ipaserver: Use Custodia instance in installers and setup before CA

Custodia is configured before CA and used in the setup of CA. Also add support for name FIRST_MASTER as a replacement for MASTER_PEER. This is related to the freeipa upstream commits: Use single Custodia instance in installers: https://github.com/freeipa/freeipa/commit/994f71a Rename CustodiaModes.STANDALONE to CustodiaModes.FIRST_MASTER: https://github.com/freeipa/freeipa/commit/842cb5f
2026-05-06 21:33:14 +00:00 · 2018-11-22 11:43:26 +01:00
parent dc0d1fc196
commit 73b0505299
3 changed files with 20 additions and 10 deletions
--- a/roles/ipaserver/library/ipaserver_setup_ca.py
+++ b/roles/ipaserver/library/ipaserver_setup_ca.py
@@ -189,8 +189,11 @@ def main():

    with redirect_stdout(ansible_log):
        if hasattr(custodiainstance, "get_custodia_instance"):
-            custodia = custodiainstance.get_custodia_instance(
-                options, custodiainstance.CustodiaModes.MASTER_PEER)
+            if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+                mode = custodiainstance.CustodiaModes.FIRST_MASTER
+            else:
+                mode = custodiainstance.CustodiaModes.MASTER_PEER
+            custodia = custodiainstance.get_custodia_instance(options, mode)
            custodia.create_instance()

        if options.setup_ca:
--- a/roles/ipaserver/library/ipaserver_setup_custodia.py
+++ b/roles/ipaserver/library/ipaserver_setup_custodia.py
@@ -79,8 +79,15 @@ def main():

    # setup custodia ########################################################

-    custodia = custodiainstance.CustodiaInstance(options.host_name,
-                                                 options.realm_name)
+    if hasattr(custodiainstance, "get_custodia_instance"):
+        if hasattr(custodiainstance.CustodiaModes, "FIRST_MASTER"):
+            mode = custodiainstance.CustodiaModes.FIRST_MASTER
+        else:
+            mode = custodiainstance.CustodiaModes.MASTER_PEER
+        custodia = custodiainstance.get_custodia_instance(options, mode)
+    else:
+        custodia = custodiainstance.CustodiaInstance(options.host_name,
+                                                     options.realm_name)
    custodia.set_output(ansible_log)
    with redirect_stdout(ansible_log):
        custodia.create_instance()
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -206,6 +206,12 @@
      idmax: "{{ result_ipaserver_test.idmax }}"
      _pkinit_pkcs12_info: "{{ result_ipaserver_test._pkinit_pkcs12_info }}"

+  - name: Install - Setup custodia
+    ipaserver_setup_custodia:
+      realm: "{{ result_ipaserver_test.realm }}"
+      hostname: "{{ result_ipaserver_test.hostname }}"
+      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
+
  - name: Install - Setup CA
    ipaserver_setup_ca:
      dm_password: "{{ ipadm_password }}"
@@ -245,12 +251,6 @@
      hostname: "{{ result_ipaserver_test.hostname }}"
      setup_ca: "{{ result_ipaserver_test.setup_ca }}"

-  - name: Install - Setup custodia
-    ipaserver_setup_custodia:
-      realm: "{{ result_ipaserver_test.realm }}"
-      hostname: "{{ result_ipaserver_test.hostname }}"
-      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
-
  - name: Install - Setup HTTP
    ipaserver_setup_http:
      dm_password: "{{ ipadm_password }}"