diff --git a/roles/ipareplica/library/ipareplica_enable_ipa.py b/roles/ipareplica/library/ipareplica_enable_ipa.py
new file mode 100644
index 0000000000000000000000000000000000000000..7c473b82c417bcfaf594388dbdbcf3a033920a47
--- /dev/null
+++ b/roles/ipareplica/library/ipareplica_enable_ipa.py
@@ -0,0 +1,152 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-replica-install code
+#
+# Copyright (C) 2018 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import print_function
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipareplica_enable_ipa
+short description:
+description: Enable IPA
+ Enable IPA
+options:
+ subject_base:
+ description: The certificate subject base (default O=<realm-name>).
+ required: yes
+ ccache:
+ description: The installation specific ccache file.
+ required: yes
+ _top_dir:
+ description: The temporary top directory used for the installation.
+ required: yes
+ setup_ca:
+ description: Configure a dogtag CA
+ required: yes
+ config_master_host_name:
+ description: The master host name
+ required: yes
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+'''
+
+RETURN = '''
+'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ansible_ipa_replica import *
+
+def main():
+ ansible_module = AnsibleModule(
+ argument_spec = dict(
+ hostname=dict(required=False),
+ ### server ###
+ ### certificate system ###
+ subject_base=dict(required=True),
+ ### additional ###
+ ccache=dict(required=True),
+ _top_dir = dict(required=True),
+ setup_ca=dict(required=True),
+ config_master_host_name=dict(required=True),
+ ),
+ supports_check_mode = True,
+ )
+
+ ansible_module._ansible_debug = True
+ ansible_log = AnsibleModuleLog(ansible_module)
+
+ # get parameters #
+
+ options = installer
+ options.host_name = ansible_module.params.get('hostname')
+ ### server ###
+ ### certificate system ###
+ options.subject_base = ansible_module.params.get('subject_base')
+ if options.subject_base is not None:
+ options.subject_base = DN(options.subject_base)
+ ### additional ###
+ ccache = ansible_module.params.get('ccache')
+ os.environ['KRB5CCNAME'] = ccache
+ options._top_dir = ansible_module.params.get('_top_dir')
+ options.setup_ca = ansible_module.params.get('setup_ca')
+ config_master_host_name = ansible_module.params.get('config_master_host_name')
+
+ # init #
+
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
+ sstore = sysrestore.StateFile(paths.SYSRESTORE)
+
+ ansible_log.debug("== INSTALL ==")
+
+ promote = installer.promote
+
+ env = gen_env_boostrap_finalize_core(paths.ETC_IPA,
+ constants.DEFAULT_CONFIG)
+ api_bootstrap_finalize(env)
+ config = gen_ReplicaConfig()
+ config.subject_base = options.subject_base
+ config.master_host_name = config_master_host_name
+
+ remote_api = gen_remote_api(config.master_host_name, paths.ETC_IPA)
+ installer._remote_api = remote_api
+
+ conn = remote_api.Backend.ldap2
+ ccache = os.environ['KRB5CCNAME']
+
+ api.Backend.ldap2.connect()
+
+ with redirect_stdout(ansible_log):
+ # Enable configured services and update DNS SRV records
+ service.enable_services(config.host_name)
+ api.Command.dns_update_system_records()
+ ca_servers = service.find_providing_servers('CA', api.Backend.ldap2,
+ api)
+ api.Backend.ldap2.disconnect()
+
+ # Everything installed properly, activate ipa service.
+ services.knownservices.ipa.enable()
+
+ # Print a warning if CA role is only installed on one server
+ if len(ca_servers) == 1:
+ msg = textwrap.dedent(u'''
+ WARNING: The CA service is only installed on one server ({}).
+ It is strongly recommended to install it on another server.
+ Run ipa-ca-install(1) on another master to accomplish this.
+ '''.format(ca_servers[0]))
+ ansible_module.warn(msg)
+
+ # done #
+
+ ansible_module.exit_json(changed=True)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipareplica/library/ipaserver_enable_ipa.py b/roles/ipareplica/library/ipaserver_enable_ipa.py
deleted file mode 120000
index d708756f9cdaba8218a82c40b90577a35d6395e5..0000000000000000000000000000000000000000
--- a/roles/ipareplica/library/ipaserver_enable_ipa.py
+++ /dev/null
@@ -1 +0,0 @@
-../../ipaserver/library/ipaserver_enable_ipa.py
\ No newline at end of file
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index e99ea51e93c54997ed2ede4186b62a8a0529b794..e8e8056a83150cdf2d9640febbf6e6acd0bf4874 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -603,12 +603,15 @@
# ipareplica_backend_disconnect:
- name: Install - Enable IPA
- ipaserver_enable_ipa:
+ ipareplica_enable_ipa:
hostname: "{{ result_ipareplica_test.hostname }}"
+ ### certificate system ###
+ subject_base: "{{ result_ipareplica_prepare.subject_base }}"
+ ### additional ###
+ ccache: "{{ result_ipareplica_prepare.ccache }}"
+ _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
- # The setup_dns step is only used on the server, therefore simply
- # setting setup_dns to reuse the server version here.
- setup_dns: no
+ config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}"
register: result_ipareplica_enable_ipa
- name: Install - Cleanup root IPA cache