Merge pull request freeipa#317 from t-woerner/ipareplica_fix_missing_…

…parameters ipareplica: Fix missing parameters for several modules
chr15p · Jul 9, 2020 · 22ec1c5 · 22ec1c5
2 parents 4d8a4a1 + 7a2eaa6
commit 22ec1c5
Show file tree

Hide file tree

Showing 9 changed files with 39 additions and 2 deletions.
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
@@ -262,6 +262,7 @@ def main():
     config.subject_base = options.subject_base
     config.dirman_password = dirman_password
     config.ca_host_name = ca_host_name
+    config.setup_ca = options.setup_ca
 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
     installer._remote_api = remote_api

diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
@@ -177,6 +177,7 @@ def main():
     config = gen_ReplicaConfig()
     config.dirman_password = dirman_password
     config.subject_base = options.subject_base
+    config.master_host_name = master_host_name
 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
 

diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
@@ -173,6 +173,7 @@ def main():
     config = gen_ReplicaConfig()
     config.dirman_password = dirman_password
     config.subject_base = options.subject_base
+    config.master_host_name = master_host_name
 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
     # installer._remote_api = remote_api

diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
@@ -110,7 +110,7 @@ def main():
             # additional
             ccache=dict(required=True),
             _top_dir=dict(required=True),
-            setup_ca=dict(required=True),
+            setup_ca=dict(required=True, type='bool'),
             config_master_host_name=dict(required=True),
         ),
         supports_check_mode=True,

diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
@@ -169,6 +169,7 @@ def main():
     config.promote = installer.promote
     config.kra_enabled = kra_enabled
     config.kra_host_name = kra_host_name
+    config.setup_ca = options.setup_ca
 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
 

diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
@@ -164,7 +164,7 @@ def main():
     config.subject_base = options.subject_base
     config.dirman_password = dirman_password
     config.setup_ca = options.setup_ca
-    # config.master_host_name = master_host_name
+    config.master_host_name = master_host_name
     config.ca_host_name = ca_host_name
     config.promote = installer.promote
 

diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -120,6 +120,9 @@
   _subject_base:
     description: The installer _subject_base setting
     required: no
+  dirman_password:
+    description: Directory Manager (master) password
+    required: no
 author:
     - Thomas Woerner
 '''
@@ -173,10 +176,12 @@ def main():
             _ca_enabled=dict(required=False, type='bool'),
             _kra_enabled=dict(required=False, type='bool'),
             _kra_host_name=dict(required=False),
+            _ca_host_name=dict(required=False),
             _top_dir=dict(required=True),
             _add_to_ipaservers=dict(required=True, type='bool'),
             _ca_subject=dict(required=True),
             _subject_base=dict(required=True),
+            dirman_password=dict(required=True, no_log=True),
         ),
         supports_check_mode=True,
     )
@@ -233,6 +238,7 @@ def main():
     ca_enabled = ansible_module.params.get('_ca_enabled')
     kra_enabled = ansible_module.params.get('_kra_enabled')
     kra_host_name = ansible_module.params.get('_kra_host_name')
+    ca_host_name = ansible_module.params.get('_ca_host_name')
 
     options.subject_base = ansible_module.params.get('subject_base')
     if options.subject_base is not None:
@@ -243,6 +249,7 @@ def main():
 
     options._ca_subject = ansible_module.params.get('_ca_subject')
     options._subject_base = ansible_module.params.get('_subject_base')
+    dirman_password = ansible_module.params.get('dirman_password')
 
     # init #
 
@@ -254,14 +261,25 @@ def main():
                                          constants.DEFAULT_CONFIG)
     api_bootstrap_finalize(env)
     config = gen_ReplicaConfig()
+    config.dirman_password = dirman_password
     config.subject_base = options.subject_base
     config.promote = installer.promote
     config.kra_enabled = kra_enabled
     config.kra_host_name = kra_host_name
+    config.ca_host_name = ca_host_name
+    config.master_host_name = master_host_name
 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
     installer._remote_api = remote_api
 
+    conn = remote_api.Backend.ldap2
+    ccache = os.environ['KRB5CCNAME']
+
+    # There is a api.Backend.ldap2.connect call somewhere in ca, ds, dns or
+    # ntpinstance
+    api.Backend.ldap2.connect()
+    conn.connect(ccache=ccache)
+
     with redirect_stdout(ansible_log):
         ansible_log.debug("-- INSTALL KRA --")
 

diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
@@ -63,6 +63,9 @@
   _top_dir:
     description: The installer _top_dir setting
     required: no
+  dirman_password:
+    description: Directory Manager (master) password
+    required: no
 author:
     - Thomas Woerner
 '''
@@ -98,6 +101,7 @@ def main():
             ccache=dict(required=True),
             _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
+            dirman_password=dict(required=True, no_log=True),
         ),
         supports_check_mode=True,
     )
@@ -126,6 +130,7 @@ def main():
         '_pkinit_pkcs12_info')
 
     options._top_dir = ansible_module.params.get('_top_dir')
+    dirman_password = ansible_module.params.get('dirman_password')
 
     # init #
 
@@ -141,8 +146,10 @@ def main():
                                          constants.DEFAULT_CONFIG)
     api_bootstrap_finalize(env)
     config = gen_ReplicaConfig()
+    config.dirman_password = dirman_password
     config.master_host_name = config_master_host_name
     config.subject_base = options.subject_base
+    config.setup_ca = options.setup_ca
 
     ccache = os.environ['KRB5CCNAME']
 

diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
@@ -226,6 +226,8 @@
       setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
       setup_kra: "{{ result_ipareplica_test.setup_kra }}"
       setup_dns: "{{ ipareplica_setup_dns }}"
+      ### server ###
+      setup_ca: "{{ ipareplica_setup_ca }}"
       ### ssl certificate ###
       dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
       ### client ###
@@ -332,6 +334,7 @@
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
       dirman_password: "{{ ipareplica_dirman_password }}"
+      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
 
   - name: Install - Setup KRB
     ipareplica_setup_krb:
@@ -347,6 +350,7 @@
       ccache: "{{ result_ipareplica_prepare.ccache }}"
       _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info  if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
+      dirman_password: "{{ ipareplica_dirman_password }}"
 
   # We need to point to the master in ipa default conf when certmonger
   # asks for HTTP certificate in newer ipa versions. In these versions
@@ -388,6 +392,7 @@
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
       dirman_password: "{{ ipareplica_dirman_password }}"
+      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
       master:
         "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
     when: result_ipareplica_test.change_master_for_certmonger
@@ -471,6 +476,7 @@
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
       dirman_password: "{{ ipareplica_dirman_password }}"
+      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
     when: result_ipareplica_test.change_master_for_certmonger
 
   - name: Install - Setup otpd
@@ -611,10 +617,12 @@
       _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
       _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
       _kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
+      _ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
       _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
+      dirman_password: "{{ ipareplica_dirman_password }}"
     when: result_ipareplica_test.setup_kra
 
   - name: Install - Restart KDC