def main(): module = AnsibleModule( argument_spec = dict( state=dict(default='present', choices=['present', 'absent'], type='str'), name=dict(required=True, type='str'), gid=dict(default=None, type='str'), system=dict(default=False, type='bool'), ), supports_check_mode=True ) group = Group(module) module.debug('Group instantiated - platform %s' % group.platform) if group.distribution: module.debug('Group instantiated - distribution %s' % group.distribution) rc = None out = '' err = '' result = {} result['name'] = group.name result['state'] = group.state if group.state == 'absent': if group.group_exists(): if module.check_mode: module.exit_json(changed=True) (rc, out, err) = group.group_del() if rc != 0: module.fail_json(name=group.name, msg=err) elif group.state == 'present': if not group.group_exists(): if module.check_mode: module.exit_json(changed=True) (rc, out, err) = group.group_add(gid=group.gid, system=group.system) else: (rc, out, err) = group.group_mod(gid=group.gid) if rc is not None and rc != 0: module.fail_json(name=group.name, msg=err) if rc is None: result['changed'] = False else: result['changed'] = True if out: result['stdout'] = out if err: result['stderr'] = err if group.group_exists(): info = group.group_info() result['system'] = group.system result['gid'] = info[2] module.exit_json(**result)
def main(): module = AnsibleModule( argument_spec=dict( name=dict(required=True), port=dict(default=623, type='int'), state=dict(required=True, choices=['on', 'off', 'shutdown', 'reset', 'boot']), user=dict(required=True, no_log=True), password=dict(required=True, no_log=True), timeout=dict(default=300, type='int'), ), supports_check_mode=True, ) if command is None: module.fail_json(msg='the python pyghmi module is required') name = module.params['name'] port = module.params['port'] user = module.params['user'] password = module.params['password'] state = module.params['state'] timeout = module.params['timeout'] # --- run command --- try: ipmi_cmd = command.Command( bmc=name, userid=user, password=password, port=port ) module.debug('ipmi instantiated - name: "%s"' % name) current = ipmi_cmd.get_power() if current['powerstate'] != state: response = {'powerstate': state} if module.check_mode else ipmi_cmd.set_power(state, wait=timeout) changed = True else: response = current changed = False if 'error' in response: module.fail_json(msg=response['error']) module.exit_json(changed=changed, **response) except Exception as e: module.fail_json(msg=str(e))
def main(): module = AnsibleModule( argument_spec = dict( servers=dict(required=True, type='list'), domain=dict(required=True), realm=dict(required=True), hostname=dict(required=True), basedn=dict(required=True), principal=dict(required=False), subject_base=dict(required=True), ca_enabled=dict(required=True, type='bool'), mkhomedir=dict(required=False, type='bool'), on_master=dict(required=False, type='bool'), ), supports_check_mode = True, ) module._ansible_debug = True servers = module.params.get('servers') realm = module.params.get('realm') hostname = module.params.get('hostname') basedn = module.params.get('basedn') domain = module.params.get('domain') principal = module.params.get('principal') subject_base = module.params.get('subject_base') ca_enabled = module.params.get('ca_enabled') mkhomedir = module.params.get('mkhomedir') on_master = module.params.get('on_master') fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) standard_logging_setup( paths.IPACLIENT_INSTALL_LOG, verbose=True, debug=False, filemode='a', console_format='%(message)s') os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE options.dns_updates = False options.all_ip_addresses = False options.ip_addresses = None options.request_cert = False options.hostname = hostname options.preserve_sssd = False options.on_master = False options.conf_ssh = True options.conf_sshd = True options.conf_sudo = True options.primary = False options.permit = False options.krb5_offline_passwords = False options.create_sshfp = True ########################################################################## # Create IPA NSS database try: create_ipa_nssdb() except ipautil.CalledProcessError as e: module.fail_json(msg="Failed to create IPA NSS database: %s" % e) # Get CA certificates from the certificate store try: ca_certs = get_certs_from_ldap(servers[0], basedn, realm, ca_enabled) except errors.NoCertificateError: if ca_enabled: ca_subject = DN(('CN', 'Certificate Authority'), subject_base) else: ca_subject = None ca_certs = certstore.make_compat_ca_certs(ca_certs, realm, ca_subject) ca_certs_trust = [(c, n, certstore.key_policy_to_trust_flags(t, True, u)) for (c, n, t, u) in ca_certs] if hasattr(paths, "KDC_CA_BUNDLE_PEM"): x509.write_certificate_list( [c for c, n, t, u in ca_certs if t is not False], paths.KDC_CA_BUNDLE_PEM) if hasattr(paths, "CA_BUNDLE_PEM"): x509.write_certificate_list( [c for c, n, t, u in ca_certs if t is not False], paths.CA_BUNDLE_PEM) # Add the CA certificates to the IPA NSS database module.debug("Adding CA certificates to the IPA NSS database.") ipa_db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR) for cert, nickname, trust_flags in ca_certs_trust: try: ipa_db.add_cert(cert, nickname, trust_flags) except CalledProcessError as e: module.fail_json(msg="Failed to add %s to the IPA NSS database." % nickname) # Add the CA certificates to the platform-dependant systemwide CA store tasks.insert_ca_certs_into_systemwide_ca_store(ca_certs) if not on_master: client_dns(servers[0], hostname, options) configure_certmonger(fstore, subject_base, realm, hostname, options, ca_enabled) if hasattr(paths, "SSH_CONFIG_DIR"): ssh_config_dir = paths.SSH_CONFIG_DIR else: ssh_config_dir = services.knownservices.sshd.get_config_dir() update_ssh_keys(hostname, ssh_config_dir, options.create_sshfp) try: os.remove(paths.IPA_DNS_CCACHE) except Exception: pass ########################################################################## # Name Server Caching Daemon. Disable for SSSD, use otherwise # (if installed) nscd = services.knownservices.nscd if nscd.is_installed(): if NUM_VERSION < 40500: save_state(nscd) else: save_state(nscd, statestore) try: nscd_service_action = 'stop' nscd.stop() except Exception: module.warn("Failed to %s the %s daemon" % (nscd_service_action, nscd.service_name)) try: nscd.disable() except Exception: module.warn("Failed to disable %s daemon. Disable it manually." % nscd.service_name) nslcd = services.knownservices.nslcd if nslcd.is_installed(): if NUM_VERSION < 40500: save_state(nslcd) else: save_state(nslcd, statestore) ########################################################################## # Modify nsswitch/pam stack tasks.modify_nsswitch_pam_stack(sssd=True, mkhomedir=mkhomedir, statestore=statestore) module.log("SSSD enabled") argspec = inspect.getargspec(services.service) if len(argspec.args) > 1: sssd = services.service('sssd', api) else: sssd = services.service('sssd') try: sssd.restart() except CalledProcessError: module.warn("SSSD service restart was unsuccessful.") try: sssd.enable() except CalledProcessError as e: module.warn( "Failed to enable automatic startup of the SSSD daemon: " "%s", e) if configure_openldap_conf(fstore, basedn, servers): module.log("Configured /etc/openldap/ldap.conf") else: module.log("Failed to configure /etc/openldap/ldap.conf") # Check that nss is working properly if not on_master: user = principal if user is None or user == "": user = "******" % domain module.log("Principal is not set when enrolling with OTP" "; using principal '%s' for 'getent passwd'" % user) elif '@' not in user: user = "******" % (user, domain) n = 0 found = False # Loop for up to 10 seconds to see if nss is working properly. # It can sometimes take a few seconds to connect to the remote # provider. # Particulary, SSSD might take longer than 6-8 seconds. while n < 10 and not found: try: ipautil.run([paths.GETENT if hasattr(paths, "GETENT") else "getent", "passwd", user]) found = True except Exception as e: time.sleep(1) n = n + 1 if not found: module.fail_json(msg="Unable to find '%s' user with 'getent " "passwd %s'!" % (user.split("@")[0], user)) if conf: module.log("Recognized configuration: %s" % conf) else: module.fail_json(msg= "Unable to reliably detect " "configuration. Check NSS setup manually.") try: hardcode_ldap_server(servers) except Exception as e: module.fail_json(msg="Adding hardcoded server name to " "/etc/ldap.conf failed: %s" % str(e)) ########################################################################## module.exit_json(changed=True, ca_enabled_ra=ca_enabled)
def main(): global results global nim_node module = AnsibleModule( argument_spec=dict( action=dict(type='str', required=True, choices=['update', 'master_setup', 'check', 'compare', 'script', 'allocate', 'deallocate', 'bos_inst', 'define_script', 'remove', 'reset', 'reboot', 'maintenance']), description=dict(type='str'), lpp_source=dict(type='str'), targets=dict(type='list', elements='str'), asynchronous=dict(type='bool', default=False), device=dict(type='str'), script=dict(type='str'), resource=dict(type='str'), location=dict(type='str'), group=dict(type='str'), force=dict(type='bool', default=False), operation=dict(type='str'), ), required_if=[ ['action', 'update', ['targets', 'lpp_source']], ['action', 'master_setup', ['device']], ['action', 'compare', ['targets']], ['action', 'script', ['targets', 'script']], ['action', 'allocate', ['targets', 'lpp_source']], ['action', 'deallocate', ['targets', 'lpp_source']], ['action', 'bos_inst', ['targets', 'group']], ['action', 'define_script', ['resource', 'location']], ['action', 'remove', ['resource']], ['action', 'reset', ['targets']], ['action', 'reboot', ['targets']], ['action', 'maintenance', ['targets']] ] ) results = dict( changed=False, msg='', stdout='', stderr='', nim_output=[], ) module.debug('*** START ***') # ========================================================================= # Get module params # ========================================================================= lpp_source = module.params['lpp_source'] targets = module.params['targets'] asynchronous = module.params['asynchronous'] device = module.params['device'] script = module.params['script'] resource = module.params['resource'] location = module.params['location'] group = module.params['group'] force = module.params['force'] action = module.params['action'] operation = module.params['operation'] params = {} description = module.params['description'] if description is None: description = "NIM operation: {} request".format(action) params['description'] = description # ========================================================================= # Build nim node info # ========================================================================= build_nim_node(module) if action == 'update': params['targets'] = targets params['lpp_source'] = lpp_source params['asynchronous'] = asynchronous params['force'] = force nim_update(module, params) elif action == 'maintenance': params['targets'] = targets params['operation'] = operation nim_maintenance(module, params) elif action == 'master_setup': params['device'] = device nim_master_setup(module, params) elif action == 'check': params['targets'] = targets nim_check(module, params) elif action == 'compare': params['targets'] = targets nim_compare(module, params) elif action == 'script': params['targets'] = targets params['script'] = script params['asynchronous'] = asynchronous nim_script(module, params) elif action == 'allocate': params['targets'] = targets params['lpp_source'] = lpp_source nim_allocate(module, params) elif action == 'deallocate': params['targets'] = targets params['lpp_source'] = lpp_source nim_deallocate(module, params) elif action == 'bos_inst': params['targets'] = targets params['group'] = group params['script'] = script nim_bos_inst(module, params) elif action == 'define_script': params['resource'] = resource params['location'] = location nim_define_script(module, params) elif action == 'remove': params['resource'] = resource nim_remove(module, params) elif action == 'reset': params['targets'] = targets params['force'] = force nim_reset(module, params) elif action == 'reboot': params['targets'] = targets nim_reboot(module, params) else: results['msg'] = 'NIM - Error: Unknown action {}'.format(action) module.fail_json(**results) results['nim_node'] = nim_node results['msg'] = 'NIM {} completed successfully'.format(action) module.exit_json(**results)
def main(): # The following example playbooks: # # - cron: name="check dirs" hour="5,2" job="ls -alh > /dev/null" # # - name: do the job # cron: name="do the job" hour="5,2" job="/some/dir/job.sh" # # - name: no job # cron: name="an old job" state=absent # # - name: sets env # cron: name="PATH" env=yes value="/bin:/usr/bin" # # Would produce: # PATH=/bin:/usr/bin # # Ansible: check dirs # * * 5,2 * * ls -alh > /dev/null # # Ansible: do the job # * * 5,2 * * /some/dir/job.sh module = AnsibleModule( argument_spec=dict( name=dict(type='str'), user=dict(type='str'), job=dict(type='str', aliases=['value']), cron_file=dict(type='str'), state=dict(type='str', default='present', choices=['present', 'absent']), backup=dict(type='bool', default=False), minute=dict(type='str', default='*'), hour=dict(type='str', default='*'), day=dict(type='str', default='*', aliases=['dom']), month=dict(type='str', default='*'), weekday=dict(type='str', default='*', aliases=['dow']), reboot=dict(type='bool', default=False), special_time=dict(type='str', choices=[ "reboot", "yearly", "annually", "monthly", "weekly", "daily", "hourly" ]), disabled=dict(type='bool', default=False), env=dict(type='bool'), insertafter=dict(type='str'), insertbefore=dict(type='str'), ), supports_check_mode=True, mutually_exclusive=[ ['reboot', 'special_time'], ['insertafter', 'insertbefore'], ], ) name = module.params['name'] user = module.params['user'] job = module.params['job'] cron_file = module.params['cron_file'] state = module.params['state'] backup = module.params['backup'] minute = module.params['minute'] hour = module.params['hour'] day = module.params['day'] month = module.params['month'] weekday = module.params['weekday'] reboot = module.params['reboot'] special_time = module.params['special_time'] disabled = module.params['disabled'] env = module.params['env'] insertafter = module.params['insertafter'] insertbefore = module.params['insertbefore'] do_install = state == 'present' changed = False res_args = dict() warnings = list() if cron_file: cron_file_basename = os.path.basename(cron_file) if not re.search(r'^[A-Z0-9_-]+$', cron_file_basename, re.I): warnings.append( 'Filename portion of cron_file ("%s") should consist' % cron_file_basename + ' solely of upper- and lower-case letters, digits, underscores, and hyphens' ) # Ensure all files generated are only writable by the owning user. Primarily relevant for the cron_file option. os.umask(int('022', 8)) crontab = CronTab(module, user, cron_file) module.debug('cron instantiated - name: "%s"' % name) if not name: module.deprecate( msg="The 'name' parameter will be required in future releases.", version='2.12', collection_name='ansible.builtin') if reboot: module.deprecate( msg= "The 'reboot' parameter will be removed in future releases. Use 'special_time' option instead.", version='2.12', collection_name='ansible.builtin') if module._diff: diff = dict() diff['before'] = crontab.n_existing if crontab.cron_file: diff['before_header'] = crontab.cron_file else: if crontab.user: diff['before_header'] = 'crontab for user "%s"' % crontab.user else: diff['before_header'] = 'crontab' # --- user input validation --- if env and not name: module.fail_json( msg= "You must specify 'name' while working with environment variables (env=yes)" ) if (special_time or reboot) and \ (True in [(x != '*') for x in [minute, hour, day, month, weekday]]): module.fail_json( msg="You must specify time and date fields or special time.") # cannot support special_time on solaris if (special_time or reboot) and platform.system() == 'SunOS': module.fail_json( msg="Solaris does not support special_time=... or @reboot") if cron_file and do_install: if not user: module.fail_json( msg= "To use cron_file=... parameter you must specify user=... as well" ) if job is None and do_install: module.fail_json( msg="You must specify 'job' to install a new cron job or variable") if (insertafter or insertbefore) and not env and do_install: module.fail_json( msg= "Insertafter and insertbefore parameters are valid only with env=yes" ) if reboot: special_time = "reboot" # if requested make a backup before making a change if backup and not module.check_mode: (backuph, backup_file) = tempfile.mkstemp(prefix='crontab') crontab.write(backup_file) if crontab.cron_file and not do_install: if module._diff: diff['after'] = '' diff['after_header'] = '/dev/null' else: diff = dict() if module.check_mode: changed = os.path.isfile(crontab.cron_file) else: changed = crontab.remove_job_file() module.exit_json(changed=changed, cron_file=cron_file, state=state, diff=diff) if env: if ' ' in name: module.fail_json(msg="Invalid name for environment variable") decl = '%s="%s"' % (name, job) old_decl = crontab.find_env(name) if do_install: if len(old_decl) == 0: crontab.add_env(decl, insertafter, insertbefore) changed = True if len(old_decl) > 0 and old_decl[1] != decl: crontab.update_env(name, decl) changed = True else: if len(old_decl) > 0: crontab.remove_env(name) changed = True else: if do_install: for char in ['\r', '\n']: if char in job.strip('\r\n'): warnings.append('Job should not contain line breaks') break job = crontab.get_cron_job(minute, hour, day, month, weekday, job, special_time, disabled) old_job = crontab.find_job(name, job) if len(old_job) == 0: crontab.add_job(name, job) changed = True if len(old_job) > 0 and old_job[1] != job: crontab.update_job(name, job) changed = True if len(old_job) > 2: crontab.update_job(name, job) changed = True else: old_job = crontab.find_job(name) if len(old_job) > 0: crontab.remove_job(name) changed = True # no changes to env/job, but existing crontab needs a terminating newline if not changed and crontab.n_existing != '': if not (crontab.n_existing.endswith('\r') or crontab.n_existing.endswith('\n')): changed = True res_args = dict(jobs=crontab.get_jobnames(), envs=crontab.get_envnames(), warnings=warnings, changed=changed) if changed: if not module.check_mode: crontab.write() if module._diff: diff['after'] = crontab.render() if crontab.cron_file: diff['after_header'] = crontab.cron_file else: if crontab.user: diff[ 'after_header'] = 'crontab for user "%s"' % crontab.user else: diff['after_header'] = 'crontab' res_args['diff'] = diff # retain the backup only if crontab or cron file have changed if backup and not module.check_mode: if changed: res_args['backup_file'] = backup_file else: os.unlink(backup_file) if cron_file: res_args['cron_file'] = cron_file module.exit_json(**res_args) # --- should never get here module.exit_json(msg="Unable to execute cron task.")
def main(): module = AnsibleModule( argument_spec=dict( servers=dict(required=False, type='list', default=[]), domain=dict(required=False), realm=dict(required=False), hostname=dict(required=False), ca_cert_file=dict(required=False), on_master=dict(required=False, type='bool', default=False), ntp_servers=dict(required=False, type='list', default=[]), ntp_pool=dict(required=False), no_ntp=dict(required=False, type='bool', default=False), #no_nisdomain=dict(required=False, type='bool', default='no'), #nisdomain=dict(required=False), ), supports_check_mode=True, ) module._ansible_debug = True options.domain = module.params.get('domain') options.servers = module.params.get('servers') options.realm = module.params.get('realm') options.hostname = module.params.get('hostname') options.ca_cert_file = module.params.get('ca_cert_file') options.on_master = module.params.get('on_master') options.ntp_servers = module.params.get('ntp_servers') options.ntp_pool = module.params.get('ntp_pool') options.no_ntp = module.params.get('no_ntp') options.conf_ntp = not options.no_ntp #options.no_nisdomain = module.params.get('no_nisdomain') #options.nisdomain = module.params.get('nisdomain') #options.ip_addresses #options.all_ip_addresses #options.enable_dns_updates hostname = None hostname_source = None dnsok = False cli_domain = None cli_server = None cli_realm = None cli_kdc = None client_domain = None cli_basedn = None fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) if options.ntp_servers and options.no_ntp: module.fail_json("--ntp-server cannot be used together with --no-ntp") if options.ntp_pool and options.no_ntp: module.fail_json("--ntp-pool cannot be used together with --no-ntp") #if options.no_nisdomain and options.nisdomain: # module.fail_json( # "--no-nisdomain cannot be used together with --nisdomain") #if options.ip_addresses: # if options.enable_dns_updates: # module.fail_json( # "--ip-addresses cannot be used together with" # " --enable-dns-updates") # if options.all_ip_addresses: # module.fail_json( # "--ip-address cannot be used together with" # "--all-ip-addresses") if options.hostname: hostname = options.hostname hostname_source = 'Provided as option' else: hostname = socket.getfqdn() hostname_source = "Machine's FQDN" if hostname != hostname.lower(): module.fail_json(msg="Invalid hostname '%s', must be lower-case." % hostname) if (hostname == 'localhost') or (hostname == 'localhost.localdomain'): module.fail_json(msg="Invalid hostname, '%s' must not be used." % hostname) # Get domain from first server if domain is not set, but there are servers if options.domain is None and len(options.servers) > 0: options.domain = options.servers[0][options.servers[0].find(".") + 1:] # Create the discovery instance ds = ipadiscovery.IPADiscovery() ret = ds.search(domain=options.domain, servers=options.servers, realm=options.realm, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) if options.servers and ret != 0: # There is no point to continue with installation as server list was # passed as a fixed list of server and thus we cannot discover any # better result module.fail_json(msg="Failed to verify that %s is an IPA Server." % \ ', '.join(options.servers)) if ret == ipadiscovery.BAD_HOST_CONFIG: module.fail_json(msg="Can't get the fully qualified name of this host") if ret == ipadiscovery.NOT_FQDN: module.fail_json(msg="%s is not a fully-qualified hostname" % hostname) if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \ or not ds.domain: if ret == ipadiscovery.NO_LDAP_SERVER: if ds.server: module.log("%s is not an LDAP server" % ds.server) else: module.log("No LDAP server found") elif ret == ipadiscovery.NOT_IPA_SERVER: if ds.server: module.log("%s is not an IPA server" % ds.server) else: module.log("No IPA server found") else: module.log("Domain not found") if options.domain: cli_domain = options.domain cli_domain_source = 'Provided as option' else: module.fail_json(msg="Unable to discover domain, not provided") ret = ds.search(domain=cli_domain, servers=options.servers, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) if not cli_domain: if ds.domain: cli_domain = ds.domain cli_domain_source = ds.domain_source module.debug("will use discovered domain: %s" % cli_domain) client_domain = hostname[hostname.find(".") + 1:] if ret in (ipadiscovery.NO_LDAP_SERVER, ipadiscovery.NOT_IPA_SERVER) \ or not ds.server: module.debug("IPA Server not found") if options.servers: cli_server = options.servers cli_server_source = 'Provided as option' else: module.fail_json(msg="Unable to find IPA Server to join") ret = ds.search(domain=cli_domain, servers=cli_server, hostname=hostname, ca_cert_path=get_cert_path(options.ca_cert_file)) else: # Only set dnsok to True if we were not passed in one or more servers # and if DNS discovery actually worked. if not options.servers: (server, domain) = ds.check_domain(ds.domain, set(), "Validating DNS Discovery") if server and domain: module.debug("DNS validated, enabling discovery") dnsok = True else: module.debug("DNS discovery failed, disabling discovery") else: module.debug( "Using servers from command line, disabling DNS discovery") if not cli_server: if options.servers: cli_server = ds.servers cli_server_source = 'Provided as option' module.debug("will use provided server: %s" % ', '.join(options.servers)) elif ds.server: cli_server = ds.servers cli_server_source = ds.server_source module.debug("will use discovered server: %s" % cli_server[0]) if ret == ipadiscovery.NOT_IPA_SERVER: module.fail_json(msg="%s is not an IPA v2 Server." % cli_server[0]) if ret == ipadiscovery.NO_ACCESS_TO_LDAP: module.warn("Anonymous access to the LDAP server is disabled.") ret = 0 if ret == ipadiscovery.NO_TLS_LDAP: module.warn( "The LDAP server requires TLS is but we do not have the CA.") ret = 0 if ret != 0: module.fail_json(msg="Failed to verify that %s is an IPA Server." % cli_server[0]) cli_kdc = ds.kdc if dnsok and not cli_kdc: module.fail_json(msg="DNS domain '%s' is not configured for automatic " "KDC address lookup." % ds.realm.lower()) if dnsok: module.log("Discovery was successful!") cli_realm = ds.realm cli_realm_source = ds.realm_source module.debug("will use discovered realm: %s" % cli_realm) if options.realm and options.realm != cli_realm: module.fail_json( msg= "The provided realm name [%s] does not match discovered one [%s]" % (options.realm, cli_realm)) cli_basedn = str(ds.basedn) cli_basedn_source = ds.basedn_source module.debug("will use discovered basedn: %s" % cli_basedn) module.log("Client hostname: %s" % hostname) module.debug("Hostname source: %s" % hostname_source) module.log("Realm: %s" % cli_realm) module.debug("Realm source: %s" % cli_realm_source) module.log("DNS Domain: %s" % cli_domain) module.debug("DNS Domain source: %s" % cli_domain_source) module.log("IPA Server: %s" % ', '.join(cli_server)) module.debug("IPA Server source: %s" % cli_server_source) module.log("BaseDN: %s" % cli_basedn) module.debug("BaseDN source: %s" % cli_basedn_source) # ipa-join would fail with IP address instead of a FQDN for srv in cli_server: try: socket.inet_pton(socket.AF_INET, srv) is_ipaddr = True except socket.error: try: socket.inet_pton(socket.AF_INET6, srv) is_ipaddr = True except socket.error: is_ipaddr = False if is_ipaddr: module.warn("It seems that you are using an IP address " "instead of FQDN as an argument to --server. The " "installation may fail.") break ntp_servers = [] if sync_time is not None: if options.conf_ntp: # Attempt to configure and sync time with NTP server (chrony). sync_time(options, fstore, statestore) elif options.on_master: # If we're on master skipping the time sync here because it was done # in ipa-server-install logger.info( "Skipping attempt to configure and synchronize time with" " chrony server as it has been already done on master.") else: logger.info("Skipping chrony configuration") elif not options.on_master and options.conf_ntp: # Attempt to sync time with IPA server. # If we're skipping NTP configuration, we also skip the time sync here. # We assume that NTP servers are discoverable through SRV records # in the DNS. # If that fails, we try to sync directly with IPA server, # assuming it runs NTP if len(options.ntp_servers) < 1: # Detect NTP servers ds = ipadiscovery.IPADiscovery() ntp_servers = ds.ipadns_search_srv(cli_domain, '_ntp._udp', None, break_on_first=False) else: ntp_servers = options.ntp_servers # Attempt to sync time: # At first with given or dicovered time servers. If no ntp # servers have been given or discovered, then with the ipa # server. module.log('Synchronizing time ...') synced_ntp = False # use user specified NTP servers if there are any for s in ntp_servers: synced_ntp = timeconf.synconce_ntp(s, False) if synced_ntp: break if not synced_ntp and not ntp_servers: synced_ntp = timeconf.synconce_ntp(cli_server[0], False) if not synced_ntp: module.warn("Unable to sync time with NTP server") # Check if ipa client is already configured if is_client_configured(): # Check that realm and domain match current_config = get_ipa_conf() if cli_domain != current_config.get('domain'): return module.fail_json(msg="IPA client already installed " "with a conflicting domain") if cli_realm != current_config.get('realm'): return module.fail_json(msg="IPA client already installed " "with a conflicting realm") # Done module.exit_json(changed=True, servers=cli_server, domain=cli_domain, realm=cli_realm, kdc=cli_kdc, basedn=cli_basedn, hostname=hostname, client_domain=client_domain, dnsok=dnsok, ntp_servers=ntp_servers, ipa_python_version=IPA_PYTHON_VERSION)
def main(): module = AnsibleModule(argument_spec=dict( log=dict(required=False, default='INFO', choices=['DEBUG', 'INFO', 'ERROR', 'CRITICAL']), appliance=dict(required=True), lmi_port=dict(required=False, default=443, type='int'), action=dict(required=True), force=dict(required=False, default=False, type='bool'), username=dict(required=False), password=dict(required=True), isdsapi=dict(required=False, type='dict'), adminProxyProtocol=dict(required=False, default='https', choices=['http', 'https']), adminProxyHostname=dict(required=False), adminProxyPort=dict(required=False, default=443, type='int'), adminProxyApplianceShortName=dict(required=False, default=False, type='bool'), omitAdminProxy=dict(required=False, default=False, type='bool')), supports_check_mode=True) module.debug('Started isds module') # Process all Arguments logLevel = module.params['log'] force = module.params['force'] action = module.params['action'] appliance = module.params['appliance'] lmi_port = module.params['lmi_port'] username = module.params['username'] password = module.params['password'] adminProxyProtocol = module.params['adminProxyProtocol'] adminProxyHostname = module.params['adminProxyHostname'] adminProxyPort = module.params['adminProxyPort'] adminProxyApplianceShortName = module.params[ 'adminProxyApplianceShortName'] omitAdminProxy = module.params['omitAdminProxy'] # Setup logging for format, set log level and redirect to string strlog = StringIO() DEFAULT_LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'standard': { 'format': '[%(asctime)s] [PID:%(process)d TID:%(thread)d] [%(levelname)s] [%(name)s] [%(funcName)s():%(lineno)s] %(message)s' }, }, 'handlers': { 'default': { 'level': logLevel, 'formatter': 'standard', 'class': 'logging.StreamHandler', 'stream': strlog }, }, 'loggers': { '': { 'handlers': ['default'], 'level': logLevel, 'propagate': True }, 'requests.packages.urllib3.connectionpool': { 'handlers': ['default'], 'level': 'ERROR', 'propagate': True } } } logging.config.dictConfig(DEFAULT_LOGGING) # Create appliance object to be used for all calls if username == '' or username is None: u = ApplianceUser(password=password) else: u = ApplianceUser(username=username, password=password) # Create appliance object to be used for all calls # if adminProxy hostname is set, use the ISDSApplianceAdminProxy if adminProxyHostname == '' or adminProxyHostname is None or omitAdminProxy: isds_server = ISDSAppliance(hostname=appliance, user=u, lmi_port=lmi_port) else: isds_server = ISDSApplianceAdminProxy( adminProxyHostname=adminProxyHostname, user=u, hostname=appliance, adminProxyProtocol=adminProxyProtocol, adminProxyPort=adminProxyPort, adminProxyApplianceShortName=adminProxyApplianceShortName) # Create options string to pass to action method options = 'isdsAppliance=isds_server, force=' + str(force) if module.check_mode is True: options = options + ', check_mode=True' if isinstance(module.params['isdsapi'], dict): for key, value in module.params['isdsapi'].iteritems(): if isinstance(value, basestring): options = options + ', ' + key + '="' + value + '"' else: options = options + ', ' + key + '=' + str(value) module.debug('Option to be passed to action: ' + options) # Dynamically process the action to be invoked # Simple check to restrict calls to just "isds" ones for safety if action.startswith('ibmsecurity.isds.'): try: module_name, method_name = action.rsplit('.', 1) module.debug('Action method to be imported from module: ' + module_name) module.debug('Action method name is: ' + method_name) mod = importlib.import_module(module_name) func_ptr = getattr( mod, method_name) # Convert action to actual function pointer func_call = 'func_ptr(' + options + ')' startd = datetime.datetime.now() # Execute requested 'action' ret_obj = eval(func_call) endd = datetime.datetime.now() delta = endd - startd ret_obj['stdout'] = strlog.getvalue() ret_obj['stdout_lines'] = strlog.getvalue().split() ret_obj['start'] = str(startd) ret_obj['end'] = str(endd) ret_obj['delta'] = str(delta) ret_obj['cmd'] = action + "(" + options + ")" ret_obj['ansible_facts'] = isds_server.facts module.exit_json(**ret_obj) except ImportError: module.fail_json( name=action, msg='Error> action belongs to a module that is not found!', log=strlog.getvalue()) except AttributeError: module.fail_json( name=action, msg= 'Error> invalid action was specified, method not found in module!', log=strlog.getvalue()) except TypeError: module.fail_json( name=action, msg= 'Error> action does not have the right set of arguments or there is a code bug! Options: ' + options, log=strlog.getvalue()) except IBMError as e: module.fail_json(name=action, msg=str(e), log=strlog.getvalue()) else: module.fail_json( name=action, msg='Error> invalid action specified, needs to be isds!', log=strlog.getvalue())
def main(): # The following example playbooks: # # - cronvar: name="SHELL" value="/bin/bash" # # - name: Set the email # cronvar: name="EMAILTO" value="*****@*****.**" # # - name: Get rid of the old new host variable # cronvar: name="NEW_HOST" state=absent # # Would produce: # SHELL = /bin/bash # EMAILTO = [email protected] module = AnsibleModule( argument_spec=dict( name=dict(type='str', required=True), value=dict(type='str'), user=dict(type='str'), cron_file=dict(type='str'), insertafter=dict(type='str'), insertbefore=dict(type='str'), state=dict(type='str', default='present', choices=['absent', 'present']), backup=dict(type='bool', default=False), ), mutually_exclusive=[['insertbefore', 'insertafter']], supports_check_mode=False, ) name = module.params['name'] value = module.params['value'] user = module.params['user'] cron_file = module.params['cron_file'] insertafter = module.params['insertafter'] insertbefore = module.params['insertbefore'] state = module.params['state'] backup = module.params['backup'] ensure_present = state == 'present' changed = False res_args = dict() # Ensure all files generated are only writable by the owning user. Primarily relevant for the cron_file option. os.umask(int('022', 8)) cronvar = CronVar(module, user, cron_file) module.debug('cronvar instantiated - name: "%s"' % name) # --- user input validation --- if name is None and ensure_present: module.fail_json(msg="You must specify 'name' to insert a new cron variabale") if value is None and ensure_present: module.fail_json(msg="You must specify 'value' to insert a new cron variable") if name is None and not ensure_present: module.fail_json(msg="You must specify 'name' to remove a cron variable") # if requested make a backup before making a change if backup: (_, backup_file) = tempfile.mkstemp(prefix='cronvar') cronvar.write(backup_file) if cronvar.cron_file and not name and not ensure_present: changed = cronvar.remove_job_file() module.exit_json(changed=changed, cron_file=cron_file, state=state) old_value = cronvar.find_variable(name) if ensure_present: if old_value is None: cronvar.add_variable(name, value, insertbefore, insertafter) changed = True elif old_value != value: cronvar.update_variable(name, value) changed = True else: if old_value is not None: cronvar.remove_variable(name) changed = True res_args = { "vars": cronvar.get_var_names(), "changed": changed } if changed: cronvar.write() # retain the backup only if crontab or cron file have changed if backup: if changed: res_args['backup_file'] = backup_file else: os.unlink(backup_file) if cron_file: res_args['cron_file'] = cron_file module.exit_json(**res_args)
def main(): module = AnsibleModule(argument_spec=dict( name=dict(type='list', elements='str', required=True), state=dict( type='str', default='present', choices=['absent', 'installed', 'latest', 'present', 'removed']), build=dict(type='bool', default=False), snapshot=dict(type='bool', default=False), ports_dir=dict(type='path', default='/usr/ports'), quick=dict(type='bool', default=False), clean=dict(type='bool', default=False), ), mutually_exclusive=[['snapshot', 'build']], supports_check_mode=True) name = module.params['name'] state = module.params['state'] build = module.params['build'] ports_dir = module.params['ports_dir'] rc = 0 stdout = '' stderr = '' result = {} result['name'] = name result['state'] = state result['build'] = build # The data structure used to keep track of package information. pkg_spec = {} if build is True: if not os.path.isdir(ports_dir): module.fail_json( msg="the ports source directory %s does not exist" % (ports_dir)) # build sqlports if its not installed yet parse_package_name(['sqlports'], pkg_spec, module) get_package_state(['sqlports'], pkg_spec, module) if not pkg_spec['sqlports']['installed_state']: module.debug("main(): installing 'sqlports' because build=%s" % module.params['build']) package_present(['sqlports'], pkg_spec, module) asterisk_name = False for n in name: if n == '*': if len(name) != 1: module.fail_json( msg="the package name '*' can not be mixed with other names" ) asterisk_name = True if asterisk_name: if state != 'latest': module.fail_json( msg="the package name '*' is only valid when using state=latest" ) else: # Perform an upgrade of all installed packages. upgrade_packages(pkg_spec, module) else: # Parse package names and put results in the pkg_spec dictionary. parse_package_name(name, pkg_spec, module) # Not sure how the branch syntax is supposed to play together # with build mode. Disable it for now. for n in name: if pkg_spec[n]['branch'] and module.params['build'] is True: module.fail_json( msg= "the combination of 'branch' syntax and build=%s is not supported: %s" % (module.params['build'], n)) # Get state for all package names. get_package_state(name, pkg_spec, module) # Perform requested action. if state in ['installed', 'present']: package_present(name, pkg_spec, module) elif state in ['absent', 'removed']: package_absent(name, pkg_spec, module) elif state == 'latest': package_latest(name, pkg_spec, module) # The combined changed status for all requested packages. If anything # is changed this is set to True. combined_changed = False # The combined failed status for all requested packages. If anything # failed this is set to True. combined_failed = False # We combine all error messages in this comma separated string, for example: # "msg": "Can't find nmapp\n, Can't find nmappp\n" combined_error_message = '' # Loop over all requested package names and check if anything failed or # changed. for n in name: if pkg_spec[n]['rc'] != 0: combined_failed = True if pkg_spec[n]['stderr']: if combined_error_message: combined_error_message += ", %s" % pkg_spec[n]['stderr'] else: combined_error_message = pkg_spec[n]['stderr'] else: if combined_error_message: combined_error_message += ", %s" % pkg_spec[n]['stdout'] else: combined_error_message = pkg_spec[n]['stdout'] if pkg_spec[n]['changed'] is True: combined_changed = True # If combined_error_message contains anything at least some part of the # list of requested package names failed. if combined_failed: module.fail_json(msg=combined_error_message, **result) result['changed'] = combined_changed module.exit_json(**result)
def main(): # The following example playbooks: # # - cronvar: name="SHELL" value="/bin/bash" # # - name: Set the email # cronvar: name="EMAILTO" value="*****@*****.**" # # - name: Get rid of the old new host variable # cronvar: name="NEW_HOST" state=absent # # Would produce: # SHELL = /bin/bash # EMAILTO = [email protected] module = AnsibleModule( argument_spec=dict( name=dict(type='str', required=True), value=dict(type='str'), user=dict(type='str'), cron_file=dict(type='str'), insertafter=dict(type='str'), insertbefore=dict(type='str'), state=dict(type='str', default='present', choices=['absent', 'present']), backup=dict(type='bool', default=False), ), mutually_exclusive=[['insertbefore', 'insertafter']], supports_check_mode=False, ) name = module.params['name'] value = module.params['value'] user = module.params['user'] cron_file = module.params['cron_file'] insertafter = module.params['insertafter'] insertbefore = module.params['insertbefore'] state = module.params['state'] backup = module.params['backup'] ensure_present = state == 'present' changed = False res_args = dict() # Ensure all files generated are only writable by the owning user. Primarily relevant for the cron_file option. os.umask(int('022', 8)) cronvar = CronVar(module, user, cron_file) module.debug('cronvar instantiated - name: "%s"' % name) # --- user input validation --- if name is None and ensure_present: module.fail_json( msg="You must specify 'name' to insert a new cron variable") if value is None and ensure_present: module.fail_json( msg="You must specify 'value' to insert a new cron variable") if name is None and not ensure_present: module.fail_json( msg="You must specify 'name' to remove a cron variable") # if requested make a backup before making a change if backup: (_, backup_file) = tempfile.mkstemp(prefix='cronvar') cronvar.write(backup_file) if cronvar.cron_file and not name and not ensure_present: changed = cronvar.remove_job_file() module.exit_json(changed=changed, cron_file=cron_file, state=state) old_value = cronvar.find_variable(name) if ensure_present: if old_value is None: cronvar.add_variable(name, value, insertbefore, insertafter) changed = True elif old_value != value: cronvar.update_variable(name, value) changed = True else: if old_value is not None: cronvar.remove_variable(name) changed = True res_args = {"vars": cronvar.get_var_names(), "changed": changed} if changed: cronvar.write() # retain the backup only if crontab or cron file have changed if backup: if changed: res_args['backup_file'] = backup_file else: os.unlink(backup_file) if cron_file: res_args['cron_file'] = cron_file module.exit_json(**res_args)
def main(): module = AnsibleModule(argument_spec=dict( log=dict(default='INFO', choices=['DEBUG', 'INFO', 'ERROR', 'CRITICAL']), appliance=dict(required=True), lmi_port=dict(required=False, default=443, type='int'), username=dict(required=False), password=dict(required=True), isamuser=dict(required=False), isampwd=dict(required=True), isamdomain=dict(required=False, default='Default'), commands=dict(required=True, type='list'), adminProxyProtocol=dict(required=False, default='https', choices=['http', 'https']), adminProxyHostname=dict(required=False), adminProxyPort=dict(required=False, default=443, type='int'), adminProxyApplianceShortName=dict(required=False, default=False, type='bool'), omitAdminProxy=dict(required=False, default=False, type='bool')), supports_check_mode=False) module.debug('Started isamadmin module') # Process all Arguments logLevel = module.params['log'] appliance = module.params['appliance'] lmi_port = module.params['lmi_port'] username = module.params['username'] password = module.params['password'] isamuser = module.params['isamuser'] isampwd = module.params['isampwd'] isamdomain = module.params['isamdomain'] commands = module.params['commands'] adminProxyProtocol = module.params['adminProxyProtocol'] adminProxyHostname = module.params['adminProxyHostname'] adminProxyPort = module.params['adminProxyPort'] adminProxyApplianceShortName = module.params[ 'adminProxyApplianceShortName'] omitAdminProxy = module.params['omitAdminProxy'] # Setup logging for format, set log level and redirect to string strlog = StringIO() DEFAULT_LOGGING = { 'version': 1, 'disable_existing_loggers': False, 'formatters': { 'standard': { 'format': '[%(asctime)s] [PID:%(process)d TID:%(thread)d] [%(levelname)s] [%(name)s] [%(funcName)s():%(lineno)s] %(message)s' }, }, 'handlers': { 'default': { 'level': logLevel, 'formatter': 'standard', 'class': 'logging.StreamHandler', 'stream': strlog }, }, 'loggers': { '': { 'handlers': ['default'], 'level': logLevel, 'propagate': True }, 'requests.packages.urllib3.connectionpool': { 'handlers': ['default'], 'level': 'ERROR', 'propagate': True } } } logging.config.dictConfig(DEFAULT_LOGGING) # Create appliance object to be used for all calls if username == '' or username is None: u = ApplianceUser(password=password) else: u = ApplianceUser(username=username, password=password) # Create appliance object to be used for all calls # if adminProxy hostname is set, use the ISAMApplianceAdminProxy if adminProxyHostname == '' or adminProxyHostname is None or omitAdminProxy: isam_server = ISAMAppliance(hostname=appliance, user=u, lmi_port=lmi_port) else: isam_server = ISAMApplianceAdminProxy( adminProxyHostname=adminProxyHostname, user=u, hostname=appliance, adminProxyProtocol=adminProxyProtocol, adminProxyPort=adminProxyPort, adminProxyApplianceShortName=adminProxyApplianceShortName) if isamuser == '' or isamuser is None: iu = ISAMUser(password=isampwd) else: iu = ISAMUser(username=isamuser, password=isampwd) try: import ibmsecurity.isam.web.runtime.pdadmin startd = datetime.datetime.now() ret_obj = ibmsecurity.isam.web.runtime.pdadmin.execute( isamAppliance=isam_server, isamUser=iu, admin_domain=isamdomain, commands=commands) endd = datetime.datetime.now() delta = endd - startd ret_obj['stdout'] = strlog.getvalue() ret_obj['stdout_lines'] = strlog.getvalue().split() ret_obj['start'] = str(startd) ret_obj['end'] = str(endd) ret_obj['delta'] = str(delta) ret_obj[ 'cmd'] = "ibmsecurity.isam.config_fed_dir.runtime.pdadmin.execute(isamAppliance=isam_server, isamUser=iu, commands=" + str( commands) + ")" ret_obj['ansible_facts'] = isam_server.facts module.exit_json(**ret_obj) except ImportError: module.fail_json(name='pdadmin', msg='Error> Unable to import pdadmin module!', log=strlog.getvalue()) except AttributeError: module.fail_json( name='pdadmin', msg='Error> Error finding execute function of pdadmin module', log=strlog.getvalue()) except TypeError: module.fail_json( name='pdadmin', msg= 'Error> pdadmin has wrong set of arguments or there is a bug in code!', log=strlog.getvalue()) except IBMError as e: module.fail_json(name='pdadmin', msg=str(e), log=strlog.getvalue())
def main(): module = AnsibleModule( argument_spec=dict( jid=dict(type='str'), alias=dict(type='str'), signal=dict(type='int', default=signal.SIGTERM), # passed in from the async_status action plugin _async_dir=dict(type='path', required=True), ), required_one_of=[['jid', 'alias']], mutually_exclusive=[['jid', 'alias']]) request = Request(module) response = Response(request) t = Tracker(module, response) data = t.load_job_state(request.log_path) module.debug("current state %s" % data) t.update_state(data) if response.finished: module.debug("job is finished. nothing to kill.") module.exit_json(**response.__dict__) if response.killed: module.debug("job has been killed previously. nothing to kill.") module.exit_json(**response.__dict__) pid = t.get_jid_pid(request.jid) alive = [pid] if not t.is_pid_alive(pid): alive = find_pid(request.jid) if not alive: module.debug( "job is unfinished and no wrapper alive. nothing to kill.") module.exit_json(**response.__dict__) # kill module.debug("alive pids = %s" % alive) data['killed'] = True prepare_state_update(request.log_path, data, "kill") for pid in alive: module.debug("killing group pid = %d, sig = %d" % (pid, request.signal)) t.kill_all(pid, request.signal) commit_state_update(request.log_path, "kill") # cleanup running wrapper marker try_cleanup_state_update(request.log_path, "tmp") response.killed = True module.exit_json(**response.__dict__)
def main(): global module global results global suma_params module = AnsibleModule(argument_spec=dict( action=dict(required=False, choices=[ 'download', 'preview', 'list', 'edit', 'run', 'unschedule', 'delete', 'config', 'default' ], type='str', default='preview'), oslevel=dict(required=False, type='str', default='Latest'), last_sp=dict(required=False, type='bool', default=False), extend_fs=dict(required=False, type='bool', default=True), download_dir=dict(required=False, type='path', default='/usr/sys/inst.images'), download_only=dict(required=False, type='bool', default=False), save_task=dict(required=False, type='bool', default=False), task_id=dict(required=False, type='str'), sched_time=dict(required=False, type='str'), description=dict(required=False, type='str'), metadata_dir=dict(required=False, type='path', default='/var/adm/ansible/metadata'), ), required_if=[ ['action', 'edit', ['task_id']], ['action', 'delete', ['task_id']], ['action', 'run', ['task_id']], ['action', 'download', ['oslevel']], ['action', 'preview', ['oslevel']], ['action', 'unschedule', ['task_id']], ], supports_check_mode=True) results = dict( changed=False, msg='', stdout='', stderr='', meta={'messages': []}, ) module.debug('*** START ***') module.run_command_environ_update = dict(LANG='C', LC_ALL='C', LC_MESSAGES='C', LC_CTYPE='C') action = module.params['action'] # switch action if action == 'list': suma_params['task_id'] = module.params['task_id'] suma_list() elif action == 'edit': suma_params['task_id'] = module.params['task_id'] suma_params['sched_time'] = module.params['sched_time'] suma_edit() elif action == 'unschedule': suma_params['task_id'] = module.params['task_id'] suma_unschedule() elif action == 'delete': suma_params['task_id'] = module.params['task_id'] suma_delete() elif action == 'run': suma_params['task_id'] = module.params['task_id'] suma_run() elif action == 'config': suma_config() elif action == 'default': suma_default() elif action == 'download' or action == 'preview': suma_params['oslevel'] = module.params['oslevel'] suma_params['download_dir'] = module.params['download_dir'] suma_params['metadata_dir'] = module.params['metadata_dir'] suma_params['download_only'] = module.params['download_only'] suma_params['save_task'] = module.params['save_task'] suma_params['last_sp'] = module.params['last_sp'] suma_params['extend_fs'] = module.params['extend_fs'] if module.params['description']: suma_params['description'] = module.params['description'] else: suma_params['description'] = "{} request for oslevel {}".format( action, module.params['oslevel']) suma_params['action'] = action suma_download() # Exit msg = 'Suma {} completed successfully'.format(action) module.log(msg) results['msg'] = msg module.exit_json(**results)
class OVHModuleBase(object): def __init__(self, derived_arg_spec, bypass_checks=False, no_log=False, check_invalid_arguments=None, mutually_exclusive=None, required_together=None, required_one_of=None, add_file_common_args=False, supports_check_mode=False, required_if=None, facts_module=False, skip_exec=False): merged_arg_spec = dict() merged_arg_spec.update(COMMON_ARGS) if derived_arg_spec: merged_arg_spec.update(derived_arg_spec) self.module = AnsibleModule(argument_spec=merged_arg_spec, bypass_checks=bypass_checks, no_log=no_log, mutually_exclusive=mutually_exclusive, required_together=required_together, required_if=required_if, required_one_of=required_one_of, add_file_common_args=add_file_common_args, supports_check_mode=supports_check_mode) self.check_mode = self.module.check_mode if not HAS_OVH: self.fail(msg=missing_required_lib( 'ovh (ovh >= {0})'.format(OVH_MIN_RELEASE)), exception=HAS_OVH_EXC) self.facts_module = facts_module self.init_results() if not skip_exec: self.exec_module(**self.module.params) self.module.exit_json(**self.results) def __getattribute__(self, attribute: str) -> 'Any': try: return super().__getattribute__(attribute) except AttributeError: return self.module.params.get(attribute) def init_results(self): self.results = dict(changed=False) def exec_module(self, **kwargs): self.fail("Error: {0} failed to implement exec_module method.".format( self.__class__.__name__)) def set_changed(self, changed: bool): self.results['changed'] = changed def fail(self, msg, **kwargs): ''' Shortcut for calling module.fail() :param msg: Error message text. :param kwargs: Any key=value pairs :return: None ''' self.module.fail_json(msg=msg, **kwargs) def log(self, msg, log_args: 'Optional[Dict[str,Any]]'): self.module.log(msg, log_args) def debug(self, msg): self.module.debug(msg) @property def client(self) -> ovh.Client: return self.delegated_client(self.consumer_key) def delegated_client(self, consumer_key: 'Optional[str]' = None) -> ovh.Client: return ovh.Client(endpoint=self.endpoint, application_key=self.application_key, application_secret=self.application_secret, consumer_key=consumer_key)
def main(): module = AnsibleModule( argument_spec=dict( name=dict(type='list', required=True), state=dict(type='str', default='present', choices=['absent', 'installed', 'latest', 'present', 'removed']), build=dict(type='bool', default=False), ports_dir=dict(type='path', default='/usr/ports'), quick=dict(type='bool', default=False), clean=dict(type='bool', default=False), ), supports_check_mode=True ) name = module.params['name'] state = module.params['state'] build = module.params['build'] ports_dir = module.params['ports_dir'] rc = 0 stdout = '' stderr = '' result = {} result['name'] = name result['state'] = state result['build'] = build # The data structure used to keep track of package information. pkg_spec = {} if build is True: if not os.path.isdir(ports_dir): module.fail_json(msg="the ports source directory %s does not exist" % (ports_dir)) # build sqlports if its not installed yet parse_package_name(['sqlports'], pkg_spec, module) get_package_state(['sqlports'], pkg_spec, module) if not pkg_spec['sqlports']['installed_state']: module.debug("main(): installing 'sqlports' because build=%s" % module.params['build']) package_present(['sqlports'], pkg_spec, module) asterisk_name = False for n in name: if n == '*': if len(name) != 1: module.fail_json(msg="the package name '*' can not be mixed with other names") asterisk_name = True if asterisk_name: if state != 'latest': module.fail_json(msg="the package name '*' is only valid when using state=latest") else: # Perform an upgrade of all installed packages. upgrade_packages(pkg_spec, module) else: # Parse package names and put results in the pkg_spec dictionary. parse_package_name(name, pkg_spec, module) # Not sure how the branch syntax is supposed to play together # with build mode. Disable it for now. for n in name: if pkg_spec[n]['branch'] and module.params['build'] is True: module.fail_json(msg="the combination of 'branch' syntax and build=%s is not supported: %s" % (module.params['build'], n)) # Get state for all package names. get_package_state(name, pkg_spec, module) # Perform requested action. if state in ['installed', 'present']: package_present(name, pkg_spec, module) elif state in ['absent', 'removed']: package_absent(name, pkg_spec, module) elif state == 'latest': package_latest(name, pkg_spec, module) # The combined changed status for all requested packages. If anything # is changed this is set to True. combined_changed = False # The combined failed status for all requested packages. If anything # failed this is set to True. combined_failed = False # We combine all error messages in this comma separated string, for example: # "msg": "Can't find nmapp\n, Can't find nmappp\n" combined_error_message = '' # Loop over all requested package names and check if anything failed or # changed. for n in name: if pkg_spec[n]['rc'] != 0: combined_failed = True if pkg_spec[n]['stderr']: if combined_error_message: combined_error_message += ", %s" % pkg_spec[n]['stderr'] else: combined_error_message = pkg_spec[n]['stderr'] else: if combined_error_message: combined_error_message += ", %s" % pkg_spec[n]['stdout'] else: combined_error_message = pkg_spec[n]['stdout'] if pkg_spec[n]['changed'] is True: combined_changed = True # If combined_error_message contains anything at least some part of the # list of requested package names failed. if combined_failed: module.fail_json(msg=combined_error_message, **result) result['changed'] = combined_changed module.exit_json(**result)
def main(): module = AnsibleModule( argument_spec=dict( state=dict(type='str', default='present', choices=['absent', 'present']), name=dict(type='str', required=True), gid=dict(type='int'), system=dict(type='bool', default=False), local=dict(type='bool', default=False) ), supports_check_mode=True, ) group = Group(module) module.debug('Group instantiated - platform %s' % group.platform) if group.distribution: module.debug('Group instantiated - distribution %s' % group.distribution) rc = None out = '' err = '' result = {} result['name'] = group.name result['state'] = group.state if group.state == 'absent': if group.group_exists(): if module.check_mode: module.exit_json(changed=True) (rc, out, err) = group.group_del() if rc != 0: module.fail_json(name=group.name, msg=err) elif group.state == 'present': if not group.group_exists(): if module.check_mode: module.exit_json(changed=True) (rc, out, err) = group.group_add(gid=group.gid, system=group.system) else: (rc, out, err) = group.group_mod(gid=group.gid) if rc is not None and rc != 0: module.fail_json(name=group.name, msg=err) if rc is None: result['changed'] = False else: result['changed'] = True if out: result['stdout'] = out if err: result['stderr'] = err if group.group_exists(): info = group.group_info() result['system'] = group.system result['gid'] = info[2] module.exit_json(**result)
def main(): module = AnsibleModule( argument_spec=dict(name=dict(required=True), port=dict(default=623, type='int'), user=dict(required=True, no_log=True), password=dict(required=True, no_log=True), state=dict(default='present', choices=['present', 'absent']), bootdev=dict(required=True, choices=[ 'network', 'hd', 'safe', 'optical', 'setup', 'default' ]), persistent=dict(default=False, type='bool'), uefiboot=dict(default=False, type='bool')), supports_check_mode=True, ) if command is None: module.fail_json(msg='the python pyghmi module is required') name = module.params['name'] port = module.params['port'] user = module.params['user'] password = module.params['password'] state = module.params['state'] bootdev = module.params['bootdev'] persistent = module.params['persistent'] uefiboot = module.params['uefiboot'] request = dict() if state == 'absent' and bootdev == 'default': module.fail_json( msg="The bootdev 'default' cannot be used with state 'absent'.") # --- run command --- try: ipmi_cmd = command.Command(bmc=name, userid=user, password=password, port=port) module.debug('ipmi instantiated - name: "%s"' % name) current = ipmi_cmd.get_bootdev() # uefimode may not supported by BMC, so use desired value as default current.setdefault('uefimode', uefiboot) if state == 'present' and current != dict( bootdev=bootdev, persistent=persistent, uefimode=uefiboot): request = dict(bootdev=bootdev, uefiboot=uefiboot, persist=persistent) elif state == 'absent' and current['bootdev'] == bootdev: request = dict(bootdev='default') else: module.exit_json(changed=False, **current) if module.check_mode: response = dict(bootdev=request['bootdev']) else: response = ipmi_cmd.set_bootdev(**request) if 'error' in response: module.fail_json(msg=response['error']) if 'persist' in request: response['persistent'] = request['persist'] if 'uefiboot' in request: response['uefimode'] = request['uefiboot'] module.exit_json(changed=True, **response) except Exception as e: module.fail_json(msg=str(e))
def main(): # The following example playbooks: # # - cron: name="check dirs" hour="5,2" job="ls -alh > /dev/null" # # - name: do the job # cron: name="do the job" hour="5,2" job="/some/dir/job.sh" # # - name: no job # cron: name="an old job" state=absent # # - name: sets env # cron: name="PATH" env=yes value="/bin:/usr/bin" # # Would produce: # PATH=/bin:/usr/bin # # Ansible: check dirs # * * 5,2 * * ls -alh > /dev/null # # Ansible: do the job # * * 5,2 * * /some/dir/job.sh module = AnsibleModule( argument_spec=dict( name=dict(type='str'), user=dict(type='str'), job=dict(type='str', aliases=['value']), cron_file=dict(type='str'), state=dict(type='str', default='present', choices=['present', 'absent']), backup=dict(type='bool', default=False), minute=dict(type='str', default='*'), hour=dict(type='str', default='*'), day=dict(type='str', default='*', aliases=['dom']), month=dict(type='str', default='*'), weekday=dict(type='str', default='*', aliases=['dow']), reboot=dict(type='bool', default=False), special_time=dict(type='str', choices=["reboot", "yearly", "annually", "monthly", "weekly", "daily", "hourly"]), disabled=dict(type='bool', default=False), env=dict(type='bool'), insertafter=dict(type='str'), insertbefore=dict(type='str'), ), supports_check_mode=True, mutually_exclusive=[ ['reboot', 'special_time'], ['insertafter', 'insertbefore'], ], ) name = module.params['name'] user = module.params['user'] job = module.params['job'] cron_file = module.params['cron_file'] state = module.params['state'] backup = module.params['backup'] minute = module.params['minute'] hour = module.params['hour'] day = module.params['day'] month = module.params['month'] weekday = module.params['weekday'] reboot = module.params['reboot'] special_time = module.params['special_time'] disabled = module.params['disabled'] env = module.params['env'] insertafter = module.params['insertafter'] insertbefore = module.params['insertbefore'] do_install = state == 'present' changed = False res_args = dict() warnings = list() if cron_file: cron_file_basename = os.path.basename(cron_file) if not re.search(r'^[A-Z0-9_-]+$', cron_file_basename, re.I): warnings.append('Filename portion of cron_file ("%s") should consist' % cron_file_basename + ' solely of upper- and lower-case letters, digits, underscores, and hyphens') # Ensure all files generated are only writable by the owning user. Primarily relevant for the cron_file option. os.umask(int('022', 8)) crontab = CronTab(module, user, cron_file) module.debug('cron instantiated - name: "%s"' % name) if module._diff: diff = dict() diff['before'] = crontab.existing if crontab.cron_file: diff['before_header'] = crontab.cron_file else: if crontab.user: diff['before_header'] = 'crontab for user "%s"' % crontab.user else: diff['before_header'] = 'crontab' # --- user input validation --- if (special_time or reboot) and \ (True in [(x != '*') for x in [minute, hour, day, month, weekday]]): module.fail_json(msg="You must specify time and date fields or special time.") # cannot support special_time on solaris if (special_time or reboot) and get_platform() == 'SunOS': module.fail_json(msg="Solaris does not support special_time=... or @reboot") if cron_file and do_install: if not user: module.fail_json(msg="To use cron_file=... parameter you must specify user=... as well") if job is None and do_install: module.fail_json(msg="You must specify 'job' to install a new cron job or variable") if (insertafter or insertbefore) and not env and do_install: module.fail_json(msg="Insertafter and insertbefore parameters are valid only with env=yes") if reboot: special_time = "reboot" # if requested make a backup before making a change if backup and not module.check_mode: (backuph, backup_file) = tempfile.mkstemp(prefix='crontab') crontab.write(backup_file) if crontab.cron_file and not name and not do_install: if module._diff: diff['after'] = '' diff['after_header'] = '/dev/null' else: diff = dict() if module.check_mode: changed = os.path.isfile(crontab.cron_file) else: changed = crontab.remove_job_file() module.exit_json(changed=changed, cron_file=cron_file, state=state, diff=diff) if env: if ' ' in name: module.fail_json(msg="Invalid name for environment variable") decl = '%s="%s"' % (name, job) old_decl = crontab.find_env(name) if do_install: if len(old_decl) == 0: crontab.add_env(decl, insertafter, insertbefore) changed = True if len(old_decl) > 0 and old_decl[1] != decl: crontab.update_env(name, decl) changed = True else: if len(old_decl) > 0: crontab.remove_env(name) changed = True else: if do_install: for char in ['\r', '\n']: if char in job.strip('\r\n'): warnings.append('Job should not contain line breaks') break job = crontab.get_cron_job(minute, hour, day, month, weekday, job, special_time, disabled) old_job = crontab.find_job(name, job) if len(old_job) == 0: crontab.add_job(name, job) changed = True if len(old_job) > 0 and old_job[1] != job: crontab.update_job(name, job) changed = True if len(old_job) > 2: crontab.update_job(name, job) changed = True else: old_job = crontab.find_job(name) if len(old_job) > 0: crontab.remove_job(name) changed = True # no changes to env/job, but existing crontab needs a terminating newline if not changed and not crontab.existing == '': if not (crontab.existing.endswith('\r') or crontab.existing.endswith('\n')): changed = True res_args = dict( jobs=crontab.get_jobnames(), envs=crontab.get_envnames(), warnings=warnings, changed=changed ) if changed: if not module.check_mode: crontab.write() if module._diff: diff['after'] = crontab.render() if crontab.cron_file: diff['after_header'] = crontab.cron_file else: if crontab.user: diff['after_header'] = 'crontab for user "%s"' % crontab.user else: diff['after_header'] = 'crontab' res_args['diff'] = diff # retain the backup only if crontab or cron file have changed if backup and not module.check_mode: if changed: res_args['backup_file'] = backup_file else: os.unlink(backup_file) if cron_file: res_args['cron_file'] = cron_file module.exit_json(**res_args) # --- should never get here module.exit_json(msg="Unable to execute cron task.")
def main(): module = AnsibleModule( argument_spec=dict(servers=dict(required=True, type='list'), realm=dict(required=True), hostname=dict(required=True), debug=dict(required=False, type='bool', default="false")), supports_check_mode=True, ) module._ansible_debug = True realm = module.params.get('realm') hostname = module.params.get('hostname') servers = module.params.get('servers') debug = module.params.get('debug') fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE) statestore = sysrestore.StateFile(paths.IPA_CLIENT_SYSRESTORE) host_principal = 'host/%s@%s' % (hostname, realm) os.environ['KRB5CCNAME'] = paths.IPA_DNS_CCACHE ca_certs = x509.load_certificate_list_from_file(paths.IPA_CA_CRT) if NUM_VERSION >= 40500 and NUM_VERSION < 40590: ca_certs = [ cert.public_bytes(serialization.Encoding.DER) for cert in ca_certs ] elif NUM_VERSION < 40500: ca_certs = [cert.der_data for cert in ca_certs] with certdb.NSSDatabase() as tmp_db: api.bootstrap(context='cli_installer', confdir=paths.ETC_IPA, debug=debug, delegate=False, nss_dir=tmp_db.secdir) if 'config_loaded' not in api.env: module.fail_json(msg="Failed to initialize IPA API.") # Clear out any current session keyring information try: delete_persistent_client_session_data(host_principal) except ValueError: pass # Add CA certs to a temporary NSS database argspec = inspect.getargspec(tmp_db.create_db) try: if NUM_VERSION > 40400: tmp_db.create_db() for i, cert in enumerate(ca_certs): tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), certdb.EXTERNAL_CA_TRUST_FLAGS) else: pwd_file = write_tmp_file(ipa_generate_password()) tmp_db.create_db(pwd_file.name) for i, cert in enumerate(ca_certs): tmp_db.add_cert(cert, 'CA certificate %d' % (i + 1), 'C,,') except CalledProcessError as e: module.fail_json(msg="Failed to add CA to temporary NSS database.") api.finalize() # Now, let's try to connect to the server's RPC interface connected = False try: api.Backend.rpcclient.connect() connected = True module.debug("Try RPC connection") api.Backend.rpcclient.forward('ping') except errors.KerberosError as e: if connected: api.Backend.rpcclient.disconnect() module.log( "Cannot connect to the server due to Kerberos error: %s. " "Trying with delegate=True" % e) try: api.Backend.rpcclient.connect(delegate=True) module.debug("Try RPC connection") api.Backend.rpcclient.forward('ping') module.log("Connection with delegate=True successful") # The remote server is not capable of Kerberos S4U2Proxy # delegation. This features is implemented in IPA server # version 2.2 and higher module.warn( "Target IPA server has a lower version than the enrolled " "client") module.warn( "Some capabilities including the ipa command capability " "may not be available") except errors.PublicError as e2: module.fail_json( msg="Cannot connect to the IPA server RPC interface: %s" % e2) except errors.PublicError as e: module.fail_json( msg="Cannot connect to the server due to generic error: %s" % e) # Use the RPC directly so older servers are supported try: result = api.Backend.rpcclient.forward( 'ca_is_enabled', version=u'2.107', ) ca_enabled = result['result'] except (errors.CommandError, errors.NetworkError): result = api.Backend.rpcclient.forward( 'env', server=True, version=u'2.0', ) ca_enabled = result['result']['enable_ra'] if not ca_enabled: disable_ra() module.exit_json(changed=True, ca_enabled=ca_enabled)
def main(): module = AnsibleModule( argument_spec=dict( name=dict(required=True), port=dict(default=623, type='int'), user=dict(required=True, no_log=True), password=dict(required=True, no_log=True), state=dict(default='present', choices=['present', 'absent']), bootdev=dict(required=True, choices=['network', 'hd', 'safe', 'optical', 'setup', 'default']), persistent=dict(default=False, type='bool'), uefiboot=dict(default=False, type='bool') ), supports_check_mode=True, ) if command is None: module.fail_json(msg='the python pyghmi module is required') name = module.params['name'] port = module.params['port'] user = module.params['user'] password = module.params['password'] state = module.params['state'] bootdev = module.params['bootdev'] persistent = module.params['persistent'] uefiboot = module.params['uefiboot'] request = dict() if state == 'absent' and bootdev == 'default': module.fail_json(msg="The bootdev 'default' cannot be used with state 'absent'.") # --- run command --- try: ipmi_cmd = command.Command( bmc=name, userid=user, password=password, port=port ) module.debug('ipmi instantiated - name: "%s"' % name) current = ipmi_cmd.get_bootdev() # uefimode may not supported by BMC, so use desired value as default current.setdefault('uefimode', uefiboot) if state == 'present' and current != dict(bootdev=bootdev, persistent=persistent, uefimode=uefiboot): request = dict(bootdev=bootdev, uefiboot=uefiboot, persist=persistent) elif state == 'absent' and current['bootdev'] == bootdev: request = dict(bootdev='default') else: module.exit_json(changed=False, **current) if module.check_mode: response = dict(bootdev=request['bootdev']) else: response = ipmi_cmd.set_bootdev(**request) if 'error' in response: module.fail_json(msg=response['error']) if 'persist' in request: response['persistent'] = request['persist'] if 'uefiboot' in request: response['uefimode'] = request['uefiboot'] module.exit_json(changed=True, **response) except Exception as e: module.fail_json(msg=str(e))
def main(): global results suma_params = {} module = AnsibleModule(argument_spec=dict( action=dict(required=False, choices=[ 'download', 'preview', 'list', 'edit', 'unschedule', 'delete', 'config', 'default' ], type='str', default='preview'), targets=dict(required=False, type='list', elements='str'), oslevel=dict(required=False, type='str', default='Latest'), lpp_source_name=dict(required=False, type='str'), download_dir=dict(required=False, type='path'), download_only=dict(required=False, type='bool', default=False), extend_fs=dict(required=False, type='bool', default=True), task_id=dict(required=False, type='str'), sched_time=dict(required=False, type='str'), description=dict(required=False, type='str'), metadata_dir=dict(required=False, type='path', default='/var/adm/ansible/metadata'), ), required_if=[ ['action', 'edit', ['task_id']], ['action', 'delete', ['task_id']], ['action', 'unschedule', ['task_id']], ['action', 'preview', ['oslevel']], ['action', 'download', ['oslevel']], ], supports_check_mode=True) results = dict( changed=False, msg='', stdout='', stderr='', meta={'messages': []}, target_list=(), ) module.debug('*** START ***') # Get Module params action = module.params['action'] suma_params['action'] = action suma_params['LppSource'] = '' suma_params['target_clients'] = () # switch action if action == 'list': suma_params['task_id'] = module.params['task_id'] suma_list(module, suma_params) elif action == 'edit': suma_params['task_id'] = module.params['task_id'] suma_params['sched_time'] = module.params['sched_time'] suma_edit(module, suma_params) elif action == 'unschedule': suma_params['task_id'] = module.params['task_id'] suma_unschedule(module) elif action == 'delete': suma_params['task_id'] = module.params['task_id'] suma_delete(module, suma_params) elif action == 'config': suma_config(module) elif action == 'default': suma_default(module) elif action == 'download' or action == 'preview': suma_params['targets'] = module.params['targets'] suma_params['download_dir'] = module.params['download_dir'] suma_params['download_only'] = module.params['download_only'] suma_params['lpp_source_name'] = module.params['lpp_source_name'] suma_params['extend_fs'] = module.params['extend_fs'] if suma_params['req_oslevel'].upper() == 'LATEST': suma_params['req_oslevel'] = 'Latest' else: suma_params['req_oslevel'] = module.params['oslevel'] if module.params['description']: suma_params['description'] = module.params['description'] else: suma_params['description'] = "{} request for oslevel {}".format( action, suma_params['req_oslevel']) suma_params['metadata_dir'] = module.params['metadata_dir'] suma_download(module, suma_params) # Exit msg = 'Suma {} completed successfully'.format(action) module.info(msg) results['msg'] = msg results['lpp_source_name'] = suma_params['LppSource'] results['target_list'] = suma_params['target_clients'] module.exit_json(**results)