summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-replica-install
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2011-01-28 15:45:19 -0500
committerSimo Sorce <ssorce@redhat.com>2011-01-31 16:35:53 -0500
commitcc9abf5d38c0030bb4dad0e204c16c9c9bae27c0 (patch)
tree820bafdf43ca8f6de5066bae8090b8b64327455d /install/tools/ipa-replica-install
parenta629f3f4c7ea05973ae755e70d650f964131fae3 (diff)
downloadfreeipa-cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0.tar.gz
freeipa-cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0.tar.xz
freeipa-cc9abf5d38c0030bb4dad0e204c16c9c9bae27c0.zip
Use a common group for all DS instances
Also remove the option to choose a user. It is silly to keep it, when you can't choose the group nor the CA directory user. Fixes: https://fedorahosted.org/freeipa/ticket/851
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-xinstall/tools/ipa-replica-install36
1 files changed, 29 insertions, 7 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 3eb41daae..590fd645b 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -22,6 +22,7 @@ import sys
import socket
import tempfile, os, pwd, traceback, logging, shutil
+import grp
from ConfigParser import SafeConfigParser
from ipapython import ipautil
@@ -33,6 +34,7 @@ from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
+from ipapython import sysrestore
CACERT="/etc/ipa/ca.crt"
@@ -45,7 +47,6 @@ class ReplicaConfig:
self.domain_name = ""
self.master_host_name = ""
self.dirman_password = ""
- self.ds_user = ""
self.host_name = ""
self.dir = ""
self.subject_base = ""
@@ -116,7 +117,6 @@ def read_info(dir, rconfig):
rconfig.realm_name = config.get("realm", "realm_name")
rconfig.master_host_name = config.get("realm", "master_host_name")
- rconfig.ds_user = config.get("realm", "ds_user")
rconfig.domain_name = config.get("realm", "domain_name")
rconfig.host_name = config.get("realm", "destination_host")
rconfig.subject_base = config.get("realm", "subject_base")
@@ -145,7 +145,7 @@ def resolve_host(host_name):
return None
def set_owner(config, dir):
- pw = pwd.getpwnam(config.ds_user)
+ pw = pwd.getpwnam(dsinstance.DS_USER)
os.chown(dir, pw.pw_uid, pw.pw_gid)
def install_ca(config):
@@ -168,9 +168,13 @@ def install_ca(config):
sys.exit(1)
cs = cainstance.CADSInstance()
- cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password)
+ cs.create_instance(config.realm_name, config.host_name,
+ config.domain_name, config.dirman_password)
ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR)
- ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base)
+ ca.configure_instance(config.host_name, config.dirman_password,
+ config.dirman_password, pkcs12_info=(cafile,),
+ master_host=config.master_host_name,
+ subject_base=config.subject_base)
return ca
@@ -187,7 +191,7 @@ def install_replica_ds(config):
config.dir + "/dirsrv_pin.txt")
ds = dsinstance.DsInstance()
- ds.create_replica(config.ds_user, config.realm_name,
+ ds.create_replica(config.realm_name,
config.master_host_name, config.host_name,
config.domain_name, config.dirman_password,
pkcs12_info)
@@ -205,7 +209,7 @@ def install_krb(config, setup_pkinit=False):
pkcs12_info = (config.dir + "/pkinitcert.p12",
config.dir + "/pkinit_pin.txt")
- krb.create_replica(config.ds_user, config.realm_name,
+ krb.create_replica(config.realm_name,
config.master_host_name, config.host_name,
config.domain_name, config.dirman_password,
ldappwd_filename, kpasswd_filename,
@@ -339,6 +343,9 @@ def main():
if not ipautil.file_exists(filename):
sys.exit("Replica file %s does not exist" % filename)
+ global sstore
+ sstore = sysrestore.StateFile('/var/lib/ipa/sysrestore')
+
# check the bind is installed
if options.setup_dns:
check_bind()
@@ -393,6 +400,21 @@ def main():
api.bootstrap(in_server=True)
api.finalize()
+ # Create DS group if it doesn't exist yet
+ try:
+ grp.getgrnam(dsinstance.DS_GROUP)
+ logging.debug("ds group %s exists" % dsinstance.DS_GROUP)
+ group_exists = True
+ except KeyError:
+ group_exists = False
+ args = ["/usr/sbin/groupadd", "-r", dsinstance.DS_GROUP]
+ try:
+ ipautil.run(args)
+ logging.debug("done adding DS group")
+ except ipautil.CalledProcessError, e:
+ logging.critical("failed to add DS group: %s" % e)
+ sstore.backup_state("install", "group_exists", group_exists)
+
#Automatically disable pkinit w/ dogtag until that is supported
#[certs.ipa_self_signed() must be called only after api.finalize()]
if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():