lookahead should delete on sync
This commit is contained in:
parent
6edd65ca79
commit
270a5219b6
BIN
mangle/ipa/.ipaauditor.py.swp
Normal file
BIN
mangle/ipa/.ipaauditor.py.swp
Normal file
Binary file not shown.
26
mangle/ipa/ipaauditor.py
Normal file
26
mangle/ipa/ipaauditor.py
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*-:python; coding:utf-8; -*-
|
||||||
|
# author: Louis Abel <label@rockylinux.org>
|
||||||
|
#
|
||||||
|
# This script acts as a auditor for a FreeIPA domain. By default, it will
|
||||||
|
# communicate with an IPA server of a domain, login, and attempt to get all
|
||||||
|
# information for HBAC and SUDO.
|
||||||
|
|
||||||
|
import sys
|
||||||
|
|
||||||
|
python_freeipa = True
|
||||||
|
ipalib = True
|
||||||
|
|
||||||
|
try:
|
||||||
|
from python_freeipa import ClientMeta
|
||||||
|
except ImportError:
|
||||||
|
python_freeipa = None
|
||||||
|
|
||||||
|
try:
|
||||||
|
from ipalib import api
|
||||||
|
except ImportError:
|
||||||
|
ipalib = None
|
||||||
|
|
||||||
|
if not ipalib and not python_freeipa:
|
||||||
|
print('No IPA python modules are available')
|
||||||
|
sys.exit(1)
|
133
mangle/ipa/ipainfo.py
Normal file
133
mangle/ipa/ipainfo.py
Normal file
@ -0,0 +1,133 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*-:python; coding:utf-8; -*-
|
||||||
|
# author: Louis Abel <label@rockylinux.org>
|
||||||
|
#
|
||||||
|
# This scripts attempts to be an adinfo lookalike. This does not implement all
|
||||||
|
# features that are available.
|
||||||
|
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import socket
|
||||||
|
import configparser
|
||||||
|
import subprocess
|
||||||
|
#from python_freeipa import ClientMeta
|
||||||
|
try:
|
||||||
|
from ipalib import api
|
||||||
|
except ImportError as exc:
|
||||||
|
raise ImportError('No IPA libraries found.') from exc
|
||||||
|
|
||||||
|
try:
|
||||||
|
api.bootstrap(context="custom")
|
||||||
|
api.finalize()
|
||||||
|
# pylint: disable=no-member
|
||||||
|
api.Backend.rpcclient.connect()
|
||||||
|
api_access = True
|
||||||
|
except:
|
||||||
|
print('WARNING: No kerberos credentials')
|
||||||
|
api_access = False
|
||||||
|
|
||||||
|
class EtcIPADefault:
|
||||||
|
"""
|
||||||
|
Reads just the /etc/ipa/default.conf file that is generated
|
||||||
|
"""
|
||||||
|
@staticmethod
|
||||||
|
def read():
|
||||||
|
"""
|
||||||
|
Attempt to read the config file
|
||||||
|
"""
|
||||||
|
if not os.path.exists('/etc/ipa/default.conf'):
|
||||||
|
print('File does not exist (/etc/ipa/default.conf)')
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
__config = configparser.ConfigParser()
|
||||||
|
__config.read('/etc/ipa/default.conf')
|
||||||
|
outter_info = {}
|
||||||
|
outter_info['local_host_name'] = socket.gethostname()
|
||||||
|
outter_info['ipa_joined_name'] = __config['global']['host']
|
||||||
|
outter_info['ipa_domain'] = __config['global']['domain']
|
||||||
|
outter_info['registered_dc'] = __config['global']['server']
|
||||||
|
return outter_info
|
||||||
|
|
||||||
|
class SssctlInfo:
|
||||||
|
@staticmethod
|
||||||
|
def domain_status(ipa_domain):
|
||||||
|
"""
|
||||||
|
Gets the status from sssctl
|
||||||
|
"""
|
||||||
|
sssctl_cmd = f'/usr/sbin/sssctl domain-status -o {ipa_domain}'
|
||||||
|
if not os.path.exists('/usr/sbin/sssctl'):
|
||||||
|
return 'sssctl command not found'
|
||||||
|
|
||||||
|
if not os.getuid() == 0:
|
||||||
|
return 'Unknown; root required'
|
||||||
|
|
||||||
|
if sys.version_info <= (3, 6):
|
||||||
|
processor = subprocess.run(args=sssctl_cmd,
|
||||||
|
shell=True, check=False,
|
||||||
|
universal_newlines=True,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE)
|
||||||
|
else:
|
||||||
|
processor = subprocess.run(args=f'/usr/sbin/sssctl domain-status -o {ipa_domain}',
|
||||||
|
check=False, capture_output=True, text=True, shell=True)
|
||||||
|
|
||||||
|
domain_status_out = processor.stdout.strip().split(':')[1].strip()
|
||||||
|
return domain_status_out
|
||||||
|
|
||||||
|
@staticmethod
|
||||||
|
def current_dc(ipa_domain):
|
||||||
|
"""
|
||||||
|
Gets the current connected DC
|
||||||
|
"""
|
||||||
|
sssctl_cmd = f'/usr/sbin/sssctl domain-status -a {ipa_domain} | grep IPA'
|
||||||
|
if not os.path.exists('/usr/sbin/sssctl'):
|
||||||
|
return 'sssctl command not found'
|
||||||
|
|
||||||
|
if not os.getuid() == 0:
|
||||||
|
return 'Unknown; root required'
|
||||||
|
|
||||||
|
if sys.version_info <= (3, 6):
|
||||||
|
processor = subprocess.run(args=sssctl_cmd,
|
||||||
|
shell=True, check=False,
|
||||||
|
universal_newlines=True,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE)
|
||||||
|
else:
|
||||||
|
processor = subprocess.run(args=f'/usr/sbin/sssctl domain-status -a {ipa_domain} | grep IPA',
|
||||||
|
check=False, capture_output=True, text=True, shell=True)
|
||||||
|
|
||||||
|
current_dc_out = processor.stdout.strip().split(':')[1].strip()
|
||||||
|
return current_dc_out
|
||||||
|
|
||||||
|
class IPAInfo:
|
||||||
|
"""
|
||||||
|
Get IPA specific information
|
||||||
|
"""
|
||||||
|
@staticmethod
|
||||||
|
def get_host_groups(host):
|
||||||
|
if api_access:
|
||||||
|
results = api.Command.host_show(host, all=True)['result']['memberof_hostgroup']
|
||||||
|
return results
|
||||||
|
return ['Unknown']
|
||||||
|
|
||||||
|
etc_ipa_default = EtcIPADefault.read()
|
||||||
|
domain_status = SssctlInfo.domain_status(etc_ipa_default['ipa_domain'])
|
||||||
|
current_dc = SssctlInfo.current_dc(etc_ipa_default['ipa_domain'])
|
||||||
|
current_hostname = etc_ipa_default['local_host_name']
|
||||||
|
current_domain = etc_ipa_default['ipa_domain']
|
||||||
|
hostgroups = '\n '.join(IPAInfo.get_host_groups(current_hostname))
|
||||||
|
|
||||||
|
def main():
|
||||||
|
output = f'''
|
||||||
|
Local host name: {etc_ipa_default['local_host_name']}
|
||||||
|
Joined to domain: {etc_ipa_default['ipa_domain']}
|
||||||
|
Joined as: {etc_ipa_default['ipa_joined_name']}
|
||||||
|
Registered DC: {etc_ipa_default['registered_dc']}
|
||||||
|
Current DC: {current_dc}
|
||||||
|
Domain Status: {domain_status}
|
||||||
|
Host Group(s): {hostgroups}
|
||||||
|
'''
|
||||||
|
print(output)
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
7
mangle/ipa/ipaquery.py
Normal file
7
mangle/ipa/ipaquery.py
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*-:python; coding:utf-8; -*-
|
||||||
|
# author: Louis Abel <label@rockylinux.org>
|
||||||
|
#
|
||||||
|
# This scripts attempts to be an adquery lookalike.
|
||||||
|
|
||||||
|
from python_freeipa import ClientMeta
|
@ -50,9 +50,9 @@ for COMPOSE in "${NONSIG_COMPOSE[@]}"; do
|
|||||||
mkdir -p "${TARGET}"
|
mkdir -p "${TARGET}"
|
||||||
pushd "${SYNCSRC}" || { echo "${COMPOSE}: Failed to change directory"; break; }
|
pushd "${SYNCSRC}" || { echo "${COMPOSE}: Failed to change directory"; break; }
|
||||||
if [[ "${COMPOSE}" != "Rocky" ]]; then
|
if [[ "${COMPOSE}" != "Rocky" ]]; then
|
||||||
rsync_no_delete_staging_with_excludes "${TARGET}" "metadata"
|
rsync_delete_staging_with_excludes "${TARGET}" "metadata"
|
||||||
else
|
else
|
||||||
rsync_no_delete_staging "${TARGET}"
|
rsync_delete_staging "${TARGET}"
|
||||||
fi
|
fi
|
||||||
popd || { echo "${COMPOSE}: Failed to change directory"; break; }
|
popd || { echo "${COMPOSE}: Failed to change directory"; break; }
|
||||||
done
|
done
|
||||||
|
Loading…
Reference in New Issue
Block a user