are set to None to enable deployment with IPA 4.12 as a workaround till
HSM can be fully supported by the ipaserver role.
ipareplica_install_ca_certs: Do not return unchanged config attributes
The config attributes config_master_host_name and also config_ca_host_name
are not changed within ipareplica_install_ca_certs, therefore it is not
needed to return them and also to use the returned values for following
tasks.
ipareplica: Refactor CA file handling
replicainstall.install_ca_cert has been removed, paths.IPA_CERTUPDATE is
called instead if the client was configured before deploying with
iparepica role.
Refactor CA file handling in replica installer
Clean up and remove obsolete code from ipa-replica-install. For several
versions replica installer first ensures that a host is an IPA client,
then promotes the client to a replica. The client installer code sets up
CA stores like IPA_CA_CRT already.
ipareplica: After an HSM replica install ensure all certs are visible
After an HSM replica install ensure all certs are visible
If a certificate on a token does not have NSS trust set then
it won't be visible in the softoken. This can be disconcerting
for those used to seeing all the certificates.
Loop through the possibilities and set no trust (or Peer) for
all the certificates on the token.
Also ensure that the CA certificate has the correct nickname.
Related: https://pagure.io/freeipa/issue/9273
ipaserver: Set hsm attributes to None for now
The HSM parameters
are set to None to enable deployment with IPA 4.12 as a workaround till HSM can be fully supported by the ipaserver role.
ipareplica_install_ca_certs: Do not return unchanged config attributes
The config attributes config_master_host_name and also config_ca_host_name are not changed within ipareplica_install_ca_certs, therefore it is not needed to return them and also to use the returned values for following tasks.
ipareplica: Refactor CA file handling
replicainstall.install_ca_cert has been removed, paths.IPA_CERTUPDATE is called instead if the client was configured before deploying with iparepica role.
FreeIPA commit 8f25b2a74a587548976f3d29f0b69d566d70125d
ipareplica: After an HSM replica install ensure all certs are visible
FreeIPA commit ea0bf4020ce0b1e32572e128e9323c5af60ec93d