260 lines
12 KiB
Diff
260 lines
12 KiB
Diff
|
diff -up ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py
|
||
|
--- ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py 2022-10-07 16:51:35.750411448 +0200
|
||
|
@@ -182,6 +182,9 @@ options:
|
||
|
skip_conncheck:
|
||
|
description: Skip connection check to remote master
|
||
|
required: yes
|
||
|
+ sid_generation_always:
|
||
|
+ description: Enable SID generation always
|
||
|
+ required: yes
|
||
|
author:
|
||
|
- Thomas Woerner
|
||
|
'''
|
||
|
@@ -275,6 +278,8 @@ def main():
|
||
|
# additional
|
||
|
server=dict(required=True),
|
||
|
skip_conncheck=dict(required=False, type='bool'),
|
||
|
+ sid_generation_always=dict(required=False, type='bool',
|
||
|
+ default=False),
|
||
|
),
|
||
|
supports_check_mode=True,
|
||
|
)
|
||
|
@@ -350,6 +355,7 @@ def main():
|
||
|
# '_hostname_overridden')
|
||
|
options.server = ansible_module.params.get('server')
|
||
|
options.skip_conncheck = ansible_module.params.get('skip_conncheck')
|
||
|
+ sid_generation_always = ansible_module.params.get('sid_generation_always')
|
||
|
|
||
|
# init #
|
||
|
|
||
|
@@ -755,7 +761,7 @@ def main():
|
||
|
|
||
|
ansible_log.debug("-- CHECK ADTRUST --")
|
||
|
|
||
|
- if options.setup_adtrust:
|
||
|
+ if options.setup_adtrust or sid_generation_always:
|
||
|
adtrust.install_check(False, options, remote_api)
|
||
|
|
||
|
except errors.ACIError:
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py
|
||
|
--- ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py 2022-10-07 16:44:59.008094369 +0200
|
||
|
@@ -71,6 +71,9 @@ options:
|
||
|
setup_ca:
|
||
|
description: Configure a dogtag CA
|
||
|
required: no
|
||
|
+ setup_adtrust:
|
||
|
+ description: Configure AD trust capability
|
||
|
+ required: yes
|
||
|
config_master_host_name:
|
||
|
description: The config master_host_name setting
|
||
|
required: no
|
||
|
@@ -112,6 +115,7 @@ def main():
|
||
|
ccache=dict(required=True),
|
||
|
_top_dir=dict(required=True),
|
||
|
setup_ca=dict(required=True, type='bool'),
|
||
|
+ setup_adtrust=dict(required=True, type='bool'),
|
||
|
config_master_host_name=dict(required=True),
|
||
|
),
|
||
|
supports_check_mode=True,
|
||
|
@@ -140,6 +144,7 @@ def main():
|
||
|
os.environ['KRB5CCNAME'] = ccache
|
||
|
options._top_dir = ansible_module.params.get('_top_dir')
|
||
|
options.setup_ca = ansible_module.params.get('setup_ca')
|
||
|
+ options.setup_adtrust = ansible_module.params.get('setup_adtrust')
|
||
|
config_master_host_name = ansible_module.params.get(
|
||
|
'config_master_host_name')
|
||
|
adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py
|
||
|
--- ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py 2022-10-07 16:50:45.621497736 +0200
|
||
|
@@ -144,7 +144,7 @@ from ansible.module_utils.ansible_ipa_re
|
||
|
ansible_module_get_parsed_ip_addresses, service,
|
||
|
redirect_stdout, create_ipa_conf, ipautil,
|
||
|
x509, validate_domain_name, common_check,
|
||
|
- IPA_PYTHON_VERSION
|
||
|
+ IPA_PYTHON_VERSION, adtrustinstance
|
||
|
)
|
||
|
|
||
|
|
||
|
@@ -271,6 +271,14 @@ def main():
|
||
|
# # options.setup_adtrust = False
|
||
|
# # ansible_module.warn(msg="adtrust is not supported, disabling")
|
||
|
|
||
|
+ sid_generation_always = False
|
||
|
+ if not options.setup_adtrust:
|
||
|
+ # pylint: disable=deprecated-method
|
||
|
+ argspec = inspect.getargspec(adtrustinstance.ADTRUSTInstance.__init__)
|
||
|
+ # pylint: enable=deprecated-method
|
||
|
+ if "fulltrust" in argspec.args:
|
||
|
+ sid_generation_always = True
|
||
|
+
|
||
|
# if options.setup_kra and not kra_imported:
|
||
|
# # if "kra" not in options._allow_missing:
|
||
|
# ansible_module.fail_json(msg="kra can not be imported")
|
||
|
@@ -472,6 +480,7 @@ def main():
|
||
|
# additional
|
||
|
client_enrolled=client_enrolled,
|
||
|
change_master_for_certmonger=change_master_for_certmonger,
|
||
|
+ sid_generation_always=sid_generation_always
|
||
|
)
|
||
|
|
||
|
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py
|
||
|
--- ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py 2022-10-07 16:54:27.707115487 +0200
|
||
|
@@ -46,7 +46,8 @@ __all__ = ["contextlib", "dnsexception",
|
||
|
"common_check", "current_domain_level",
|
||
|
"check_domain_level_is_supported", "promotion_check_ipa_domain",
|
||
|
"SSSDConfig", "CalledProcessError", "timeconf", "ntpinstance",
|
||
|
- "dnsname", "kernel_keyring", "krbinstance"]
|
||
|
+ "dnsname", "kernel_keyring", "krbinstance",
|
||
|
+ "adtrustinstance"]
|
||
|
|
||
|
import sys
|
||
|
|
||
|
@@ -105,6 +106,7 @@ else:
|
||
|
adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance,
|
||
|
installutils, kra, krbinstance,
|
||
|
otpdinstance, custodiainstance, service, upgradeinstance)
|
||
|
+ from ipaserver.install import adtrustinstance
|
||
|
try:
|
||
|
from ipaserver.masters import (
|
||
|
find_providing_servers, find_providing_server)
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml.always_sids ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml
|
||
|
--- ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml 2022-10-07 16:44:59.008094369 +0200
|
||
|
@@ -748,13 +748,15 @@
|
||
|
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
||
|
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
||
|
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
||
|
+ setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
|
||
|
config_master_host_name:
|
||
|
"{{ result_ipareplica_prepare.config_master_host_name }}"
|
||
|
adtrust_netbios_name:
|
||
|
"{{ result_ipareplica_prepare.adtrust_netbios_name }}"
|
||
|
adtrust_reset_netbios_name:
|
||
|
"{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}"
|
||
|
- when: result_ipareplica_test.setup_adtrust
|
||
|
+ when: result_ipareplica_test.setup_adtrust or
|
||
|
+ result_ipareplica_test.sid_generation_always
|
||
|
|
||
|
- name: Install - Enable IPA
|
||
|
ipareplica_enable_ipa:
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py.always_sids ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py
|
||
|
--- ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py 2022-10-07 16:47:45.005808635 +0200
|
||
|
@@ -141,6 +141,9 @@ options:
|
||
|
setup_ca:
|
||
|
description: Configure a dogtag CA
|
||
|
required: yes
|
||
|
+ sid_generation_always:
|
||
|
+ description: Enable SID generation always
|
||
|
+ required: yes
|
||
|
_hostname_overridden:
|
||
|
description: The installer _hostname_overridden setting
|
||
|
required: yes
|
||
|
@@ -213,6 +216,8 @@ def main():
|
||
|
|
||
|
# additional
|
||
|
setup_ca=dict(required=False, type='bool', default=False),
|
||
|
+ sid_generation_always=dict(required=False, type='bool',
|
||
|
+ default=False),
|
||
|
_hostname_overridden=dict(required=False, type='bool',
|
||
|
default=False),
|
||
|
),
|
||
|
@@ -279,6 +284,7 @@ def main():
|
||
|
options.setup_ca = ansible_module.params.get('setup_ca')
|
||
|
options._host_name_overridden = ansible_module.params.get(
|
||
|
'_hostname_overridden')
|
||
|
+ sid_generation_always = ansible_module.params.get('sid_generation_always')
|
||
|
options.kasp_db_file = None
|
||
|
|
||
|
# init ##################################################################
|
||
|
@@ -371,7 +377,7 @@ def main():
|
||
|
logger.debug('Starting Directory Server')
|
||
|
services.knownservices.dirsrv.start(instance_name)
|
||
|
|
||
|
- if options.setup_adtrust:
|
||
|
+ if options.setup_adtrust or sid_generation_always:
|
||
|
with redirect_stdout(ansible_log):
|
||
|
adtrust.install_check(False, options, api)
|
||
|
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py.always_sids ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py
|
||
|
--- ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py 2022-10-07 16:46:12.413968014 +0200
|
||
|
@@ -226,7 +226,7 @@ from ansible.module_utils.ansible_ipa_se
|
||
|
read_cache, ca, tasks, check_ldap_conf, timeconf, httpinstance,
|
||
|
check_dirsrv, ScriptError, get_fqdn, verify_fqdn, BadHostError,
|
||
|
validate_domain_name, load_pkcs12, IPA_PYTHON_VERSION,
|
||
|
- encode_certificate, check_available_memory
|
||
|
+ encode_certificate, check_available_memory, adtrustinstance
|
||
|
)
|
||
|
from ansible.module_utils import six
|
||
|
|
||
|
@@ -395,12 +395,16 @@ def main():
|
||
|
|
||
|
# version specific ######################################################
|
||
|
|
||
|
- if options.setup_adtrust and not adtrust_imported:
|
||
|
- # if "adtrust" not in options._allow_missing:
|
||
|
- ansible_module.fail_json(msg="adtrust can not be imported")
|
||
|
- # else:
|
||
|
- # options.setup_adtrust = False
|
||
|
- # ansible_module.warn(msg="adtrust is not supported, disabling")
|
||
|
+ sid_generation_always = False
|
||
|
+ if not options.setup_adtrust:
|
||
|
+ # pylint: disable=deprecated-method
|
||
|
+ argspec = inspect.getargspec(adtrustinstance.ADTRUSTInstance.__init__)
|
||
|
+ # pylint: enable=deprecated-method
|
||
|
+ if "fulltrust" in argspec.args:
|
||
|
+ sid_generation_always = True
|
||
|
+ else:
|
||
|
+ if not adtrust_imported:
|
||
|
+ ansible_module.fail_json(msg="adtrust can not be imported")
|
||
|
|
||
|
if options.setup_kra and not kra_imported:
|
||
|
# if "kra" not in options._allow_missing:
|
||
|
@@ -522,7 +526,8 @@ def main():
|
||
|
"You cannot specify an --enable-compat option without the "
|
||
|
"--setup-adtrust option")
|
||
|
|
||
|
- if self.netbios_name:
|
||
|
+ # Deactivate test for new IPA SID generation
|
||
|
+ if self.netbios_name and not sid_generation_always:
|
||
|
raise RuntimeError(
|
||
|
"You cannot specify a --netbios-name option without the "
|
||
|
"--setup-adtrust option")
|
||
|
@@ -1079,7 +1084,8 @@ def main():
|
||
|
ntp_pool=options.ntp_pool,
|
||
|
# additional
|
||
|
_installation_cleanup=_installation_cleanup,
|
||
|
- domainlevel=options.domainlevel)
|
||
|
+ domainlevel=options.domainlevel,
|
||
|
+ sid_generation_always=sid_generation_always)
|
||
|
|
||
|
|
||
|
if __name__ == '__main__':
|
||
|
diff -up ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml.always_sids ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml
|
||
|
--- ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml.always_sids 2022-01-27 14:05:04.000000000 +0100
|
||
|
+++ ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml 2022-10-07 16:48:36.946719227 +0200
|
||
|
@@ -191,6 +191,7 @@
|
||
|
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
|
||
|
### additional ###
|
||
|
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
|
||
|
+ sid_generation_always: "{{ result_ipaserver_test.sid_generation_always }}"
|
||
|
_hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
|
||
|
register: result_ipaserver_prepare
|
||
|
|
||
|
@@ -392,7 +393,8 @@
|
||
|
adtrust_netbios_name: "{{ result_ipaserver_prepare.adtrust_netbios_name }}"
|
||
|
adtrust_reset_netbios_name:
|
||
|
"{{ result_ipaserver_prepare.adtrust_reset_netbios_name }}"
|
||
|
- when: result_ipaserver_test.setup_adtrust
|
||
|
+ when: result_ipaserver_test.setup_adtrust or
|
||
|
+ result_ipaserver_test.sid_generation_always
|
||
|
|
||
|
- name: Install - Set DS password
|
||
|
ipaserver_set_ds_password:
|