diff options
author | Simo Sorce <ssorce@redhat.com> | 2011-01-28 15:45:19 -0500 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2011-01-31 16:35:53 -0500 |
commit | cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0 (patch) | |
tree | 820bafdf43ca8f6de5066bae8090b8b64327455d /install/tools/ipa-replica-install | |
parent | a629f3f4c7ea05973ae755e70d650f964131fae3 (diff) | |
download | freeipa-cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0.tar.gz freeipa-cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0.tar.xz freeipa-cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0.zip |
Use a common group for all DS instances
Also remove the option to choose a user.
It is silly to keep it, when you can't choose the group nor the CA
directory user.
Fixes: https://fedorahosted.org/freeipa/ticket/851
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 36 |
1 files changed, 29 insertions, 7 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 3eb41daae..590fd645b 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -22,6 +22,7 @@ import sys import socket import tempfile, os, pwd, traceback, logging, shutil +import grp from ConfigParser import SafeConfigParser from ipapython import ipautil @@ -33,6 +34,7 @@ from ipaserver.plugins.ldap2 import ldap2 from ipapython import version from ipalib import api, errors, util from ipapython.config import IPAOptionParser +from ipapython import sysrestore CACERT="/etc/ipa/ca.crt" @@ -45,7 +47,6 @@ class ReplicaConfig: self.domain_name = "" self.master_host_name = "" self.dirman_password = "" - self.ds_user = "" self.host_name = "" self.dir = "" self.subject_base = "" @@ -116,7 +117,6 @@ def read_info(dir, rconfig): rconfig.realm_name = config.get("realm", "realm_name") rconfig.master_host_name = config.get("realm", "master_host_name") - rconfig.ds_user = config.get("realm", "ds_user") rconfig.domain_name = config.get("realm", "domain_name") rconfig.host_name = config.get("realm", "destination_host") rconfig.subject_base = config.get("realm", "subject_base") @@ -145,7 +145,7 @@ def resolve_host(host_name): return None def set_owner(config, dir): - pw = pwd.getpwnam(config.ds_user) + pw = pwd.getpwnam(dsinstance.DS_USER) os.chown(dir, pw.pw_uid, pw.pw_gid) def install_ca(config): @@ -168,9 +168,13 @@ def install_ca(config): sys.exit(1) cs = cainstance.CADSInstance() - cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password) + cs.create_instance(config.realm_name, config.host_name, + config.domain_name, config.dirman_password) ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR) - ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base) + ca.configure_instance(config.host_name, config.dirman_password, + config.dirman_password, pkcs12_info=(cafile,), + master_host=config.master_host_name, + subject_base=config.subject_base) return ca @@ -187,7 +191,7 @@ def install_replica_ds(config): config.dir + "/dirsrv_pin.txt") ds = dsinstance.DsInstance() - ds.create_replica(config.ds_user, config.realm_name, + ds.create_replica(config.realm_name, config.master_host_name, config.host_name, config.domain_name, config.dirman_password, pkcs12_info) @@ -205,7 +209,7 @@ def install_krb(config, setup_pkinit=False): pkcs12_info = (config.dir + "/pkinitcert.p12", config.dir + "/pkinit_pin.txt") - krb.create_replica(config.ds_user, config.realm_name, + krb.create_replica(config.realm_name, config.master_host_name, config.host_name, config.domain_name, config.dirman_password, ldappwd_filename, kpasswd_filename, @@ -339,6 +343,9 @@ def main(): if not ipautil.file_exists(filename): sys.exit("Replica file %s does not exist" % filename) + global sstore + sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore') + # check the bind is installed if options.setup_dns: check_bind() @@ -393,6 +400,21 @@ def main(): api.bootstrap(in_server=True) api.finalize() + # Create DS group if it doesn't exist yet + try: + grp.getgrnam(dsinstance.DS_GROUP) + logging.debug("ds group %s exists" % dsinstance.DS_GROUP) + group_exists = True + except KeyError: + group_exists = False + args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP] + try: + ipautil.run(args) + logging.debug("done adding DS group") + except ipautil.CalledProcessError, e: + logging.critical("failed to add DS group: %s" % e) + sstore.backup_state("install", "group_exists", group_exists) + #Automatically disable pkinit w/ dogtag until that is supported #[certs.ipa_self_signed() must be called only after api.finalize()] if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed(): |