Update with collected CDP PVC changes (#107)

* Update with Private Cloud prerequisite and Control Plane changes (#61)
* Add control keys for autotls, pvc_type, free_ipa to control deployment behavior more simply.
* Standardise the host group name for ECS nodes to be 'ecs_nodes' to match the other standard groups we use in Ansible inventory
* Deprecate duplicate filter_null_configs filter from api_client
* Add handler to restart cloudera management service
* Migrate autotls implementation
* Migrate cms_tls setup 
* Add default external_auth configuration to generally handle freeipa or mit setup
* Update importAdminCredentials command to not fail when already imported, but report other errors
* Add new role cloudera_manager.services_info to perform useful service discovery on existing clusters. 
* Migrate role to set session_timeout for cloudera_manager
* Migrate role to set hue_ticket_lifetime for PvC-DS deployments
* Migrate role to setup TLS for KMS
* Migrate role to fix some libs for the Oozie UI in some PvC-DS deployments
* Migrate role to setup some default Ranger policies for some PvC-DS deployments
* Migrate role to setup a SOLR role in Knox for some PvC-DS deployments
* Migrate role to ensure a Ranger plugin for SOLR is deployed in some PvC-DS deployments
* Update the defaults for database type and version to respond to el7 or el8 appropriately.
* Migrate role to setup WXM.
* Update krb5_client deployment for FreeIPA setup, including a patch for dbus_session config and specific configs for when running PvC-DS.
* Default krb5_domain to krb5_realm.lower automatically.
* Add default kerberos configuration to krb5_common, including simple defaults for when MIT KDC or Red Hat IPA are selected. Passwords default to the cloudera_manager_admin_password instead of hardcoded values like 'changeme'
* Add fixes for FreeIPA server deployment
* Fix refresh_ranger_kms_repo role to function correctly when determining the Ranger URL in modern Ansible.
* Add operation to restart a given cluster or a given cluster's services or cluster management services for user convenience. They could be handlers, but this felt more useful as more people know how to use roles than handlers.
* Migrate role to setup iptables or nftables for PvC ECS deployment on Rhel7 or Rhel8
* Add firewalld to unwanted services during automated os prereq setup
* Add fix where setting up postgresql_connector sometimes requires python3-psycopg2 to be setup for SSB.
* Migrate role to set up a subset of necessary local accounts on ecs_nodes
* Add check to ensure that FreeIPA and a custom repo are not on the same host as they both try to hardcode port 8443.
* Enhance error message when TLS setup is only being partially applied to hosts in the cluster definition
* Update ecs cluster template to set version to DATA_SERVICES1 to reflect current Cloudera Manager 7.6.5 requirements
* Modifiy ecs services Jinja template to seek host groups by long name. 
* Explicitly set default database_type to postgresql to avoid user confusion
* Add nfs-utils to OS prereqs when installing ECS
* Add control for whether or not embedded database mode for ECS is implemented
* Remove unused deployment.j2 template
* Add controlPlaneValuesEmbedded.j2 for embedded database values
* Fix bug in services.j2 for ECS deployment where it would look for the wrong host template name
* Rename free_ipa switch to freeipa_activated to match other top level switches
* Allow Cloudera Manager version and distro to be set explicitly for repo setup
* Update default cloudera-manager version to 7.6.5
* Fix custom_repo to recognise ecs_nodes as valid
* Update dbus patch for freeipa client to only restart services if something is changed
* Add autodns support to freeipa clients
* Add autodns function to freeipa server setup, including creating required zones and records for PvC-DS ECS if that is being deployed
* Add task to Flush and Delete IPTables when setting up ECS
* Set default Cloudera Manager version to 7.6.1 for base deployments. (7.6.5 is primarily for PvC-DS.)
* Add draft ECS teardown processes
* Add cloudera.cluster.operations.stop_cluster as a convenience method, as ECS needs to be stopped and cleaned in a specific sequence.
* Provide additional wildcard DNS records for ECS in FreeIPA Autodns setup
* Fixes for RHEL8.6 support and custom_repo with Cloudera Manager (#83)
* Fix download and reuse of Cloudera Manager repo-as-tarball
* Switch to using custom_repo as base url for archive.cloudera.com by default if custom_repo is specified in build without a specific base_url being supplied.
* Fix kts setup for RHEL8+ where gpg 2.1+ is used which has changed the default file set - look for kbx files.
* Setup of automatic DNS on the freeipa server now supports running on ec2 instances with RHEL8.6, and EL8 generally
* Automatically set selinux to permissive on the krb5_server for RHEL8, as otherwise setup is blocked
* Separate Py2 and Py3 setup on RHEL8 in preparation for final Py2 deprecation in Cloudera products
* Set default admins group as configurable variable in freeipa config
* Add option to ensure creation of a 'superuser' in FreeIPA as the default 'admin' user can clash with system users within CDP in some circumstances. This user is then useful to PvC-DS installs and not created by default otherwise.
* Create Cloudera Manager module framework (#62)
* Create common cm_utils.py for managing CM API interactions, unit and integration test frameworks, and cm_version_info and cm_endpoint_info modules.
* Clean up error messages and remove unused imports
* Create ad-hoc/unimplemented API resource module, cm_resource_info
* Fix JSON decode bug for ApiExceptions
* Centralize call_api method
* Add documentation and document fragment for cm_resource
* Create cm_resource module for ad-hoc CM API endpoint calls
* Update to handle private IP installations (#93)
* Handle delegation to CM server when needed
* Handle remote CA management for sidecar/embedded FreeIPA installs

Signed-off-by: Daniel Chaffelson <chaffelson@gmail.com>
Signed-off-by: Webster Mudge <wmudge@cloudera.com>
Co-authored-by: Dan Chaffelson <chaffelson@gmail.com>

Author: wmudge

.gitignore

@@ -1,7 +1,164 @@
-.idea
-.vscode
-test*
-*.pyc
-*.bak
-.DS_Store
-venv
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Keep the Galaxy builds
+!cloudera-cluster-*.tar.gz
+
+# Ignore the test output
+tests/output
+
+# Remove any integration configuration
+tests/integration/integration_config.yml
+
+# Remove the Sphinx build directory
+site/_build
+
+### Python template
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+

meta/runtime.yml

@@ -0,0 +1,17 @@
+---
+
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+requires_ansible: ">=2.10"

plugins/doc_fragments/cm_endpoint.py

@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class ModuleDocFragment(object):
+    DOCUMENTATION = r'''
+    options:
+        url:
+            description:
+                - The CM API endpoint URL and should include scheme, host, port, and API root path.
+                - Mutually exclusive with I(host).
+            type: str
+            required: False
+            aliases:
+                - endpoint
+                - cm_endpoint_url
+    '''

plugins/doc_fragments/cm_options.py

@@ -0,0 +1,85 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class ModuleDocFragment(object):
+    DOCUMENTATION = r'''
+    options:
+        host:
+            description:
+                - Hostname of the CM API endpoint.
+                - If set, the C(host) parameter will trigger CM API endpoint discovery, which will follow redirects.
+                - Mutually exclusive with I(url).
+            type: str
+            required: False
+            aliases:
+                - hostname
+        port:
+            description:
+                - Port of the CM API endpoint.
+                - If set, CM API endpoint discovery will connect to the designated port first and will follow redirects.
+            type: int
+            required: False
+            default: 7180
+        version:
+            description:
+                - API version of the CM API endpoint.
+            type: str
+            required: False
+            default: True
+            aliases:
+                - tls
+        force_tls:
+            description:
+                - Flag to force TLS during CM API endpoint discovery.
+                - If C(False), discovery will first try HTTP and follow any redirects.
+            type: bool
+            required: False
+            default: False
+        verify_tls:
+            description:
+                - Verify the TLS certificates for the CM API endpoint.
+            type: bool
+            required: False
+            default: True
+            aliases:
+                - tls
+        username:
+            description:
+                - Username for access to the CM API endpoint.
+            type: str
+            required: True
+        password:
+            description:
+                - Password for access to the CM API endpoint.
+                - This parameter is set to C(no_log).
+            type: str
+            required: True
+        debug:
+            description:
+                - Capture the HTTP interaction logs with the CM API endpoint.
+            type: bool
+            required: False
+            default: False
+            aliases:
+                - debug_endpoints
+        agent_header:
+            description:
+                - Set the HTTP user agent header when interacting with the CM API endpoint.
+            type: str
+            required: False
+            default: ClouderaFoundry
+    '''

plugins/doc_fragments/cm_resource.py

@@ -0,0 +1,41 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# Copyright 2022 Cloudera, Inc. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class ModuleDocFragment(object):
+    DOCUMENTATION = r'''
+    options:
+        path:
+            description:
+                - Path of the CM API endpoint call.
+            type: str
+            required: True
+        query:
+            description:
+                - HTTP query parameters for the CM API endpoint call.
+            type: dict
+            aliases:
+                - query_parameters
+                - parameters
+        field:
+            description:
+                - Field within the response for result extraction.
+                - Use I(field) when the returned object has an enclosing field.
+            type: str
+            default: 'items'
+            aliases:
+                - return_field
+    '''