class ManageIQ::ApplianceConsole::ExternalHttpdAuthentication
Public Class Methods
config_file_read(path)
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 234 def self.config_file_read(path) File.read(path) end
config_status()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 222 def self.config_status fetch_ipa_configuration("ipa_server") || fetch_sssd_domain || oidc_status || saml_status || "not configured" end
fetch_ipa_configuration(what, config = nil)
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 238 def self.fetch_ipa_configuration(what, config = nil) unless config return nil unless ipa_client_configured? config = config_file_read(SSSD_CONFIG) end pattern = "[domain/.*].*(\n.*)+#{Regexp.escape(what)} = (.*)" config[/#{pattern}/, 2] end
fetch_sssd_domain()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 247 def self.fetch_sssd_domain config_file_read(SSSD_CONFIG)[/\[domain\/(.*)\]/, 1] if File.exist?(SSSD_CONFIG) end
ipa_client_configured?()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 230 def self.ipa_client_configured? File.exist?(SSSD_CONFIG) end
new(host = nil, options = {})
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 8 def initialize(host = nil, options = {}) @ipaserver, @domain, @password = nil @host = host @domain = options[:domain] || domain_from_host(host) @realm = options[:realm] @ipaserver = options[:ipaserver] @principal = options[:principal] || "admin" @password = options[:password] @timestamp = Time.now.strftime(TIMESTAMP_FORMAT) @ipaserver = fqdn(@ipaserver, @domain) end
oidc_status()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 255 def self.oidc_status "External Auth OpenID Connect" if File.exist?(HTTP_REMOTE_USER_OIDC) end
saml_status()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication/external_httpd_configuration.rb, line 251 def self.saml_status "External Auth SAML" if File.exist?(HTTP_REMOTE_USER) end
Public Instance Methods
activate()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 60 def activate begin configure_ipa configure_pam configure_sssd configure_ipa_http_service configure_httpd configure_selinux rescue AwesomeSpawn::CommandResultError => e say e.result.output say e.result.error say "" say("Failed to Configure External Authentication - #{e}") return false rescue => e say("Failed to Configure External Authentication - #{e}") return false end true end
ask_for_parameters()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 21 def ask_for_parameters say("\nIPA Server Parameters:\n\n") @ipaserver = ask_for_hostname("IPA Server Hostname", @ipaserver) @domain = ask_for_domain("IPA Server Domain", @domain) @realm = ask_for_string("IPA Server Realm", realm) @principal = ask_for_string("IPA Server Principal", @principal) @password = ask_for_password("IPA Server Principal Password", @password) @ipaserver = fqdn(@ipaserver, @domain) end
ask_questions()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 51 def ask_questions return false unless valid_environment? ask_for_parameters show_parameters return false unless agree("\nProceed? (Y/N): ") return false unless valid_parameters?(@ipaserver) true end
post_activation()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 81 def post_activation say("\nRestarting httpd, if running ...") httpd_service = LinuxAdmin::Service.new("httpd") httpd_service.restart if httpd_service.running? say("Restarting sssd and configure it to start on reboots ...") LinuxAdmin::Service.new("sssd").restart.enable end
show_current_configuration()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 42 def show_current_configuration return unless ipa_client_configured? config = config_file_read(SSSD_CONFIG) say("\nCurrent External Authentication (httpd) Configuration:\n") say("IPA Server Details:\n") say(" Hostname: #{fetch_ipa_configuration("ipa_server", config)}\n") say(" Domain: #{fetch_ipa_configuration("ipa_domain", config)}\n") end
show_parameters()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 32 def show_parameters say("\nExternal Authentication (httpd) Configuration:\n") say("IPA Server Details:\n") say(" Hostname: #{@ipaserver}\n") say(" Domain: #{@domain}\n") say(" Realm: #{realm}\n") say(" Naming Context: #{domain_naming_context}\n") say(" Principal: #{@principal}\n") end
Private Instance Methods
configure_httpd()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 139 def configure_httpd say("Configuring httpd ...") configure_httpd_application end
configure_ipa()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 108 def configure_ipa say("\nConfiguring IPA (may take a minute) ...") ipa_client_unconfigure if ipa_client_configured? ipa_client_configure(realm, @domain, @ipaserver, @principal, @password) enable_kerberos_dns_lookups end
configure_ipa_http_service()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 129 def configure_ipa_http_service say("Configuring IPA HTTP Service and Keytab ...") AwesomeSpawn.run!("/usr/bin/kinit", :params => [@principal], :stdin_data => @password) service = Principal.new(:hostname => @host, :realm => realm, :service => "HTTP", :ca_name => "ipa") service.register AwesomeSpawn.run!(IPA_GETKEYTAB, :params => {"-s" => @ipaserver, "-k" => HTTP_KEYTAB, "-p" => service.name}) FileUtils.chown(APACHE_USER, nil, HTTP_KEYTAB) FileUtils.chmod(0600, HTTP_KEYTAB) end
configure_pam()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 115 def configure_pam say("Configuring pam ...") cp_template(PAM_CONFIG, template_directory) end
configure_selinux()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 144 def configure_selinux say("Configuring SELinux ...") get_enforce = AwesomeSpawn.run!(GETENFORCE_COMMAND) if get_enforce.output.downcase.include?("disabled") say("SELinux is Disabled") else AwesomeSpawn.run!("#{SETSEBOOL_COMMAND} -P allow_httpd_mod_auth_pam on") result = AwesomeSpawn.run("#{GETSEBOOL_COMMAND} httpd_dbus_sssd") AwesomeSpawn.run!("#{SETSEBOOL_COMMAND} -P httpd_dbus_sssd on") if result.exit_status == 0 end end
configure_sssd()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 120 def configure_sssd say("Configuring sssd ...") config = config_file_read(SSSD_CONFIG) configure_sssd_domain(config, @domain) configure_sssd_service(config) configure_sssd_ifp(config) config_file_write(config, SSSD_CONFIG, @timestamp) end
domain_from_host(host)
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 96 def domain_from_host(host) host.gsub(/^([^.]+\.)/, '') if host && host.include?('.') end
domain_naming_context()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 92 def domain_naming_context @domain.split(".").collect { |s| "dc=#{s}" }.join(",") end
fqdn(host, domain)
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 100 def fqdn(host, domain) (host && domain && !host.include?(".")) ? "#{host}.#{domain}" : host end
realm()
click to toggle source
# File lib/manageiq/appliance_console/external_httpd_authentication.rb, line 104 def realm (@realm || @domain).upcase end