ipaserver: Add support for pki_config_override

The addtion is not oly adding the config setting, but also fixing the
deployment without the setting as functions and methods have been changed
for pki_config_override.

There is a new setting for the ipaserver role:

ipaserver_pki_config_override

roles/ipaserver/README.md

@@ -129,6 +129,9 @@ Variables
 **ipaserver_no_host_dns** - Do not use DNS for hostname lookup during installation.
  (bool, optional)
               
+**ipaserver_pki_config_override** - Path to ini file with config overrides.
+ (string, optional)
+
 **ipaserver_no_dnssec_validation** - Disable DNSSEC validation on this server.
  (bool, optional)
  

roles/ipaserver/library/ipaserver_setup_ca.py

@@ -91,6 +91,7 @@ def main():
             realm=dict(required=True),
             hostname=dict(required=False),
             no_host_dns=dict(required=False, type='bool', default=False),
+            pki_config_override=dict(required=False),
             ### server ###
             setup_adtrust=dict(required=False, type='bool', default=False),
             setup_kra=dict(required=False, type='bool', default=False),
@@ -136,6 +137,8 @@ def main():
     options.realm_name = ansible_module.params.get('realm')
     options.host_name = ansible_module.params.get('hostname')
     options.no_host_dns = ansible_module.params.get('no_host_dns')
+    options.pki_config_override = ansible_module.params.get(
+        'pki_config_override')
     ### server ###
     options.setup_adtrust = ansible_module.params.get('setup_adtrust')
     options.setup_kra = ansible_module.params.get('setup_kra')

roles/ipaserver/library/ipaserver_setup_kra.py

@@ -58,6 +58,7 @@ def main():
             setup_ca=dict(required=True, type='bool'),
             setup_kra=dict(required=True, type='bool'),
             realm=dict(required=True),
+            pki_config_override=dict(required=False),
         ),
     )
 
@@ -71,6 +72,8 @@ def main():
     options.setup_ca = ansible_module.params.get('setup_ca')
     options.setup_kra = ansible_module.params.get('setup_kra')
     options.realm_name = ansible_module.params.get('realm')
+    options.pki_config_override = ansible_module.params.get(
+        'pki_config_override')
     options.promote = False  # first master, no promotion
 
     # init ##########################################################

roles/ipaserver/library/ipaserver_test.py

@@ -66,6 +66,7 @@ def main():
             hostname=dict(required=False),
             ca_cert_files=dict(required=False, type='list', default=[]),
             no_host_dns=dict(required=False, type='bool', default=False),
+            pki_config_override=dict(required=False),
             ### server ###
             setup_adtrust=dict(required=False, type='bool', default=False),
             setup_kra=dict(required=False, type='bool', default=False),
@@ -134,13 +135,13 @@ def main():
     options.dm_password = ansible_module.params.get('dm_password')
     options.admin_password = ansible_module.params.get('password')
     options.master_password = ansible_module.params.get('master_password')
-    options.ip_addresses = ansible_module_get_parsed_ip_addresses(
-        ansible_module)
     options.domain_name = ansible_module.params.get('domain')
     options.realm_name = ansible_module.params.get('realm')
     options.host_name = ansible_module.params.get('hostname')
     options.ca_cert_files = ansible_module.params.get('ca_cert_files')
     options.no_host_dns = ansible_module.params.get('no_host_dns')
+    options.pki_config_override = ansible_module.params.get(
+        'pki_config_override')
     ### server ###
     options.setup_adtrust = ansible_module.params.get('setup_adtrust')
     options.setup_dns = ansible_module.params.get('setup_dns')
@@ -213,6 +214,19 @@ def main():
         #  options.setup_kra = False
         #  ansible_module.warn(msg="kra is not supported, disabling")
 
+    if options.pki_config_override is not None:
+        if PKIIniLoader is None:
+            ansible_module.warn("The use of pki_config_override is not "
+                                "supported for this IPA version")
+        else:
+            # From DogtagInstallInterface @pki_config_override.validator
+            try:
+                PKIIniLoader.verify_pki_config_override(
+                    options.pki_config_override)
+            except ValueError as e:
+                ansible_module.fail_json(
+                    msg="pki_config_override: %s" % str(e))
+
     # validation #############################################################
 
     if options.dm_password is None:

roles/ipaserver/module_utils/ansible_ipa_server.py

@@ -101,6 +101,10 @@ if NUM_VERSION >= 40500:
     from ipaserver.install.server.install import (
         check_dirsrv, validate_admin_password, validate_dm_password,
         write_cache)
+    try:
+        from ipaserver.install.dogtaginstance import PKIIniLoader
+    except ImportError:
+        PKIIniLoader = None
     try:
         from ipaserver.install.installutils import default_subject_base
     except ImportError:

roles/ipaserver/tasks/install.yml

@@ -39,6 +39,7 @@
     hostname: "{{ ipaserver_hostname | default(ansible_fqdn) }}"
     ca_cert_files: "{{ ipaserver_ca_cert_files | default(omit) }}"
     no_host_dns: "{{ ipaserver_no_host_dns }}"
+    pki_config_override: "{{ ipaserver_pki_config_override | default(omit) }}"
     ### server ###
     setup_adtrust: "{{ ipaserver_setup_adtrust }}"
     setup_kra: "{{ ipaserver_setup_kra }}"
@@ -228,6 +229,8 @@
       realm: "{{ result_ipaserver_test.realm }}"
       hostname: "{{ result_ipaserver_test.hostname }}"
       no_host_dns: "{{ result_ipaserver_test.no_host_dns }}"
+      pki_config_override: "{{ ipaserver_pki_config_override |
+                               default(omit) }}"
       setup_adtrust: "{{ result_ipaserver_test.setup_adtrust }}"
       setup_kra: "{{ result_ipaserver_test.setup_kra }}"
       setup_dns: "{{ ipaserver_setup_dns }}"
@@ -294,6 +297,8 @@
       dm_password: "{{ ipadm_password }}"
       setup_kra: "{{ result_ipaserver_test.setup_kra }}"
       realm: "{{ result_ipaserver_test.realm }}"
+      pki_config_override: "{{ ipaserver_pki_config_override |
+                               default(omit) }}"
     when: result_ipaserver_test.setup_kra | bool
 
   - name: Install - Setup DNS