internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-06-23 09:14:43 +00:00
Code Issues Projects Releases Wiki Activity

library/ipaapi.py: Add call to api to get subject base form server

Browse Source 
The subject base generated in discovery is only a guess and might have been
changed by the admin at installation process. Therefore it is needed to
get this from the server.

subject_base has been added as a new return value.

Use subject base form ipaapi in roles/ipaclient/tasks/install.yml instead of
guessed value from ipadiscovery.
This commit is contained in:
Thomas Woerner
2017-09-25 15:52:27 +02:00
parent 860794232e
commit 6dc469fdb8
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
library/ipaapi.py
View File

@@ -63,6 +63,11 @@ ca_enabled:
description: Wheter the Certificate Authority is enabled or not. description: Wheter the Certificate Authority is enabled or not.
returned: always returned: always
type: bool type: bool
subject_base:
description: The subject base, needed for certmonger
returned: always
type: string
sample: O=EXAMPLE.COM
''' '''
import os import os
@@ -88,6 +93,7 @@ from ipalib.rpc import delete_persistent_client_session_data
from ipapython import certdb from ipapython import certdb
from ipapython.ipautil import CalledProcessError, write_tmp_file, \ from ipapython.ipautil import CalledProcessError, write_tmp_file, \
ipa_generate_password ipa_generate_password
from ipapython.dn import DN
ipa_client_install = None ipa_client_install = None
try: try:
from ipaclient.install.client import SECURE_PATH, disable_ra from ipaclient.install.client import SECURE_PATH, disable_ra
@@ -236,7 +242,16 @@ def main():
if not ca_enabled: if not ca_enabled:
disable_ra() disable_ra()
module.exit_json(changed=True, ca_enabled=ca_enabled) # Get subject base from ipa server
try:
config = api.Command['config_show']()['result']
subject_base = str(DN(config['ipacertificatesubjectbase'][0]))
except errors.PublicError as e:
module.fail_json(msg="Cannot get subject base from server: %s" % e)
module.exit_json(changed=True,
ca_enabled=ca_enabled,
subject_base=subject_base)
if __name__ == '__main__': if __name__ == '__main__':
main() main()

2
roles/ipaclient/tasks/install.yml
View File

@@ -174,7 +174,7 @@
realm: "{{ ipadiscovery.realm }}" realm: "{{ ipadiscovery.realm }}"
basedn: "{{ ipadiscovery.basedn }}" basedn: "{{ ipadiscovery.basedn }}"
hostname: "{{ ipadiscovery.hostname }}" hostname: "{{ ipadiscovery.hostname }}"
subject_base: "{{ ipadiscovery.subject_base }}" subject_base: "{{ ipaapi.subject_base }}"
principal: "{{ ipaadmin_principal | default(omit) }}" principal: "{{ ipaadmin_principal | default(omit) }}"
mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}" mkhomedir: "{{ ipaclient_mkhomedir | default(omit) }}"
ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}" ca_enabled: "{{ ipaapi.ca_enabled | default(omit) }}"