From 73b0505299162fcee51cf311e9ab98dc995a7a18 Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Thu, 22 Nov 2018 11:43:26 +0100
Subject: [PATCH] ipaserver: Use Custodia instance in installers and setup
before CA
Custodia is configured before CA and used in the setup of CA. Also add
support for name FIRST_MASTER as a replacement for MASTER_PEER.
This is related to the freeipa upstream commits:
Use single Custodia instance in installers:
https://github.com/freeipa/freeipa/commit/994f71a
Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER:
https://github.com/freeipa/freeipa/commit/842cb5f
---
roles/ipaserver/library/ipaserver_setup_ca.py | 7 +++++--
roles/ipaserver/library/ipaserver_setup_custodia.py | 11 +++++++++--
roles/ipaserver/tasks/install.yml | 12 ++++++------
3 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/roles/ipaserver/library/ipaserver_setup_ca.py b/roles/ipaserver/library/ipaserver_setup_ca.py
index ffe214c6..bb80a4c7 100644
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -189,8 +189,11 @@ def main():
with redirect_stdout(ansible_log):
if hasattr(custodiainstance, "get_custodia_instance"):
- custodia = custodiainstance.get_custodia_instance(
- options, custodiainstance.CustodiaModes.MASTER_PEER)
+ if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+ mode = custodiainstance.CustodiaModes.FIRST_MASTER
+ else:
+ mode = custodiainstance.CustodiaModes.MASTER_PEER
+ custodia = custodiainstance.get_custodia_instance(options, mode)
custodia.create_instance()
if options.setup_ca:
diff --git a/roles/ipaserver/library/ipaserver_setup_custodia.py b/roles/ipaserver/library/ipaserver_setup_custodia.py
index 2ab04a26..1dc34e8e 100644
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -79,8 +79,15 @@ def main():
# setup custodia ########################################################
- custodia = custodiainstance.CustodiaInstance(options.host_name,
- options.realm_name)
+ if hasattr(custodiainstance, "get_custodia_instance"):
+ if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+ mode = custodiainstance.CustodiaModes.FIRST_MASTER
+ else:
+ mode = custodiainstance.CustodiaModes.MASTER_PEER
+ custodia = custodiainstance.get_custodia_instance(options, mode)
+ else:
+ custodia = custodiainstance.CustodiaInstance(options.host_name,
+ options.realm_name)
custodia.set_output(ansible_log)
with redirect_stdout(ansible_log):
custodia.create_instance()
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 0b6f519a..bc6999a0 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -206,6 +206,12 @@
idmax: "{{ result_ipaserver_test.idmax }}"
_pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info }}"
+ - name: Install - Setup custodia
+ ipaserver_setup_custodia:
+ realm: "{{ result_ipaserver_test.realm }}"
+ hostname: "{{ result_ipaserver_test.hostname }}"
+ setup_ca: "{{ result_ipaserver_test.setup_ca }}"
+
- name: Install - Setup CA
ipaserver_setup_ca:
dm_password: "{{ ipadm_password }}"
@@ -245,12 +251,6 @@
hostname: "{{ result_ipaserver_test.hostname }}"
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
- - name: Install - Setup custodia
- ipaserver_setup_custodia:
- realm: "{{ result_ipaserver_test.realm }}"
- hostname: "{{ result_ipaserver_test.hostname }}"
- setup_ca: "{{ result_ipaserver_test.setup_ca }}"
-
- name: Install - Setup HTTP
ipaserver_setup_http:
dm_password: "{{ ipadm_password }}"
--
GitLab