ipaserver: Set hsm attributes to None for now

The HSM parameters token_name token_library_path token_password token_password_file are set to None to enable deployment with IPA 4.12 as a workaround till HSM can be fully supported by the ipaserver role.

ipaserver: Set hsm attributes to None for now
4ff6e35c · Thomas Woerner · a1230cab · 4ff6e35c · 4ff6e35c · 4ff6e35c
Commit 4ff6e35c authored 10 months ago by Thomas Woerner
--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -326,6 +326,12 @@ def main():
    # ssl certificate
    # options.dirsrv_cert_files = ansible_module.params.get(
    #     'dirsrv_cert_files')
+    # hsm
+    if hasattr(ca, "hsm_version"):
+        options.token_name = None
+        options.token_library_path = None
+        options.token_password = None
+        options.token_password_file = None
    # client
    # options.no_ntp = ansible_module.params.get('no_ntp')
    # certificate system

--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -305,6 +305,12 @@ def main():
    options.dirsrv_cert_files = ansible_module.params.get('dirsrv_cert_files')
    options._dirsrv_pkcs12_info = ansible_module.params.get(
        '_dirsrv_pkcs12_info')
+    # hsm
+    if hasattr(ca, "hsm_version"):
+        options.token_name = None
+        options.token_library_path = None
+        options.token_password = None
+        options.token_password_file = None
    # certificate system
    options.external_ca = ansible_module.params.get('external_ca')
    options.external_ca_type = ansible_module.params.get('external_ca_type')

--- a/roles/ipaserver/library/ipaserver_setup_kra.py
+++ b/roles/ipaserver/library/ipaserver_setup_kra.py
@@ -74,7 +74,7 @@ RETURN = '''
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_server import (
    check_imports, AnsibleModuleLog, setup_logging, options,
-    api_Backend_ldap2, redirect_stdout, api, custodiainstance, kra
+    api_Backend_ldap2, redirect_stdout, api, custodiainstance, kra, ca
 )
@@ -106,6 +106,12 @@ def main():
    options.pki_config_override = ansible_module.params.get(
        'pki_config_override')
    options.promote = False  # first master, no promotion
+    # hsm
+    if hasattr(ca, "hsm_version"):
+        options.token_name = None
+        options.token_library_path = None
+        options.token_password = None
+        options.token_password_file = None
    # init ##########################################################