ipaserver,ipareplica: Add random_serial_numbers to options

With the support for Random Serial Numbers v3 in FreeIPA 4.10, the attribute random_serial_numbers has been added to the installer options. options._random_serial_numbers is generated by ca.install_check and later used by ca.install in the _setup_ca module. ca.install_check is using options.random_serial_numbers and generating options._random_serial_numbers which is later used by ca.install in ca.install the _setup_ca module. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2103928 https://bugzilla.redhat.com/show_bug.cgi?id=2103924
2026-05-15 05:52:24 +00:00 · 2022-07-05 15:08:49 +02:00
parent 90f6e14c40
commit 7db5d59de1
6 changed files with 30 additions and 1 deletions
--- a/roles/ipareplica/library/ipareplica_prepare.py
+++ b/roles/ipareplica/library/ipareplica_prepare.py
@@ -351,6 +351,12 @@ def main():
    options.server = ansible_module.params.get('server')
    options.skip_conncheck = ansible_module.params.get('skip_conncheck')

+    # random serial numbers are master_only, therefore setting to False
+    options.random_serial_numbers = False
+    # options._random_serial_numbers is generated by ca.install_check and
+    # later used by ca.install in the _setup_ca module.
+    options._random_serial_numbers = False
+
    # init #

    fstore = sysrestore.FileStore(paths.SYSRESTORE)
@@ -838,6 +844,7 @@ def main():
        _http_ca_cert=http_ca_cert,
        _pkinit_pkcs12_info=pkinit_pkcs12_info,
        _pkinit_ca_cert=pkinit_ca_cert,
+        _random_serial_numbers=options._random_serial_numbers,
        no_dnssec_validation=options.no_dnssec_validation,
        config_setup_ca=config.setup_ca,
        config_master_host_name=config.master_host_name,
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -85,6 +85,9 @@ options:
  _subject_base:
    description: The installer _subject_base setting
    required: no
+  _random_serial_numbers:
+    description: The installer _random_serial_numbers setting
+    required: yes
  dirman_password:
    description: Directory Manager (master) password
    required: no
@@ -144,6 +147,7 @@ def main():
            _top_dir=dict(required=True),
            _ca_subject=dict(required=True),
            _subject_base=dict(required=True),
+            _random_serial_numbers=dict(required=True),
            dirman_password=dict(required=True, no_log=True),
            config_setup_ca=dict(required=True, type='bool'),
            config_master_host_name=dict(required=True),
@@ -190,6 +194,8 @@ def main():
    options._subject_base = ansible_module.params.get('_subject_base')
    if options._subject_base is not None:
        options._subject_base = DN(options._subject_base)
+    options._random_serial_numbers = ansible_module.params.get(
+        '_random_serial_numbers')
    dirman_password = ansible_module.params.get('dirman_password')
    config_setup_ca = ansible_module.params.get('config_setup_ca')
    config_master_host_name = ansible_module.params.get(
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -557,6 +557,7 @@
      _subject_base: "{{ result_ipareplica_prepare._subject_base }}"
      _pkinit_pkcs12_info: "{{ result_ipareplica_prepare._pkinit_pkcs12_info if result_ipareplica_prepare._pkinit_pkcs12_info != None else omit }}"
      _top_dir: "{{ result_ipareplica_prepare._top_dir }}"
+      _random_serial_numbers: "{{ result_ipareplica_prepare._random_serial_numbers }}"
      dirman_password: "{{ ipareplica_dirman_password }}"
      config_setup_ca: "{{ result_ipareplica_prepare.config_setup_ca }}"
      config_master_host_name: