manageiq-appliance_console 5.1.0 → 5.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/appliance_console +0 -24
- data/lib/manageiq-appliance_console.rb +2 -2
- data/lib/manageiq/appliance_console/auth_utilities.rb +86 -0
- data/lib/manageiq/appliance_console/cli.rb +28 -44
- data/lib/manageiq/appliance_console/oidc_authentication.rb +92 -0
- data/lib/manageiq/appliance_console/saml_authentication.rb +8 -75
- data/lib/manageiq/appliance_console/version.rb +1 -1
- data/locales/appliance/en.yml +0 -4
- data/locales/container/en.yml +0 -2
- metadata +4 -4
- data/lib/manageiq/appliance_console/date_time_configuration.rb +0 -117
- data/lib/manageiq/appliance_console/timezone_configuration.rb +0 -58
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9aab719558452873f17db2eb66a1aeebd73d6e3f23eb41cc00955325e3004907
|
|
4
|
+
data.tar.gz: 515bf0fc47ceecd4441b0599a198ac81194056f5fc936102cd65d6d0ea31023f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a4ea565696b02cef54acac874cc8e3260e8a7b3795e68d4f99cd5c59d3c0b1affe230c75739e05e306693aba7de17faf20721db40e533a442baca1832d91dadc
|
|
7
|
+
data.tar.gz: 9fe682258cd1cefd700ce0ace41d61dce0060dcb4097c63d1a539e180ea8a65f7c7559e2853525ebe342631b9c607ddceab937755b409bba89a790581f8e9855
|
data/bin/appliance_console
CHANGED
|
@@ -296,30 +296,6 @@ Static Network Configuration
|
|
|
296
296
|
end
|
|
297
297
|
end
|
|
298
298
|
|
|
299
|
-
when I18n.t("advanced_settings.timezone")
|
|
300
|
-
say("#{selection}\n\n")
|
|
301
|
-
timezone_config = ManageIQ::ApplianceConsole::TimezoneConfiguration.new(timezone)
|
|
302
|
-
if timezone_config.ask_questions && timezone_config.activate
|
|
303
|
-
say("Timezone configured")
|
|
304
|
-
press_any_key
|
|
305
|
-
else
|
|
306
|
-
say("Timezone not configured")
|
|
307
|
-
press_any_key
|
|
308
|
-
raise MiqSignalError
|
|
309
|
-
end
|
|
310
|
-
|
|
311
|
-
when I18n.t("advanced_settings.datetime")
|
|
312
|
-
say("#{selection}\n\n")
|
|
313
|
-
date_time_config = ManageIQ::ApplianceConsole::DateTimeConfiguration.new
|
|
314
|
-
if date_time_config.ask_questions && date_time_config.activate
|
|
315
|
-
say("Date and time configured")
|
|
316
|
-
press_any_key
|
|
317
|
-
else
|
|
318
|
-
say("Date and time not configured")
|
|
319
|
-
press_any_key
|
|
320
|
-
raise MiqSignalError
|
|
321
|
-
end
|
|
322
|
-
|
|
323
299
|
when I18n.t("advanced_settings.httpdauth")
|
|
324
300
|
say("#{selection}\n\n")
|
|
325
301
|
|
|
@@ -27,6 +27,7 @@ require 'manageiq/appliance_console/prompts'
|
|
|
27
27
|
require 'manageiq-gems-pending'
|
|
28
28
|
require 'highline'
|
|
29
29
|
|
|
30
|
+
require 'manageiq/appliance_console/auth_utilities'
|
|
30
31
|
require 'manageiq/appliance_console/certificate'
|
|
31
32
|
require 'manageiq/appliance_console/certificate_authority'
|
|
32
33
|
require 'manageiq/appliance_console/cli'
|
|
@@ -35,7 +36,6 @@ require 'manageiq/appliance_console/database_configuration'
|
|
|
35
36
|
require 'manageiq/appliance_console/database_replication'
|
|
36
37
|
require 'manageiq/appliance_console/database_replication_primary'
|
|
37
38
|
require 'manageiq/appliance_console/database_replication_standby'
|
|
38
|
-
require 'manageiq/appliance_console/date_time_configuration'
|
|
39
39
|
require 'manageiq/appliance_console/external_auth_options'
|
|
40
40
|
require 'manageiq/appliance_console/external_database_configuration'
|
|
41
41
|
require 'manageiq/appliance_console/external_httpd_authentication'
|
|
@@ -43,9 +43,9 @@ require 'manageiq/appliance_console/internal_database_configuration'
|
|
|
43
43
|
require 'manageiq/appliance_console/key_configuration'
|
|
44
44
|
require 'manageiq/appliance_console/logfile_configuration'
|
|
45
45
|
require 'manageiq/appliance_console/logical_volume_management'
|
|
46
|
+
require 'manageiq/appliance_console/oidc_authentication'
|
|
46
47
|
require 'manageiq/appliance_console/principal'
|
|
47
48
|
require 'manageiq/appliance_console/saml_authentication'
|
|
48
49
|
require 'manageiq/appliance_console/scap'
|
|
49
50
|
require 'manageiq/appliance_console/temp_storage_configuration'
|
|
50
|
-
require 'manageiq/appliance_console/timezone_configuration'
|
|
51
51
|
require 'manageiq/appliance_console/utilities'
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
require "uri"
|
|
2
|
+
require "erb"
|
|
3
|
+
|
|
4
|
+
module ManageIQ
|
|
5
|
+
module ApplianceConsole
|
|
6
|
+
module AuthUtilities
|
|
7
|
+
HTTPD_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/conf.d")
|
|
8
|
+
|
|
9
|
+
def restart_httpd
|
|
10
|
+
httpd_service = LinuxAdmin::Service.new("httpd")
|
|
11
|
+
if httpd_service.running?
|
|
12
|
+
say("Restarting httpd ...")
|
|
13
|
+
httpd_service.restart
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def path_is_file?(path)
|
|
18
|
+
path.present? && !path_is_url?(path)
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def path_is_url?(path)
|
|
22
|
+
path =~ /\A#{URI.regexp(["http", "https"])}\z/x
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# File Management
|
|
26
|
+
|
|
27
|
+
def remove_file(path)
|
|
28
|
+
if path.exist?
|
|
29
|
+
debug_msg("Removing #{path} ...")
|
|
30
|
+
path.delete
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def copy_template(dir, file, template_parameters = nil)
|
|
35
|
+
src_path = template_directory.join(relative_from_root(dir), file)
|
|
36
|
+
dest_path = dir.join(file)
|
|
37
|
+
dest_path = dest_path.sub_ext('') if src_path.extname == ".erb"
|
|
38
|
+
debug_msg("Copying template #{src_path} to #{dest_path} ...")
|
|
39
|
+
if src_path.extname == ".erb"
|
|
40
|
+
raise ArgumentError, "Must specify template parameters for ERB files" if template_parameters.nil?
|
|
41
|
+
|
|
42
|
+
template = ERB.new(File.read(src_path), nil, '-')
|
|
43
|
+
File.write(dest_path, template.result_with_hash(template_parameters))
|
|
44
|
+
else
|
|
45
|
+
FileUtils.cp(src_path, dest_path)
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
def template_directory
|
|
50
|
+
@template_directory ||= Pathname.new(ENV.fetch("APPLIANCE_TEMPLATE_DIRECTORY"))
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def relative_from_root(path)
|
|
54
|
+
path.absolute? ? path.relative_path_from(Pathname.new("/")) : path
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
# Appliance Settings
|
|
58
|
+
|
|
59
|
+
def configure_auth_settings_database
|
|
60
|
+
say("Setting Appliance Authentication Settings to Database ...")
|
|
61
|
+
configure_auth_settings(:mode => "database",
|
|
62
|
+
:httpd_role => false,
|
|
63
|
+
:saml_enabled => false,
|
|
64
|
+
:oidc_enabled => false,
|
|
65
|
+
:sso_enabled => false,
|
|
66
|
+
:provider_type => "none")
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
def configure_auth_settings(args)
|
|
70
|
+
Utilities.rake_run("evm:settings:set", args.collect { |key, val| "/authentication/#{key}=#{val}" })
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
# Logging
|
|
74
|
+
|
|
75
|
+
def debug_msg(msg)
|
|
76
|
+
say(msg) if options[:verbose]
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
def log_command_error(err)
|
|
80
|
+
say(err.result.output)
|
|
81
|
+
say(err.result.error)
|
|
82
|
+
say("")
|
|
83
|
+
end
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
@@ -65,14 +65,6 @@ module ApplianceConsole
|
|
|
65
65
|
options[:logdisk]
|
|
66
66
|
end
|
|
67
67
|
|
|
68
|
-
def time_zone?
|
|
69
|
-
options[:timezone]
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
def date_time?
|
|
73
|
-
options[:datetime]
|
|
74
|
-
end
|
|
75
|
-
|
|
76
68
|
def extauth_opts?
|
|
77
69
|
options[:extauth_opts]
|
|
78
70
|
end
|
|
@@ -85,6 +77,14 @@ module ApplianceConsole
|
|
|
85
77
|
options[:saml_unconfig]
|
|
86
78
|
end
|
|
87
79
|
|
|
80
|
+
def oidc_config?
|
|
81
|
+
options[:oidc_config]
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def oidc_unconfig?
|
|
85
|
+
options[:oidc_unconfig]
|
|
86
|
+
end
|
|
87
|
+
|
|
88
88
|
def set_server_state?
|
|
89
89
|
options[:server]
|
|
90
90
|
end
|
|
@@ -149,8 +149,6 @@ module ApplianceConsole
|
|
|
149
149
|
opt :ipadomain, "IPA Server domain (optional)", :type => :string
|
|
150
150
|
opt :iparealm, "IPA Server realm (optional)", :type => :string
|
|
151
151
|
opt :ca, "CA name used for certmonger", :type => :string, :default => "ipa"
|
|
152
|
-
opt :timezone, "Time zone", :type => :string
|
|
153
|
-
opt :datetime, "Date and time, in YYYY-MM-DDTHH:MM:SS (ISO8601) format", :type => :string
|
|
154
152
|
opt :http_cert, "install certs for http server", :type => :boolean
|
|
155
153
|
opt :extauth_opts, "External Authentication Options", :type => :string
|
|
156
154
|
opt :saml_config, "Configure Appliance for SAML Authentication", :type => :boolean, :default => false
|
|
@@ -158,6 +156,13 @@ module ApplianceConsole
|
|
|
158
156
|
opt :saml_idp_metadata, "The file path or URL of the SAML IDP Metadata", :type => :string
|
|
159
157
|
opt :saml_enable_sso, "Optionally enable SSO with SAML Authentication", :type => :boolean, :default => false
|
|
160
158
|
opt :saml_unconfig, "Unconfigure Appliance SAML Authentication", :type => :boolean, :default => false
|
|
159
|
+
opt :oidc_config, "Configure Appliance for OpenID-Connect Authentication", :type => :boolean, :default => false
|
|
160
|
+
opt :oidc_url, "The OpenID-Connect Provider URL", :type => :string
|
|
161
|
+
opt :oidc_client_host, "Optional Appliance host used for OpenID-Connect Authentication", :type => :string
|
|
162
|
+
opt :oidc_client_id, "The OpenID-Connect Provider Client ID", :type => :string
|
|
163
|
+
opt :oidc_client_secret, "The OpenID-Connect Provider Client Secret", :type => :string
|
|
164
|
+
opt :oidc_enable_sso, "Optionally enable SSO with OpenID-Connect Authentication", :type => :boolean, :default => false
|
|
165
|
+
opt :oidc_unconfig, "Unconfigure Appliance OpenID-Connect Authentication", :type => :boolean, :default => false
|
|
161
166
|
opt :server, "{start|stop|restart} actions on evmserverd Server", :type => :string
|
|
162
167
|
end
|
|
163
168
|
Optimist.die :region, "needed when setting up a local database" if region_number_required? && options[:region].nil?
|
|
@@ -171,8 +176,9 @@ module ApplianceConsole
|
|
|
171
176
|
def run
|
|
172
177
|
Optimist.educate unless set_host? || key? || database? || tmp_disk? || log_disk? ||
|
|
173
178
|
uninstall_ipa? || install_ipa? || certs? || extauth_opts? ||
|
|
174
|
-
|
|
175
|
-
saml_config? || saml_unconfig?
|
|
179
|
+
set_server_state? || set_replication? ||
|
|
180
|
+
saml_config? || saml_unconfig? ||
|
|
181
|
+
oidc_config? || oidc_unconfig?
|
|
176
182
|
if set_host?
|
|
177
183
|
system_hosts = LinuxAdmin::Hosts.new
|
|
178
184
|
system_hosts.hostname = options[:host]
|
|
@@ -183,8 +189,6 @@ module ApplianceConsole
|
|
|
183
189
|
create_key if key?
|
|
184
190
|
set_db if database?
|
|
185
191
|
set_replication if set_replication?
|
|
186
|
-
set_time_zone if time_zone?
|
|
187
|
-
set_date_time if date_time?
|
|
188
192
|
config_tmp_disk if tmp_disk?
|
|
189
193
|
config_log_disk if log_disk?
|
|
190
194
|
uninstall_ipa if uninstall_ipa?
|
|
@@ -193,6 +197,8 @@ module ApplianceConsole
|
|
|
193
197
|
extauth_opts if extauth_opts?
|
|
194
198
|
saml_config if saml_config?
|
|
195
199
|
saml_unconfig if saml_unconfig?
|
|
200
|
+
oidc_config if oidc_config?
|
|
201
|
+
oidc_unconfig if oidc_unconfig?
|
|
196
202
|
set_server_state if set_server_state?
|
|
197
203
|
rescue CliError => e
|
|
198
204
|
say(e.message)
|
|
@@ -282,36 +288,6 @@ module ApplianceConsole
|
|
|
282
288
|
db_replication.activate
|
|
283
289
|
end
|
|
284
290
|
|
|
285
|
-
def set_time_zone
|
|
286
|
-
timezone_config = ManageIQ::ApplianceConsole::TimezoneConfiguration.new(options[:timezone])
|
|
287
|
-
timezone_config.new_timezone = options[:timezone]
|
|
288
|
-
if timezone_config.activate
|
|
289
|
-
say("Timezone configured")
|
|
290
|
-
else
|
|
291
|
-
say("Timezone not configured")
|
|
292
|
-
end
|
|
293
|
-
end
|
|
294
|
-
|
|
295
|
-
def set_date_time
|
|
296
|
-
date_time_config = ManageIQ::ApplianceConsole::DateTimeConfiguration.new
|
|
297
|
-
unless options[:datetime] == "auto"
|
|
298
|
-
date_time_config.manual_time_sync = true
|
|
299
|
-
date_time_config.new_date, date_time_config.new_time = options[:datetime].split("T")
|
|
300
|
-
return unless date_time_valid?(date_time_config)
|
|
301
|
-
end
|
|
302
|
-
date_time_config.activate
|
|
303
|
-
end
|
|
304
|
-
|
|
305
|
-
def date_time_valid?(date_time_config)
|
|
306
|
-
unless ManageIQ::ApplianceConsole::DateTimeConfiguration::DATE_REGEXP =~ date_time_config.new_date &&
|
|
307
|
-
ManageIQ::ApplianceConsole::DateTimeConfiguration::TIME_REGEXP =~ date_time_config.new_time
|
|
308
|
-
say("Datetime should be given in YYYY-MM-DDTHH:MM:SS format")
|
|
309
|
-
say("Datetime not configured")
|
|
310
|
-
return false
|
|
311
|
-
end
|
|
312
|
-
true
|
|
313
|
-
end
|
|
314
|
-
|
|
315
291
|
def key_configuration
|
|
316
292
|
@key_configuration ||= KeyConfiguration.new(
|
|
317
293
|
:action => options[:fetch_key] ? :fetch : :create,
|
|
@@ -412,6 +388,14 @@ module ApplianceConsole
|
|
|
412
388
|
SamlAuthentication.new(options).unconfigure
|
|
413
389
|
end
|
|
414
390
|
|
|
391
|
+
def oidc_config
|
|
392
|
+
OIDCAuthentication.new(options).configure(options[:oidc_client_host] || host)
|
|
393
|
+
end
|
|
394
|
+
|
|
395
|
+
def oidc_unconfig
|
|
396
|
+
OIDCAuthentication.new(options).unconfigure
|
|
397
|
+
end
|
|
398
|
+
|
|
415
399
|
def set_server_state
|
|
416
400
|
service = LinuxAdmin::Service.new("evmserverd")
|
|
417
401
|
service_running = service.running?
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
module ManageIQ
|
|
2
|
+
module ApplianceConsole
|
|
3
|
+
class OIDCAuthentication
|
|
4
|
+
include ManageIQ::ApplianceConsole::AuthUtilities
|
|
5
|
+
|
|
6
|
+
attr_accessor :host, :options
|
|
7
|
+
|
|
8
|
+
def initialize(options)
|
|
9
|
+
@options = options
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def configure(host)
|
|
13
|
+
@host = host
|
|
14
|
+
validate_oidc_options
|
|
15
|
+
|
|
16
|
+
say("Configuring OpenID-Connect Authentication for https://#{host} ...")
|
|
17
|
+
copy_apache_oidc_configfiles
|
|
18
|
+
configure_auth_settings_oidc
|
|
19
|
+
restart_httpd
|
|
20
|
+
true
|
|
21
|
+
rescue AwesomeSpawn::CommandResultError => e
|
|
22
|
+
log_command_error(e)
|
|
23
|
+
say("Failed to Configure OpenID-Connect Authentication - #{e}")
|
|
24
|
+
false
|
|
25
|
+
rescue => e
|
|
26
|
+
say("Failed to Configure OpenID-Connect Authentication - #{e}")
|
|
27
|
+
false
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def unconfigure
|
|
31
|
+
raise "Appliance is not currently configured for OpenID-Connect" unless configured?
|
|
32
|
+
|
|
33
|
+
say("Unconfiguring OpenID-Connect Authentication ...")
|
|
34
|
+
remove_apache_oidc_configfiles
|
|
35
|
+
configure_auth_settings_database
|
|
36
|
+
restart_httpd
|
|
37
|
+
true
|
|
38
|
+
rescue AwesomeSpawn::CommandResultError => e
|
|
39
|
+
log_command_error(e)
|
|
40
|
+
say("Failed to Unconfigure OpenID-Connect Authentication - #{e}")
|
|
41
|
+
false
|
|
42
|
+
rescue => e
|
|
43
|
+
say("Failed to Unconfigure OpenID-Connect Authentication - #{e}")
|
|
44
|
+
false
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
private
|
|
48
|
+
|
|
49
|
+
# Apache OpenID-Connect Configuration
|
|
50
|
+
|
|
51
|
+
def copy_apache_oidc_configfiles
|
|
52
|
+
debug_msg("Copying Apache OpenID-Connect Config files ...")
|
|
53
|
+
copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-remote-user-openidc.conf")
|
|
54
|
+
copy_template(HTTPD_CONFIG_DIRECTORY, "manageiq-external-auth-openidc.conf.erb",
|
|
55
|
+
:miq_appliance => host,
|
|
56
|
+
:oidc_provider_metadata_url => options[:oidc_url],
|
|
57
|
+
:oidc_client_id => options[:oidc_client_id],
|
|
58
|
+
:oidc_client_secret => options[:oidc_client_secret])
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def remove_apache_oidc_configfiles
|
|
62
|
+
debug_msg("Removing Apache OpenID-Connect Config files ...")
|
|
63
|
+
remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-remote-user-openidc.conf"))
|
|
64
|
+
remove_file(HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-openidc.conf"))
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def configured?
|
|
68
|
+
HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-openidc.conf").exist?
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# OpenID-Connect IDP Metadata
|
|
72
|
+
|
|
73
|
+
def validate_oidc_options
|
|
74
|
+
raise "Must specify the OpenID-Connect Provider URL via --oidc-url" if options[:oidc_url].blank?
|
|
75
|
+
raise "Must specify the OpenID-Connect Client ID via --oidc-client-id" if options[:oidc_client_id].blank?
|
|
76
|
+
raise "Must specify the OpenID-Connect Client Secret via --oidc-client-secret" if options[:oidc_client_secret].blank?
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
# Appliance Settings
|
|
80
|
+
|
|
81
|
+
def configure_auth_settings_oidc
|
|
82
|
+
say("Setting Appliance Authentication Settings to OpenID-Connect ...")
|
|
83
|
+
configure_auth_settings(:mode => "httpd",
|
|
84
|
+
:httpd_role => true,
|
|
85
|
+
:saml_enabled => false,
|
|
86
|
+
:oidc_enabled => true,
|
|
87
|
+
:sso_enabled => options[:oidc_enable_sso] ? true : false,
|
|
88
|
+
:provider_type => "oidc")
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
@@ -1,11 +1,10 @@
|
|
|
1
|
-
require "uri"
|
|
2
|
-
|
|
3
1
|
module ManageIQ
|
|
4
2
|
module ApplianceConsole
|
|
5
3
|
class SamlAuthentication
|
|
4
|
+
include ManageIQ::ApplianceConsole::AuthUtilities
|
|
5
|
+
|
|
6
6
|
MELLON_CREATE_METADATA_COMMAND = Pathname.new("/usr/libexec/mod_auth_mellon/mellon_create_metadata.sh")
|
|
7
7
|
|
|
8
|
-
HTTPD_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/conf.d")
|
|
9
8
|
SAML2_CONFIG_DIRECTORY = Pathname.new("/etc/httpd/saml2")
|
|
10
9
|
IDP_METADATA_FILE = SAML2_CONFIG_DIRECTORY.join("idp-metadata.xml")
|
|
11
10
|
|
|
@@ -105,14 +104,6 @@ module ManageIQ
|
|
|
105
104
|
HTTPD_CONFIG_DIRECTORY.join("manageiq-external-auth-saml.conf").exist?
|
|
106
105
|
end
|
|
107
106
|
|
|
108
|
-
def restart_httpd
|
|
109
|
-
httpd_service = LinuxAdmin::Service.new("httpd")
|
|
110
|
-
if httpd_service.running?
|
|
111
|
-
say("Restarting httpd ...")
|
|
112
|
-
httpd_service.restart
|
|
113
|
-
end
|
|
114
|
-
end
|
|
115
|
-
|
|
116
107
|
# SAML IDP Metadata
|
|
117
108
|
|
|
118
109
|
def validate_saml_idp_metadata_option
|
|
@@ -122,30 +113,8 @@ module ManageIQ
|
|
|
122
113
|
raise "Missing SAML IDP metadata file #{idp_metadata}" if path_is_file?(idp_metadata) && !File.exist?(idp_metadata)
|
|
123
114
|
end
|
|
124
115
|
|
|
125
|
-
def path_is_file?(path)
|
|
126
|
-
path.present? && !path_is_url?(path)
|
|
127
|
-
end
|
|
128
|
-
|
|
129
|
-
def path_is_url?(path)
|
|
130
|
-
path =~ /\A#{URI.regexp(["http", "https"])}\z/x
|
|
131
|
-
end
|
|
132
|
-
|
|
133
116
|
# File Management
|
|
134
117
|
|
|
135
|
-
def remove_file(path)
|
|
136
|
-
if path.exist?
|
|
137
|
-
debug_msg("Removing #{path} ...")
|
|
138
|
-
File.delete(path)
|
|
139
|
-
end
|
|
140
|
-
end
|
|
141
|
-
|
|
142
|
-
def copy_template(dir, file)
|
|
143
|
-
src_path = template_directory.join(relative_from_root(dir), file)
|
|
144
|
-
dest_path = dir.join(file)
|
|
145
|
-
debug_msg("Copying template #{src_path} to #{dest_path} ...")
|
|
146
|
-
FileUtils.cp(src_path, dest_path)
|
|
147
|
-
end
|
|
148
|
-
|
|
149
118
|
def download_network_file(source_file_url, target_file)
|
|
150
119
|
require "net/http"
|
|
151
120
|
|
|
@@ -156,52 +125,16 @@ module ManageIQ
|
|
|
156
125
|
File.write(target_file, result.body)
|
|
157
126
|
end
|
|
158
127
|
|
|
159
|
-
def template_directory
|
|
160
|
-
@template_directory ||= Pathname.new(ENV.fetch("APPLIANCE_TEMPLATE_DIRECTORY"))
|
|
161
|
-
end
|
|
162
|
-
|
|
163
|
-
def relative_from_root(path)
|
|
164
|
-
path.absolute? ? path.relative_path_from(Pathname.new("/")) : path
|
|
165
|
-
end
|
|
166
|
-
|
|
167
128
|
# Appliance Settings
|
|
168
129
|
|
|
169
130
|
def configure_auth_settings_saml
|
|
170
131
|
say("Setting Appliance Authentication Settings to SAML ...")
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
"/authentication/provider_type=saml"
|
|
178
|
-
]
|
|
179
|
-
Utilities.rake_run("evm:settings:set", params)
|
|
180
|
-
end
|
|
181
|
-
|
|
182
|
-
def configure_auth_settings_database
|
|
183
|
-
say("Setting Appliance Authentication Settings to Database ...")
|
|
184
|
-
params = [
|
|
185
|
-
"/authentication/mode=database",
|
|
186
|
-
"/authentication/httpd_role=false",
|
|
187
|
-
"/authentication/saml_enabled=false",
|
|
188
|
-
"/authentication/oidc_enabled=false",
|
|
189
|
-
"/authentication/sso_enabled=false",
|
|
190
|
-
"/authentication/provider_type=none"
|
|
191
|
-
]
|
|
192
|
-
Utilities.rake_run("evm:settings:set", params)
|
|
193
|
-
end
|
|
194
|
-
|
|
195
|
-
# Logging
|
|
196
|
-
|
|
197
|
-
def debug_msg(msg)
|
|
198
|
-
say(msg) if options[:verbose]
|
|
199
|
-
end
|
|
200
|
-
|
|
201
|
-
def log_command_error(err)
|
|
202
|
-
say(err.result.output)
|
|
203
|
-
say(err.result.error)
|
|
204
|
-
say("")
|
|
132
|
+
configure_auth_settings(:mode => "httpd",
|
|
133
|
+
:httpd_role => true,
|
|
134
|
+
:saml_enabled => true,
|
|
135
|
+
:oidc_enabled => false,
|
|
136
|
+
:sso_enabled => options[:saml_enable_sso] ? true : false,
|
|
137
|
+
:provider_type => "saml")
|
|
205
138
|
end
|
|
206
139
|
end
|
|
207
140
|
end
|
data/locales/appliance/en.yml
CHANGED
|
@@ -5,8 +5,6 @@ en:
|
|
|
5
5
|
advanced_settings:
|
|
6
6
|
menu_order:
|
|
7
7
|
- networking
|
|
8
|
-
- timezone
|
|
9
|
-
- datetime
|
|
10
8
|
- dbbackup
|
|
11
9
|
- dbdump
|
|
12
10
|
- dbrestore
|
|
@@ -24,8 +22,6 @@ en:
|
|
|
24
22
|
- summary
|
|
25
23
|
- quit
|
|
26
24
|
networking: Configure Network
|
|
27
|
-
timezone: Set Timezone
|
|
28
|
-
datetime: Set Date and Time
|
|
29
25
|
dbbackup: Create Database Backup
|
|
30
26
|
dbdump: Create Database Dump
|
|
31
27
|
dbrestore: Restore Database From Backup
|
data/locales/container/en.yml
CHANGED
|
@@ -4,7 +4,6 @@ en:
|
|
|
4
4
|
name: ManageIQ
|
|
5
5
|
advanced_settings:
|
|
6
6
|
menu_order:
|
|
7
|
-
- timezone
|
|
8
7
|
- dbrestore
|
|
9
8
|
- db_config
|
|
10
9
|
- db_replication
|
|
@@ -15,7 +14,6 @@ en:
|
|
|
15
14
|
- shutdown
|
|
16
15
|
- summary
|
|
17
16
|
- quit
|
|
18
|
-
timezone: Set Timezone
|
|
19
17
|
dbrestore: Restore Database From Backup
|
|
20
18
|
db_config: Configure Database
|
|
21
19
|
db_replication: Configure Database Replication
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: manageiq-appliance_console
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- ManageIQ Developers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-
|
|
11
|
+
date: 2019-12-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|
|
@@ -264,6 +264,7 @@ files:
|
|
|
264
264
|
- bin/appliance_console
|
|
265
265
|
- bin/appliance_console_cli
|
|
266
266
|
- lib/manageiq-appliance_console.rb
|
|
267
|
+
- lib/manageiq/appliance_console/auth_utilities.rb
|
|
267
268
|
- lib/manageiq/appliance_console/certificate.rb
|
|
268
269
|
- lib/manageiq/appliance_console/certificate_authority.rb
|
|
269
270
|
- lib/manageiq/appliance_console/cli.rb
|
|
@@ -272,7 +273,6 @@ files:
|
|
|
272
273
|
- lib/manageiq/appliance_console/database_replication.rb
|
|
273
274
|
- lib/manageiq/appliance_console/database_replication_primary.rb
|
|
274
275
|
- lib/manageiq/appliance_console/database_replication_standby.rb
|
|
275
|
-
- lib/manageiq/appliance_console/date_time_configuration.rb
|
|
276
276
|
- lib/manageiq/appliance_console/errors.rb
|
|
277
277
|
- lib/manageiq/appliance_console/external_auth_options.rb
|
|
278
278
|
- lib/manageiq/appliance_console/external_database_configuration.rb
|
|
@@ -285,12 +285,12 @@ files:
|
|
|
285
285
|
- lib/manageiq/appliance_console/logger.rb
|
|
286
286
|
- lib/manageiq/appliance_console/logging.rb
|
|
287
287
|
- lib/manageiq/appliance_console/logical_volume_management.rb
|
|
288
|
+
- lib/manageiq/appliance_console/oidc_authentication.rb
|
|
288
289
|
- lib/manageiq/appliance_console/principal.rb
|
|
289
290
|
- lib/manageiq/appliance_console/prompts.rb
|
|
290
291
|
- lib/manageiq/appliance_console/saml_authentication.rb
|
|
291
292
|
- lib/manageiq/appliance_console/scap.rb
|
|
292
293
|
- lib/manageiq/appliance_console/temp_storage_configuration.rb
|
|
293
|
-
- lib/manageiq/appliance_console/timezone_configuration.rb
|
|
294
294
|
- lib/manageiq/appliance_console/utilities.rb
|
|
295
295
|
- lib/manageiq/appliance_console/version.rb
|
|
296
296
|
- locales/appliance/en.yml
|
|
@@ -1,117 +0,0 @@
|
|
|
1
|
-
module ManageIQ
|
|
2
|
-
module ApplianceConsole
|
|
3
|
-
class DateTimeConfiguration
|
|
4
|
-
DATE_REGEXP = /^(2[0-9]{3})-(0?[1-9]|1[0-2])-(0?[1-9]|[12][0-9]|3[01])/
|
|
5
|
-
DATE_PROMPT = "current date (YYYY-MM-DD)".freeze
|
|
6
|
-
TIME_REGEXP = /^(0?[0-9]|1[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])/
|
|
7
|
-
TIME_PROMPT = "current time in 24 hour format (HH:MM:SS)".freeze
|
|
8
|
-
|
|
9
|
-
attr_accessor :new_date, :new_time, :manual_time_sync
|
|
10
|
-
|
|
11
|
-
include ManageIQ::ApplianceConsole::Logging
|
|
12
|
-
|
|
13
|
-
def initialize
|
|
14
|
-
@new_date = nil
|
|
15
|
-
@new_time = nil
|
|
16
|
-
@manual_time_sync = false
|
|
17
|
-
end
|
|
18
|
-
|
|
19
|
-
def activate
|
|
20
|
-
say("Applying time configuration...")
|
|
21
|
-
establish_auto_sync &&
|
|
22
|
-
configure_date_time
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
def ask_questions
|
|
26
|
-
ask_establish_auto_sync
|
|
27
|
-
ask_for_date &&
|
|
28
|
-
ask_for_time &&
|
|
29
|
-
confirm
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
def ask_establish_auto_sync
|
|
33
|
-
say("Automatic time synchronization must be disabled to manually set date or time\n\n")
|
|
34
|
-
|
|
35
|
-
@manual_time_sync = agree(<<-EOL)
|
|
36
|
-
Yes to disable Automatic time synchronization and prompt for date and time.
|
|
37
|
-
No to enable Automatic time synchronization. (Y/N):
|
|
38
|
-
|
|
39
|
-
EOL
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
def ask_for_date
|
|
43
|
-
return true unless manual_time_sync
|
|
44
|
-
@new_date = just_ask(DATE_PROMPT, nil, DATE_REGEXP)
|
|
45
|
-
true
|
|
46
|
-
rescue
|
|
47
|
-
false
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def ask_for_time
|
|
51
|
-
return true unless manual_time_sync
|
|
52
|
-
@new_time = just_ask(TIME_PROMPT, nil, TIME_REGEXP)
|
|
53
|
-
true
|
|
54
|
-
rescue
|
|
55
|
-
false
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
def confirm
|
|
59
|
-
manual_time_sync ? confirm_manual : confirm_auto
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
def confirm_auto
|
|
63
|
-
clear_screen
|
|
64
|
-
say("Date and Time Configuration will be automatic")
|
|
65
|
-
|
|
66
|
-
agree("Apply automatic time configuration? (Y/N): ")
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
def confirm_manual
|
|
70
|
-
clear_screen
|
|
71
|
-
say(<<-EOL)
|
|
72
|
-
Date and Time Configuration
|
|
73
|
-
|
|
74
|
-
Date: #{new_date}
|
|
75
|
-
Time: #{new_time}
|
|
76
|
-
|
|
77
|
-
EOL
|
|
78
|
-
|
|
79
|
-
agree("Apply manual time configuration? (Y/N): ")
|
|
80
|
-
end
|
|
81
|
-
|
|
82
|
-
def establish_auto_sync
|
|
83
|
-
manual_time_sync ? disable_auto_sync : enable_auto_sync
|
|
84
|
-
end
|
|
85
|
-
|
|
86
|
-
def enable_auto_sync
|
|
87
|
-
LinuxAdmin::Service.new("chronyd").enable.start
|
|
88
|
-
LinuxAdmin::Service.new("systemd-timedated").restart
|
|
89
|
-
true
|
|
90
|
-
rescue => e
|
|
91
|
-
say("Failed to enable time synchronization")
|
|
92
|
-
logger.error("Failed to enable time synchronization: #{e.message}")
|
|
93
|
-
false
|
|
94
|
-
end
|
|
95
|
-
|
|
96
|
-
def disable_auto_sync
|
|
97
|
-
LinuxAdmin::Service.new("chronyd").stop.disable
|
|
98
|
-
LinuxAdmin::Service.new("systemd-timedated").restart
|
|
99
|
-
true
|
|
100
|
-
rescue => e
|
|
101
|
-
say("Failed to disable time synchronization")
|
|
102
|
-
logger.error("Failed to disable time synchronization: #{e.message}")
|
|
103
|
-
false
|
|
104
|
-
end
|
|
105
|
-
|
|
106
|
-
def configure_date_time
|
|
107
|
-
return true unless manual_time_sync
|
|
108
|
-
LinuxAdmin::TimeDate.system_time = Time.parse("#{new_date} #{new_time}").getlocal
|
|
109
|
-
true
|
|
110
|
-
rescue => e
|
|
111
|
-
say("Failed to apply time configuration")
|
|
112
|
-
logger.error("Failed to apply time configuration: #{e.message}")
|
|
113
|
-
false
|
|
114
|
-
end
|
|
115
|
-
end # class DateTimeConfiguration
|
|
116
|
-
end # module ApplianceConsole
|
|
117
|
-
end
|
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
require "linux_admin"
|
|
2
|
-
|
|
3
|
-
module ManageIQ
|
|
4
|
-
module ApplianceConsole
|
|
5
|
-
class TimezoneConfiguration
|
|
6
|
-
include ManageIQ::ApplianceConsole::Logging
|
|
7
|
-
|
|
8
|
-
attr_reader :current_timzone
|
|
9
|
-
attr_accessor :new_timezone
|
|
10
|
-
|
|
11
|
-
def initialize(region_timezone_string)
|
|
12
|
-
@current_timezone = region_timezone_string
|
|
13
|
-
end
|
|
14
|
-
|
|
15
|
-
def activate
|
|
16
|
-
log_and_feedback(__method__) do
|
|
17
|
-
say("Applying new timezone #{new_timezone}...")
|
|
18
|
-
begin
|
|
19
|
-
LinuxAdmin::TimeDate.system_timezone = new_timezone
|
|
20
|
-
rescue LinuxAdmin::TimeDate::TimeCommandError => e
|
|
21
|
-
say("Failed to apply timezone configuration")
|
|
22
|
-
logger.error("Failed to timezone configuration: #{e.message}")
|
|
23
|
-
return false
|
|
24
|
-
end
|
|
25
|
-
end
|
|
26
|
-
true
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
def ask_questions
|
|
30
|
-
ask_for_timezone && confirm
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def ask_for_timezone
|
|
34
|
-
current_item = timezone_hash
|
|
35
|
-
|
|
36
|
-
while current_item.is_a?(Hash)
|
|
37
|
-
selection = ask_with_menu("Geographic Location", current_item.keys, nil, false)
|
|
38
|
-
return false if selection == CANCEL
|
|
39
|
-
current_item = current_item[selection]
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
@new_timezone = current_item
|
|
43
|
-
true
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
def confirm
|
|
47
|
-
clear_screen
|
|
48
|
-
agree("Change the timezone to #{new_timezone}? (Y/N): ")
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
def timezone_hash
|
|
52
|
-
LinuxAdmin::TimeDate.timezones.each_with_object({}) do |tz, hash|
|
|
53
|
-
hash.store_path(*tz.split("/"), tz)
|
|
54
|
-
end
|
|
55
|
-
end
|
|
56
|
-
end # class TimezoneConfiguration
|
|
57
|
-
end # module ApplianceConsole
|
|
58
|
-
end
|