diff --git a/roles/ipabackup/tasks/copy_backup_from_server.yml b/roles/ipabackup/tasks/copy_backup_from_server.yml
index cea4afdf5408d19022cbe7dbea0f12cb79a934f8..c64c3c46c6dde87a8e683de3cf3e9d830129c0ef 100644
--- a/roles/ipabackup/tasks/copy_backup_from_server.yml
+++ b/roles/ipabackup/tasks/copy_backup_from_server.yml
@@ -9,7 +9,7 @@
- name: Set controller destination directory
ansible.builtin.set_fact:
- ipabackup_controller_dir:
+ __derived_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env', 'PWD')) }}/{{
ipabackup_name_prefix | default(ansible_facts['fqdn']) }}_{{
ipabackup_item }}/"
@@ -35,13 +35,13 @@
ansible.builtin.fetch:
flat: yes
src: "{{ ipabackup_dir }}/{{ ipabackup_item }}/{{ item }}"
- dest: "{{ ipabackup_controller_dir }}"
+ dest: "{{ __derived_controller_dir }}"
with_items:
- "{{ result_find_backup_files.stdout_lines }}"
- name: Fix file modes for backup on controller
ansible.builtin.file:
- dest: "{{ ipabackup_controller_dir }}"
+ dest: "{{ __derived_controller_dir }}"
mode: u=rwX,go=
recurse: yes
delegate_to: localhost
diff --git a/roles/ipabackup/tasks/copy_backup_to_server.yml b/roles/ipabackup/tasks/copy_backup_to_server.yml
index dc2f188502200dd56c7870dbdc2927d659703459..a487152865b74fd465cc4f1b52afc616c998f9af 100644
--- a/roles/ipabackup/tasks/copy_backup_to_server.yml
+++ b/roles/ipabackup/tasks/copy_backup_to_server.yml
@@ -9,23 +9,23 @@
- name: Set controller source directory
ansible.builtin.set_fact:
- ipabackup_controller_dir:
+ __derived_controller_dir:
"{{ ipabackup_controller_path | default(lookup('env', 'PWD')) }}"
- name: Set ipabackup_item
ansible.builtin.set_fact:
- ipabackup_item:
+ __derived_item:
"{{ ipabackup_name | regex_search('.*_(ipa-.+)', '\\1') | first }}"
when: "'_ipa-' in ipabackup_name"
- name: Set ipabackup_item
ansible.builtin.set_fact:
- ipabackup_item: "{{ ipabackup_name }}"
+ __derived_item: "{{ ipabackup_name }}"
when: "'_ipa-' not in ipabackup_name"
- name: Stat backup to copy
ansible.builtin.stat:
- path: "{{ ipabackup_controller_dir }}/{{ ipabackup_name }}"
+ path: "{{ __derived_controller_dir }}/{{ ipabackup_name }}"
register: result_backup_stat
delegate_to: localhost
become: no
@@ -35,10 +35,10 @@
msg: "Unable to find backup {{ ipabackup_name }}"
when: result_backup_stat.stat.isdir is not defined
-- name: Copy backup files to server for "{{ ipabackup_item }}"
+- name: Copy backup files to server for "{{ __derived_item }}"
ansible.builtin.copy:
- src: "{{ ipabackup_controller_dir }}/{{ ipabackup_name }}/"
- dest: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
+ src: "{{ __derived_controller_dir }}/{{ ipabackup_name }}/"
+ dest: "{{ ipabackup_dir }}/{{ __derived_item }}"
owner: root
group: root
mode: u=rw,go=r
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 0e10d9b0c4475b8b5f7361b7cb5a1d197dbc8c96..d4fb2997ae680dc274561d132c42822610860993 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -227,7 +227,7 @@
- name: Install - Set dirman password
no_log: yes
ansible.builtin.set_fact:
- ipareplica_dirman_password:
+ __derived_dirman_password:
"{{ result_ipareplica_master_password.password }}"
- name: Install - Setup certmonger
@@ -268,7 +268,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
"{{ result_ipareplica_prepare.config_master_host_name }}"
@@ -312,7 +312,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -356,7 +356,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
- name: Install - Setup KRB
@@ -373,7 +373,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
# We need to point to the master in ipa default conf when certmonger
# asks for HTTP certificate in newer ipa versions. In these versions
@@ -414,7 +414,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
master:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -438,7 +438,7 @@
_dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
- name: Install - Setup http
@@ -459,7 +459,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info if result_ipareplica_prepare._http_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
# Need to point back to ourself after the cert for HTTP is obtained
- name: Install - Create original IPA conf again
@@ -498,7 +498,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
when: result_ipareplica_test.change_master_for_certmonger
@@ -517,7 +517,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
- name: Install - Setup custodia
ipareplica_setup_custodia:
@@ -538,7 +538,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
- name: Install - Setup CA
ipareplica_setup_ca:
@@ -561,7 +561,7 @@
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
_random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
@@ -586,7 +586,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
- name: Install - DS apply updates
ipareplica_ds_apply_updates:
@@ -606,7 +606,7 @@
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
- name: Install - Setup kra
@@ -646,7 +646,7 @@
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
_ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
when: result_ipareplica_test.setup_kra
- name: Install - Restart KDC
@@ -664,7 +664,7 @@
ccache: "{{ result_ipareplica_prepare.ccache }}"
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
- name: Install - Custodia import dm password
ipareplica_custodia_import_dm_password:
@@ -685,7 +685,7 @@
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
- dirman_password: "{{ ipareplica_dirman_password }}"
+ dirman_password: "{{ __derived_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
- name: Install - Promote SSSD
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
index 74dd5d8b1005489b41a7f4685ff39a05901f87c8..34a6faa989dd524b213b69d2a0382b5bb6a601ec 100644
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -148,9 +148,15 @@
- name: Install - Use new master password
no_log: yes
ansible.builtin.set_fact:
- ipaserver_master_password:
+ __derived_master_password:
"{{ result_ipaserver_master_password.password }}"
+ - name: Use user defined master password, if provided
+ when: ipaserver_master_password is defined
+ no_log: yes
+ ansible.builtin.set_fact:
+ __derived_master_password: "{{ ipaserver_master_password }}"
+
- name: Install - Server preparation
ipaserver_prepare:
### basic ###
@@ -208,7 +214,7 @@
ipaserver_setup_ds:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
- # master_password: "{{ ipaserver_master_password }}"
+ # master_password: "{{ __derived_master_password }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm | default(omit) }}"
hostname: "{{ result_ipaserver_test.hostname }}"
@@ -237,7 +243,7 @@
ipaserver_setup_krb:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
- master_password: "{{ ipaserver_master_password }}"
+ master_password: "{{ __derived_master_password }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm }}"
hostname: "{{ result_ipaserver_test.hostname }}"
@@ -270,7 +276,7 @@
ipaserver_setup_ca:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
- master_password: "{{ ipaserver_master_password }}"
+ master_password: "{{ __derived_master_password }}"
# ip_addresses: "{{ result_ipaserver_prepare.ip_addresses }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm }}"
@@ -329,7 +335,7 @@
ipaserver_setup_http:
dm_password: "{{ ipadm_password }}"
password: "{{ ipaadmin_password }}"
- master_password: "{{ ipaserver_master_password }}"
+ master_password: "{{ __derived_master_password }}"
domain: "{{ result_ipaserver_test.domain }}"
realm: "{{ result_ipaserver_test.realm }}"
hostname: "{{ result_ipaserver_test.hostname }}"