def process_vm(vm, mgmt, user, prov): print("Inspecting: {} on {}".format(vm, prov)) if mgmt.is_vm_stopped(vm): return ip = mgmt.get_ip_address(vm, timeout=1) if ip: with appliance.IPAppliance(ip) as app: try: ver = app.version assert ver ems = app.db.client['ext_management_systems'] with app.db.client.transaction: providers = (app.db.client.session.query( ems.ipaddress, ems.type)) providers = [ a[0] for a in providers if a[1] in ['EmsVmware', 'EmsOpenstack', 'EmsRedhat', 'EmsMicrosoft'] ] for provider in providers: prov_name = prov_key_db.get(provider, 'Unknown ({})'.format(prov)) if prov_name in data[user]: data[user][prov_name].append("{} ({})".format( vm, prov)) else: data[user][prov_name] = ["{} ({})".format(vm, prov)] except: pass
def setup_external_auth_openldap(**data): """Sets up the appliance for an external authentication with OpenLdap. Keywords: get_groups: Get User Groups from External Authentication (httpd). ipaserver: IPA server address. iparealm: Realm. credentials: Key of the credential in credentials.yaml """ connect_kwargs = { 'username': credentials['host_default']['username'], 'password': credentials['host_default']['password'], 'hostname': data['ipaddress'], } appliance_obj = appliance.IPAppliance() appliance_name = 'cfmeappliance{}'.format(fauxfactory.gen_alpha(7).lower()) appliance_address = appliance_obj.address appliance_fqdn = '{}.{}'.format(appliance_name, data['domain_name']) with SSHClient(**connect_kwargs) as ldapserver_ssh: # updating the /etc/hosts is a workaround due to the # https://bugzilla.redhat.com/show_bug.cgi?id=1360928 command = 'echo "{}\t{}" >> /etc/hosts'.format(appliance_address, appliance_fqdn) ldapserver_ssh.run_command(command) ldapserver_ssh.get_file(remote_file=data['cert_filepath'], local_path=conf_path.strpath) ensure_browser_open() login_admin() auth = ExternalAuthSetting(get_groups=data.pop("get_groups", True)) auth.setup() appliance_obj.configure_appliance_for_openldap_ext_auth(appliance_fqdn) logout()
def disable_external_auth_ipa(): """Unconfigure external auth.""" with SSHClient() as ssh_client: ensure_browser_open() login_admin() auth = DatabaseAuthSetting() auth.update() assert ssh_client.run_command("appliance_console_cli --uninstall-ipa") appliance.IPAppliance().wait_for_web_ui() logout()
def disable_external_auth_openldap(): auth = DatabaseAuthSetting() auth.update() sssd_conf = '/etc/sssd/sssd.conf' httpd_auth = '/etc/pam.d/httpd-auth' manageiq_remoteuser = '******' manageiq_ext_auth = '/etc/httpd/conf.d/manageiq-external-auth.conf' command = 'rm -rf {} && rm -rf {} && rm -rf {} && rm -rf {}'.format( sssd_conf, httpd_auth, manageiq_ext_auth, manageiq_remoteuser) with SSHClient() as ssh_client: assert ssh_client.run_command(command) ssh_client.run_command('systemctl restart evmserverd') appliance.IPAppliance().wait_for_web_ui() logout()
def setup_external_auth_ipa(**data): """Sets up the appliance for an external authentication with IPA. Keywords: get_groups: Get User Groups from External Authentication (httpd). ipaserver: IPA server address. iparealm: Realm. credentials: Key of the credential in credentials.yaml """ connect_kwargs = { 'username': credentials['host_default']['username'], 'password': credentials['host_default']['password'], 'hostname': data['ipaserver'], } appliance_name = 'cfmeappliance{}'.format(fauxfactory.gen_alpha(7).lower()) appliance_address = appliance.IPAppliance().address appliance_fqdn = '{}.{}'.format(appliance_name, data['iparealm'].lower()) with SSHClient(**connect_kwargs) as ipaserver_ssh: ipaserver_ssh.run_command('cp /etc/hosts /etc/hosts_bak') ipaserver_ssh.run_command( "sed -i -r '/^{}/d' /etc/hosts".format(appliance_address)) command = 'echo "{}\t{}" >> /etc/hosts'.format(appliance_address, appliance_fqdn) ipaserver_ssh.run_command(command) with SSHClient() as ssh_client: assert ssh_client.run_command( 'appliance_console_cli --host {}'.format(appliance_fqdn)) ensure_browser_open() login_admin() if data["ipaserver"] not in get_ntp_servers(): set_ntp_servers(data["ipaserver"]) sleep(120) auth = ExternalAuthSetting(get_groups=data.pop("get_groups", False)) auth.setup() creds = credentials.get(data.pop("credentials"), {}) data.update(**creds) assert ssh_client.run_command( "appliance_console_cli --ipaserver {ipaserver} --iparealm {iparealm} " "--ipaprincipal {principal} --ipapassword {password}".format( **data)) login_admin()