|
 |
01db47 |
From 8ce5fd147aafc34e43dbe4246565c48eace2e115 Mon Sep 17 00:00:00 2001
|
|
|
01db47 |
From: Thomas Woerner <twoerner@redhat.com>
|
|
|
01db47 |
Date: Thu, 2 Jul 2020 12:02:33 +0200
|
|
|
01db47 |
Subject: [PATCH] ipa[server,replica]: Fix pkcs12 info regressions introduced
|
|
|
01db47 |
with CA-less
|
|
|
01db47 |
|
|
|
01db47 |
With the CA-less patches the types for the pkcs12 infos have been changed
|
|
|
01db47 |
to lists in the modules. This is resulting in a bad conversion from None
|
|
|
01db47 |
to [''] for the parameters. Because of this a normal replica deployment is
|
|
|
01db47 |
failing as [''] is not a valid value.
|
|
|
01db47 |
|
|
|
01db47 |
The install.yml files for ipareplica and also ipaserver have been changed
|
|
|
01db47 |
in the way that the pkcs12 values are checked if they are None. The
|
|
|
01db47 |
parameter will simply be omitted in this case and the parameter in the
|
|
|
01db47 |
module will become None by default.
|
|
|
01db47 |
---
|
|
|
01db47 |
roles/ipareplica/tasks/install.yml | 18 +++++++++---------
|
|
|
01db47 |
roles/ipaserver/tasks/install.yml | 10 +++++-----
|
|
|
01db47 |
2 files changed, 14 insertions(+), 14 deletions(-)
|
|
|
01db47 |
|
|
|
01db47 |
diff --git a/roles/ipareplica/tasks/install.yml b/roles/ipareplica/tasks/install.yml
|
|
|
01db47 |
index fc7f83e..c2a6222 100644
|
|
|
01db47 |
--- a/roles/ipareplica/tasks/install.yml
|
|
|
01db47 |
+++ b/roles/ipareplica/tasks/install.yml
|
|
|
01db47 |
@@ -281,7 +281,7 @@
|
|
|
01db47 |
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
|
01db47 |
installer_ccache: "{{ result_ipareplica_prepare.installer_ccache }}"
|
|
|
01db47 |
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
|
01db47 |
- _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
|
|
|
01db47 |
+ _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
|
|
|
01db47 |
subject_base: "{{ result_ipareplica_prepare.subject_base }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
_add_to_ipaservers: "{{ result_ipareplica_prepare._add_to_ipaservers }}"
|
|
|
01db47 |
@@ -345,7 +345,7 @@
|
|
|
01db47 |
config_master_host_name:
|
|
|
01db47 |
"{{ result_ipareplica_install_ca_certs.config_master_host_name }}"
|
|
|
01db47 |
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
|
|
|
01db47 |
# We need to point to the master in ipa default conf when certmonger
|
|
|
01db47 |
@@ -407,8 +407,8 @@
|
|
|
01db47 |
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
|
01db47 |
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
|
01db47 |
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
|
01db47 |
- _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info if result_ipareplica_prepare._dirsrv_pkcs12_info != None else omit }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
dirman_password: "{{ ipareplica_dirman_password }}"
|
|
|
01db47 |
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
|
|
|
01db47 |
@@ -429,7 +429,7 @@
|
|
|
01db47 |
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
|
01db47 |
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
|
01db47 |
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
|
01db47 |
- _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info }}"
|
|
|
01db47 |
+ _http_pkcs12_info: "{{ result_ipareplica_prepare._http_pkcs12_info if result_ipareplica_prepare._http_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
dirman_password: "{{ ipareplica_dirman_password }}"
|
|
|
01db47 |
|
|
|
01db47 |
@@ -507,7 +507,7 @@
|
|
|
01db47 |
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
|
|
|
01db47 |
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
|
|
|
01db47 |
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
dirman_password: "{{ ipareplica_dirman_password }}"
|
|
|
01db47 |
|
|
|
01db47 |
@@ -529,7 +529,7 @@
|
|
|
01db47 |
_kra_enabled: "{{ result_ipareplica_prepare._kra_enabled }}"
|
|
|
01db47 |
_kra_host_name: "{{ result_ipareplica_prepare.config_kra_host_name }}"
|
|
|
01db47 |
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
dirman_password: "{{ ipareplica_dirman_password }}"
|
|
|
01db47 |
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
|
|
|
01db47 |
@@ -554,7 +554,7 @@
|
|
|
01db47 |
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
|
01db47 |
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
|
01db47 |
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
dirman_password: "{{ ipareplica_dirman_password }}"
|
|
|
01db47 |
|
|
|
01db47 |
@@ -574,7 +574,7 @@
|
|
|
01db47 |
ccache: "{{ result_ipareplica_prepare.ccache }}"
|
|
|
01db47 |
_ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
|
|
|
01db47 |
_ca_file: "{{ result_ipareplica_prepare._ca_file }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
|
|
|
01db47 |
dirman_password: "{{ ipareplica_dirman_password }}"
|
|
|
01db47 |
ds_ca_subject: "{{ result_ipareplica_setup_ds.ds_ca_subject }}"
|
|
|
01db47 |
diff --git a/roles/ipaserver/tasks/install.yml b/roles/ipaserver/tasks/install.yml
|
|
|
01db47 |
index 30f9da2..687f72d 100644
|
|
|
01db47 |
--- a/roles/ipaserver/tasks/install.yml
|
|
|
01db47 |
+++ b/roles/ipaserver/tasks/install.yml
|
|
|
01db47 |
@@ -203,7 +203,7 @@
|
|
|
01db47 |
# no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
|
|
|
01db47 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
|
01db47 |
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default(omit) }}"
|
|
|
01db47 |
- _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
|
|
|
01db47 |
+ _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
|
|
|
01db47 |
external_cert_files:
|
|
|
01db47 |
"{{ ipaserver_external_cert_files | default(omit) }}"
|
|
|
01db47 |
subject_base: "{{ result_ipaserver_prepare.subject_base }}"
|
|
|
01db47 |
@@ -240,7 +240,7 @@
|
|
|
01db47 |
no_hbac_allow: "{{ ipaserver_no_hbac_allow }}"
|
|
|
01db47 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
|
01db47 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
|
01db47 |
- _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info }}"
|
|
|
01db47 |
+ _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info if result_ipaserver_test._pkinit_pkcs12_info != None else omit }}"
|
|
|
01db47 |
|
|
|
01db47 |
- name: Install - Setup custodia
|
|
|
01db47 |
ipaserver_setup_custodia:
|
|
|
01db47 |
@@ -270,7 +270,7 @@
|
|
|
01db47 |
no_pkinit: "{{ result_ipaserver_test.no_pkinit }}"
|
|
|
01db47 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
|
01db47 |
dirsrv_cert_files: "{{ ipaserver_dirsrv_cert_files | default([]) }}"
|
|
|
01db47 |
- _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
|
|
|
01db47 |
+ _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
|
|
|
01db47 |
external_ca: "{{ ipaserver_external_ca }}"
|
|
|
01db47 |
external_ca_type: "{{ ipaserver_external_ca_type | default(omit) }}"
|
|
|
01db47 |
external_ca_profile:
|
|
|
01db47 |
@@ -334,7 +334,7 @@
|
|
|
01db47 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
|
01db47 |
http_cert_files: "{{ ipaserver_http_cert_files | default([]) }}"
|
|
|
01db47 |
no_ui_redirect: "{{ ipaserver_no_ui_redirect }}"
|
|
|
01db47 |
- _http_pkcs12_info: "{{ result_ipaserver_test._http_pkcs12_info }}"
|
|
|
01db47 |
+ _http_pkcs12_info: "{{ result_ipaserver_test._http_pkcs12_info if result_ipaserver_test._http_pkcs12_info != None else omit }}"
|
|
|
01db47 |
|
|
|
01db47 |
- name: Install - Setup KRA
|
|
|
01db47 |
ipaserver_setup_kra:
|
|
|
01db47 |
@@ -394,7 +394,7 @@
|
|
|
01db47 |
idstart: "{{ result_ipaserver_test.idstart }}"
|
|
|
01db47 |
idmax: "{{ result_ipaserver_test.idmax }}"
|
|
|
01db47 |
dirsrv_config_file: "{{ ipaserver_dirsrv_config_file | default(omit) }}"
|
|
|
01db47 |
- _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info }}"
|
|
|
01db47 |
+ _dirsrv_pkcs12_info: "{{ result_ipaserver_test._dirsrv_pkcs12_info if result_ipaserver_test._dirsrv_pkcs12_info != None else omit }}"
|
|
|
01db47 |
|
|
|
01db47 |
- name: Install - Setup client
|
|
|
01db47 |
include_role:
|
|
|
01db47 |
--
|
|
|
01db47 |
2.26.2
|
|
|
01db47 |
|