Class: ManageIQ::ApplianceConsole::ExternalHttpdAuthentication
- Inherits:
-
Object
- Object
- ManageIQ::ApplianceConsole::ExternalHttpdAuthentication
show all
- Includes:
- ExternalHttpdConfiguration
- Defined in:
- lib/manageiq/appliance_console/external_httpd_authentication.rb,
lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb
Defined Under Namespace
Modules: ExternalHttpdConfiguration
Constant Summary
ExternalHttpdConfiguration::APACHE_USER, ExternalHttpdConfiguration::GETENFORCE_COMMAND, ExternalHttpdConfiguration::GETSEBOOL_COMMAND, ExternalHttpdConfiguration::HTTP_EXTERNAL_AUTH, ExternalHttpdConfiguration::HTTP_EXTERNAL_AUTH_TEMPLATE, ExternalHttpdConfiguration::HTTP_KEYTAB, ExternalHttpdConfiguration::HTTP_REMOTE_USER, ExternalHttpdConfiguration::HTTP_REMOTE_USER_OIDC, ExternalHttpdConfiguration::IPA_COMMAND, ExternalHttpdConfiguration::IPA_GETKEYTAB, ExternalHttpdConfiguration::IPA_INSTALL_COMMAND, ExternalHttpdConfiguration::KERBEROS_CONFIG_FILE, ExternalHttpdConfiguration::LDAP_ATTRS, ExternalHttpdConfiguration::PAM_CONFIG, ExternalHttpdConfiguration::SETSEBOOL_COMMAND, ExternalHttpdConfiguration::SSSD_CONFIG, ExternalHttpdConfiguration::TIMESTAMP_FORMAT
Class Method Summary
collapse
Instance Method Summary
collapse
#config_file_write, #configure_httpd_application, #configure_sssd_domain, #configure_sssd_ifp, #configure_sssd_service, #cp_template, #deactivate, #enable_kerberos_dns_lookups, #host_reachable?, #installation_valid?, #ipa_client_configure, #ipa_client_unconfigure, #path_join, #rm_file, #template_directory, #unconfigure_httpd, #unconfigure_httpd_application, #valid_environment?, #valid_parameters?
Constructor Details
Returns a new instance of ExternalHttpdAuthentication.
8
9
10
11
12
13
14
15
16
17
18
19
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 8
def initialize(host = nil, options = {})
@ipaserver, @domain, @password = nil
@host = host
@domain = options[:domain] || domain_from_host(host)
@realm = options[:realm]
@ipaserver = options[:ipaserver]
@principal = options[:principal] || "admin"
@password = options[:password]
@timestamp = Time.now.strftime(TIMESTAMP_FORMAT)
@ipaserver = fqdn(@ipaserver, @domain)
end
|
Class Method Details
.config_file_read(path) ⇒ Object
234
235
236
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 234
def self.config_file_read(path)
File.read(path)
end
|
.config_status ⇒ Object
222
223
224
225
226
227
228
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 222
def self.config_status
fetch_ipa_configuration("ipa_server") ||
fetch_sssd_domain ||
oidc_status ||
saml_status ||
"not configured"
end
|
.fetch_ipa_configuration(what, config = nil) ⇒ Object
238
239
240
241
242
243
244
245
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 238
def self.fetch_ipa_configuration(what, config = nil)
unless config
return nil unless ipa_client_configured?
config = config_file_read(SSSD_CONFIG)
end
pattern = "[domain/.*].*(\n.*)+#{Regexp.escape(what)} = (.*)"
config[/#{pattern}/, 2]
end
|
.fetch_sssd_domain ⇒ Object
247
248
249
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 247
def self.fetch_sssd_domain
config_file_read(SSSD_CONFIG)[/\[domain\/(.*)\]/, 1] if File.exist?(SSSD_CONFIG)
end
|
230
231
232
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 230
def self.ipa_client_configured?
File.exist?(SSSD_CONFIG)
end
|
.oidc_status ⇒ Object
255
256
257
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 255
def self.oidc_status
"External Auth OpenID Connect" if File.exist?(HTTP_REMOTE_USER_OIDC)
end
|
.saml_status ⇒ Object
251
252
253
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb', line 251
def self.saml_status
"External Auth SAML" if File.exist?(HTTP_REMOTE_USER)
end
|
Instance Method Details
#activate ⇒ Object
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 60
def activate
begin
configure_ipa
configure_pam
configure_sssd
configure_ipa_http_service
configure_httpd
configure_selinux
rescue AwesomeSpawn::CommandResultError => e
say e.result.output
say e.result.error
say ""
say("Failed to Configure External Authentication - #{e}")
return false
rescue => e
say("Failed to Configure External Authentication - #{e}")
return false
end
true
end
|
#ask_for_parameters ⇒ Object
21
22
23
24
25
26
27
28
29
30
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 21
def ask_for_parameters
say("\nIPA Server Parameters:\n\n")
@ipaserver = ask_for_hostname("IPA Server Hostname", @ipaserver)
@domain = ask_for_domain("IPA Server Domain", @domain)
@realm = ask_for_string("IPA Server Realm", realm)
@principal = ask_for_string("IPA Server Principal", @principal)
@password = ask_for_password("IPA Server Principal Password", @password)
@ipaserver = fqdn(@ipaserver, @domain)
end
|
#ask_questions ⇒ Object
51
52
53
54
55
56
57
58
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 51
def ask_questions
return false unless valid_environment?
ask_for_parameters
show_parameters
return false unless agree("\nProceed? (Y/N): ")
return false unless valid_parameters?(@ipaserver)
true
end
|
#post_activation ⇒ Object
81
82
83
84
85
86
87
88
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 81
def post_activation
say("\nRestarting httpd, if running ...")
httpd_service = LinuxAdmin::Service.new("httpd")
httpd_service.restart if httpd_service.running?
say("Restarting sssd and configure it to start on reboots ...")
LinuxAdmin::Service.new("sssd").restart.enable
end
|
#show_current_configuration ⇒ Object
42
43
44
45
46
47
48
49
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 42
def show_current_configuration
return unless ipa_client_configured?
config = config_file_read(SSSD_CONFIG)
say("\nCurrent External Authentication (httpd) Configuration:\n")
say("IPA Server Details:\n")
say(" Hostname: #{fetch_ipa_configuration("ipa_server", config)}\n")
say(" Domain: #{fetch_ipa_configuration("ipa_domain", config)}\n")
end
|
#show_parameters ⇒ Object
32
33
34
35
36
37
38
39
40
|
# File 'lib/manageiq/appliance_console/external_httpd_authentication.rb', line 32
def show_parameters
say("\nExternal Authentication (httpd) Configuration:\n")
say("IPA Server Details:\n")
say(" Hostname: #{@ipaserver}\n")
say(" Domain: #{@domain}\n")
say(" Realm: #{realm}\n")
say(" Naming Context: #{domain_naming_context}\n")
say(" Principal: #{@principal}\n")
end
|