x
/
tripleo-ipa
Code Issues Proposed changes

Remove argumnet for principal from cleanup_ipa module 

We already assume that the principal is of the form nova/<host>.domain.
No need therefore to pass that in as we can read host and domain from
default.conf.

This makes what we need to pass into the templates simpler.

Change-Id: Ibcb087dcd11c71429cd050f2784aedff31c3661b
This commit is contained in:
Ade Lee 2020-04-07 19:53:15 +00:00 committed by Grzegorz Grasza
parent b92b9b81ec
commit 668d971ceb
5 changed files with 37 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
tripleo_ipa/ansible_plugins/modules/cleanup_ipa_services.py
View File

@ -27,6 +27,7 @@ import yaml
import six
from six.moves import http_client
from six.moves.configparser import SafeConfigParser
from gssapi.exceptions import GSSError
from ipalib import api
@ -66,10 +67,6 @@ description:
attribute.
options:
principal:
description:
- Principal to use when authenticating to FreeIPA.
type: str
keytab:
description:
- Keytab to use when authenticating to FreeIPA
@ -85,7 +82,6 @@ author:
EXAMPLES = '''
- name: Cleanup IPA hosts and services
cleanup_ipa_services:
principal: user/my_host@REALM
keytab: /etc/krb5.keytab
hosts:
- test-server-0.exmaple.com
@ -96,16 +92,17 @@ EXAMPLES = '''
class IPAClient(object):
def __init__(self, keytab, principal):
def __init__(self, keytab):
self.ntries = 5
self.retry_delay = 2
self.keytab = keytab
self.principal = principal
if self._ipa_client_configured() and not api.isdone('finalize'):
self.ccache = "MEMORY:" + str(uuid.uuid4())
os.environ['KRB5CCNAME'] = self.ccache
kinit_keytab(self.principal, self.keytab, self.ccache)
(hostname, realm) = self.get_host_and_realm()
kinit_keytab(str('nova/%s@%s' % (hostname, realm)),
self.keytab, self.ccache)
api.bootstrap(context='cleanup')
api.finalize()
else:
@ -148,6 +145,14 @@ class IPAClient(object):
domain = six.text_type('.'.join(parts[1:]) + '.')
return (parts[0], domain)
def get_host_and_realm(self):
"""Return the hostname and IPA realm name."""
config = SafeConfigParser()
config.read('/etc/ipa/default.conf')
hostname = config.get('global', 'host')
realm = config.get('global', 'realm')
return (hostname, realm)
def __get_connection(self):
"""Make a connection to IPA or raise an error."""
tries = 0
@ -336,8 +341,8 @@ class IPAClient(object):
return result['count'] > 0
def cleanup_ipa_services(keytab, principal, hosts):
ipa = IPAClient(keytab, principal)
def cleanup_ipa_services(keytab, hosts):
ipa = IPAClient(keytab)
hosts_to_delete = set()
for host in hosts:
@ -385,10 +390,9 @@ def run_module():
try:
keytab = module.params.get('keytab')
principal = module.params.get('principal')
hosts = module.params.get('hosts')
cleanup_ipa_services(keytab, principal, hosts)
cleanup_ipa_services(keytab, hosts)
module.exit_json(changed=True)
except Exception as err:

28
tripleo_ipa/molecule/deregister/converge.yml
View File

@ -22,7 +22,7 @@
ipa_server_user: admin
ipa_server_password: password123
ipa_server_hostname: ipa.example.test
undercloud_fqdn: ipa.example.test
undercloud_fqdn: test-0.example.test
tasks:
- name: copy requirements file
copy:
@ -52,7 +52,7 @@
shell:
cmd: cat > /etc/hosts
stdin: |
127.0.0.1 test-0.example.test test-0 localhost localhost.localdomain
127.0.0.1 test-1.example.test test-1 localhost localhost.localdomain
- name: enroll the server as an ipa client using admin creds
shell: |
@ -90,8 +90,8 @@
hosts: all
vars:
tripleo_ipa_enroll_base_server: true
tripleo_ipa_base_server_fqdn: test-0.example.test
tripleo_ipa_base_server_short_name: test-0
tripleo_ipa_base_server_fqdn: test-1.example.test
tripleo_ipa_base_server_short_name: test-1
tripleo_ipa_base_server_domain: example.test
tripleo_ipa_delegate_server: localhost
tripleo_ipa_server_metadata: |
@ -133,14 +133,14 @@
"compact_service_redis": [
"internalapi"
],
"managed_service_haproxyctlplane": "haproxy/test-0.ctlplane.example.test",
"managed_service_haproxyexternal": "haproxy/test-0.example.test",
"managed_service_haproxyinternal_api": "haproxy/test-0.internalapi.example.test",
"managed_service_haproxystorage": "haproxy/test-0.storage.example.test",
"managed_service_haproxystorage_mgmt": "haproxy/test-0.storagemgmt.example.test",
"managed_service_mysqlinternal_api": "mysql/test-0.internalapi.example.test",
"managed_service_ovn_dbsinternal_api": "ovn_dbs/test-0.internalapi.example.test",
"managed_service_redisinternal_api": "redis/test-0.internalapi.example.test"
"managed_service_haproxyctlplane": "haproxy/test-1.ctlplane.example.test",
"managed_service_haproxyexternal": "haproxy/test-1.example.test",
"managed_service_haproxyinternal_api": "haproxy/test-1.internalapi.example.test",
"managed_service_haproxystorage": "haproxy/test-1.storage.example.test",
"managed_service_haproxystorage_mgmt": "haproxy/test-1.storagemgmt.example.test",
"managed_service_mysqlinternal_api": "mysql/test-1.internalapi.example.test",
"managed_service_ovn_dbsinternal_api": "ovn_dbs/test-1.internalapi.example.test",
"managed_service_redisinternal_api": "redis/test-1.internalapi.example.test"
}
roles:
- name: tripleo_ipa_registration
@ -152,12 +152,10 @@
- name: Converge - delete host and relevant services
hosts: all
vars:
ipa_server_user: nova/ipa.example.test
ipa_server_hostname: ipa.example.test
tasks:
- include_role:
name: tripleo_ipa_cleanup
vars:
tripleo_ipa_hosts_to_delete: [ 'test-0.example.test' ]
tripleo_ipa_principal: "{{ ipa_server_user }}"
tripleo_ipa_hosts_to_delete: [ 'test-1.example.test' ]
tripleo_ipa_keytab: "/etc/novajoin/krb5.keytab"

16
tripleo_ipa/molecule/deregister/tests/test_default.py
View File

@ -87,16 +87,16 @@ def test_role(host):
assert 'Role name: {}'.format(role) in result
assert 'Description: {}'.format(role) in result
assert 'Privileges: {}'.format(pri) in result
assert 'nova/test-0.example.test@EXAMPLE.TEST' not in result
assert 'nova/test-0.example.test@EXAMPLE.TEST' in result
@pytest.mark.parametrize('name', [
'test-0.example.test',
'test-0.ctlplane.example.test',
'test-0.external.example.test',
'test-0.internalapi.example.test',
'test-0.storage.example.test',
'test-0.storagemgmt.example.test',
'test-1.example.test',
'test-1.ctlplane.example.test',
'test-1.external.example.test',
'test-1.internalapi.example.test',
'test-1.storage.example.test',
'test-1.storagemgmt.example.test',
])
def test_hosts(host, name):
host.run_expect([1], 'ipa host-find {}'.format(name))
@ -124,5 +124,5 @@ def test_hosts(host, name):
def test_services(host, service, subhost):
host.run_expect(
[2],
'ipa service-show {}/test-0.{}.example.test@EXAMPLE.TEST'.format(
'ipa service-show {}/test-1.{}.example.test@EXAMPLE.TEST'.format(
service, subhost))

7
tripleo_ipa/playbooks/cli-cleanup-ipa.yml
View File

@ -39,14 +39,8 @@
- name: Get realm and host and keytab
set_fact:
ipa_realm: "{{ lookup('ini', 'realm section=global file=/etc/ipa/default.conf') }}"
ipa_client_host: "{{ lookup('ini', 'host section=global file=/etc/ipa/default.conf') }}"
ipa_keytab: "{{ ipa_keytab | default('/etc/novajoin/krb5.keytab') }}"
- name: set ipa_principal
set_fact:
ipa_principal: "nova/{{ ipa_client_host }}@{{ ipa_realm }}"
- name: check if keytab exists
stat:
path: "{{ ipa_keytab }}"
@ -70,6 +64,5 @@
include_role:
name: tripleo_ipa_cleanup
vars:
tripleo_ipa_principal: "{{ ipa_principal }}"
tripleo_ipa_keytab: "{{ ipa_keytab }}"
tripleo_ipa_hosts_to_delete: "{{ hosts_list }}"

2
tripleo_ipa/roles/tripleo_ipa_cleanup/tasks/main.yml
View File

@ -19,12 +19,10 @@
#
# The following variables are required:
# - tripleo_ipa_hosts_to_delete (list of FQDNs of hosts to delete)
# - tripleo_ipa_principal (principal to use when connecting to FreeIPA)
# - tripleo_ipa_keytab (file path to keytab to authenticate to FreeIPA)
- name: delete hosts, subhosts and services from freeIPA
cleanup_ipa_services:
principal: "{{ tripleo_ipa_principal }}"
keytab: "{{ tripleo_ipa_keytab }}"
hosts: "{{ tripleo_ipa_hosts_to_delete }}"
become: true