Install ipaserver without ca

roles/ipaserver/library/ipaserver_set_ds_password.py

@@ -127,7 +127,7 @@ def main():
             no_hbac_allow=dict(required=False, type='bool', default=False),
             no_pkinit=dict(required=False, type='bool', default=False),
             dirsrv_config_file=dict(required=False),
-            _dirsrv_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
             # ssl certificate
             dirsrv_cert_files=dict(required=False, type='list', default=[]),
             subject_base=dict(required=False),

roles/ipaserver/library/ipaserver_setup_ca.py

@@ -191,7 +191,7 @@ def main():
             no_pkinit=dict(required=False, type='bool', default=False),
             dirsrv_config_file=dict(required=False),
             dirsrv_cert_files=dict(required=False, type='list'),
-            _dirsrv_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
             # certificate system
             external_ca=dict(required=False, type='bool', default=False),
             external_ca_type=dict(required=False),
@@ -322,18 +322,20 @@ def main():
                                      csr_generated=True)
     else:
         # Put the CA cert where other instances expect it
-        x509.write_certificate(options._http_ca_cert, paths.IPA_CA_CRT)
+        with open(paths.IPA_CA_CRT, "w") as http_ca_cert_file:
+            http_ca_cert_file.write(options._http_ca_cert)
         os.chmod(paths.IPA_CA_CRT, 0o444)
 
         if not options.no_pkinit:
-            x509.write_certificate(options._http_ca_cert,
-                                   paths.KDC_CA_BUNDLE_PEM)
+            with open(paths.KDC_CA_BUNDLE_PEM, "w") as http_ca_cert_file:
+                http_ca_cert_file.write(options._http_ca_cert)
         else:
             with open(paths.KDC_CA_BUNDLE_PEM, 'w'):
                 pass
         os.chmod(paths.KDC_CA_BUNDLE_PEM, 0o444)
 
-        x509.write_certificate(options._http_ca_cert, paths.CA_BUNDLE_PEM)
+        with open(paths.CA_BUNDLE_PEM, "w") as http_ca_cert_file:
+            http_ca_cert_file.write(options._http_ca_cert)
         os.chmod(paths.CA_BUNDLE_PEM, 0o444)
 
     with redirect_stdout(ansible_log):

roles/ipaserver/library/ipaserver_setup_ds.py

@@ -126,7 +126,7 @@ def main():
             dirsrv_config_file=dict(required=False),
             # ssl certificate
             dirsrv_cert_files=dict(required=False, type='list', default=[]),
-            _dirsrv_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
             # certificate system
             external_cert_files=dict(required=False, type='list', default=[]),
             subject_base=dict(required=False),

roles/ipaserver/library/ipaserver_setup_http.py

@@ -199,8 +199,8 @@ def main():
 
             # _update_hosts_file=dict(required=False, type='bool',
             #                         default=False),
-            _dirsrv_pkcs12_info=dict(required=False),
-            _http_pkcs12_info=dict(required=False),
+            _dirsrv_pkcs12_info=dict(required=False, type='list'),
+            _http_pkcs12_info=dict(required=False, type='list'),
         ),
     )
 

roles/ipaserver/library/ipaserver_setup_krb.py

@@ -160,7 +160,7 @@ def main():
             no_reverse=dict(required=False, type='bool', default=False),
             auto_forwarders=dict(required=False, type='bool', default=False),
 
-            _pkinit_pkcs12_info=dict(required=False),
+            _pkinit_pkcs12_info=dict(required=False, type='list'),
         ),
     )
 

roles/ipaserver/library/ipaserver_test.py

@@ -967,37 +967,25 @@ def main():
         if options.http_pin is None:
             ansible_module.fail_json(
                 msg="Apache Server private key unlock password required")
-        http_pkcs12_file, http_pin, http_ca_cert = load_pkcs12(
-            cert_files=options.http_cert_files,
-            key_password=options.http_pin,
-            key_nickname=options.http_cert_name,
-            ca_cert_files=options.ca_cert_files,
-            host_name=host_name)
-        http_pkcs12_info = (http_pkcs12_file.name, http_pin)
+        http_pkcs12_info = [options.http_cert_files[0], options.http_pin]
+        with open(options.ca_cert_files[0]) as http_ca_cert_file:
+            http_ca_cert = http_ca_cert_file.read()
 
     if options.dirsrv_cert_files:
         if options.dirsrv_pin is None:
             ansible_module.fail_json(
                 msg="Directory Server private key unlock password required")
-        dirsrv_pkcs12_file, dirsrv_pin, dirsrv_ca_cert = load_pkcs12(
-            cert_files=options.dirsrv_cert_files,
-            key_password=options.dirsrv_pin,
-            key_nickname=options.dirsrv_cert_name,
-            ca_cert_files=options.ca_cert_files,
-            host_name=host_name)
-        dirsrv_pkcs12_info = (dirsrv_pkcs12_file.name, dirsrv_pin)
+        dirsrv_pkcs12_info = [options.dirsrv_cert_files[0], options.dirsrv_pin]
+        with open(options.ca_cert_files[0]) as dirsrv_ca_cert_file:
+           dirsrv_ca_cert = dirsrv_ca_cert_file.read()
 
     if options.pkinit_cert_files:
         if options.pkinit_pin is None:
             ansible_module.fail_json(
                 msg="Kerberos KDC private key unlock password required")
-        pkinit_pkcs12_file, pkinit_pin, pkinit_ca_cert = load_pkcs12(
-            cert_files=options.pkinit_cert_files,
-            key_password=options.pkinit_pin,
-            key_nickname=options.pkinit_cert_name,
-            ca_cert_files=options.ca_cert_files,
-            realm_name=realm_name)
-        pkinit_pkcs12_info = (pkinit_pkcs12_file.name, pkinit_pin)
+        pkinit_pkcs12_info = [options.pkinit_cert_files[0], options.pkinit_pin]
+        with open(options.ca_cert_files[0]) as pkinit_ca_cert_file:
+           pkinit_ca_cert = pkinit_ca_cert_file.read()
 
     if options.http_cert_files and options.dirsrv_cert_files and \
        http_ca_cert != dirsrv_ca_cert: