rpms / ansible-freeipa

Clone
Source Code
GIT

Blame SOURCES/ansible-freeipa-0.1.12-ipareplica-Fix-missing-parameters-for-several-module_hbz#1855299.patch

c8 c8-beta c8s c9 c9-beta
  1.   c235c433825a3ffa619340414ee4bf27ac09b11e
  2.   SOURCES
  3.   ansible-freeipa-0.1.12-ipareplica-Fix-missing-parameters-for-several-module_hbz#1855299.patch
Blob History Raw
b64e77 
From 7a2eaa6f535b1353d46bcfa8b0b2484b15ff3863 Mon Sep 17 00:00:00 2001
b64e77 
From: Thomas Woerner <twoerner@redhat.com>
b64e77 
Date: Tue, 7 Jul 2020 17:13:09 +0200
b64e77 
Subject: [PATCH] ipareplica: Fix missing parameters for several modules
b64e77
b64e77 
The parameters master_host_name, config_setup_ca, dirman_password have not
b64e77 
been set for some modules. Also there was no ldap2 connection within
b64e77 
ipareplica_setup_kra. All this resulted in improper configuration where
b64e77 
for example KRA deployment failed in the end.
b64e77
b64e77 
A conversion warning in ipareplica_setup_adtrust has also been fixed for
b64e77 
the setup_ca parameter.
b64e77
b64e77 
Fixes #314 (IPA replica installation failure - DS enabled SSL - second part)
b64e77 
---
b64e77 
 .../library/ipareplica_create_ipa_conf.py      |  1 +
b64e77 
 .../library/ipareplica_ds_apply_updates.py     |  1 +
b64e77 
 .../library/ipareplica_ds_enable_ssl.py        |  1 +
b64e77 
 .../library/ipareplica_setup_adtrust.py        |  2 +-
b64e77 
 .../library/ipareplica_setup_custodia.py       |  1 +
b64e77 
 .../library/ipareplica_setup_http.py           |  2 +-
b64e77 
 .../ipareplica/library/ipareplica_setup_kra.py | 18 ++++++++++++++++++
b64e77 
 .../ipareplica/library/ipareplica_setup_krb.py |  7 +++++++
b64e77 
 roles/ipareplica/tasks/install.yml             |  8 ++++++++
b64e77 
 9 files changed, 39 insertions(+), 2 deletions(-)
b64e77
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_create_ipa_conf.py b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
b64e77 
index 3a85a6f..c475469 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_create_ipa_conf.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_create_ipa_conf.py
b64e77 
@@ -262,6 +262,7 @@ def main():
b64e77 
     config.subject_base = options.subject_base
b64e77 
     config.dirman_password = dirman_password
b64e77 
     config.ca_host_name = ca_host_name
b64e77 
+    config.setup_ca = options.setup_ca
b64e77
b64e77 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
b64e77 
     installer._remote_api = remote_api
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_ds_apply_updates.py b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
b64e77 
index 3796874..71008b3 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_ds_apply_updates.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_ds_apply_updates.py
b64e77 
@@ -177,6 +177,7 @@ def main():
b64e77 
     config = gen_ReplicaConfig()
b64e77 
     config.dirman_password = dirman_password
b64e77 
     config.subject_base = options.subject_base
b64e77 
+    config.master_host_name = master_host_name
b64e77
b64e77 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
b64e77
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
b64e77 
index a1b638e..3e4090d 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_ds_enable_ssl.py
b64e77 
@@ -173,6 +173,7 @@ def main():
b64e77 
     config = gen_ReplicaConfig()
b64e77 
     config.dirman_password = dirman_password
b64e77 
     config.subject_base = options.subject_base
b64e77 
+    config.master_host_name = master_host_name
b64e77
b64e77 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
b64e77 
     # installer._remote_api = remote_api
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_setup_adtrust.py b/roles/ipareplica/library/ipareplica_setup_adtrust.py
b64e77 
index c830ebf..734e56d 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_setup_adtrust.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_setup_adtrust.py
b64e77 
@@ -110,7 +110,7 @@ def main():
b64e77 
             # additional
b64e77 
             ccache=dict(required=True),
b64e77 
             _top_dir=dict(required=True),
b64e77 
-            setup_ca=dict(required=True),
b64e77 
+            setup_ca=dict(required=True, type='bool'),
b64e77 
             config_master_host_name=dict(required=True),
b64e77 
         ),
b64e77 
         supports_check_mode=True,
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_setup_custodia.py b/roles/ipareplica/library/ipareplica_setup_custodia.py
b64e77 
index 5a74e87..2e95c26 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_setup_custodia.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_setup_custodia.py
b64e77 
@@ -169,6 +169,7 @@ def main():
b64e77 
     config.promote = installer.promote
b64e77 
     config.kra_enabled = kra_enabled
b64e77 
     config.kra_host_name = kra_host_name
b64e77 
+    config.setup_ca = options.setup_ca
b64e77
b64e77 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
b64e77
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_setup_http.py b/roles/ipareplica/library/ipareplica_setup_http.py
b64e77 
index 987ea95..3fa4807 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_setup_http.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_setup_http.py
b64e77 
@@ -164,7 +164,7 @@ def main():
b64e77 
     config.subject_base = options.subject_base
b64e77 
     config.dirman_password = dirman_password
b64e77 
     config.setup_ca = options.setup_ca
b64e77 
-    # config.master_host_name = master_host_name
b64e77 
+    config.master_host_name = master_host_name
b64e77 
     config.ca_host_name = ca_host_name
b64e77 
     config.promote = installer.promote
b64e77
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_setup_kra.py b/roles/ipareplica/library/ipareplica_setup_kra.py
b64e77 
index 3149c10..0b2f681 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
b64e77 
@@ -120,6 +120,9 @@ options:
b64e77 
   _subject_base:
b64e77 
     description: The installer _subject_base setting
b64e77 
     required: no
b64e77 
+  dirman_password:
b64e77 
+    description: Directory Manager (master) password
b64e77 
+    required: no
b64e77 
 author:
b64e77 
     - Thomas Woerner
b64e77 
 '''
b64e77 
@@ -173,10 +176,12 @@ def main():
b64e77 
             _ca_enabled=dict(required=False, type='bool'),
b64e77 
             _kra_enabled=dict(required=False, type='bool'),
b64e77 
             _kra_host_name=dict(required=False),
b64e77 
+            _ca_host_name=dict(required=False),
b64e77 
             _top_dir=dict(required=True),
b64e77 
             _add_to_ipaservers=dict(required=True, type='bool'),
b64e77 
             _ca_subject=dict(required=True),
b64e77 
             _subject_base=dict(required=True),
b64e77 
+            dirman_password=dict(required=True, no_log=True),
b64e77 
         ),
b64e77 
         supports_check_mode=True,
b64e77 
     )
b64e77 
@@ -233,6 +238,7 @@ def main():
b64e77 
     ca_enabled = ansible_module.params.get('_ca_enabled')
b64e77 
     kra_enabled = ansible_module.params.get('_kra_enabled')
b64e77 
     kra_host_name = ansible_module.params.get('_kra_host_name')
b64e77 
+    ca_host_name = ansible_module.params.get('_ca_host_name')
b64e77
b64e77 
     options.subject_base = ansible_module.params.get('subject_base')
b64e77 
     if options.subject_base is not None:
b64e77 
@@ -243,6 +249,7 @@ def main():
b64e77
b64e77 
     options._ca_subject = ansible_module.params.get('_ca_subject')
b64e77 
     options._subject_base = ansible_module.params.get('_subject_base')
b64e77 
+    dirman_password = ansible_module.params.get('dirman_password')
b64e77
b64e77 
     # init #
b64e77
b64e77 
@@ -254,14 +261,25 @@ def main():
b64e77 
                                          constants.DEFAULT_CONFIG)
b64e77 
     api_bootstrap_finalize(env)
b64e77 
     config = gen_ReplicaConfig()
b64e77 
+    config.dirman_password = dirman_password
b64e77 
     config.subject_base = options.subject_base
b64e77 
     config.promote = installer.promote
b64e77 
     config.kra_enabled = kra_enabled
b64e77 
     config.kra_host_name = kra_host_name
b64e77 
+    config.ca_host_name = ca_host_name
b64e77 
+    config.master_host_name = master_host_name
b64e77
b64e77 
     remote_api = gen_remote_api(master_host_name, paths.ETC_IPA)
b64e77 
     installer._remote_api = remote_api
b64e77
b64e77 
+    conn = remote_api.Backend.ldap2
b64e77 
+    ccache = os.environ['KRB5CCNAME']
b64e77 
+
b64e77 
+    # There is a api.Backend.ldap2.connect call somewhere in ca, ds, dns or
b64e77 
+    # ntpinstance
b64e77 
+    api.Backend.ldap2.connect()
b64e77 
+    conn.connect(ccache=ccache)
b64e77 
+
b64e77 
     with redirect_stdout(ansible_log):
b64e77 
         ansible_log.debug("-- INSTALL KRA --")
b64e77
b64e77 
diff --git a/roles/ipareplica/library/ipareplica_setup_krb.py b/roles/ipareplica/library/ipareplica_setup_krb.py
b64e77 
index c8d09f7..4500a6f 100644
b64e77 
--- a/roles/ipareplica/library/ipareplica_setup_krb.py
b64e77 
+++ b/roles/ipareplica/library/ipareplica_setup_krb.py
b64e77 
@@ -63,6 +63,9 @@ options:
b64e77 
   _top_dir:
b64e77 
     description: The installer _top_dir setting
b64e77 
     required: no
b64e77 
+  dirman_password:
b64e77 
+    description: Directory Manager (master) password
b64e77 
+    required: no
b64e77 
 author:
b64e77 
     - Thomas Woerner
b64e77 
 '''
b64e77 
@@ -98,6 +101,7 @@ def main():
b64e77 
             ccache=dict(required=True),
b64e77 
             _pkinit_pkcs12_info=dict(required=False, type='list'),
b64e77 
             _top_dir=dict(required=True),
b64e77 
+            dirman_password=dict(required=True, no_log=True),
b64e77 
         ),
b64e77 
         supports_check_mode=True,
b64e77 
     )
b64e77 
@@ -126,6 +130,7 @@ def main():
b64e77 
         '_pkinit_pkcs12_info')
b64e77
b64e77 
     options._top_dir = ansible_module.params.get('_top_dir')
b64e77 
+    dirman_password = ansible_module.params.get('dirman_password')
b64e77
b64e77 
     # init #
b64e77
b64e77 
@@ -141,8 +146,10 @@ def main():
b64e77 
                                          constants.DEFAULT_CONFIG)
b64e77 
     api_bootstrap_finalize(env)
b64e77 
     config = gen_ReplicaConfig()
b64e77 
+    config.dirman_password = dirman_password
b64e77 
     config.master_host_name = config_master_host_name
b64e77 
     config.subject_base = options.subject_base
b64e77 
+    config.setup_ca = options.setup_ca
b64e77
b64e77 
     ccache = os.environ['KRB5CCNAME']
b64e77
b64e77 
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
b64e77 
index c2a6222..ddb3f85 100644
b64e77 
--- a/roles/ipareplica/tasks/install.yml
b64e77 
+++ b/roles/ipareplica/tasks/install.yml
b64e77 
@@ -226,6 +226,8 @@
b64e77 
       setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
b64e77 
       setup_kra: "{{ result_ipareplica_test.setup_kra }}"
b64e77 
       setup_dns: "{{ ipareplica_setup_dns }}"
b64e77 
+      ### server ###
b64e77 
+      setup_ca: "{{ ipareplica_setup_ca }}"
b64e77 
       ### ssl certificate ###
b64e77 
       dirsrv_cert_files: "{{ ipareplica_dirsrv_cert_files | default([]) }}"
b64e77 
       ### client ###
b64e77 
@@ -332,6 +334,7 @@
b64e77 
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
b64e77 
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
b64e77 
       dirman_password: "{{ ipareplica_dirman_password }}"
b64e77 
+      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
b64e77
b64e77 
   - name: Install - Setup KRB
b64e77 
     ipareplica_setup_krb:
b64e77 
@@ -347,6 +350,7 @@
b64e77 
       ccache: "{{ result_ipareplica_prepare.ccache }}"
b64e77 
       _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info  if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
b64e77 
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
b64e77 
+      dirman_password: "{{ ipareplica_dirman_password }}"
b64e77
b64e77 
   # We need to point to the master in ipa default conf when certmonger
b64e77 
   # asks for HTTP certificate in newer ipa versions. In these versions
b64e77 
@@ -388,6 +392,7 @@
b64e77 
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
b64e77 
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
b64e77 
       dirman_password: "{{ ipareplica_dirman_password }}"
b64e77 
+      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
b64e77 
       master:
b64e77 
         "{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
b64e77 
     when: result_ipareplica_test.change_master_for_certmonger
b64e77 
@@ -471,6 +476,7 @@
b64e77 
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
b64e77 
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
b64e77 
       dirman_password: "{{ ipareplica_dirman_password }}"
b64e77 
+      setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
b64e77 
     when: result_ipareplica_test.change_master_for_certmonger
b64e77
b64e77 
   - name: Install - Setup otpd
b64e77 
@@ -611,10 +617,12 @@
b64e77 
       _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
b64e77 
       _kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
b64e77 
       _kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
b64e77 
+      _ca_host_name: "{{ result_ipareplica_prepare.config_ca_host_name }}"
b64e77 
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
b64e77 
       _add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
b64e77 
       _ca_subject: "{{ result_ipareplica_prepare._ca_subject }}"
b64e77 
       _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
b64e77 
+      dirman_password: "{{ ipareplica_dirman_password }}"
b64e77 
     when: result_ipareplica_test.setup_kra
b64e77
b64e77 
   - name: Install - Restart KDC
b64e77 
--
b64e77 
2.26.2
b64e77

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation