Remove argumnet for principal from cleanup_ipa module
We already assume that the principal is of the form nova/<host>.domain. No need therefore to pass that in as we can read host and domain from default.conf. This makes what we need to pass into the templates simpler. Change-Id: Ibcb087dcd11c71429cd050f2784aedff31c3661b
This commit is contained in:
parent
b92b9b81ec
commit
668d971ceb
|
@ -27,6 +27,7 @@ import yaml
|
|||
|
||||
import six
|
||||
from six.moves import http_client
|
||||
from six.moves.configparser import SafeConfigParser
|
||||
|
||||
from gssapi.exceptions import GSSError
|
||||
from ipalib import api
|
||||
|
@ -66,10 +67,6 @@ description:
|
|||
attribute.
|
||||
|
||||
options:
|
||||
principal:
|
||||
description:
|
||||
- Principal to use when authenticating to FreeIPA.
|
||||
type: str
|
||||
keytab:
|
||||
description:
|
||||
- Keytab to use when authenticating to FreeIPA
|
||||
|
@ -85,7 +82,6 @@ author:
|
|||
EXAMPLES = '''
|
||||
- name: Cleanup IPA hosts and services
|
||||
cleanup_ipa_services:
|
||||
principal: user/my_host@REALM
|
||||
keytab: /etc/krb5.keytab
|
||||
hosts:
|
||||
- test-server-0.exmaple.com
|
||||
|
@ -96,16 +92,17 @@ EXAMPLES = '''
|
|||
|
||||
class IPAClient(object):
|
||||
|
||||
def __init__(self, keytab, principal):
|
||||
def __init__(self, keytab):
|
||||
self.ntries = 5
|
||||
self.retry_delay = 2
|
||||
self.keytab = keytab
|
||||
self.principal = principal
|
||||
|
||||
if self._ipa_client_configured() and not api.isdone('finalize'):
|
||||
self.ccache = "MEMORY:" + str(uuid.uuid4())
|
||||
os.environ['KRB5CCNAME'] = self.ccache
|
||||
kinit_keytab(self.principal, self.keytab, self.ccache)
|
||||
(hostname, realm) = self.get_host_and_realm()
|
||||
kinit_keytab(str('nova/%s@%s' % (hostname, realm)),
|
||||
self.keytab, self.ccache)
|
||||
api.bootstrap(context='cleanup')
|
||||
api.finalize()
|
||||
else:
|
||||
|
@ -148,6 +145,14 @@ class IPAClient(object):
|
|||
domain = six.text_type('.'.join(parts[1:]) + '.')
|
||||
return (parts[0], domain)
|
||||
|
||||
def get_host_and_realm(self):
|
||||
"""Return the hostname and IPA realm name."""
|
||||
config = SafeConfigParser()
|
||||
config.read('/etc/ipa/default.conf')
|
||||
hostname = config.get('global', 'host')
|
||||
realm = config.get('global', 'realm')
|
||||
return (hostname, realm)
|
||||
|
||||
def __get_connection(self):
|
||||
"""Make a connection to IPA or raise an error."""
|
||||
tries = 0
|
||||
|
@ -336,8 +341,8 @@ class IPAClient(object):
|
|||
return result['count'] > 0
|
||||
|
||||
|
||||
def cleanup_ipa_services(keytab, principal, hosts):
|
||||
ipa = IPAClient(keytab, principal)
|
||||
def cleanup_ipa_services(keytab, hosts):
|
||||
ipa = IPAClient(keytab)
|
||||
|
||||
hosts_to_delete = set()
|
||||
for host in hosts:
|
||||
|
@ -385,10 +390,9 @@ def run_module():
|
|||
|
||||
try:
|
||||
keytab = module.params.get('keytab')
|
||||
principal = module.params.get('principal')
|
||||
hosts = module.params.get('hosts')
|
||||
|
||||
cleanup_ipa_services(keytab, principal, hosts)
|
||||
cleanup_ipa_services(keytab, hosts)
|
||||
|
||||
module.exit_json(changed=True)
|
||||
except Exception as err:
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
ipa_server_user: admin
|
||||
ipa_server_password: password123
|
||||
ipa_server_hostname: ipa.example.test
|
||||
undercloud_fqdn: ipa.example.test
|
||||
undercloud_fqdn: test-0.example.test
|
||||
tasks:
|
||||
- name: copy requirements file
|
||||
copy:
|
||||
|
@ -52,7 +52,7 @@
|
|||
shell:
|
||||
cmd: cat > /etc/hosts
|
||||
stdin: |
|
||||
127.0.0.1 test-0.example.test test-0 localhost localhost.localdomain
|
||||
127.0.0.1 test-1.example.test test-1 localhost localhost.localdomain
|
||||
|
||||
- name: enroll the server as an ipa client using admin creds
|
||||
shell: |
|
||||
|
@ -90,8 +90,8 @@
|
|||
hosts: all
|
||||
vars:
|
||||
tripleo_ipa_enroll_base_server: true
|
||||
tripleo_ipa_base_server_fqdn: test-0.example.test
|
||||
tripleo_ipa_base_server_short_name: test-0
|
||||
tripleo_ipa_base_server_fqdn: test-1.example.test
|
||||
tripleo_ipa_base_server_short_name: test-1
|
||||
tripleo_ipa_base_server_domain: example.test
|
||||
tripleo_ipa_delegate_server: localhost
|
||||
tripleo_ipa_server_metadata: |
|
||||
|
@ -133,14 +133,14 @@
|
|||
"compact_service_redis": [
|
||||
"internalapi"
|
||||
],
|
||||
"managed_service_haproxyctlplane": "haproxy/test-0.ctlplane.example.test",
|
||||
"managed_service_haproxyexternal": "haproxy/test-0.example.test",
|
||||
"managed_service_haproxyinternal_api": "haproxy/test-0.internalapi.example.test",
|
||||
"managed_service_haproxystorage": "haproxy/test-0.storage.example.test",
|
||||
"managed_service_haproxystorage_mgmt": "haproxy/test-0.storagemgmt.example.test",
|
||||
"managed_service_mysqlinternal_api": "mysql/test-0.internalapi.example.test",
|
||||
"managed_service_ovn_dbsinternal_api": "ovn_dbs/test-0.internalapi.example.test",
|
||||
"managed_service_redisinternal_api": "redis/test-0.internalapi.example.test"
|
||||
"managed_service_haproxyctlplane": "haproxy/test-1.ctlplane.example.test",
|
||||
"managed_service_haproxyexternal": "haproxy/test-1.example.test",
|
||||
"managed_service_haproxyinternal_api": "haproxy/test-1.internalapi.example.test",
|
||||
"managed_service_haproxystorage": "haproxy/test-1.storage.example.test",
|
||||
"managed_service_haproxystorage_mgmt": "haproxy/test-1.storagemgmt.example.test",
|
||||
"managed_service_mysqlinternal_api": "mysql/test-1.internalapi.example.test",
|
||||
"managed_service_ovn_dbsinternal_api": "ovn_dbs/test-1.internalapi.example.test",
|
||||
"managed_service_redisinternal_api": "redis/test-1.internalapi.example.test"
|
||||
}
|
||||
roles:
|
||||
- name: tripleo_ipa_registration
|
||||
|
@ -152,12 +152,10 @@
|
|||
- name: Converge - delete host and relevant services
|
||||
hosts: all
|
||||
vars:
|
||||
ipa_server_user: nova/ipa.example.test
|
||||
ipa_server_hostname: ipa.example.test
|
||||
tasks:
|
||||
- include_role:
|
||||
name: tripleo_ipa_cleanup
|
||||
vars:
|
||||
tripleo_ipa_hosts_to_delete: [ 'test-0.example.test' ]
|
||||
tripleo_ipa_principal: "{{ ipa_server_user }}"
|
||||
tripleo_ipa_hosts_to_delete: [ 'test-1.example.test' ]
|
||||
tripleo_ipa_keytab: "/etc/novajoin/krb5.keytab"
|
||||
|
|
|
@ -87,16 +87,16 @@ def test_role(host):
|
|||
assert 'Role name: {}'.format(role) in result
|
||||
assert 'Description: {}'.format(role) in result
|
||||
assert 'Privileges: {}'.format(pri) in result
|
||||
assert 'nova/test-0.example.test@EXAMPLE.TEST' not in result
|
||||
assert 'nova/test-0.example.test@EXAMPLE.TEST' in result
|
||||
|
||||
|
||||
@pytest.mark.parametrize('name', [
|
||||
'test-0.example.test',
|
||||
'test-0.ctlplane.example.test',
|
||||
'test-0.external.example.test',
|
||||
'test-0.internalapi.example.test',
|
||||
'test-0.storage.example.test',
|
||||
'test-0.storagemgmt.example.test',
|
||||
'test-1.example.test',
|
||||
'test-1.ctlplane.example.test',
|
||||
'test-1.external.example.test',
|
||||
'test-1.internalapi.example.test',
|
||||
'test-1.storage.example.test',
|
||||
'test-1.storagemgmt.example.test',
|
||||
])
|
||||
def test_hosts(host, name):
|
||||
host.run_expect([1], 'ipa host-find {}'.format(name))
|
||||
|
@ -124,5 +124,5 @@ def test_hosts(host, name):
|
|||
def test_services(host, service, subhost):
|
||||
host.run_expect(
|
||||
[2],
|
||||
'ipa service-show {}/test-0.{}.example.test@EXAMPLE.TEST'.format(
|
||||
'ipa service-show {}/test-1.{}.example.test@EXAMPLE.TEST'.format(
|
||||
service, subhost))
|
||||
|
|
|
@ -39,14 +39,8 @@
|
|||
|
||||
- name: Get realm and host and keytab
|
||||
set_fact:
|
||||
ipa_realm: "{{ lookup('ini', 'realm section=global file=/etc/ipa/default.conf') }}"
|
||||
ipa_client_host: "{{ lookup('ini', 'host section=global file=/etc/ipa/default.conf') }}"
|
||||
ipa_keytab: "{{ ipa_keytab | default('/etc/novajoin/krb5.keytab') }}"
|
||||
|
||||
- name: set ipa_principal
|
||||
set_fact:
|
||||
ipa_principal: "nova/{{ ipa_client_host }}@{{ ipa_realm }}"
|
||||
|
||||
- name: check if keytab exists
|
||||
stat:
|
||||
path: "{{ ipa_keytab }}"
|
||||
|
@ -70,6 +64,5 @@
|
|||
include_role:
|
||||
name: tripleo_ipa_cleanup
|
||||
vars:
|
||||
tripleo_ipa_principal: "{{ ipa_principal }}"
|
||||
tripleo_ipa_keytab: "{{ ipa_keytab }}"
|
||||
tripleo_ipa_hosts_to_delete: "{{ hosts_list }}"
|
||||
|
|
|
@ -19,12 +19,10 @@
|
|||
#
|
||||
# The following variables are required:
|
||||
# - tripleo_ipa_hosts_to_delete (list of FQDNs of hosts to delete)
|
||||
# - tripleo_ipa_principal (principal to use when connecting to FreeIPA)
|
||||
# - tripleo_ipa_keytab (file path to keytab to authenticate to FreeIPA)
|
||||
|
||||
- name: delete hosts, subhosts and services from freeIPA
|
||||
cleanup_ipa_services:
|
||||
principal: "{{ tripleo_ipa_principal }}"
|
||||
keytab: "{{ tripleo_ipa_keytab }}"
|
||||
hosts: "{{ tripleo_ipa_hosts_to_delete }}"
|
||||
become: true
|
||||
|
|
Loading…
Reference in New Issue