diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 66aecd2680e688a639e4492a6680177fe27f58c0..3796874bc3f5dd7e85ffccd1b33940582e17450d 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -123,8 +123,8 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
ds_ca_subject=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index 88c5f0b3e7a6cd53ad0bf1aebe954293be208ecd..a1b638efccecee96d68e62a7cd529db3d02dd545 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -119,8 +119,8 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
ds_ca_subject=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 1a73414d8add47c49aef29ea18e88886dc552f1d..a302b0faf4949746470eb34b354097d47af32334 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -106,7 +106,7 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 0478d7de9c6ae95286bb179f7089f3eca13ada59..ed89b692c59bf22d0e618f8125bf663ee6265817 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -195,6 +195,7 @@ import os
import tempfile
import traceback
import six
+from shutil import copyfile
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
@@ -485,6 +486,21 @@ def main():
"certificate are not signed by the same CA "
"certificate")
+ # Copy pkcs12_files to make them persistent till deployment is done
+ # and encode certificates for ansible compatibility
+ if http_pkcs12_info is not None:
+ copyfile(http_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_http")
+ http_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_http", http_pin)
+ http_ca_cert = ""
+ if dirsrv_pkcs12_info is not None:
+ copyfile(dirsrv_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_dirsrv")
+ dirsrv_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_dirsrv", dirsrv_pin)
+ dirsrv_ca_cert = ""
+ if pkinit_pkcs12_info is not None:
+ copyfile(pkinit_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_pkinit")
+ pkinit_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_pkinit", pkinit_pin)
+ pkinit_ca_cert = ""
+
ansible_log.debug("-- FQDN --")
installutils.verify_fqdn(config.host_name, options.no_host_dns)
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index 850ceb964b82e14e4a7fde5342fa3cf26c160c91..d71299b6754fce6cf7aae7f907526c4c86a1c30d 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -138,8 +138,8 @@ def main():
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index e9e4047a4cc81476b267efcc83eca6c6bd3f258a..5a74e876782cb31660f0656b47c9cfd3270c4e4c 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -118,7 +118,7 @@ def main():
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index 39e3348a9e6e85957f8c0263f518c895e84d58ac..8a44120b4634cc5dc4f39dbc85898a7b694f9e8d 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -190,7 +190,7 @@ def main():
ccache=dict(required=True),
installer_ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
- _dirsrv_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
_add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index a33587c766fcc6b7680d9e6ae555d52d0c40b934..987ea9598c44cc9ea08fa25d68ec5e42be3b62f0 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -115,7 +115,7 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _http_pkcs12_info=dict(required=False),
+ _http_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 7763f76ff0708b1e57d43f409869f62f104e8b4f..c8d09f732da2578f499bfeb6dff8d8a58175ee3d 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -96,7 +96,7 @@ def main():
# additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
- _pkinit_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
),
supports_check_mode=True,
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index fe81a4d1d80b2fe00eb81f7acca41caffeada8b5..401d877f59dea5fa38b44a7fa400a2f38eb47c0a 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -407,6 +407,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
+ _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"