ipaserver,ipareplica: Add random_serial_numbers to options

With the support for Random Serial Numbers v3 in FreeIPA 4.10, the attribute random_serial_numbers has been added to the installer options. options._random_serial_numbers is generated by ca.install_check and later used by ca.install in the _setup_ca module. ca.install_check is using options.random_serial_numbers and generating options._random_serial_numbers which is later used by ca.install in ca.install the _setup_ca module. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2103928 https://bugzilla.redhat.com/show_bug.cgi?id=2103924

ipaserver,ipareplica: Add random_serial_numbers to options
7db5d59d · Thomas Woerner · 90f6e14c · 7db5d59d · 7db5d59d · 7db5d59d
Commit 7db5d59d authored 2 years ago by Thomas Woerner
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -351,6 +351,12 @@ def main():
    options.server = ansible_module.params.get('server')
    options.skip_conncheck = ansible_module.params.get('skip_conncheck')
+    # random serial numbers are master_only, therefore setting to False
+    options.random_serial_numbers = False
+    # options._random_serial_numbers is generated by ca.install_check and
+    # later used by ca.install in the _setup_ca module.
+    options._random_serial_numbers = False
    # init #
    fstore = sysrestore.FileStore(paths.SYSRESTORE)
@@ -838,6 +844,7 @@ def main():
        _http_ca_cert=http_ca_cert,
        _pkinit_pkcs12_info=pkinit_pkcs12_info,
        _pkinit_ca_cert=pkinit_ca_cert,
+        _random_serial_numbers=options._random_serial_numbers,
        no_dnssec_validation=options.no_dnssec_validation,
        config_setup_ca=config.setup_ca,
        config_master_host_name=config.master_host_name,

--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -85,6 +85,9 @@ options:
  _subject_base:
    description: The installer _subject_base setting
    required: no
+  _random_serial_numbers:
+    description: The installer _random_serial_numbers setting
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
    required: no
@@ -144,6 +147,7 @@ def main():
            _top_dir=dict(required=True),
            _ca_subject=dict(required=True),
            _subject_base=dict(required=True),
+            _random_serial_numbers=dict(required=True),
            dirman_password=dict(required=True, no_log=True),
            config_setup_ca=dict(required=True, type='bool'),
            config_master_host_name=dict(required=True),
@@ -190,6 +194,8 @@ def main():
    options._subject_base = ansible_module.params.get('_subject_base')
    if options._subject_base is not None:
        options._subject_base = DN(options._subject_base)
+    options._random_serial_numbers = ansible_module.params.get(
+        '_random_serial_numbers')
    dirman_password = ansible_module.params.get('dirman_password')
    config_setup_ca = ansible_module.params.get('config_setup_ca')
    config_master_host_name = ansible_module.params.get(

--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -557,6 +557,7 @@
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
+      _random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      config_master_host_name:

--- a/roles/ipaserver/library/ipaserver_prepare.py
+++ b/roles/ipaserver/library/ipaserver_prepare.py
@@ -213,6 +213,8 @@ def main():
            # additional
            setup_ca=dict(required=False, type='bool', default=False),
+            random_serial_numbers=dict(required=False, type='bool',
+                                       default=False),
            _hostname_overridden=dict(required=False, type='bool',
                                      default=False),
        ),
@@ -225,9 +227,11 @@ def main():
    # initialize return values for flake ############################
-    # These are set by ca.install_check
+    # These are set by ca.install_check and need to be passed to ca.install
+    # in the _setup_ca module and also some others.
    options._subject_base = None
    options._ca_subject = None
+    options._random_serial_numbers = None
    # set values ####################################################
@@ -277,6 +281,8 @@ def main():
    options.netbios_name = ansible_module.params.get('netbios_name')
    # additional
    options.setup_ca = ansible_module.params.get('setup_ca')
+    options.random_serial_numbers = ansible_module.params.get(
+        'random_serial_numbers')
    options._host_name_overridden = ansible_module.params.get(
        '_hostname_overridden')
    options.kasp_db_file = None
@@ -405,6 +411,7 @@ def main():
        _subject_base=options._subject_base,
        ca_subject=options.ca_subject,
        _ca_subject=options._ca_subject,
+        _random_serial_numbers=options._random_serial_numbers,
        # dns
        reverse_zones=options.reverse_zones,
        forward_policy=options.forward_policy,

--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -132,6 +132,9 @@ options:
  ca_signing_algorithm:
    description: Signing algorithm of the IPA CA certificate
    required: yes
+  _random_serial_numbers:
+    description: The installer _random_serial_numbers setting
+    required: yes
  reverse_zones:
    description: The reverse DNS zones to use
    required: yes
@@ -204,6 +207,7 @@ def main():
            ca_subject=dict(required=False),
            _ca_subject=dict(required=False),
            ca_signing_algorithm=dict(required=False),
+            _random_serial_numbers=dict(required=True),
            # dns
            reverse_zones=dict(required=False, type='list', default=[]),
            no_reverse=dict(required=False, type='bool', default=False),
@@ -259,6 +263,8 @@ def main():
    options._ca_subject = ansible_module.params.get('_ca_subject')
    options.ca_signing_algorithm = ansible_module.params.get(
        'ca_signing_algorithm')
+    options._random_serial_numbers = ansible_module.params.get(
+        '_random_serial_numbers')
    # dns
    options.reverse_zones = ansible_module.params.get('reverse_zones')
    options.no_reverse = ansible_module.params.get('no_reverse')

--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -191,6 +191,7 @@
      secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
      ### additional ###
      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
+      random_serial_numbers: no
      _hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
    register: result_ipaserver_prepare
@@ -298,6 +299,7 @@
      _ca_subject: "{{ result_ipaserver_prepare._ca_subject }}"
      ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm |
                                default(omit) }}"
+      _random_serial_numbers: "{{ result_ipaserver_prepare._random_serial_numbers }}"
      reverse_zones: "{{ result_ipaserver_prepare.reverse_zones }}"
      no_reverse: "{{ ipaserver_no_reverse }}"
      auto_forwarders: "{{ ipaserver_auto_forwarders }}"