diff options
| author | Simo Sorce <ssorce@redhat.com> | 2010-11-03 18:17:36 -0400 |
|---|---|---|
| committer | Simo Sorce <ssorce@redhat.com> | 2010-11-18 15:09:57 -0500 |
| commit | 345fc79f039d217316c5d2df5ef59952a8130a96 (patch) | |
| tree | 7ded40f684ab7c31edf9f052b9a34afb8729c2af /install/tools/ipa-replica-install | |
| parent | 8c616eb10a5f246a9518a8ae20a4144c756d5b61 (diff) | |
| download | freeipa-345fc79f039d217316c5d2df5ef59952a8130a96.tar.gz freeipa-345fc79f039d217316c5d2df5ef59952a8130a96.tar.xz freeipa-345fc79f039d217316c5d2df5ef59952a8130a96.zip | |
pkinit-replica: create certificates for replicas too
altough the kdc certificate name is not tied to the fqdn we create separate
certs for each KDC so that renewal of each of them is done separately.
Diffstat (limited to 'install/tools/ipa-replica-install')
| -rwxr-xr-x | install/tools/ipa-replica-install | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2beadae81..fb6dd46fb 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -68,6 +68,8 @@ def parse_options(): parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", + default=True, help="disables pkinit setup steps") options, args = parser.parse_args() safe_options = parser.get_safe_opts(options) @@ -178,13 +180,21 @@ def install_ds(config): return ds -def install_krb(config): +def install_krb(config, setup_pkinit=False): krb = krbinstance.KrbInstance() ldappwd_filename = config.dir + "/ldappwd" kpasswd_filename = config.dir + "/kpasswd.keytab" + + #pkinit files + pkcs12_info = None + if ipautil.file_exists(config.dir + "/pkinitcert.p12"): + pkcs12_info = (config.dir + "/pkinitcert.p12", + config.dir + "/pkinit_pin.txt") + krb.create_replica(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, - ldappwd_filename, kpasswd_filename) + ldappwd_filename, kpasswd_filename, + setup_pkinit, pkcs12_info) def install_ca_cert(config): if ipautil.file_exists(config.dir + "/ca.crt"): @@ -261,6 +271,11 @@ def check_bind(): print "Aborting installation" sys.exit(1) +def check_pkinit(): + if not krbinstance.check_pkinit_plugin(): + print "Aborting installation" + sys.exit(1) + def main(): safe_options, options, filename = parse_options() installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug) @@ -269,8 +284,14 @@ def main(): if not ipautil.file_exists(filename): sys.exit("Replica file %s does not exist" % filename) + # check the bind is installed if options.setup_dns: check_bind() + + # check the pkinit plugin is installed + if options.setup_pkinit: + check_pkinit() + check_dirsrv() # get the directory manager password @@ -367,7 +388,7 @@ def main(): if ret != 0: raise RuntimeError("Failed to start replication") - install_krb(config) + install_krb(config, setup_pkinit=options.setup_pkinit) install_http(config) if CA: CA.import_ra_cert(dir + "/ra.p12") |