Skip to content
Snippets Groups Projects
Commit 6dc469fd authored by Thomas Woerner's avatar Thomas Woerner
Browse files

library/ipaapi.py: Add call to api to get subject base form server 

The subject base generated in discovery is only a guess and might have been
changed by the admin at installation process. Therefore it is needed to
get this from the server.

subject_base has been added as a new return value.

Use subject base form ipaapi in roles/ipaclient/tasks/install.yml instead of
guessed value from ipadiscovery.
parent 86079423
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
library/ipaapi.py
+ 16
1
View file @ 6dc469fd
...@@ -63,6 +63,11 @@ ca_enabled: ...@@ -63,6 +63,11 @@ ca_enabled:
description: Wheter the Certificate Authority is enabled or not. description: Wheter the Certificate Authority is enabled or not.
returned: always returned: always
type: bool type: bool
subject_base:
description: The subject base, needed for certmonger
returned: always
type: string
sample: O=EXAMPLE.COM
''' '''
import os import os
...@@ -88,6 +93,7 @@ from ipalib.rpc import delete_persistent_client_session_data ...@@ -88,6 +93,7 @@ from ipalib.rpc import delete_persistent_client_session_data
from ipapython import certdb from ipapython import certdb
from ipapython.ipautil import CalledProcessError, write_tmp_file, \ from ipapython.ipautil import CalledProcessError, write_tmp_file, \
ipa_generate_password ipa_generate_password
from ipapython.dn import DN
ipa_client_install = None ipa_client_install = None
try: try:
from ipaclient.install.client import SECURE_PATH, disable_ra from ipaclient.install.client import SECURE_PATH, disable_ra
...@@ -236,7 +242,16 @@ def main(): ...@@ -236,7 +242,16 @@ def main():
if not ca_enabled: if not ca_enabled:
disable_ra() disable_ra()
module.exit_json(changed=True, ca_enabled=ca_enabled) # Get subject base from ipa server
try:
config = api.Command['config_show']()['result']
subject_base = str(DN(config['ipacertificatesubjectbase'][0]))
except errors.PublicError as e:
module.fail_json(msg="Cannot get subject base from server: %s" % e)
module.exit_json(changed=True,
ca_enabled=ca_enabled,
subject_base=subject_base)
if __name__ == '__main__': if __name__ == '__main__':
main() main()
roles/ipaclient/tasks/install.yml
+ 1
1
View file @ 6dc469fd
...@@ -174,7 +174,7 @@ ...@@ -174,7 +174,7 @@
realm: "{{ ipadiscovery.realm }}" realm: "{{ ipadiscovery.realm }}"
basedn: "{{ ipadiscovery.basedn }}" basedn: "{{ ipadiscovery.basedn }}"
hostname: "{{ ipadiscovery.hostname }}" hostname: "{{ ipadiscovery.hostname }}"
subject_base: "{{ ipadiscovery.subject_base }}" subject_base: "{{ ipaapi.subject_base }}"
principal: "{{ ipaadmin_principal | default(omit) }}" principal: "{{ ipaadmin_principal | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}" mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}" ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment