ipareplica: Add support for pki_config_override

There is a new setting for the ipareplica role: ipareplica_pki_config_override
2026-05-07 22:03:18 +00:00 · 2019-07-17 19:14:27 +02:00
parent c045530cd4
commit a3578de4b2
4 changed files with 16 additions and 0 deletions
--- a/roles/ipareplica/README.md
+++ b/roles/ipareplica/README.md
@@ -140,6 +140,7 @@ Variable | Description | Required
 `ipaadmin_principal` | The authorized kerberos principal used to join the IPA realm. (string) | no
 `ipareplica_no_host_dns` | Do not use DNS for hostname lookup during installation. (bool, default: false) | no
 `ipareplica_skip_conncheck` | Skip connection check to remote master. (bool, default: false) | no
+`ipareplica_pki_config_override` | Path to ini file with config overrides. This is only usable with recent FreeIPA versions. (string) | no

 Server Vaiables
 ---------------
--- a/roles/ipareplica/library/ipareplica_setup_ca.py
+++ b/roles/ipareplica/library/ipareplica_setup_ca.py
@@ -46,6 +46,9 @@ options:
  no_pkinit:
    description: 
    required: yes
+  pki_config_override:
+    description: 
+    required: yes
  subject_base:
    description: 
    required: yes
@@ -118,6 +121,8 @@ from ansible.module_utils.ansible_ipa_replica import (
 def main():
    ansible_module = AnsibleModule(
        argument_spec = dict(
+            ### basic ###
+            pki_config_override=dict(required=False),
            #### server ###
            setup_ca=dict(required=False, type='bool'),
            setup_kra=dict(required=False, type='bool'),
@@ -150,6 +155,9 @@ def main():
    # get parameters #

    options = installer
+    ### basic ###
+    options.pki_config_override = ansible_module.params.get(
+        'pki_config_override')
    ### server ###
    options.setup_ca = ansible_module.params.get('setup_ca')
    options.setup_kra = ansible_module.params.get('setup_kra')
--- a/roles/ipareplica/library/ipareplica_setup_kra.py
+++ b/roles/ipareplica/library/ipareplica_setup_kra.py
@@ -105,6 +105,7 @@ def main():
            hostname=dict(required=False),
            ca_cert_files=dict(required=False, type='list', default=[]),
            no_host_dns=dict(required=False, type='bool', default=False),
+            pki_config_override=dict(required=False),
            ### server ###
            setup_adtrust=dict(required=False, type='bool'),
            setup_ca=dict(required=False, type='bool'),
@@ -148,6 +149,8 @@ def main():
    options.host_name = ansible_module.params.get('hostname')
    options.ca_cert_files = ansible_module.params.get('ca_cert_files')
    options.no_host_dns = ansible_module.params.get('no_host_dns')
+    options.pki_config_override = ansible_module.params.get(
+        'pki_config_override')
    ### server ###
    options.setup_adtrust = ansible_module.params.get('setup_adtrust')
    options.setup_ca = ansible_module.params.get('setup_ca')
--- a/roles/ipareplica/tasks/install.yml
+++ b/roles/ipareplica/tasks/install.yml
@@ -500,6 +500,8 @@
      setup_ca: "{{ ipareplica_setup_ca }}"
      setup_kra: "{{ result_ipareplica_test.setup_kra }}"
      no_pkinit: "{{ ipareplica_no_pkinit }}"
+      pki_config_override:
+        "{{ ipareplica_pki_config_override | default(omit) }}"
      ### certificate system ###
      subject_base: "{{ result_ipareplica_prepare.subject_base }}"
      ### additional ###
@@ -571,6 +573,8 @@
      hostname: "{{ result_ipareplica_test.hostname }}"
      ca_cert_files: "{{ ipareplica_ca_cert_files | default([]) }}"
      no_host_dns: "{{ ipareplica_no_host_dns }}"
+      pki_config_override:
+        "{{ ipareplica_pki_config_override | default(omit)}}"
      ### replica ###
      setup_adtrust: "{{ result_ipareplica_test.setup_adtrust }}"
      setup_ca: "{{ ipareplica_setup_ca }}"