rpms / ansible-freeipa

Clone
Source Code
GIT

Blame SOURCES/ansible-freeipa-1.6.3-ipaserver-ipareplica-Always-generate-SIDs_PR866_RHBZ#2132970.patch

c8 c8-beta c8s c9 c9-beta
  1.   fb8d453c137e909669e7ccb48ce462eb94d2acb7
  2.   SOURCES
  3.   ansible-freeipa-1.6.3-ipaserver-ipareplica-Always-generate-SIDs_PR866_RHBZ#2132970.patch
Blob History Raw
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_prepare.py	2022-10-07 16:51:35.750411448 +0200
fb8d45 
@@ -182,6 +182,9 @@ options:
fb8d45 
   skip_conncheck:
fb8d45 
     description: Skip connection check to remote master
fb8d45 
     required: yes
fb8d45 
+  sid_generation_always:
fb8d45 
+    description: Enable SID generation always
fb8d45 
+    required: yes
fb8d45 
 author:
fb8d45 
     - Thomas Woerner
fb8d45 
 '''
fb8d45 
@@ -275,6 +278,8 @@ def main():
fb8d45 
             # additional
fb8d45 
             server=dict(required=True),
fb8d45 
             skip_conncheck=dict(required=False, type='bool'),
fb8d45 
+            sid_generation_always=dict(required=False, type='bool',
fb8d45 
+                                       default=False),
fb8d45 
         ),
fb8d45 
         supports_check_mode=True,
fb8d45 
     )
fb8d45 
@@ -350,6 +355,7 @@ def main():
fb8d45 
     #     '_hostname_overridden')
fb8d45 
     options.server = ansible_module.params.get('server')
fb8d45 
     options.skip_conncheck = ansible_module.params.get('skip_conncheck')
fb8d45 
+    sid_generation_always = ansible_module.params.get('sid_generation_always')
fb8d45
fb8d45 
     # init #
fb8d45
fb8d45 
@@ -755,7 +761,7 @@ def main():
fb8d45
fb8d45 
         ansible_log.debug("-- CHECK ADTRUST --")
fb8d45
fb8d45 
-        if options.setup_adtrust:
fb8d45 
+        if options.setup_adtrust or sid_generation_always:
fb8d45 
             adtrust.install_check(False, options, remote_api)
fb8d45
fb8d45 
     except errors.ACIError:
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_setup_adtrust.py	2022-10-07 16:44:59.008094369 +0200
fb8d45 
@@ -71,6 +71,9 @@ options:
fb8d45 
   setup_ca:
fb8d45 
     description: Configure a dogtag CA
fb8d45 
     required: no
fb8d45 
+  setup_adtrust:
fb8d45 
+    description: Configure AD trust capability
fb8d45 
+    required: yes
fb8d45 
   config_master_host_name:
fb8d45 
     description: The config master_host_name setting
fb8d45 
     required: no
fb8d45 
@@ -112,6 +115,7 @@ def main():
fb8d45 
             ccache=dict(required=True),
fb8d45 
             _top_dir=dict(required=True),
fb8d45 
             setup_ca=dict(required=True, type='bool'),
fb8d45 
+            setup_adtrust=dict(required=True, type='bool'),
fb8d45 
             config_master_host_name=dict(required=True),
fb8d45 
         ),
fb8d45 
         supports_check_mode=True,
fb8d45 
@@ -140,6 +144,7 @@ def main():
fb8d45 
     os.environ['KRB5CCNAME'] = ccache
fb8d45 
     options._top_dir = ansible_module.params.get('_top_dir')
fb8d45 
     options.setup_ca = ansible_module.params.get('setup_ca')
fb8d45 
+    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
fb8d45 
     config_master_host_name = ansible_module.params.get(
fb8d45 
         'config_master_host_name')
fb8d45 
     adtrust.netbios_name = ansible_module.params.get('adtrust_netbios_name')
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipareplica/library/ipareplica_test.py	2022-10-07 16:50:45.621497736 +0200
fb8d45 
@@ -144,7 +144,7 @@ from ansible.module_utils.ansible_ipa_re
fb8d45 
     ansible_module_get_parsed_ip_addresses, service,
fb8d45 
     redirect_stdout, create_ipa_conf, ipautil,
fb8d45 
     x509, validate_domain_name, common_check,
fb8d45 
-    IPA_PYTHON_VERSION
fb8d45 
+    IPA_PYTHON_VERSION, adtrustinstance
fb8d45 
 )
fb8d45
fb8d45
fb8d45 
@@ -271,6 +271,14 @@ def main():
fb8d45 
     #    #  options.setup_adtrust = False
fb8d45 
     #    #  ansible_module.warn(msg="adtrust is not supported, disabling")
fb8d45
fb8d45 
+    sid_generation_always = False
fb8d45 
+    if not options.setup_adtrust:
fb8d45 
+        # pylint: disable=deprecated-method
fb8d45 
+        argspec = inspect.getargspec(adtrustinstance.ADTRUSTInstance.__init__)
fb8d45 
+        # pylint: enable=deprecated-method
fb8d45 
+        if "fulltrust" in argspec.args:
fb8d45 
+            sid_generation_always = True
fb8d45 
+
fb8d45 
     # if options.setup_kra and not kra_imported:
fb8d45 
     #    # if "kra" not in options._allow_missing:
fb8d45 
     #    ansible_module.fail_json(msg="kra can not be imported")
fb8d45 
@@ -472,6 +480,7 @@ def main():
fb8d45 
         # additional
fb8d45 
         client_enrolled=client_enrolled,
fb8d45 
         change_master_for_certmonger=change_master_for_certmonger,
fb8d45 
+        sid_generation_always=sid_generation_always
fb8d45 
     )
fb8d45
fb8d45
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py.always_sids ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipareplica/module_utils/ansible_ipa_replica.py	2022-10-07 16:54:27.707115487 +0200
fb8d45 
@@ -46,7 +46,8 @@ __all__ = ["contextlib", "dnsexception",
fb8d45 
            "common_check", "current_domain_level",
fb8d45 
            "check_domain_level_is_supported", "promotion_check_ipa_domain",
fb8d45 
            "SSSDConfig", "CalledProcessError", "timeconf", "ntpinstance",
fb8d45 
-           "dnsname", "kernel_keyring", "krbinstance"]
fb8d45 
+           "dnsname", "kernel_keyring", "krbinstance",
fb8d45 
+           "adtrustinstance"]
fb8d45
fb8d45 
 import sys
fb8d45
fb8d45 
@@ -105,6 +106,7 @@ else:
fb8d45 
             adtrust, bindinstance, ca, certs, dns, dsinstance, httpinstance,
fb8d45 
             installutils, kra, krbinstance,
fb8d45 
             otpdinstance, custodiainstance, service, upgradeinstance)
fb8d45 
+        from ipaserver.install import adtrustinstance
fb8d45 
         try:
fb8d45 
             from ipaserver.masters import (
fb8d45 
                 find_providing_servers, find_providing_server)
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml.always_sids ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipareplica/tasks/install.yml	2022-10-07 16:44:59.008094369 +0200
fb8d45 
@@ -748,13 +748,15 @@
fb8d45 
       ccache: "{{ result_ipareplica_prepare.ccache }}"
fb8d45 
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
fb8d45 
       setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
fb8d45 
+      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
fb8d45 
       config_master_host_name:
fb8d45 
         "{{ result_ipareplica_prepare.config_master_host_name }}"
fb8d45 
       adtrust_netbios_name:
fb8d45 
         "{{ result_ipareplica_prepare.adtrust_netbios_name }}"
fb8d45 
       adtrust_reset_netbios_name:
fb8d45 
         "{{ result_ipareplica_prepare.adtrust_reset_netbios_name }}"
fb8d45 
-    when: result_ipareplica_test.setup_adtrust
fb8d45 
+    when: result_ipareplica_test.setup_adtrust or
fb8d45 
+          result_ipareplica_test.sid_generation_always
fb8d45
fb8d45 
   - name: Install - Enable IPA
fb8d45 
     ipareplica_enable_ipa:
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py.always_sids ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_prepare.py	2022-10-07 16:47:45.005808635 +0200
fb8d45 
@@ -141,6 +141,9 @@ options:
fb8d45 
   setup_ca:
fb8d45 
     description: Configure a dogtag CA
fb8d45 
     required: yes
fb8d45 
+  sid_generation_always:
fb8d45 
+    description: Enable SID generation always
fb8d45 
+    required: yes
fb8d45 
   _hostname_overridden:
fb8d45 
     description: The installer _hostname_overridden setting
fb8d45 
     required: yes
fb8d45 
@@ -213,6 +216,8 @@ def main():
fb8d45
fb8d45 
             # additional
fb8d45 
             setup_ca=dict(required=False, type='bool', default=False),
fb8d45 
+            sid_generation_always=dict(required=False, type='bool',
fb8d45 
+                                       default=False),
fb8d45 
             _hostname_overridden=dict(required=False, type='bool',
fb8d45 
                                       default=False),
fb8d45 
         ),
fb8d45 
@@ -279,6 +284,7 @@ def main():
fb8d45 
     options.setup_ca = ansible_module.params.get('setup_ca')
fb8d45 
     options._host_name_overridden = ansible_module.params.get(
fb8d45 
         '_hostname_overridden')
fb8d45 
+    sid_generation_always = ansible_module.params.get('sid_generation_always')
fb8d45 
     options.kasp_db_file = None
fb8d45
fb8d45 
     # init ##################################################################
fb8d45 
@@ -371,7 +377,7 @@ def main():
fb8d45 
             logger.debug('Starting Directory Server')
fb8d45 
             services.knownservices.dirsrv.start(instance_name)
fb8d45
fb8d45 
-        if options.setup_adtrust:
fb8d45 
+        if options.setup_adtrust or sid_generation_always:
fb8d45 
             with redirect_stdout(ansible_log):
fb8d45 
                 adtrust.install_check(False, options, api)
fb8d45
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py.always_sids ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipaserver/library/ipaserver_test.py	2022-10-07 16:46:12.413968014 +0200
fb8d45 
@@ -226,7 +226,7 @@ from ansible.module_utils.ansible_ipa_se
fb8d45 
     read_cache, ca, tasks, check_ldap_conf, timeconf, httpinstance,
fb8d45 
     check_dirsrv, ScriptError, get_fqdn, verify_fqdn, BadHostError,
fb8d45 
     validate_domain_name, load_pkcs12, IPA_PYTHON_VERSION,
fb8d45 
-    encode_certificate, check_available_memory
fb8d45 
+    encode_certificate, check_available_memory, adtrustinstance
fb8d45 
 )
fb8d45 
 from ansible.module_utils import six
fb8d45
fb8d45 
@@ -395,12 +395,16 @@ def main():
fb8d45
fb8d45 
     # version specific ######################################################
fb8d45
fb8d45 
-    if options.setup_adtrust and not adtrust_imported:
fb8d45 
-        # if "adtrust" not in options._allow_missing:
fb8d45 
-        ansible_module.fail_json(msg="adtrust can not be imported")
fb8d45 
-        # else:
fb8d45 
-        #   options.setup_adtrust = False
fb8d45 
-        #   ansible_module.warn(msg="adtrust is not supported, disabling")
fb8d45 
+    sid_generation_always = False
fb8d45 
+    if not options.setup_adtrust:
fb8d45 
+        # pylint: disable=deprecated-method
fb8d45 
+        argspec = inspect.getargspec(adtrustinstance.ADTRUSTInstance.__init__)
fb8d45 
+        # pylint: enable=deprecated-method
fb8d45 
+        if "fulltrust" in argspec.args:
fb8d45 
+            sid_generation_always = True
fb8d45 
+    else:
fb8d45 
+        if not adtrust_imported:
fb8d45 
+            ansible_module.fail_json(msg="adtrust can not be imported")
fb8d45
fb8d45 
     if options.setup_kra and not kra_imported:
fb8d45 
         # if "kra" not in options._allow_missing:
fb8d45 
@@ -522,7 +526,8 @@ def main():
fb8d45 
                     "You cannot specify an --enable-compat option without the "
fb8d45 
                     "--setup-adtrust option")
fb8d45
fb8d45 
-            if self.netbios_name:
fb8d45 
+            # Deactivate test for new IPA SID generation
fb8d45 
+            if self.netbios_name and not sid_generation_always:
fb8d45 
                 raise RuntimeError(
fb8d45 
                     "You cannot specify a --netbios-name option without the "
fb8d45 
                     "--setup-adtrust option")
fb8d45 
@@ -1079,7 +1084,8 @@ def main():
fb8d45 
                              ntp_pool=options.ntp_pool,
fb8d45 
                              # additional
fb8d45 
                              _installation_cleanup=_installation_cleanup,
fb8d45 
-                             domainlevel=options.domainlevel)
fb8d45 
+                             domainlevel=options.domainlevel,
fb8d45 
+                             sid_generation_always=sid_generation_always)
fb8d45
fb8d45
fb8d45 
 if __name__ == '__main__':
fb8d45 
diff -up ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml.always_sids ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml
fb8d45 
--- ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml.always_sids	2022-01-27 14:05:04.000000000 +0100
fb8d45 
+++ ansible-freeipa-1.6.3/roles/ipaserver/tasks/install.yml	2022-10-07 16:48:36.946719227 +0200
fb8d45 
@@ -191,6 +191,7 @@
fb8d45 
       secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
fb8d45 
       ### additional ###
fb8d45 
       setup_ca: "{{ result_ipaserver_test.setup_ca }}"
fb8d45 
+      sid_generation_always: "{{ result_ipaserver_test.sid_generation_always }}"
fb8d45 
       _hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
fb8d45 
     register: result_ipaserver_prepare
fb8d45
fb8d45 
@@ -392,7 +393,8 @@
fb8d45 
         adtrust_netbios_name: "{{ result_ipaserver_prepare.adtrust_netbios_name }}"
fb8d45 
         adtrust_reset_netbios_name:
fb8d45 
           "{{ result_ipaserver_prepare.adtrust_reset_netbios_name }}"
fb8d45 
-      when: result_ipaserver_test.setup_adtrust
fb8d45 
+      when: result_ipaserver_test.setup_adtrust or
fb8d45 
+            result_ipaserver_test.sid_generation_always
fb8d45
fb8d45 
     - name: Install - Set DS password
fb8d45 
       ipaserver_set_ds_password:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation