diff --git a/roles/ipareplica/library/ipareplica_master_password.py b/roles/ipareplica/library/ipareplica_master_password.py
new file mode 100644
index 0000000000000000000000000000000000000000..77f6f8ec02a32353c9f53204842256a8ba41b011
--- /dev/null
+++ b/roles/ipareplica/library/ipareplica_master_password.py
@@ -0,0 +1,93 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Authors:
+# Thomas Woerner <twoerner@redhat.com>
+#
+# Based on ipa-server-install code
+#
+# Copyright (C) 2017 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+ANSIBLE_METADATA = {
+ 'metadata_version': '1.0',
+ 'supported_by': 'community',
+ 'status': ['preview'],
+}
+
+DOCUMENTATION = '''
+---
+module: ipareplica_master_password
+short description: Generate kerberos master password if not given
+description:
+ Generate kerberos master password if not given
+options:
+ master_password:
+ description: kerberos master password (normally autogenerated)
+ required: false
+author:
+ - Thomas Woerner
+'''
+
+EXAMPLES = '''
+'''
+
+RETURN = '''
+password:
+ description: The master password
+ returned: always
+'''
+
+import os
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ansible_ipa_replica import *
+
+def main():
+ module = AnsibleModule(
+ argument_spec = dict(
+ #basic
+ dm_password=dict(required=True, no_log=True),
+ master_password=dict(required=False, no_log=True),
+ ),
+ supports_check_mode = True,
+ )
+
+ module._ansible_debug = True
+
+ options.dm_password = module.params.get('dm_password')
+ options.master_password = module.params.get('master_password')
+
+ fstore = sysrestore.FileStore(paths.SYSRESTORE)
+ sstore = sysrestore.StateFile(paths.SYSRESTORE)
+
+ # This will override any settings passed in on the cmdline
+ if os.path.isfile(paths.ROOT_IPA_CACHE):
+ # dm_password check removed, checked already
+ try:
+ cache_vars = read_cache(options.dm_password)
+ options.__dict__.update(cache_vars)
+ except Exception as e:
+ module.fail_json(msg="Cannot process the cache file: %s" % str(e))
+
+ if not options.master_password:
+ options.master_password = ipa_generate_password()
+
+ module.exit_json(changed=True,
+ password=options.master_password)
+
+if __name__ == '__main__':
+ main()
diff --git a/roles/ipareplica/library/ipaserver_master_password.py b/roles/ipareplica/library/ipaserver_master_password.py
deleted file mode 120000
index 619119728863e82018fd34500849ab7e992ca04a..0000000000000000000000000000000000000000
--- a/roles/ipareplica/library/ipaserver_master_password.py
+++ /dev/null
@@ -1 +0,0 @@
-../../ipaserver/library/ipaserver_master_password.py
\ No newline at end of file
diff --git a/roles/ipareplica/library/ipaserver_setup_ntp.py b/roles/ipareplica/library/ipaserver_setup_ntp.py
deleted file mode 120000
index 2281797168af2be231ac6400e99a1737c6f93200..0000000000000000000000000000000000000000
--- a/roles/ipareplica/library/ipaserver_setup_ntp.py
+++ /dev/null
@@ -1 +0,0 @@
-../../ipaserver/library/ipaserver_setup_ntp.py
\ No newline at end of file
diff --git a/roles/ipareplica/module_utils/ansible_ipa_replica.py b/roles/ipareplica/module_utils/ansible_ipa_replica.py
index 312c6aa5a9b0291c45b50e101666bcbdc6a0ce61..3c64b044e9e384f30e689f21664648c88c7e1efb 100644
--- a/roles/ipareplica/module_utils/ansible_ipa_replica.py
+++ b/roles/ipareplica/module_utils/ansible_ipa_replica.py
@@ -59,6 +59,7 @@ if NUM_VERSION >= 40600:
from ipaclient.install.ipachangeconf import IPAChangeConf
from ipalib.install import certstore, sysrestore
+ from ipapython.ipautil import ipa_generate_password
from ipalib.install.kinit import kinit_keytab
from ipapython import ipaldap, ipautil, kernel_keyring
from ipapython.certdb import IPA_CA_TRUST_FLAGS, EXTERNAL_CA_TRUST_FLAGS
@@ -101,18 +102,6 @@ if NUM_VERSION >= 40600:
if six.PY3:
unicode = str
- try:
- from ipaclient.install import timeconf
- time_service = "chronyd"
- ntpinstance = None
- except ImportError:
- try:
- from ipaclient.install import ntpconf as timeconf
- except ImportError:
- from ipaclient import ntpconf as timeconf
- from ipaserver.install import ntpinstance
- time_service = "ntpd"
-
else:
# IPA version < 4.6
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 4c5b86b0f13eb4144d4cdfee2d9e13bbe8ecbc1a..dc2496753ba0c4721ae793b31db16bb9f257ef7a 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -158,10 +158,6 @@
skip_conncheck: "{{ ipareplica_skip_conncheck }}"
register: result_ipareplica_prepare
- - name: Install - Setup NTP
- ipaserver_setup_ntp:
- when: not ipaclient_no_ntp | bool
-
- name: Install - Add to ipaservers
ipareplica_add_to_ipaservers:
### server ###
@@ -175,15 +171,15 @@
- name: Install - Create dirman password
no_log: yes
- ipaserver_master_password:
+ ipareplica_master_password:
dm_password: "{{ ipadm_password }}"
- master_password: "{{ ipaserver_master_password | default(omit) }}"
- register: result_ipaserver_master_password
+ master_password: "{{ ipareplica_master_password | default(omit) }}"
+ register: result_ipareplica_master_password
- name: Install - Set dirman password
no_log: yes
set_fact:
- ipareplica_dirman_password: "{{ result_ipaserver_master_password.password }}"
+ ipareplica_dirman_password: "{{ result_ipareplica_master_password.password }}"
- name: Install - Setup certmonger
ipareplica_setup_certmonger: