'), + dirman_password=dict(required=True, type='str', no_log=True), ), - supports_check_mode=True, + supports_check_mode=False, ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py index 520502af4c..690d6fa726 100644 --- a/roles/ipareplica/library/ipareplica_test.py +++ b/roles/ipareplica/library/ipareplica_test.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -39,94 +39,142 @@ options: ip_addresses: description: List of Master Server IP Addresses - required: yes + type: list + elements: str + required: no domain: description: Primary DNS domain of the IPA deployment - required: yes + type: str + required: no servers: description: Fully qualified name of IPA servers to enroll to - required: yes + type: list + elements: str + required: no realm: description: Kerberos realm name of the IPA deployment - required: yes + type: str + required: no hostname: description: Fully qualified name of this host - required: yes + type: str + required: no ca_cert_files: description: List of files containing CA certificates for the service certificate files - required: yes + type: list + elements: str + required: no hidden_replica: description: Install a hidden replica - required: yes + type: bool + default: no + required: no skip_mem_check: description: Skip checking for minimum required memory - required: yes + type: bool + default: no + required: no setup_adtrust: description: Configure AD trust capability - required: yes + type: bool + default: no + required: no setup_ca: description: Configure a dogtag CA - required: yes + type: bool + required: no setup_kra: description: Configure a dogtag KRA - required: yes + type: bool + default: no + required: no setup_dns: description: Configure bind with our zone - required: yes + type: bool + default: no + required: no no_pkinit: description: Disable pkinit setup steps - required: yes + type: bool + default: no + required: no dirsrv_config_file: description: The path to LDIF file that will be used to modify configuration of dse.ldif during installation of the directory server instance - required: yes + type: str + required: no dirsrv_cert_files: description: Files containing the Directory Server SSL certificate and private key - required: yes + type: list + elements: str + required: no http_cert_files: description: File containing the Apache Server SSL certificate and private key - required: yes + type: list + elements: str + required: no pkinit_cert_files: description: File containing the Kerberos KDC SSL certificate and private key - required: yes + type: list + elements: str + required: no no_ntp: description: Do not configure ntp - required: yes + type: bool + default: no + required: no ntp_servers: description: ntp servers to use - required: yes + type: list + elements: str + required: no ntp_pool: description: ntp server pool to use - required: yes + type: str + required: no no_reverse: description: Do not create new reverse DNS zone - required: yes + type: bool + default: no + required: no auto_reverse: description: Create necessary reverse zones - required: yes + type: bool + default: no + required: no forwarders: description: Add DNS forwarders - required: yes + type: list + elements: str + required: no no_forwarders: description: Do not add any DNS forwarders, use root servers instead - required: yes + type: bool + default: no + required: no auto_forwarders: description: Use DNS forwarders configured in /etc/resolv.conf - required: yes + type: bool + default: no + required: no forward_policy: description: DNS forwarding policy for global forwarders - required: yes + type: str + choices: ['first', 'only'] + required: no no_dnssec_validation: description: Disable DNSSEC validation - required: yes + type: bool + default: no + required: no author: - - Thomas Woerner + - Thomas Woerner (@t-woerner) ''' EXAMPLES = ''' @@ -139,8 +187,8 @@ from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.ansible_ipa_replica import ( - AnsibleModuleLog, setup_logging, options, installer, paths, sysrestore, - ansible_module_get_parsed_ip_addresses, service, + check_imports, AnsibleModuleLog, setup_logging, options, installer, + paths, sysrestore, ansible_module_get_parsed_ip_addresses, service, redirect_stdout, create_ipa_conf, ipautil, x509, validate_domain_name, common_check, IPA_PYTHON_VERSION, getargspec, adtrustinstance @@ -153,12 +201,15 @@ def main(): # basic # dm_password=dict(required=False, no_log=True), # password=dict(required=False, no_log=True), - ip_addresses=dict(required=False, type='list', default=[]), - domain=dict(required=False), - servers=dict(required=False, type='list', default=[]), - realm=dict(required=False), - hostname=dict(required=False), - ca_cert_files=dict(required=False, type='list', default=[]), + ip_addresses=dict(required=False, type='list', elements='str', + default=[]), + domain=dict(required=False, type='str'), + servers=dict(required=False, type='list', elements='str', + default=[]), + realm=dict(required=False, type='str'), + hostname=dict(required=False, type='str'), + ca_cert_files=dict(required=False, type='list', elements='str', + default=[]), hidden_replica=dict(required=False, type='bool', default=False), skip_mem_check=dict(required=False, type='bool', default=False), # server @@ -167,28 +218,35 @@ def main(): setup_kra=dict(required=False, type='bool', default=False), setup_dns=dict(required=False, type='bool', default=False), no_pkinit=dict(required=False, type='bool', default=False), - dirsrv_config_file=dict(required=False), + dirsrv_config_file=dict(required=False, type='str'), # ssl certificate - dirsrv_cert_files=dict(required=False, type='list', default=[]), - http_cert_files=dict(required=False, type='list', default=[]), - pkinit_cert_files=dict(required=False, type='list', default=[]), + dirsrv_cert_files=dict(required=False, type='list', elements='str', + default=[]), + http_cert_files=dict(required=False, type='list', elements='str', + default=[]), + pkinit_cert_files=dict(required=False, type='list', elements='str', + default=[]), # client no_ntp=dict(required=False, type='bool', default=False), - ntp_servers=dict(required=False, type='list', default=[]), - ntp_pool=dict(required=False), + ntp_servers=dict(required=False, type='list', elements='str', + default=[]), + ntp_pool=dict(required=False, type='str'), # dns no_reverse=dict(required=False, type='bool', default=False), auto_reverse=dict(required=False, type='bool', default=False), - forwarders=dict(required=False, type='list', default=[]), + forwarders=dict(required=False, type='list', elements='str', + default=[]), no_forwarders=dict(required=False, type='bool', default=False), auto_forwarders=dict(required=False, type='bool', default=False), - forward_policy=dict(default=None, choices=['first', 'only']), + forward_policy=dict(required=False, type='str', + choices=['first', 'only'], default=None), no_dnssec_validation=dict(required=False, type='bool', default=False), ), ) ansible_module._ansible_debug = True + check_imports(ansible_module) setup_logging() ansible_log = AnsibleModuleLog(ansible_module) diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py index 27ee13d654..b56ae86136 100644 --- a/roles/ipareplica/module_utils/ansible_ipa_replica.py +++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py @@ -5,7 +5,7 @@ # # Based on ipa-replica-install code # -# Copyright (C) 2018 Red Hat +# Copyright (C) 2018-2022 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -47,41 +47,38 @@ "check_domain_level_is_supported", "promotion_check_ipa_domain", "SSSDConfig", "CalledProcessError", "timeconf", "ntpinstance", "dnsname", "kernel_keyring", "krbinstance", "getargspec", - "adtrustinstance"] + "adtrustinstance", "paths", "api", "dsinstance", "ipaldap", "Env", + "ipautil", "installutils", "IPA_PYTHON_VERSION", "NUM_VERSION", + "ReplicaConfig", "create_api"] import sys - -# HACK: workaround for Ansible 2.9 -# https://github.com/ansible/ansible/issues/68361 -if 'ansible.executor' in sys.modules: - for attr in __all__: - setattr(sys.modules[__name__], attr, None) -else: - import logging +import logging + +# Import getargspec from inspect or provide own getargspec for +# Python 2 compatibility with Python 3.11+. +try: + from inspect import getargspec +except ImportError: + from collections import namedtuple + from inspect import getfullargspec + + # The code is copied from Python 3.10 inspect.py + # Authors: Ka-Ping Yee + # Yury Selivanov + ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults') + + def getargspec(func): + args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \ + ann = getfullargspec(func) + if kwonlyargs or ann: + raise ValueError( + "Function has keyword-only parameters or annotations" + ", use inspect.signature() API which can support them") + return ArgSpec(args, varargs, varkw, defaults) + + +try: from contextlib import contextmanager as contextlib_contextmanager - - # Import getargspec from inspect or provide own getargspec for - # Python 2 compatibility with Python 3.11+. - try: - from inspect import getargspec - except ImportError: - from collections import namedtuple - from inspect import getfullargspec - - # The code is copied from Python 3.10 inspect.py - # Authors: Ka-Ping Yee - # Yury Selivanov - ArgSpec = namedtuple('ArgSpec', 'args varargs keywords defaults') - - def getargspec(func): - args, varargs, varkw, defaults, kwonlyargs, _kwonlydefaults, \ - ann = getfullargspec(func) - if kwonlyargs or ann: - raise ValueError( - "Function has keyword-only parameters or annotations" - ", use inspect.signature() API which can support them") - return ArgSpec(args, varargs, varkw, defaults) - from ipapython.version import NUM_VERSION, VERSION if NUM_VERSION < 30201: @@ -177,296 +174,323 @@ def getargspec(func): raise Exception("freeipa version '%s' is too old" % VERSION) - logger = logging.getLogger("ipa-server-install") +except ImportError as _err: + ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR = str(_err) - def setup_logging(): - # logger.setLevel(logging.DEBUG) - standard_logging_setup( - paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False, - filemode='a', console_format='%(message)s') + for attr in __all__: + setattr(sys.modules[__name__], attr, None) + +else: + ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR = None + + +logger = logging.getLogger("ipa-server-install") - @contextlib_contextmanager - def redirect_stdout(stream): - sys.stdout = stream - try: - yield stream - finally: - sys.stdout = sys.__stdout__ - - class AnsibleModuleLog(): - def __init__(self, module): - self.module = module - _ansible_module_log = self - - class AnsibleLoggingHandler(logging.Handler): - def emit(self, record): - _ansible_module_log.write(self.format(record)) - - self.logging_handler = AnsibleLoggingHandler() - logger.setLevel(logging.DEBUG) - logger.root.addHandler(self.logging_handler) - - def close(self): - self.flush() - - def flush(self): - pass - - def log(self, msg): - # self.write(msg+"\n") - self.write(msg) - - def debug(self, msg): - self.module.debug(msg) - - def info(self, msg): - self.module.debug(msg) - - @staticmethod - def isatty(): - return False - - def write(self, msg): - self.module.debug(msg) - # self.module.warn(msg) - - # pylint: disable=too-many-instance-attributes, useless-object-inheritance - class installer_obj(object): # pylint: disable=invalid-name - def __init__(self): - # CompatServerReplicaInstall - self.ca_cert_files = None - self.all_ip_addresses = False - self.no_wait_for_dns = True - self.nisdomain = None - self.no_nisdomain = False - self.no_sudo = False - self.request_cert = False - self.ca_file = None - self.zonemgr = None - self.replica_file = None - # ServerReplicaInstall - self.subject_base = None - self.ca_subject = None - # others - self._ccache = None - self.password = None - self.reverse_zones = [] - # def _is_promote(self): - # return self.replica_file is None - # self.skip_conncheck = False - self._replica_install = False - # self.dnssec_master = False # future unknown - # self.disable_dnssec_master = False # future unknown - # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated - # self.domain_level = self.domainlevel # deprecated - self.interactive = False - self.unattended = not self.interactive - # self.promote = self.replica_file is None - self.promote = True - self.skip_schema_check = None + +def setup_logging(): + # logger.setLevel(logging.DEBUG) + standard_logging_setup( + paths.IPAREPLICA_INSTALL_LOG, verbose=False, debug=False, + filemode='a', console_format='%(message)s') + + +@contextlib_contextmanager +def redirect_stdout(stream): + sys.stdout = stream + try: + yield stream + finally: + sys.stdout = sys.__stdout__ + + +class AnsibleModuleLog(): + def __init__(self, module): + self.module = module + _ansible_module_log = self + + class AnsibleLoggingHandler(logging.Handler): + def emit(self, record): + _ansible_module_log.write(self.format(record)) + + self.logging_handler = AnsibleLoggingHandler() + logger.setLevel(logging.DEBUG) + logger.root.addHandler(self.logging_handler) + + def close(self): + self.flush() + + def flush(self): + pass + + def log(self, msg): + # self.write(msg+"\n") + self.write(msg) + + def debug(self, msg): + self.module.debug(msg) + + def info(self, msg): + self.module.debug(msg) + + @staticmethod + def isatty(): + return False + + def write(self, msg): + self.module.debug(msg) + # self.module.warn(msg) + + +# pylint: disable=too-many-instance-attributes, useless-object-inheritance +class installer_obj(object): # pylint: disable=invalid-name + def __init__(self): + # CompatServerReplicaInstall + self.ca_cert_files = None + self.all_ip_addresses = False + self.no_wait_for_dns = True + self.nisdomain = None + self.no_nisdomain = False + self.no_sudo = False + self.request_cert = False + self.ca_file = None + self.zonemgr = None + self.replica_file = None + # ServerReplicaInstall + self.subject_base = None + self.ca_subject = None + # others + self._ccache = None + self.password = None + self.reverse_zones = [] + # def _is_promote(self): + # return self.replica_file is None + # self.skip_conncheck = False + self._replica_install = False + # self.dnssec_master = False # future unknown + # self.disable_dnssec_master = False # future unknown + # self.domainlevel = MAX_DOMAIN_LEVEL # deprecated + # self.domain_level = self.domainlevel # deprecated + self.interactive = False + self.unattended = not self.interactive + # self.promote = self.replica_file is None + self.promote = True + self.skip_schema_check = None + + # def __getattribute__(self, attr): + # value = super(installer_obj, self).__getattribute__(attr) + # if not attr.startswith("--") and not attr.endswith("--"): + # logger.debug( + # " <-- Accessing installer.%s (%s)" % + # (attr, repr(value))) + # return value + + def __getattr__(self, attrname): + logger.info(" --> ADDING missing installer.%s", attrname) + setattr(self, attrname, None) + return getattr(self, attrname) + + # def __setattr__(self, attr, value): + # logger.debug(" --> Setting installer.%s to %s" % + # (attr, repr(value))) + # return super(installer_obj, self).__setattr__(attr, value) + + def knobs(self): + for name in self.__dict__: + yield self, name + + +# pylint: enable=too-many-instance-attributes, useless-object-inheritance + + +# pylint: disable=attribute-defined-outside-init +installer = installer_obj() +options = installer + +# DNSInstallInterface +options.dnssec_master = False +options.disable_dnssec_master = False +options.kasp_db_file = None +options.force = False + +# ServerMasterInstall +options.add_sids = False +options.add_agents = False + +# ServerReplicaInstall +options.subject_base = None +options.ca_subject = None +# pylint: enable=attribute-defined-outside-init + + +def gen_env_boostrap_finalize_core(etc_ipa, default_config): + env = Env() + # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None) + # env._finalize_core(**dict(constants.DEFAULT_CONFIG)) + env._bootstrap(context='installer', confdir=etc_ipa, log=None) + env._finalize_core(**dict(default_config)) + return env + + +def api_bootstrap_finalize(env): + # pylint: disable=no-member + xmlrpc_uri = \ + 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host)) + api.bootstrap(in_server=True, + context='installer', + confdir=paths.ETC_IPA, + ldap_uri=installutils.realm_to_ldapi_uri(env.realm), + xmlrpc_uri=xmlrpc_uri) + # pylint: enable=no-member + api.finalize() + + +def gen_ReplicaConfig(): # pylint: disable=invalid-name + # pylint: disable=too-many-instance-attributes + class ExtendedReplicaConfig(ReplicaConfig): + # pylint: disable=useless-super-delegation + def __init__(self, top_dir=None): + # pylint: disable=super-with-arguments + super(ExtendedReplicaConfig, self).__init__(top_dir) # def __getattribute__(self, attr): - # value = super(installer_obj, self).__getattribute__(attr) - # if not attr.startswith("--") and not attr.endswith("--"): - # logger.debug( - # " <-- Accessing installer.%s (%s)" % - # (attr, repr(value))) - # return value + # value = super(ExtendedReplicaConfig, self).__getattribute__( + # attr) + # if attr not in ["__dict__", "knobs"]: + # logger.debug(" <== Accessing config.%s (%s)" % + # (attr, repr(value))) + # return value\ + # pylint: enable=useless-super-delegation def __getattr__(self, attrname): - logger.info(" --> ADDING missing installer.%s", attrname) + logger.info(" ==> ADDING missing config.%s", attrname) setattr(self, attrname, None) return getattr(self, attrname) # def __setattr__(self, attr, value): - # logger.debug(" --> Setting installer.%s to %s" % - # (attr, repr(value))) - # return super(installer_obj, self).__setattr__(attr, value) + # logger.debug(" ==> Setting config.%s to %s" % + # (attr, repr(value))) + # return super(ExtendedReplicaConfig, self).__setattr__(attr, + # value) def knobs(self): for name in self.__dict__: yield self, name - - # pylint: enable=too-many-instance-attributes, useless-object-inheritance + # pylint: enable=too-many-instance-attributes # pylint: disable=attribute-defined-outside-init - installer = installer_obj() - options = installer - - # DNSInstallInterface - options.dnssec_master = False - options.disable_dnssec_master = False - options.kasp_db_file = None - options.force = False - - # ServerMasterInstall - options.add_sids = False - options.add_agents = False - - # ServerReplicaInstall - options.subject_base = None - options.ca_subject = None + # config = ReplicaConfig() + config = ExtendedReplicaConfig() + config.realm_name = api.env.realm + config.host_name = api.env.host + config.domain_name = api.env.domain + config.master_host_name = api.env.server + config.ca_host_name = api.env.ca_host + config.kra_host_name = config.ca_host_name + config.ca_ds_port = 389 + config.setup_ca = options.setup_ca + config.setup_kra = options.setup_kra + config.dir = options._top_dir + config.basedn = api.env.basedn + # config.subject_base = options.subject_base + # pylint: enable=attribute-defined-outside-init - def gen_env_boostrap_finalize_core(etc_ipa, default_config): - env = Env() - # env._bootstrap(context='installer', confdir=paths.ETC_IPA, log=None) - # env._finalize_core(**dict(constants.DEFAULT_CONFIG)) - env._bootstrap(context='installer', confdir=etc_ipa, log=None) - env._finalize_core(**dict(default_config)) - return env - - def api_bootstrap_finalize(env): - # pylint: disable=no-member - xmlrpc_uri = \ - 'https://{}/ipa/xml'.format(ipautil.format_netloc(env.host)) - api.bootstrap(in_server=True, - context='installer', - confdir=paths.ETC_IPA, - ldap_uri=installutils.realm_to_ldapi_uri(env.realm), - xmlrpc_uri=xmlrpc_uri) - # pylint: enable=no-member - api.finalize() - - def gen_ReplicaConfig(): # pylint: disable=invalid-name - # pylint: disable=too-many-instance-attributes - class ExtendedReplicaConfig(ReplicaConfig): - # pylint: disable=useless-super-delegation - def __init__(self, top_dir=None): - # pylint: disable=super-with-arguments - super(ExtendedReplicaConfig, self).__init__(top_dir) - - # def __getattribute__(self, attr): - # value = super(ExtendedReplicaConfig, self).__getattribute__( - # attr) - # if attr not in ["__dict__", "knobs"]: - # logger.debug(" <== Accessing config.%s (%s)" % - # (attr, repr(value))) - # return value\ - # pylint: enable=useless-super-delegation - - def __getattr__(self, attrname): - logger.info(" ==> ADDING missing config.%s", attrname) - setattr(self, attrname, None) - return getattr(self, attrname) - - # def __setattr__(self, attr, value): - # logger.debug(" ==> Setting config.%s to %s" % - # (attr, repr(value))) - # return super(ExtendedReplicaConfig, self).__setattr__(attr, - # value) - - def knobs(self): - for name in self.__dict__: - yield self, name - # pylint: enable=too-many-instance-attributes - - # pylint: disable=attribute-defined-outside-init - # config = ReplicaConfig() - config = ExtendedReplicaConfig() - config.realm_name = api.env.realm - config.host_name = api.env.host - config.domain_name = api.env.domain - config.master_host_name = api.env.server - config.ca_host_name = api.env.ca_host - config.kra_host_name = config.ca_host_name - config.ca_ds_port = 389 - config.setup_ca = options.setup_ca - config.setup_kra = options.setup_kra - config.dir = options._top_dir - config.basedn = api.env.basedn - # config.subject_base = options.subject_base - - # pylint: enable=attribute-defined-outside-init - - return config - - def replica_ds_init_info(ansible_log, - config, options_, ca_is_configured, remote_api, - ds_ca_subject, ca_file, - promote=False, pkcs12_info=None): - - dsinstance.check_ports() - - # if we have a pkcs12 file, create the cert db from - # that. Otherwise the ds setup will create the CA - # cert - if pkcs12_info is None: - pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", - "dirsrv_pin.txt") - - # during replica install, this gets invoked before local DS is - # available, so use the remote api. - # if ca_is_configured: - # ca_subject = ca.lookup_ca_subject(_api, config.subject_base) - # else: - # ca_subject = installutils.default_ca_subject_dn( - # config.subject_base) - ca_subject = ds_ca_subject - - ds = dsinstance.DsInstance( - config_ldif=options_.dirsrv_config_file) - ds.set_output(ansible_log) - - # Source: ipaserver/install/dsinstance.py - - # idstart and idmax are configured so that the range is seen as - # depleted by the DNA plugin and the replica will go and get a - # new range from the master. - # This way all servers use the initially defined range by default. - idstart = 1101 - idmax = 1100 - - with redirect_stdout(ansible_log): - ds.init_info( - realm_name=config.realm_name, - fqdn=config.host_name, - domain_name=config.domain_name, - dm_password=config.dirman_password, - subject_base=config.subject_base, - ca_subject=ca_subject, - idstart=idstart, - idmax=idmax, - pkcs12_info=pkcs12_info, - ca_file=ca_file, - setup_pkinit=not options.no_pkinit, - ) - ds.master_fqdn = config.master_host_name - if ca_is_configured is not None: - ds.ca_is_configured = ca_is_configured - ds.promote = promote - ds.api = remote_api - - # from __setup_replica - - # Always connect to ds over ldapi - ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm) - conn = ipaldap.LDAPClient(ldap_uri) - conn.external_bind() - - return ds - - def ansible_module_get_parsed_ip_addresses(ansible_module, - param='ip_addresses'): - ip_addrs = [] - for ip in ansible_module.params.get(param): - try: - ip_parsed = ipautil.CheckedIPAddress(ip) - except Exception as e: - ansible_module.fail_json( - msg="Invalid IP Address %s: %s" % (ip, e)) - ip_addrs.append(ip_parsed) - return ip_addrs - - def gen_remote_api(master_host_name, etc_ipa): - ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name) - xmlrpc_uri = 'https://{}/ipa/xml'.format( - ipautil.format_netloc(master_host_name)) - remote_api = create_api(mode=None) - remote_api.bootstrap(in_server=True, - context='installer', - confdir=etc_ipa, - ldap_uri=ldapuri, - xmlrpc_uri=xmlrpc_uri) - remote_api.finalize() - return remote_api + return config + + +def replica_ds_init_info(ansible_log, + config, options_, ca_is_configured, remote_api, + ds_ca_subject, ca_file, + promote=False, pkcs12_info=None): + + dsinstance.check_ports() + + # if we have a pkcs12 file, create the cert db from + # that. Otherwise the ds setup will create the CA + # cert + if pkcs12_info is None: + pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", + "dirsrv_pin.txt") + + # during replica install, this gets invoked before local DS is + # available, so use the remote api. + # if ca_is_configured: + # ca_subject = ca.lookup_ca_subject(_api, config.subject_base) + # else: + # ca_subject = installutils.default_ca_subject_dn( + # config.subject_base) + ca_subject = ds_ca_subject + + ds = dsinstance.DsInstance( + config_ldif=options_.dirsrv_config_file) + ds.set_output(ansible_log) + + # Source: ipaserver/install/dsinstance.py + + # idstart and idmax are configured so that the range is seen as + # depleted by the DNA plugin and the replica will go and get a + # new range from the master. + # This way all servers use the initially defined range by default. + idstart = 1101 + idmax = 1100 + + with redirect_stdout(ansible_log): + ds.init_info( + realm_name=config.realm_name, + fqdn=config.host_name, + domain_name=config.domain_name, + dm_password=config.dirman_password, + subject_base=config.subject_base, + ca_subject=ca_subject, + idstart=idstart, + idmax=idmax, + pkcs12_info=pkcs12_info, + ca_file=ca_file, + setup_pkinit=not options.no_pkinit, + ) + ds.master_fqdn = config.master_host_name + if ca_is_configured is not None: + ds.ca_is_configured = ca_is_configured + ds.promote = promote + ds.api = remote_api + + # from __setup_replica + + # Always connect to ds over ldapi + ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm) + conn = ipaldap.LDAPClient(ldap_uri) + conn.external_bind() + + return ds + + +def ansible_module_get_parsed_ip_addresses(ansible_module, + param='ip_addresses'): + ip_addrs = [] + for ip in ansible_module.params.get(param): + try: + ip_parsed = ipautil.CheckedIPAddress(ip) + except Exception as e: + ansible_module.fail_json( + msg="Invalid IP Address %s: %s" % (ip, e)) + ip_addrs.append(ip_parsed) + return ip_addrs + + +def gen_remote_api(master_host_name, etc_ipa): + ldapuri = 'ldaps://%s' % ipautil.format_netloc(master_host_name) + xmlrpc_uri = 'https://{}/ipa/xml'.format( + ipautil.format_netloc(master_host_name)) + remote_api = create_api(mode=None) + remote_api.bootstrap(in_server=True, + context='installer', + confdir=etc_ipa, + ldap_uri=ldapuri, + xmlrpc_uri=xmlrpc_uri) + remote_api.finalize() + return remote_api + + +def check_imports(module): + if ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR is not None: + module.fail_json(msg=ANSIBLE_IPA_REPLICA_MODULE_IMPORT_ERROR)