diff --git a/roles/ipareplica/README.md b/roles/ipareplica/README.md
index b10c3ae5361454535c57f2429c18ce5f44afd788..a32ddb158474b8bbbd5acd476540537384d7ee94 100644
--- a/roles/ipareplica/README.md
+++ b/roles/ipareplica/README.md
@@ -153,6 +153,7 @@ Variable | Description | Required
`ipareplica_no_host_dns` | Do not use DNS for hostname lookup during installation. (bool, default: false) | no
`ipareplica_skip_conncheck` | Skip connection check to remote master. (bool, default: false) | no
`ipareplica_pki_config_override` | Path to ini file with config overrides. This is only usable with recent FreeIPA versions. (string) | no
+`ipareplica_mem_check` | Checking for minimum required memory for the deployment. This is only usable with recent FreeIPA versions (4.8.10+) else ignored. (bool, default: yes) | no
Server Variables
----------------
diff --git a/roles/ipareplica/defaults/main.yml b/roles/ipareplica/defaults/main.yml
index 5eca5909e4dd4dffaadac1c44395fe980881069e..01afc4427d37f5e1eae29c39508b01b7366404b9 100644
--- a/roles/ipareplica/defaults/main.yml
+++ b/roles/ipareplica/defaults/main.yml
@@ -5,6 +5,7 @@
ipareplica_no_host_dns: no
ipareplica_skip_conncheck: no
ipareplica_hidden_replica: no
+ipareplica_mem_check: yes
### server ###
ipareplica_setup_adtrust: no
ipareplica_setup_ca: no
diff --git a/roles/ipareplica/library/ipareplica_test.py b/roles/ipareplica/library/ipareplica_test.py
index ebb1163f4145399c313ea5e1bec27d1392abc904..217e29c8136f3440a576ddfc18a2e26954b39f98 100644
--- a/roles/ipareplica/library/ipareplica_test.py
+++ b/roles/ipareplica/library/ipareplica_test.py
@@ -57,9 +57,15 @@ options:
hidden_replica:
description: Install a hidden replica
required: yes
+ skip_mem_check:
+ description: Skip checking for minimum required memory
+ required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
setup_kra:
description: Configure a dogtag KRA
required: yes
@@ -152,8 +158,10 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
hidden_replica=dict(required=False, type='bool', default=False),
+ skip_mem_check=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool', default=False),
+ setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool', default=False),
setup_dns=dict(required=False, type='bool', default=False),
no_pkinit=dict(required=False, type='bool', default=False),
@@ -196,8 +204,10 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.hidden_replica = ansible_module.params.get('hidden_replica')
+ options.skip_mem_check = ansible_module.params.get('skip_mem_check')
# server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
+ options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
options.setup_dns = ansible_module.params.get('setup_dns')
options.no_pkinit = ansible_module.params.get('no_pkinit')
@@ -404,7 +414,12 @@ def main():
# check selinux status, http and DS ports, NTP conflicting services
try:
with redirect_stdout(ansible_log):
- common_check(options.no_ntp)
+ argspec = inspect.getargspec(common_check)
+ if "skip_mem_check" in argspec.args:
+ common_check(options.no_ntp, options.skip_mem_check,
+ options.setup_ca)
+ else:
+ common_check(options.no_ntp)
except Exception as msg: # ScriptError as msg:
_msg = str(msg)
if "server is already configured" in _msg:
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 45af06a993c27ab8778160b3094c2292d8b5fa88..bae12531328c5c6efc3476a57161de448b9c42e0 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -75,8 +75,10 @@
hostname: "{{ ipareplica_hostname | default(ansible_fqdn) }}"
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
hidden_replica: "{{ ipareplica_hidden_replica }}"
+ skip_mem_check: "{{ not ipareplica_mem_check }}"
### server ###
setup_adtrust: "{{ ipareplica_setup_adtrust }}"
+ setup_ca: "{{ ipareplica_setup_ca }}"
setup_kra: "{{ ipareplica_setup_kra }}"
setup_dns: "{{ ipareplica_setup_dns }}"
no_pkinit: "{{ ipareplica_no_pkinit }}"
diff --git a/roles/ipaserver/README.md b/roles/ipaserver/README.md
index 8c1177c92d394b354c0924f617a3855ed42b5cef..828f55627ae60f6f26d6a4bf8d74d965d15887e9 100644
--- a/roles/ipaserver/README.md
+++ b/roles/ipaserver/README.md
@@ -205,6 +205,7 @@ Variable | Description | Required
`ipaserver_realm` | The Kerberos realm of an existing IPA deployment. (string) | no
`ipaserver_hostname` | Fully qualified name of the server. (string) | no
`ipaserver_no_host_dns` | Do not use DNS for hostname lookup during installation. (bool, default: false) | no
+`ipaserver_mem_check` | Checking for minimum required memory for the deployment. This is only usable with recent FreeIPA versions (4.8.10+) else ignored. (bool, default: yes) | no
Server Variables
----------------
diff --git a/roles/ipaserver/defaults/main.yml b/roles/ipaserver/defaults/main.yml
index ed1364b7d30007e5a7a5df52cfbc1240412bf279..6abcb796fbb22f95d8d141247e8c407201404401 100644
--- a/roles/ipaserver/defaults/main.yml
+++ b/roles/ipaserver/defaults/main.yml
@@ -10,6 +10,7 @@ ipaserver_setup_dns: no
ipaserver_no_hbac_allow: no
ipaserver_no_pkinit: no
ipaserver_no_ui_redirect: no
+ipaserver_mem_check: yes
### ssl certificate ###
### client ###
ipaclient_mkhomedir: no
diff --git a/roles/ipaserver/library/ipaserver_test.py b/roles/ipaserver/library/ipaserver_test.py
index 4ac100c91d053f3ce188d38fa1fced725102c072..175a1e037dd0b28b3f5a7aa22704d68e552da5b3 100644
--- a/roles/ipaserver/library/ipaserver_test.py
+++ b/roles/ipaserver/library/ipaserver_test.py
@@ -66,6 +66,9 @@ options:
pki_config_override:
description: Path to ini file with config overrides
required: yes
+ skip_mem_check:
+ description: Skip checking for minimum required memory
+ required: yes
setup_adtrust:
description: Configure AD trust capability
required: yes
@@ -221,7 +224,7 @@ from ansible.module_utils.ansible_ipa_server import (
read_cache, ca, tasks, check_ldap_conf, timeconf, httpinstance,
check_dirsrv, ScriptError, get_fqdn, verify_fqdn, BadHostError,
validate_domain_name, load_pkcs12, IPA_PYTHON_VERSION,
- encode_certificate
+ encode_certificate, check_available_memory
)
if six.PY3:
@@ -242,6 +245,7 @@ def main():
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
pki_config_override=dict(required=False),
+ skip_mem_check=dict(required=False, type='bool', default=False),
# server
setup_adtrust=dict(required=False, type='bool', default=False),
setup_kra=dict(required=False, type='bool', default=False),
@@ -322,6 +326,7 @@ def main():
options.no_host_dns = ansible_module.params.get('no_host_dns')
options.pki_config_override = ansible_module.params.get(
'pki_config_override')
+ options.skip_mem_check = ansible_module.params.get('skip_mem_check')
# server
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_dns = ansible_module.params.get('setup_dns')
@@ -855,8 +860,12 @@ def main():
if options.ca_subject:
ca.subject_validator(ca.VALID_SUBJECT_ATTRS, options.ca_subject)
- # IPv6 and SELinux check
+ # Memory check
+ if not options.skip_mem_check and check_available_memory is not None:
+ check_available_memory(ca=options.dirsrv_cert_files and
+ len(options.dirsrv_cert_files) > 0)
+ # IPv6 and SELinux check
tasks.check_ipv6_stack_enabled()
tasks.check_selinux_status()
if check_ldap_conf is not None:
diff --git a/roles/ipaserver/module_utils/ansible_ipa_server.py b/roles/ipaserver/module_utils/ansible_ipa_server.py
index 8447c048f6d09765edda3ad3f3c43e95159d6ff5..fcecd0df21061dbdc2f9f7534b69fc3a32f058a4 100644
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -37,7 +37,8 @@ __all__ = ["IPAChangeConf", "certmonger", "sysrestore", "root_logger",
"validate_dm_password", "read_cache", "write_cache",
"adtrustinstance", "IPAAPI_USER", "sync_time", "PKIIniLoader",
"default_subject_base", "default_ca_subject_dn",
- "check_ldap_conf", "encode_certificate", "decode_certificate"]
+ "check_ldap_conf", "encode_certificate", "decode_certificate",
+ "check_available_memory"]
import sys
import logging
@@ -139,6 +140,10 @@ if NUM_VERSION >= 40500:
except ImportError:
def default_ca_subject_dn(subject_base):
return DN(('CN', 'Certificate Authority'), subject_base)
+ try:
+ from ipaserver.install.installutils import check_available_memory
+ except ImportError:
+ check_available_memory = None
try:
from ipaserver.install import adtrustinstance
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index c1e3a95a7bd67122135e749c91a6174b49705008..d34bc125a55cc2098b524d875b64e6ec483b4a3c 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -69,6 +69,7 @@
ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
no_host_dns: "{{ ipaserver_no_host_dns }}"
pki_config_override: "{{ ipaserver_pki_config_override | default(omit) }}"
+ skip_mem_check: "{{ not ipaserver_mem_check }}"
### server ###
setup_adtrust: "{{ ipaserver_setup_adtrust }}"
setup_kra: "{{ ipaserver_setup_kra }}"