ipaserver: Use Custodia instance in installers and setup before CA

Custodia is configured before CA and used in the setup of CA. Also add support for name FIRST_MASTER as a replacement for MASTER_PEER. This is related to the freeipa upstream commits: Use single Custodia instance in installers: https://github.com/freeipa/freeipa/commit/994f71a Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER: https://github.com/freeipa/freeipa/commit/842cb5f

ipaserver: Use Custodia instance in installers and setup before CA
73b05052 · Thomas Woerner · dc0d1fc1 · 73b05052 · 73b05052 · 73b05052
Commit 73b05052 authored 6 years ago by Thomas Woerner
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -189,8 +189,11 @@ def main():
    with redirect_stdout(ansible_log):
        if hasattr(custodiainstance, "get_custodia_instance"):
-            custodia = custodiainstance.get_custodia_instance(
+            if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
-                options, custodiainstance.CustodiaModes.MASTER_PEER)
+                mode = custodiainstance.CustodiaModes.FIRST_MASTER
+            else:
+                mode = custodiainstance.CustodiaModes.MASTER_PEER
+            custodia = custodiainstance.get_custodia_instance(options, mode)
            custodia.create_instance()
        if options.setup_ca:

--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -79,6 +79,13 @@ def main():
    # setup custodia ########################################################
+    if hasattr(custodiainstance, "get_custodia_instance"):
+        if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+            mode = custodiainstance.CustodiaModes.FIRST_MASTER
+        else:
+            mode = custodiainstance.CustodiaModes.MASTER_PEER
+        custodia = custodiainstance.get_custodia_instance(options, mode)
+    else:
        custodia = custodiainstance.CustodiaInstance(options.host_name,
                                                     options.realm_name)
    custodia.set_output(ansible_log)

--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -206,6 +206,12 @@
      idmax: "{{ result_ipaserver_test.idmax }}"
      _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info }}"
+  - name: Install - Setup custodia
+    ipaserver_setup_custodia:
+      realm: "{{ result_ipaserver_test.realm }}"
+      hostname: "{{ result_ipaserver_test.hostname }}"
+      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
  - name: Install - Setup CA
    ipaserver_setup_ca:
      dm_password: "{{ ipadm_password }}"
@@ -245,12 +251,6 @@
      hostname: "{{ result_ipaserver_test.hostname }}"
      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
-  - name: Install - Setup custodia
-    ipaserver_setup_custodia:
-      realm: "{{ result_ipaserver_test.realm }}"
-      hostname: "{{ result_ipaserver_test.hostname }}"
-      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
  - name: Install - Setup HTTP
    ipaserver_setup_http:
      dm_password: "{{ ipadm_password }}"