search

Nosmoht / ansible-module-ipa

Ansible modules to manage FreeIPA configuration
10 stars 2 forks source link

ipa_host: provided usercertificate results in Certificate format error #13

Open Nosmoht opened 7 years ago

Nosmoht commented 7 years ago

Following play


---
- hosts: ipa-server
  become: true
  vars:
    ipa_host: ipa-server.example.com
    ipa_user: admin
    ipa_pass: t0ps3cr3t
    cert_file_name: '{{ ansible_hostname ~ ".csr" }}'
  tasks:
  - name: generate host CSR
    shell: certutil -R -d /etc/pki/nssdb/ -a -g 4096 -s 'CN={{ansible_hostname ~ ".EXAMPLE.COM"}},O=EXAMPLE.COM' -z /root/noise.txt > '{{ cert_file_name }}'
    register: result
    args:
      creates: '{{ cert_file_name }}'

  - name: fetch CSR
    fetch:
      src: '{{ cert_file_name }}'
      dest: /tmp/{{ cert_file_name }}
      flat: yes
      validate_checksum: true
    register: cert

  - name: send cert b64ecoded
    ipa_host:
      name: "{{ansible_hostname ~ '.example.com'}}"
      usercertificate:
      - '{{ lookup("file", "/tmp/{{ cert_file_name }}") | b64encode }}'
      ipa_host: '{{ ipa_host }}'
      ipa_user: '{{ ipa_user }}'
      ipa_pass: '{{ ipa_pass }}'

results in

TASK [send cert b64ecoded] *****************************************************
fatal: [ipa-server.example.com]: FAILED! => {"changed": false, "failed": true, "msg": "repsonse host_mod: Certificate format error: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments."}
Nosmoht commented 7 years ago

Certificate was not passed right via API. This should be fixed with https://github.com/Nosmoht/ansible-module-ipa/commit/930e934b0cd9f5703924849d59463df482ef1832