ipaclient: Fix gathering of subject_base from server in ipaapi.py module

The api command to get the server config is failing with more recent freeipa versions. Therefore another way to gather the server config using api.Backend.rpcclient.forward has been added in case the first version fails. The new code is from freeipa commit 8af6accfa5734a7e9a7c92fcf38d5440482413d4 (https://github.com/freeipa/freeipa/commit/8af6accf)
2026-05-06 21:33:14 +00:00 · 2018-11-21 17:07:55 +01:00
parent b2583f7078
commit dc0d1fc196
1 changed files with 13 additions and 1 deletions
--- a/roles/ipaclient/library/ipaapi.py
+++ b/roles/ipaclient/library/ipaapi.py
@@ -198,7 +198,19 @@ def main():
        config = api.Command['config_show']()['result']
        subject_base = str(DN(config['ipacertificatesubjectbase'][0]))
    except errors.PublicError as e:
-        module.fail_json(msg="Cannot get subject base from server: %s" % e)
+        try:
+            config = api.Backend.rpcclient.forward(
+                'config_show',
+                raw=True,  # so that servroles are not queried
+                version=u'2.0'
+            )['result']
+        except Exception as e:
+            logger.debug("config_show failed %s", e, exc_info=True)
+            module.fail_json(
+                "Failed to retrieve CA certificate subject base: {}".format(e),
+                rval=CLIENT_INSTALL_ERROR)
+        else:
+            subject_base = str(DN(config['ipacertificatesubjectbase'][0]))

    module.exit_json(changed=True,
                     ca_enabled=ca_enabled,