summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2014-09-01 22:49:54 -0400
committerPetr Viktorin <pviktori@redhat.com>2014-09-15 10:58:29 +0200
commit9ca5a4e42084ba43e106fa3be9dac9965216e710 (patch)
tree31a674019d023a13062658a58929844e5c8e4a7d
parent4fac4f4cf65b54bc0b194928341b31e3c67d63a5 (diff)
downloadfreeipa-9ca5a4e42084ba43e106fa3be9dac9965216e710.zip
freeipa-9ca5a4e42084ba43e106fa3be9dac9965216e710.tar.gz
freeipa-9ca5a4e42084ba43e106fa3be9dac9965216e710.tar.xz
Re-enable uninstall feature for ipa-kra-install
The underlying Dogtag issue (Dogtag ticket 1113) has been fixed. We can therefore re-enable the uninstall option for ipa-kra-install. Also, fixes an incorrect path in the ipa-pki-proxy.conf, and adds a debug statement to provide status to the user when an uninstall is done. Also, re-added the no_host_dns option which is used when unpacking a replica file. Part of the work for: https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
-rw-r--r--install/conf/ipa-pki-proxy.conf2
-rw-r--r--ipaserver/install/dogtaginstance.py4
-rw-r--r--ipaserver/install/ipa_kra_install.py13
3 files changed, 10 insertions, 9 deletions
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf
index 5717539..2370b4d 100644
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -19,7 +19,7 @@ ProxyRequests Off
</LocationMatch>
# matches for agent port and eeca port
-<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/kra/rest/admin/kraconnector/remove">
+<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/ca/rest/admin/kraconnector/remove">
NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
NSSVerifyClient require
ProxyPassMatch ajp://localhost:$DOGTAG_PORT
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 1e4c5fa..174b538 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -335,6 +335,10 @@ class DogtagInstance(service.Service):
def stop_tracking_certificates(self, dogtag_constants, reqs=None):
"""Stop tracking our certificates. Called on uninstall.
"""
+ self.print_msg(
+ "Configuring certmonger to stop tracking system certificates "
+ "for %s" % self.subsystem)
+
cmonger = services.knownservices.certmonger
services.knownservices.messagebus.start()
cmonger.start()
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 2c4f2dc..207b8c4 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -49,6 +49,11 @@ class KRAInstall(admintool.AdminTool):
super(KRAInstall, cls).add_options(parser, debug_option=True)
parser.add_option(
+ "--no-host-dns", dest="no_host_dns", action="store_true",
+ default=False,
+ help="Do not use DNS for hostname lookup during installation")
+
+ parser.add_option(
"-p", "--password",
dest="password", sensitive=True,
help="Directory Manager (existing master) password")
@@ -115,14 +120,6 @@ class KRAUninstaller(KRAInstall):
super(KRAUninstaller, self).run()
dogtag_constants = dogtag.configured_constants()
- # temporarily disable uninstall until Dogtag ticket:
- # https://fedorahosted.org/pki/ticket/1113 is fixed
- # TODO(alee) remove this once the above ticket is fixed
- raise admintool.ScriptError(
- "Uninstall is temporarily disabled. To uninstall, please "
- "use ipa-server-install --uninstall"
- )
-
kra_instance = krainstance.KRAInstance(
api.env.realm, dogtag_constants=dogtag_constants)
kra_instance.stop_tracking_certificates(dogtag_constants)