Install iparelicas without CA

roles/ipareplica/library/ipareplica_ds_apply_updates.py

@@ -123,8 +123,8 @@ def main():
             ccache=dict(required=True),
             _ca_enabled=dict(required=False, type='bool'),
             _ca_file=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             dirman_password=dict(required=True, no_log=True),
             ds_ca_subject=dict(required=True),

roles/ipareplica/library/ipareplica_ds_enable_ssl.py

@@ -119,8 +119,8 @@ def main():
             ccache=dict(required=True),
             _ca_enabled=dict(required=False, type='bool'),
             _ca_file=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             dirman_password=dict(required=True, no_log=True),
             ds_ca_subject=dict(required=True),

roles/ipareplica/library/ipareplica_krb_enable_ssl.py

@@ -106,7 +106,7 @@ def main():
             ccache=dict(required=True),
             _ca_enabled=dict(required=False, type='bool'),
             _ca_file=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             dirman_password=dict(required=True, no_log=True),
         ),

roles/ipareplica/library/ipareplica_prepare.py

@@ -195,6 +195,7 @@ import os
 import tempfile
 import traceback
 import six
+from shutil import copyfile
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.ansible_ipa_replica import (
@@ -485,6 +486,21 @@ def main():
             "certificate are not signed by the same CA "
             "certificate")
 
+    # Copy pkcs12_files to make them persistent till deployment is done
+    # and encode certificates for ansible compatibility
+    if http_pkcs12_info is not None:
+        copyfile(http_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_http")
+        http_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_http", http_pin)
+        http_ca_cert = ""
+    if dirsrv_pkcs12_info is not None:
+        copyfile(dirsrv_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_dirsrv")
+        dirsrv_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_dirsrv", dirsrv_pin)
+        dirsrv_ca_cert = ""
+    if pkinit_pkcs12_info is not None:
+        copyfile(pkinit_pkcs12_file.name, "/etc/ipa/.tmp_pkcs12_pkinit")
+        pkinit_pkcs12_info = ("/etc/ipa/.tmp_pkcs12_pkinit", pkinit_pin)
+        pkinit_ca_cert = ""
+
     ansible_log.debug("-- FQDN --")
 
     installutils.verify_fqdn(config.host_name, options.no_host_dns)

roles/ipareplica/library/ipareplica_setup_ca.py

@@ -138,8 +138,8 @@ def main():
             _ca_file=dict(required=False),
             _kra_enabled=dict(required=False, type='bool'),
             _kra_host_name=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             _ca_subject=dict(required=True),
             _subject_base=dict(required=True),

roles/ipareplica/library/ipareplica_setup_custodia.py

@@ -118,7 +118,7 @@ def main():
             _ca_file=dict(required=False),
             _kra_enabled=dict(required=False, type='bool'),
             _kra_host_name=dict(required=False),
-            _pkinit_pkcs12_info=dict(required=False),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             dirman_password=dict(required=True, no_log=True),
         ),

roles/ipareplica/library/ipareplica_setup_ds.py

@@ -190,7 +190,7 @@ def main():
             ccache=dict(required=True),
             installer_ccache=dict(required=True),
             _ca_enabled=dict(required=False, type='bool'),
-            _dirsrv_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             _add_to_ipaservers=dict(required=True, type='bool'),
             _ca_subject=dict(required=True),

roles/ipareplica/library/ipareplica_setup_http.py

@@ -115,7 +115,7 @@ def main():
             ccache=dict(required=True),
             _ca_enabled=dict(required=False, type='bool'),
             _ca_file=dict(required=False),
-            _http_pkcs12_info=dict(required=False),
+            _http_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
             dirman_password=dict(required=True, no_log=True),
         ),

roles/ipareplica/library/ipareplica_setup_krb.py

@@ -96,7 +96,7 @@ def main():
             # additional
             config_master_host_name=dict(required=True),
             ccache=dict(required=True),
-            _pkinit_pkcs12_info=dict(required=False),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
             _top_dir=dict(required=True),
         ),
         supports_check_mode=True,

roles/ipareplica/tasks/install.yml

@@ -407,6 +407,7 @@
       ccache: "{{ result_ipareplica_prepare.ccache }}"
       _ca_enabled: "{{ result_ipareplica_prepare._ca_enabled }}"
       _ca_file: "{{ result_ipareplica_prepare._ca_file }}"
+      _dirsrv_pkcs12_info: "{{ result_ipareplica_prepare._dirsrv_pkcs12_info }}"
       _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info }}"
       _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
       dirman_password: "{{ ipareplica_dirman_password }}"