From 5afd88902395bac64516eaa97575b016226c4026 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Tue, 25 Jun 2019 15:52:54 +0200
Subject: [PATCH] ipareplica_krb_enable_ssl: Initialize krb.pkcs12_info and
 krb.master_fqdn

These two settings are not set using the krb.init_info method, but used in
krb.enable_ssl.

The configuration of PKINIT fails in IPA 4.7.0 because of the issue
https://pagure.io/freeipa/issue/7655 where auto detection of the
master is not properly working. With the missing setting of krb.master_fqdn
the not workint auto detection has been triggered, which resulted in
failed PKINIT enablement.
---
 roles/ipareplica/library/ipareplica_krb_enable_ssl.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
index 26ff48df..f4abcda3 100644
--- a/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
+++ b/roles/ipareplica/library/ipareplica_krb_enable_ssl.py
@@ -133,6 +133,8 @@ def main():
         krb.init_info(api.env.realm, api.env.host,
                       setup_pkinit=not options.no_pkinit,
                       subject_base=options.subject_base)
+        krb.pkcs12_info = options._pkinit_pkcs12_info
+        krb.master_fqdn = master_host_name
 
         ansible_log.debug("-- KRB ENABLE_SSL --")
 
-- 
GitLab