roles/ipaserver: Allow deployments with random serial numbers

Since FreeIPA version 4.10 it is possible to deploy servers that use Random Serial Number v3 support for certificates. This patch exposes the 'random_serial_numbers' parameter, as 'ipaserver_random_serial_numbers', allowing a user to have random serial numbers enabled for the domain. The use of random serial numbers is allowed on new installations only.
2026-05-07 22:03:18 +00:00 · 2023-03-15 12:20:30 -03:00
parent 24e05d1df4
commit a4087a755b
5 changed files with 82 additions and 39 deletions
--- a/roles/ipaserver/module_utils/ansible_ipa_server.py
+++ b/roles/ipaserver/module_utils/ansible_ipa_server.py
@@ -44,7 +44,7 @@ __all__ = ["IPAChangeConf", "certmonger", "sysrestore", "root_logger",
           "check_available_memory", "getargspec", "get_min_idstart",
           "paths", "api", "ipautil", "adtrust_imported", "NUM_VERSION",
           "time_service", "kra_imported", "dsinstance", "IPA_PYTHON_VERSION",
-           "NUM_VERSION"]
+           "NUM_VERSION", "SerialNumber"]

 import sys
 import logging
@@ -203,6 +203,13 @@ try:
        except ImportError:
            get_min_idstart = None

+        # SerialNumber is defined in versions 4.10 and later and is
+        # used by Random Serian Number v3.
+        try:
+            from ipalib.parameters import SerialNumber
+        except ImportError:
+            SerialNumber = None
+
    else:
        # IPA version < 4.5