def process_vm(vm, mgmt, user, prov):
print("Inspecting: {} on {}".format(vm, prov))
if mgmt.is_vm_stopped(vm):
return
ip = mgmt.get_ip_address(vm, timeout=1)
if ip:
with appliance.IPAppliance(ip) as app:
try:
ver = app.version
assert ver
ems = app.db.client['ext_management_systems']
with app.db.client.transaction:
providers = (app.db.client.session.query(
ems.ipaddress, ems.type))
providers = [
a[0] for a in providers if a[1] in
['EmsVmware', 'EmsOpenstack', 'EmsRedhat', 'EmsMicrosoft']
]
for provider in providers:
prov_name = prov_key_db.get(provider,
'Unknown ({})'.format(prov))
if prov_name in data[user]:
data[user][prov_name].append("{} ({})".format(
vm, prov))
else:
data[user][prov_name] = ["{} ({})".format(vm, prov)]
except:
pass
def setup_external_auth_openldap(**data):
"""Sets up the appliance for an external authentication with OpenLdap.
Keywords:
get_groups: Get User Groups from External Authentication (httpd).
ipaserver: IPA server address.
iparealm: Realm.
credentials: Key of the credential in credentials.yaml
"""
connect_kwargs = {
'username': credentials['host_default']['username'],
'password': credentials['host_default']['password'],
'hostname': data['ipaddress'],
}
appliance_obj = appliance.IPAppliance()
appliance_name = 'cfmeappliance{}'.format(fauxfactory.gen_alpha(7).lower())
appliance_address = appliance_obj.address
appliance_fqdn = '{}.{}'.format(appliance_name, data['domain_name'])
with SSHClient(**connect_kwargs) as ldapserver_ssh:
# updating the /etc/hosts is a workaround due to the
# https://bugzilla.redhat.com/show_bug.cgi?id=1360928
command = 'echo "{}\t{}" >> /etc/hosts'.format(appliance_address,
appliance_fqdn)
ldapserver_ssh.run_command(command)
ldapserver_ssh.get_file(remote_file=data['cert_filepath'],
local_path=conf_path.strpath)
ensure_browser_open()
login_admin()
auth = ExternalAuthSetting(get_groups=data.pop("get_groups", True))
auth.setup()
appliance_obj.configure_appliance_for_openldap_ext_auth(appliance_fqdn)
logout()
def disable_external_auth_ipa():
"""Unconfigure external auth."""
with SSHClient() as ssh_client:
ensure_browser_open()
login_admin()
auth = DatabaseAuthSetting()
auth.update()
assert ssh_client.run_command("appliance_console_cli --uninstall-ipa")
appliance.IPAppliance().wait_for_web_ui()
logout()
def disable_external_auth_openldap():
auth = DatabaseAuthSetting()
auth.update()
sssd_conf = '/etc/sssd/sssd.conf'
httpd_auth = '/etc/pam.d/httpd-auth'
manageiq_remoteuser = '******'
manageiq_ext_auth = '/etc/httpd/conf.d/manageiq-external-auth.conf'
command = 'rm -rf {} && rm -rf {} && rm -rf {} && rm -rf {}'.format(
sssd_conf, httpd_auth, manageiq_ext_auth, manageiq_remoteuser)
with SSHClient() as ssh_client:
assert ssh_client.run_command(command)
ssh_client.run_command('systemctl restart evmserverd')
appliance.IPAppliance().wait_for_web_ui()
logout()
def setup_external_auth_ipa(**data):
"""Sets up the appliance for an external authentication with IPA.
Keywords:
get_groups: Get User Groups from External Authentication (httpd).
ipaserver: IPA server address.
iparealm: Realm.
credentials: Key of the credential in credentials.yaml
"""
connect_kwargs = {
'username': credentials['host_default']['username'],
'password': credentials['host_default']['password'],
'hostname': data['ipaserver'],
}
appliance_name = 'cfmeappliance{}'.format(fauxfactory.gen_alpha(7).lower())
appliance_address = appliance.IPAppliance().address
appliance_fqdn = '{}.{}'.format(appliance_name, data['iparealm'].lower())
with SSHClient(**connect_kwargs) as ipaserver_ssh:
ipaserver_ssh.run_command('cp /etc/hosts /etc/hosts_bak')
ipaserver_ssh.run_command(
"sed -i -r '/^{}/d' /etc/hosts".format(appliance_address))
command = 'echo "{}\t{}" >> /etc/hosts'.format(appliance_address,
appliance_fqdn)
ipaserver_ssh.run_command(command)
with SSHClient() as ssh_client:
assert ssh_client.run_command(
'appliance_console_cli --host {}'.format(appliance_fqdn))
ensure_browser_open()
login_admin()
if data["ipaserver"] not in get_ntp_servers():
set_ntp_servers(data["ipaserver"])
sleep(120)
auth = ExternalAuthSetting(get_groups=data.pop("get_groups", False))
auth.setup()
creds = credentials.get(data.pop("credentials"), {})
data.update(**creds)
assert ssh_client.run_command(
"appliance_console_cli --ipaserver {ipaserver} --iparealm {iparealm} "
"--ipaprincipal {principal} --ipapassword {password}".format(
**data))
login_admin()
