roles/ipaserver: Allow deployments with random serial numbers

Since FreeIPA version 4.10 it is possible to deploy servers that use Random Serial Number v3 support for certificates. This patch exposes the 'random_serial_numbers' parameter, as 'ipaserver_random_serial_numbers', allowing a user to have random serial numbers enabled for the domain. The use of random serial numbers is allowed on new installations only.
2026-05-14 13:32:10 +00:00 · 2023-03-15 12:20:30 -03:00
parent 24e05d1df4
commit a4087a755b
5 changed files with 82 additions and 39 deletions
--- a/roles/ipaserver/tasks/install.yml
+++ b/roles/ipaserver/tasks/install.yml
@@ -108,6 +108,7 @@
    external_cert_files: "{{ ipaserver_external_cert_files | default(omit) }}"
    subject_base: "{{ ipaserver_subject_base | default(omit) }}"
    ca_subject: "{{ ipaserver_ca_subject | default(omit) }}"
+    random_serial_numbers: "{{ ipaserver_random_serial_numbers | default(omit) }}"
    # ca_signing_algorithm
    ### dns ###
    allow_zone_overlap: "{{ ipaserver_allow_zone_overlap }}"
@@ -199,7 +200,7 @@
      ### additional ###
      setup_ca: "{{ result_ipaserver_test.setup_ca }}"
      sid_generation_always: "{{ result_ipaserver_test.sid_generation_always }}"
-      random_serial_numbers: no
+      random_serial_numbers: "{{ result_ipaserver_test.random_serial_numbers }}"
      _hostname_overridden: "{{ result_ipaserver_test._hostname_overridden }}"
    register: result_ipaserver_prepare