def main():
forwarder_spec = dict(ip_address=dict(type=str, required=True),
port=dict(type=int, required=False, default=None))
ansible_module = IPAAnsibleModule(argument_spec=dict(
# dnsconfig
forwarders=dict(type='list',
default=None,
required=False,
options=dict(**forwarder_spec)),
forward_policy=dict(type='str',
required=False,
default=None,
choices=['only', 'first', 'none'],
aliases=["forwardpolicy"]),
allow_sync_ptr=dict(type='bool', required=False, default=None),
# general
action=dict(
type="str", default="dnsconfig", choices=["member", "dnsconfig"]),
state=dict(
type="str", default="present", choices=["present", "absent"]),
))
ansible_module._ansible_debug = True
# dnsconfig
forwarders = ansible_module.params_get('forwarders') or []
forward_policy = ansible_module.params_get('forward_policy')
allow_sync_ptr = ansible_module.params_get('allow_sync_ptr')
action = ansible_module.params_get('action')
state = ansible_module.params_get('state')
# Check parameters.
invalid = []
if state == "present" and action == "member":
invalid = ['forward_policy', 'allow_sync_ptr']
if state == 'absent':
if action != "member":
ansible_module.fail_json(
msg="State 'absent' is only valid with action 'member'.")
invalid = ['forward_policy', 'allow_sync_ptr']
ansible_module.params_fail_used_invalid(invalid, state)
# Init
changed = False
# Connect to IPA API
with ansible_module.ipa_connect():
res_find = find_dnsconfig(ansible_module)
args = gen_args(ansible_module, state, action, res_find, forwarders,
forward_policy, allow_sync_ptr)
# Execute command only if configuration changes.
if not compare_args_ipa(ansible_module, args, res_find):
try:
if not ansible_module.check_mode:
ansible_module.ipa_command_no_name('dnsconfig_mod', args)
# If command did not fail, something changed.
changed = True
except Exception as e:
msg = str(e)
ansible_module.fail_json(msg="dnsconfig_mod: %s" % msg)
# Done
ansible_module.exit_json(changed=changed)
def main():
ansible_module = IPAAnsibleModule(
argument_spec=dict(
# general
maxusername=dict(type="int",
required=False,
aliases=['ipamaxusernamelength']),
maxhostname=dict(type="int",
required=False,
aliases=['ipamaxhostnamelength']),
homedirectory=dict(type="str",
required=False,
aliases=['ipahomesrootdir']),
defaultshell=dict(type="str",
required=False,
aliases=['ipadefaultloginshell', 'loginshell']),
defaultgroup=dict(type="str",
required=False,
aliases=['ipadefaultprimarygroup']),
emaildomain=dict(type="str",
required=False,
aliases=['ipadefaultemaildomain']),
searchtimelimit=dict(type="int",
required=False,
aliases=['ipasearchtimelimit']),
searchrecordslimit=dict(type="int",
required=False,
aliases=['ipasearchrecordslimit']),
usersearch=dict(type="list",
required=False,
aliases=['ipausersearchfields']),
groupsearch=dict(type="list",
required=False,
aliases=['ipagroupsearchfields']),
enable_migration=dict(type="bool",
required=False,
aliases=['ipamigrationenabled']),
groupobjectclasses=dict(type="list",
required=False,
aliases=['ipagroupobjectclasses']),
userobjectclasses=dict(type="list",
required=False,
aliases=['ipauserobjectclasses']),
pwdexpnotify=dict(type="int",
required=False,
aliases=['ipapwdexpadvnotify']),
configstring=dict(type="list",
required=False,
aliases=['ipaconfigstring'],
choices=[
"AllowNThash", "KDC:Disable Last Success",
"KDC:Disable Lockout",
"KDC:Disable Default Preauth for SPNs", ""
]), # noqa E128
selinuxusermaporder=dict(type="list",
required=False,
aliases=['ipaselinuxusermaporder']),
selinuxusermapdefault=dict(type="str",
required=False,
aliases=['ipaselinuxusermapdefault']),
pac_type=dict(type="list",
required=False,
aliases=["ipakrbauthzdata"],
choices=["MS-PAC", "PAD", "nfs:NONE", ""]),
user_auth_type=dict(
type="list",
required=False,
choices=["password", "radius", "otp", "disabled", ""],
aliases=["ipauserauthtype"]),
ca_renewal_master_server=dict(type="str", required=False),
domain_resolution_order=dict(type="list",
required=False,
aliases=["ipadomainresolutionorder"
])),
supports_check_mode=True,
)
ansible_module._ansible_debug = True
# Get parameters
# general
field_map = {
"maxusername": "******",
"maxhostname": "ipamaxhostnamelength",
"homedirectory": "ipahomesrootdir",
"defaultshell": "ipadefaultloginshell",
"defaultgroup": "ipadefaultprimarygroup",
"emaildomain": "ipadefaultemaildomain",
"searchtimelimit": "ipasearchtimelimit",
"searchrecordslimit": "ipasearchrecordslimit",
"usersearch": "ipausersearchfields",
"groupsearch": "ipagroupsearchfields",
"enable_migration": "ipamigrationenabled",
"groupobjectclasses": "ipagroupobjectclasses",
"userobjectclasses": "ipauserobjectclasses",
"pwdexpnotify": "ipapwdexpadvnotify",
"configstring": "ipaconfigstring",
"selinuxusermaporder": "ipaselinuxusermaporder",
"selinuxusermapdefault": "ipaselinuxusermapdefault",
"pac_type": "ipakrbauthzdata",
"user_auth_type": "ipauserauthtype",
"ca_renewal_master_server": "ca_renewal_master_server",
"domain_resolution_order": "ipadomainresolutionorder"
}
reverse_field_map = {v: k for k, v in field_map.items()}
params = {}
for x in field_map:
val = ansible_module.params_get(x)
if val is not None:
params[field_map.get(x, x)] = val
if params.get("ipamigrationenabled") is not None:
params["ipamigrationenabled"] = \
str(params["ipamigrationenabled"]).upper()
if params.get("ipaselinuxusermaporder", None):
params["ipaselinuxusermaporder"] = \
"$".join(params["ipaselinuxusermaporder"])
if params.get("ipadomainresolutionorder", None):
params["ipadomainresolutionorder"] = \
":".join(params["ipadomainresolutionorder"])
if params.get("ipausersearchfields", None):
params["ipausersearchfields"] = \
",".join(params["ipausersearchfields"])
if params.get("ipagroupsearchfields", None):
params["ipagroupsearchfields"] = \
",".join(params["ipagroupsearchfields"])
# verify limits on INT values.
args_with_limits = [
("ipamaxusernamelength", 1, 255),
("ipamaxhostnamelength", 64, 255),
("ipasearchtimelimit", -1, 2147483647),
("ipasearchrecordslimit", -1, 2147483647),
("ipapwdexpadvnotify", 0, 2147483647),
]
for arg, minimum, maximum in args_with_limits:
if arg in params and (params[arg] > maximum or params[arg] < minimum):
ansible_module.fail_json(
msg="Argument '%s' must be between %d and %d." %
(arg, minimum, maximum))
changed = False
exit_args = {}
# Connect to IPA API
with ansible_module.ipa_connect():
result = config_show(ansible_module)
if params:
params = {
k: v
for k, v in params.items() if k not in result or result[k] != v
}
if params \
and not compare_args_ipa(ansible_module, params, result):
changed = True
if not ansible_module.check_mode:
try:
ansible_module.ipa_command_no_name(
"config_mod", params)
except ipalib_errors.EmptyModlist:
changed = False
else:
del result['dn']
type_map = {"str": str, "int": int, "list": list, "bool": bool}
for key, value in result.items():
k = reverse_field_map.get(key, key)
if ansible_module.argument_spec.get(k):
arg_type = ansible_module.argument_spec[k]['type']
if k in ('ipaselinuxusermaporder',
'domain_resolution_order'):
exit_args[k] = result.get(key)[0].split('$')
elif k in ('usersearch', 'groupsearch'):
exit_args[k] = result.get(key)[0].split(',')
elif isinstance(value, str) and arg_type == "list":
exit_args[k] = [value]
elif (isinstance(value, (tuple, list))
and arg_type in ("str", "int")):
exit_args[k] = type_map[arg_type](value[0])
elif (isinstance(value, (tuple, list))
and arg_type == "bool"):
exit_args[k] = (value[0] == "TRUE")
else:
if arg_type not in type_map:
raise ValueError("Unexpected attribute type: %s" %
arg_type)
exit_args[k] = type_map[arg_type](value)
# Done
ansible_module.exit_json(changed=changed, config=exit_args)