From b26d366732a17732f3935ffc0243f8b4904b58ad Mon Sep 17 00:00:00 2001
From: Thomas Woerner <twoerner@redhat.com>
Date: Mon, 9 Jul 2018 13:48:03 +0200
Subject: [PATCH] ipareplica/library/ipareplica_custodia_import_dm_password:
 Also use custodia here

custodia needs to be used here with newer IPA versions (introduced with 4.6.4).
With this master_host_name does is not supplied to custodia.import_dm_password
as an arguemtn anymore.
---
 .../ipareplica_custodia_import_dm_password.py | 30 +++++++++++++++----
 roles/ipareplica/tasks/install.yml            |  2 ++
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
index 4b3284f0..8c93356d 100644
--- a/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
+++ b/roles/ipareplica/library/ipareplica_custodia_import_dm_password.py
@@ -100,7 +100,6 @@ def main():
             #### certificate system ###
             subject_base=dict(required=True),
             #### additional ###
-            config_master_host_name=dict(required=True),
             ccache=dict(required=True),
             _ca_enabled=dict(required=False, type='bool'),
             _ca_file=dict(required=False),
@@ -108,6 +107,9 @@ def main():
             _pkinit_pkcs12_info = dict(required=False),
             _top_dir = dict(required=True),
             dirman_password=dict(required=True, no_log=True),
+            config_setup_ca=dict(required=True),
+            config_master_host_name=dict(required=True),
+            config_ca_host_name=dict(required=True),
         ),
         supports_check_mode = True,
     )
@@ -137,6 +139,8 @@ def main():
     pkinit_pkcs12_info = ansible_module.params.get('_pkinit_pkcs12_info')
     options._top_dir = ansible_module.params.get('_top_dir')
     dirman_password = ansible_module.params.get('dirman_password')
+    config_setup_ca = ansible_module.params.get('config_setup_ca')
+    config_ca_host_name = ansible_module.params.get('config_ca_host_name')
 
     # init #
 
@@ -146,15 +150,19 @@ def main():
     ansible_log.debug("== INSTALL ==")
 
     options = installer
-    promote = installer.promote
 
     env = gen_env_boostrap_finalize_core(paths.ETC_IPA,
                                          constants.DEFAULT_CONFIG)
     api_bootstrap_finalize(env)
     config = gen_ReplicaConfig()
+    config.dirman_password = dirman_password
+    config.setup_ca = config_setup_ca
+    config.master_host_name = master_host_name
+    config.ca_host_name = config_ca_host_name
     config.subject_base = options.subject_base
+    config.promote = installer.promote
 
-    remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
+    remote_api = gen_remote_api(config.master_host_name, paths.ETC_IPA)
     installer._remote_api = remote_api
 
     conn = remote_api.Backend.ldap2
@@ -163,12 +171,22 @@ def main():
     # do the work #
 
     with redirect_stdout(ansible_log):
-        custodia = custodiainstance.CustodiaInstance(config.host_name,
-                                                     config.realm_name)
+        if not hasattr(custodiainstance, "get_custodia_instance"):
+            custodia = custodiainstance.CustodiaInstance(config.host_name,
+                                                         config.realm_name)
+        else:
+            if ca_enabled:
+                mode = custodiainstance.CustodiaModes.CA_PEER
+            else:
+                mode = custodiainstance.CustodiaModes.MASTER_PEER
+            custodia = custodiainstance.get_custodia_instance(config, mode)
 
         ansible_log.debug("-- CUSTODIA IMPORT DM PASSWORD --")
 
-        custodia.import_dm_password(config.master_host_name)
+        if not hasattr(custodiainstance, "get_custodia_instance"):
+            custodia.import_dm_password(config.master_host_name)
+        else:
+            custodia.import_dm_password()
 
     # done #
 
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
index 47c44800..4dab15e3 100644
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -545,12 +545,14 @@
       subject_base: "{{ result_ipareplica_prepare.subject_base }}"
       ### additional ###
       config_master_host_name: "{{ result_ipareplica_prepare.config_master_host_name }}"
+      config_ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
       ccache: "{{ result_ipareplica_prepare.ccache }}"
       _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
       _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
       _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
       dirman_password: "{{ ipareplica_dirman_password }}"
+      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
 
   - name: Install - Promote SSSD
     ipareplica_promote_sssd:
-- 
GitLab