From a3578de4b2403ed2669c83a0fd5f374e18104a0f Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Wed, 17 Jul 2019 19:14:27 +0200
Subject: [PATCH] ipareplica: Add support for pki_config_override
There is a new setting for the ipareplica role:
ipareplica_pki_config_override
---
roles/ipareplica/README.md | 1 +
roles/ipareplica/library/ipareplica_setup_ca.py | 8 ++++++++
roles/ipareplica/library/ipareplica_setup_kra.py | 3 +++
roles/ipareplica/tasks/install.yml | 4 ++++
4 files changed, 16 insertions(+)
diff --git a/roles/ipareplica/README.md b/roles/ipareplica/README.md
index 9e2db77a..471d452b 100644
--- a/roles/ipareplica/README.md
+++ b/roles/ipareplica/README.md
@@ -140,6 +140,7 @@ Variable | Description | Required
`ipaadmin_principal` | The authorized kerberos principal used to join the IPA realm. (string) | no
`ipareplica_no_host_dns` | Do not use DNS for hostname lookup during installation. (bool, default: false) | no
`ipareplica_skip_conncheck` | Skip connection check to remote master. (bool, default: false) | no
+`ipareplica_pki_config_override` | Path to ini file with config overrides. This is only usable with recent FreeIPA versions. (string) | no
Server Vaiables
---------------
diff --git a/roles/ipareplica/library/ipareplica_setup_ca.py b/roles/ipareplica/library/ipareplica_setup_ca.py
index b7da5aa2..b278deb2 100644
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -46,6 +46,9 @@ options:
no_pkinit:
description:
required: yes
+ pki_config_override:
+ description:
+ required: yes
subject_base:
description:
required: yes
@@ -118,6 +121,8 @@ from ansible.module_utils.ansible_ipa_replica import (
def main():
ansible_module = AnsibleModule(
argument_spec = dict(
+ ### basic ###
+ pki_config_override=dict(required=False),
#### server ###
setup_ca=dict(required=False, type='bool'),
setup_kra=dict(required=False, type='bool'),
@@ -150,6 +155,9 @@ def main():
# get parameters #
options = installer
+ ### basic ###
+ options.pki_config_override = ansible_module.params.get(
+ 'pki_config_override')
### server ###
options.setup_ca = ansible_module.params.get('setup_ca')
options.setup_kra = ansible_module.params.get('setup_kra')
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
index d5dd2861..ee1ca6d2 100644
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -105,6 +105,7 @@ def main():
hostname=dict(required=False),
ca_cert_files=dict(required=False, type='list', default=[]),
no_host_dns=dict(required=False, type='bool', default=False),
+ pki_config_override=dict(required=False),
### server ###
setup_adtrust=dict(required=False, type='bool'),
setup_ca=dict(required=False, type='bool'),
@@ -148,6 +149,8 @@ def main():
options.host_name = ansible_module.params.get('hostname')
options.ca_cert_files = ansible_module.params.get('ca_cert_files')
options.no_host_dns = ansible_module.params.get('no_host_dns')
+ options.pki_config_override = ansible_module.params.get(
+ 'pki_config_override')
### server ###
options.setup_adtrust = ansible_module.params.get('setup_adtrust')
options.setup_ca = ansible_module.params.get('setup_ca')
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 86638cb1..0b38b908 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -500,6 +500,8 @@
setup_ca: "{{ ipareplica_setup_ca }}"
setup_kra: "{{ result_ipareplica_test.setup_kra }}"
no_pkinit: "{{ ipareplica_no_pkinit }}"
+ pki_config_override:
+ "{{ ipareplica_pki_config_override | default(omit) }}"
### certificate system ###
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
### additional ###
@@ -571,6 +573,8 @@
hostname: "{{ result_ipareplica_test.hostname }}"
ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
no_host_dns: "{{ ipareplica_no_host_dns }}"
+ pki_config_override:
+ "{{ ipareplica_pki_config_override | default(omit)}}"
### replica ###
setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
setup_ca: "{{ ipareplica_setup_ca }}"
--
GitLab