Commit 86d1d8a1 authored by Scott Barthelemy's avatar Scott Barthelemy Committed by Fabien Combernous

Resolve "missing CA on replica"

parent e29f2889
......@@ -368,6 +368,14 @@ Hash of admin accounts in freeipa. Uses the following schema : Hash[ String[1],
Default value: {}
##### `install_ca`
Data type: `Boolean`
If true, then the parameter '--setup-ca' is passed to the IPA server installer (for replicas)
Default value: `true`
##### `enable_manage_admins`
Data type: `Boolean`
......
......@@ -67,6 +67,7 @@
# @param webui_proxy_external_fqdn The public or external FQDN used to access the IPA Web UI behind the reverse proxy.
# @param webui_proxy_https_port The HTTPS port to use for the reverse proxy. Cannot be 443.
# @param humanadmins Hash of admin accounts in freeipa. Uses the following schema : Hash[ String[1], Struct[{ password => String[1], Optional[ensure] => Enum['present','absent']}]]
# @param install_ca If true, then the parameter '--setup-ca' is passed to the IPA server installer (for replicas)
#
class freeipa (
Stdlib::Fqdn $domain,
......@@ -100,6 +101,7 @@ class freeipa (
Boolean $install_ipa_client = true,
Boolean $install_ipa_server = true,
Boolean $install_sssd = true,
Boolean $install_ca = true,
Stdlib::Fqdn $ipa_server_fqdn = $facts['networking']['fqdn'],
String $ldaputils_package_name = $facts['os']['family'] ? {
'Debian' => 'ldap-utils',
......
......@@ -51,6 +51,12 @@ class freeipa::install::server {
$server_install_cmd_opts_no_ntp = '--no-ntp'
}
if $freeipa::install_ca {
$server_install_cmd_opts_setup_ca = '--setup-ca'
} else {
$server_install_cmd_opts_setup_ca = ''
}
if $freeipa::final_configure_dns_server {
if size($freeipa::custom_dns_forwarders) > 0 {
$server_install_cmd_opts_forwarders = join(
......
......@@ -21,6 +21,7 @@ class freeipa::install::server::replica {
${freeipa::install::server::server_install_cmd_opts_ip_address} \
${freeipa::install::server::server_install_cmd_opts_no_ntp} \
${freeipa::install::server::server_install_cmd_opts_no_ui_redirect} \
${freeipa::install::server::server_install_cmd_opts_setup_ca} \
--unattended"
if ! $facts['iparole'] or $facts['iparole'] == 'replica' {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment