From 19b117a71ce32b228e524aebe79fae968b25163e Mon Sep 17 00:00:00 2001
From: Samuel Veloso <veloso.lopez.samuel@gmail.com>
Date: Tue, 9 Jun 2020 13:22:12 +0200
Subject: [PATCH] Install iparelicas without CA
---
.../library/ipareplica_ds_apply_updates.py | 4 ++--
.../library/ipareplica_ds_enable_ssl.py | 4 ++--
.../library/ipareplica_krb_enable_ssl.py | 2 +-
roles/ipareplica/library/ipareplica_prepare.py | 16 ++++++++++++++++
roles/ipareplica/library/ipareplica_setup_ca.py | 4 ++--
.../library/ipareplica_setup_custodia.py | 2 +-
roles/ipareplica/library/ipareplica_setup_ds.py | 2 +-
.../ipareplica/library/ipareplica_setup_http.py | 2 +-
roles/ipareplica/library/ipareplica_setup_krb.py | 2 +-
roles/ipareplica/tasks/install.yml | 1 +
10 files changed, 28 insertions(+), 11 deletions(-)
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
index 66aecd26..3796874b 100644
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -123,8 +123,8 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
ds_ca_subject=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
index 88c5f0b3..a1b638ef 100644
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -119,8 +119,8 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
ds_ca_subject=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 1a73414d..a302b0fa 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -106,7 +106,7 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
diff --git a/roles/ipareplica/library/ipareplica_prepare.py b/roles/ipareplica/library/ipareplica_prepare.py
index 0478d7de..ed89b692 100644
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -195,6 +195,7 @@ import os
import tempfile
import traceback
import six
+from shutil import copyfile
from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.ansible_ipa_replica import (
@@ -485,6 +486,21 @@ def main():
"certificate are not signed by the same CA "
"certificate")
+ # Copy pkcs12_files to make them persistent till deployment is done
+ # and encode certificates for ansible compatibility
+ if http_pkcs12_info is not None:
+ copyfile(http_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_http")
+ http_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_http", http_pin)
+ http_ca_cert = ""
+ if dirsrv_pkcs12_info is not None:
+ copyfile(dirsrv_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_dirsrv")
+ dirsrv_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_dirsrv", dirsrv_pin)
+ dirsrv_ca_cert = ""
+ if pkinit_pkcs12_info is not None:
+ copyfile(pkinit_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_pkinit")
+ pkinit_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_pkinit", pkinit_pin)
+ pkinit_ca_cert = ""
+
ansible_log.debug("-- FQDN --")
installutils.verify_fqdn(config.host_name, options.no_host_dns)
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index 850ceb96..d71299b6 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -138,8 +138,8 @@ def main():
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _dirsrv_pkcs12_info=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
index e9e4047a..5a74e876 100644
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -118,7 +118,7 @@ def main():
_ca_file=dict(required=False),
_kra_enabled=dict(required=False, type='bool'),
_kra_host_name=dict(required=False),
- _pkinit_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
diff --git a/roles/ipareplica/library/ipareplica_setup_ds.py b/roles/ipareplica/library/ipareplica_setup_ds.py
index 39e3348a..8a44120b 100644
--- a/roles/ipareplica/library/ipareplica_setup_ds.py
+++ b/roles/ipareplica/library/ipareplica_setup_ds.py
@@ -190,7 +190,7 @@ def main():
ccache=dict(required=True),
installer_ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
- _dirsrv_pkcs12_info=dict(required=False),
+ _dirsrv_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
_add_to_ipaservers=dict(required=True, type='bool'),
_ca_subject=dict(required=True),
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
index a33587c7..987ea959 100644
--- a/roles/ipareplica/library/ipareplica_setup_http.py
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -115,7 +115,7 @@ def main():
ccache=dict(required=True),
_ca_enabled=dict(required=False, type='bool'),
_ca_file=dict(required=False),
- _http_pkcs12_info=dict(required=False),
+ _http_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
dirman_password=dict(required=True, no_log=True),
),
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
index 7763f76f..c8d09f73 100644
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -96,7 +96,7 @@ def main():
# additional
config_master_host_name=dict(required=True),
ccache=dict(required=True),
- _pkinit_pkcs12_info=dict(required=False),
+ _pkinit_pkcs12_info=dict(required=False, type='list'),
_top_dir=dict(required=True),
),
supports_check_mode=True,
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index fe81a4d1..401d877f 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -407,6 +407,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
+ _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
dirman_password: "{{ ipareplica_dirman_password }}"
--
GitLab