Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ipaserver,ipareplica: Add random_serial_numbers to options #852

Merged
merged 1 commit into from
Jul 6, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions roles/ipareplica/library/ipareplica_prepare.py
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,12 @@ def main():
options.server = ansible_module.params.get('server')
options.skip_conncheck = ansible_module.params.get('skip_conncheck')

# random serial numbers are master_only, therefore setting to False
options.random_serial_numbers = False
rjeffman marked this conversation as resolved.
Show resolved Hide resolved
# options._random_serial_numbers is generated by ca.install_check and
# later used by ca.install in the _setup_ca module.
options._random_serial_numbers = False

# init #

fstore = sysrestore.FileStore(paths.SYSRESTORE)
Expand Down Expand Up @@ -838,6 +844,7 @@ def main():
_http_ca_cert=http_ca_cert,
_pkinit_pkcs12_info=pkinit_pkcs12_info,
_pkinit_ca_cert=pkinit_ca_cert,
_random_serial_numbers=options._random_serial_numbers,
no_dnssec_validation=options.no_dnssec_validation,
config_setup_ca=config.setup_ca,
config_master_host_name=config.master_host_name,
Expand Down
6 changes: 6 additions & 0 deletions roles/ipareplica/library/ipareplica_setup_ca.py
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@
_subject_base:
description: The installer _subject_base setting
required: no
_random_serial_numbers:
description: The installer _random_serial_numbers setting
required: yes
dirman_password:
description: Directory Manager (master) password
required: no
Expand Down Expand Up @@ -144,6 +147,7 @@ def main():
_top_dir=dict(required=True),
_ca_subject=dict(required=True),
_subject_base=dict(required=True),
_random_serial_numbers=dict(required=True),
dirman_password=dict(required=True, no_log=True),
config_setup_ca=dict(required=True, type='bool'),
config_master_host_name=dict(required=True),
Expand Down Expand Up @@ -190,6 +194,8 @@ def main():
options._subject_base = ansible_module.params.get('_subject_base')
if options._subject_base is not None:
options._subject_base = DN(options._subject_base)
options._random_serial_numbers = ansible_module.params.get(
'_random_serial_numbers')
dirman_password = ansible_module.params.get('dirman_password')
config_setup_ca = ansible_module.params.get('config_setup_ca')
config_master_host_name = ansible_module.params.get(
Expand Down
1 change: 1 addition & 0 deletions roles/ipareplica/tasks/install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,7 @@
_subject_base: "{{ result_ipareplica_prepare._subject_base }}"
_pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
_top_dir: "{{ result_ipareplica_prepare._top_dir }}"
_random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
dirman_password: "{{ ipareplica_dirman_password }}"
config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
config_master_host_name:
Expand Down
9 changes: 8 additions & 1 deletion roles/ipaserver/library/ipaserver_prepare.py
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,8 @@ def main():

# additional
setup_ca=dict(required=False, type='bool', default=False),
random_serial_numbers=dict(required=False, type='bool',
default=False),
_hostname_overridden=dict(required=False, type='bool',
default=False),
),
Expand All @@ -225,9 +227,11 @@ def main():

# initialize return values for flake ############################

# These are set by ca.install_check
# These are set by ca.install_check and need to be passed to ca.install
# in the _setup_ca module and also some others.
options._subject_base = None
options._ca_subject = None
options._random_serial_numbers = None

# set values ####################################################

Expand Down Expand Up @@ -277,6 +281,8 @@ def main():
options.netbios_name = ansible_module.params.get('netbios_name')
# additional
options.setup_ca = ansible_module.params.get('setup_ca')
options.random_serial_numbers = ansible_module.params.get(
rjeffman marked this conversation as resolved.
Show resolved Hide resolved
'random_serial_numbers')
options._host_name_overridden = ansible_module.params.get(
'_hostname_overridden')
options.kasp_db_file = None
Expand Down Expand Up @@ -405,6 +411,7 @@ def main():
_subject_base=options._subject_base,
ca_subject=options.ca_subject,
_ca_subject=options._ca_subject,
_random_serial_numbers=options._random_serial_numbers,
# dns
reverse_zones=options.reverse_zones,
forward_policy=options.forward_policy,
Expand Down
6 changes: 6 additions & 0 deletions roles/ipaserver/library/ipaserver_setup_ca.py
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,9 @@
ca_signing_algorithm:
description: Signing algorithm of the IPA CA certificate
required: yes
_random_serial_numbers:
description: The installer _random_serial_numbers setting
required: yes
reverse_zones:
description: The reverse DNS zones to use
required: yes
Expand Down Expand Up @@ -204,6 +207,7 @@ def main():
ca_subject=dict(required=False),
_ca_subject=dict(required=False),
ca_signing_algorithm=dict(required=False),
_random_serial_numbers=dict(required=True),
# dns
reverse_zones=dict(required=False, type='list', default=[]),
no_reverse=dict(required=False, type='bool', default=False),
Expand Down Expand Up @@ -259,6 +263,8 @@ def main():
options._ca_subject = ansible_module.params.get('_ca_subject')
options.ca_signing_algorithm = ansible_module.params.get(
'ca_signing_algorithm')
options._random_serial_numbers = ansible_module.params.get(
'_random_serial_numbers')
# dns
options.reverse_zones = ansible_module.params.get('reverse_zones')
options.no_reverse = ansible_module.params.get('no_reverse')
Expand Down
2 changes: 2 additions & 0 deletions roles/ipaserver/tasks/install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,7 @@
secondary_rid_base: "{{ ipaserver_secondary_rid_base | default(omit) }}"
### additional ###
setup_ca: "{{ result_ipaserver_test.setup_ca }}"
random_serial_numbers: no
_hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
register: result_ipaserver_prepare

Expand Down Expand Up @@ -298,6 +299,7 @@
_ca_subject: "{{ result_ipaserver_prepare._ca_subject }}"
ca_signing_algorithm: "{{ ipaserver_ca_signing_algorithm |
default(omit) }}"
_random_serial_numbers: "{{ result_ipaserver_prepare._random_serial_numbers }}"
reverse_zones: "{{ result_ipaserver_prepare.reverse_zones }}"
no_reverse: "{{ ipaserver_no_reverse }}"
auto_forwarders: "{{ ipaserver_auto_forwarders }}"
Expand Down