#!/usr/bin/python
'''
(c) 2019, Red Hat, Inc
GNU General Public License v3.0+
(see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
'''
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {'metadata_version': '1.1',
'status': ['preview'],
'supported_by': 'certified'}
DOCUMENTATION = '''
module: na_ontap_kerberos_realm
short_description: NetApp ONTAP vserver nfs kerberos realm
extends_documentation_fragment:
- netapp.na_ontap
version_added: '2.9'
author: Milan Zink (@zeten30) <[email protected]>,<[email protected]>
description:
- Create, modify or delete vserver kerberos realm configuration
options:
state:
description:
- Whether the Kerberos realm is present or absent.
choices: ['present', 'absent']
default: 'present'
type: str
vserver:
description:
- vserver/svm with kerberos realm configured
required: true
type: str
realm:
description:
- Kerberos realm name
required: true
type: str
kdc_vendor:
description:
- The vendor of the Key Distribution Centre (KDC) server
- Required if I(state=present)
choices: ['Other', 'Microsoft']
type: str
kdc_ip:
description:
- IP address of the Key Distribution Centre (KDC) server
- Required if I(state=present)
type: str
kdc_port:
description:
- TCP port on the KDC to be used for Kerberos communication.
- The default for this parameter is '88'.
type: str
clock_skew:
description:
- The clock skew in minutes is the tolerance for accepting tickets with time stamps that do not exactly match the host's system clock.
- The default for this parameter is '5' minutes.
type: str
comment:
description:
- Optional comment
type: str
admin_server_ip:
description:
- IP address of the host where the Kerberos administration daemon is running. This is usually the master KDC.
- If this parameter is omitted, the address specified in kdc_ip is used.
type: str
admin_server_port:
description:
- The TCP port on the Kerberos administration server where the Kerberos administration service is running.
- The default for this parameter is '749'
type: str
pw_server_ip:
description:
- IP address of the host where the Kerberos password-changing server is running.
- Typically, this is the same as the host indicated in the adminserver-ip.
- If this parameter is omitted, the IP address in kdc-ip is used.
type: str
pw_server_port:
description:
- The TCP port on the Kerberos password-changing server where the Kerberos password-changing service is running.
- The default for this parameter is '464'.
type: str
'''
EXAMPLES = '''
- name: Create kerberos realm
na_ontap_kerberos_realm:
state: present
realm: 'EXAMPLE.COM'
vserver: 'vserver1'
kdc_ip: '1.2.3.4'
kdc_vendor: 'Other'
hostname: "{{ netapp_hostname }}"
username: "{{ netapp_username }}"
password: "{{ netapp_password }}"
'''
RETURN = '''
'''
import traceback
import ansible.module_utils.netapp as netapp_utils
from ansible.module_utils.netapp_module import NetAppModule
from ansible.module_utils._text import to_native
from ansible.module_utils.basic import AnsibleModule
HAS_NETAPP_LIB = netapp_utils.has_netapp_lib()
class NetAppOntapKerberosRealm(object):
'''
Kerberos Realm definition class
'''
def __init__(self):
self.argument_spec = netapp_utils.na_ontap_host_argument_spec()
self.argument_spec.update(dict(
admin_server_ip=dict(required=False, default=None, type='str'),
admin_server_port=dict(required=False, default=None, type='str'),
clock_skew=dict(required=False, default=None, type='str'),
comment=dict(required=False, default=None, type='str'),
kdc_ip=dict(required_if=[["state", "present"]], default=None, type='str'),
kdc_port=dict(required=False, default=None, type='str'),
kdc_vendor=dict(required_if=[["state", "present"]], default=None, type='str', choices=['Microsoft', 'Other']),
pw_server_ip=dict(required=False, default=None, type='str'),
pw_server_port=dict(required=False, default=None, type='str'),
realm=dict(required=True, type='str'),
state=dict(required=False, choices=['present', 'absent'], default='present'),
vserver=dict(required=True, type='str')
))
self.module = AnsibleModule(
argument_spec=self.argument_spec,
supports_check_mode=True,
required_if=[('state', 'present', ['kdc_vendor', 'kdc_ip'])],
)
self.na_helper = NetAppModule()
self.parameters = self.na_helper.set_parameters(self.module.params)
if HAS_NETAPP_LIB is False:
self.module.fail_json(
msg="the python NetApp-Lib module is required")
else:
self.server = netapp_utils.setup_na_ontap_zapi(module=self.module, vserver=self.parameters['vserver'])
self.simple_attributes = [
'admin_server_ip',
'admin_server_port',
'clock_skew',
'kdc_ip',
'kdc_port',
'kdc_vendor',
]
def get_krbrealm(self, realm_name=None, vserver_name=None):
'''
Checks if Kerberos Realm config exists.
:return:
kerberos realm object if found
None if not found
:rtype: object/None
'''
# Make query
krbrealm_info = netapp_utils.zapi.NaElement('kerberos-realm-get-iter')
if realm_name is None:
realm_name = self.parameters['realm']
if vserver_name is None:
vserver_name = self.parameters['vserver']
query_details = netapp_utils.zapi.NaElement.create_node_with_children('kerberos-realm', **{'realm': realm_name, 'vserver-name': vserver_name})
query = netapp_utils.zapi.NaElement('query')
query.add_child_elem(query_details)
krbrealm_info.add_child_elem(query)
result = self.server.invoke_successfully(krbrealm_info, enable_tunneling=True)
# Get Kerberos Realm details
krbrealm_details = None
if (result.get_child_by_name('num-records') and int(result.get_child_content('num-records')) >= 1):
attributes_list = result.get_child_by_name('attributes-list')
config_info = attributes_list.get_child_by_name('kerberos-realm')
krbrealm_details = {
'admin_server_ip': config_info.get_child_content('admin-server-ip'),
'admin_server_port': config_info.get_child_content('admin-server-port'),
'clock_skew': config_info.get_child_content('clock-skew'),
'kdc_ip': config_info.get_child_content('kdc-ip'),
'kdc_port': config_info.get_child_content('kdc-port'),
'kdc_vendor': config_info.get_child_content('kdc-vendor'),
'pw_server_ip': config_info.get_child_content('password-server-ip'),
'pw_server_port': config_info.get_child_content('password-server-port'),
'realm': config_info.get_child_content('realm'),
'vserver': config_info.get_child_content('vserver'),
}
return krbrealm_details
def create_krbrealm(self):
'''supported
Create Kerberos Realm configuration
'''
options = {
'realm': self.parameters['realm']
}
# Other options/attributes
for attribute in self.simple_attributes:
if self.parameters.get(attribute) is not None:
options[str(attribute).replace('_', '-')] = self.parameters[attribute]
if self.parameters.get('pw_server_ip') is not None:
options['password-server-ip'] = self.parameters['pw_server_ip']
if self.parameters.get('pw_server_port') is not None:
options['password-server-port'] = self.parameters['pw_server_port']
# Initialize NaElement
krbrealm_create = netapp_utils.zapi.NaElement.create_node_with_children('kerberos-realm-create', **options)
# Try to create Kerberos Realm configuration
try:
self.server.invoke_successfully(krbrealm_create, enable_tunneling=True)
except netapp_utils.zapi.NaApiError as errcatch:
self.module.fail_json(msg='Error creating Kerberos Realm configuration %s: %s' % (self.parameters['realm'], to_native(errcatch)),
exception=traceback.format_exc())
def delete_krbrealm(self):
'''
Delete Kerberos Realm configuration
'''
krbrealm_delete = netapp_utils.zapi.NaElement.create_node_with_children('kerberos-realm-delete', **{'realm': self.parameters['realm']})
try:
self.server.invoke_successfully(krbrealm_delete, enable_tunneling=True)
except netapp_utils.zapi.NaApiError as errcatch:
self.module.fail_json(msg='Error deleting Kerberos Realm configuration %s: %s' % (
self.parameters['realm'], to_native(errcatch)), exception=traceback.format_exc())
def modify_krbrealm(self, modify):
'''
Modify Kerberos Realm
:param modify: list of modify attributes
'''
krbrealm_modify = netapp_utils.zapi.NaElement('kerberos-realm-modify')
krbrealm_modify.add_new_child('realm', self.parameters['realm'])
for attribute in modify:
if attribute in self.simple_attributes:
krbrealm_modify.add_new_child(str(attribute).replace('_', '-'), self.parameters[attribute])
if attribute == 'pw_server_ip':
krbrealm_modify.add_new_child('password-server-ip', self.parameters['pw_server_ip'])
if attribute == 'pw_server_port':
krbrealm_modify.add_new_child('password-server-port', self.parameters['pw_server_port'])
# Try to modify Kerberos Realm
try:
self.server.invoke_successfully(krbrealm_modify, enable_tunneling=True)
except netapp_utils.zapi.NaApiError as errcatch:
self.module.fail_json(msg='Error modifying Kerberos Realm %s: %s' % (self.parameters['realm'], to_native(errcatch)),
exception=traceback.format_exc())
def apply(self):
'''Call create/modify/delete operations.'''
current = self.get_krbrealm()
cd_action = self.na_helper.get_cd_action(current, self.parameters)
modify = self.na_helper.get_modified_attributes(current, self.parameters)
# create an ems log event for users with auto support turned on
netapp_utils.ems_log_event("na_ontap_kerberos_realm", self.server)
if self.na_helper.changed:
if self.module.check_mode:
pass
else:
if cd_action == 'create':
self.create_krbrealm()
elif cd_action == 'delete':
self.delete_krbrealm()
elif modify:
self.modify_krbrealm(modify)
self.module.exit_json(changed=self.na_helper.changed)
#
# MAIN
#
def main():
'''ONTAP Kerberos Realm'''
krbrealm = NetAppOntapKerberosRealm()
krbrealm.apply()
if __name__ == '__main__':
main()
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell