diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-04-01 17:20:38 -0400 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-04-23 04:57:34 -0600 |
| commit | 7c61663def1b00ceb4daf22be7a8d1c7116b6433 (patch) | |
| tree | 0aff3e6e07de39921d201d44c74e47d068751109 | |
| parent | 088cc6dc131fc2a480970315f59c7e8380d2aace (diff) | |
| download | freeipa-7c61663def1b00ceb4daf22be7a8d1c7116b6433.tar.gz freeipa-7c61663def1b00ceb4daf22be7a8d1c7116b6433.tar.xz freeipa-7c61663def1b00ceb4daf22be7a8d1c7116b6433.zip | |
Fix installing IPA with an external CA
- cache all interactive answers
- set non-interactive to True for the second run so nothing is asked
- convert boolean values that are read in
- require absolute paths for the external CA and signed cert files
- fix the invocation message for the second ipa-server-install run
| -rwxr-xr-x | install/tools/ipa-server-install | 22 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 2 |
2 files changed, 19 insertions, 5 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index f0c3add08..7b88f61e5 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -159,6 +159,11 @@ def parse_options(): (not options.external_cert_file and options.external_ca_file)): parser.error("if either external option is used, both are required.") + if (options.external_ca_file and not os.path.isabs(options.external_ca_file)): + parser.error("--external-ca-file must use an absolute path") + if (options.external_cert_file and not os.path.isabs(options.external_cert_file)): + parser.error("--external-cert-file must use an absolute path") + return options def signal_handler(signum, frame): @@ -194,9 +199,12 @@ def read_cache(): raise RuntimeError("Unable to determine serial number: %s" % str(e)) for opt in optlist: - optdict[opt[0]] = opt[1] - if optdict[opt[0]] == 'None': - optdict[opt[0]] = None + value = opt[1] + if value.lower() in ['true', 'false']: + value = value.lower() == 'true' + if value == 'None': + value = None + optdict[opt[0]] = value # These are the only ones that may be overridden if 'external_ca_file' in optdict: @@ -656,7 +664,7 @@ def main(): if external and ipautil.file_exists("/root/ipa.csr"): external = 2 if options.external_cert_file is None or options.external_ca_file is None: - print "You have a CA signing request for this server (/root/ipa.csr), you need to include --external_cert_file and --external_ca_file" + print "You already have a CA signing request for this server (/root/ipa.csr), you need to include --external_cert_file and --external_ca_file" sys.exit(1); if external and options.external_cert_file and not ipautil.file_exists(options.external_cert_file): print "%s does not exist" % options.external_cert_file @@ -672,6 +680,12 @@ def main(): if external == 0: ca.configure_instance("pkiuser", host_name, dm_password, dm_password, subject_base=options.subject) elif external == 1: + options.realm_name = realm_name + options.domain_name = domain_name + options.ds_user = ds_user + options.master_password = master_password + options.host_name = host_default + options.unattended = True write_cache(options) ca.configure_instance("pkiuser", host_name, dm_password, dm_password, csr_file="/root/ipa.csr", subject_base=options.subject) else: diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 69921a33a..bb7e00e2e 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -618,7 +618,7 @@ class CAInstance(service.Service): if self.external == 1: print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file - print "ipa-server-install --ca --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" + print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" sys.exit(0) # pkisilent doesn't return 1 on error so look at the output of |