Fix installing server with external CA

Reorganize ipa-server-instal so that DS (and NTP server) installation only happens in step one. Change CAInstance to behave correctly in two-step install. Add an `init_info` method to DSInstance that includes common attribute/sub_dict initialization from create_instance and create_replica. Use it in ipa-server-install to get a properly configured DSInstance for later tasks. https://fedorahosted.org/freeipa/ticket/3459
author: Petr Viktorin <pviktori@redhat.com> 2013-02-25 17:15:23 +0100
committer: Martin Kosek <mkosek@redhat.com> 2013-03-08 15:42:20 +0100
commit: 6ff20ca2d979f481ce91f013469e53d74a95dd48 (patch)
tree: d0a5938e3a02ec2df72c8028d7eda873b96620fa /install/tools/ipa-server-install
parent: 9955ba0714996db7b2b97261d3eb72f281eaa2f6 (diff)
download: freeipa-6ff20ca2d979f481ce91f013469e53d74a95dd48.tar.gz
freeipa-6ff20ca2d979f481ce91f013469e53d74a95dd48.tar.xz
freeipa-6ff20ca2d979f481ce91f013469e53d74a95dd48.zip
1 files changed, 42 insertions, 34 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 15591071b..57511c214 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -691,6 +691,15 @@ def main():
                 sys.exit(1)
             cert = certdict[certissuer]
 
+    # Figure out what external CA step we're in. See cainstance.py for more
+    # info on the 3 states.
+    if options.external_cert_file:
+        external = 2
+    elif options.external_ca:
+        external = 1
+    else:
+        external = 0
+
     print "=============================================================================="
     print "This program will set up the FreeIPA Server."
     print ""
@@ -717,8 +726,9 @@ def main():
     print "To accept the default shown in brackets, press the Enter key."
     print ""
 
-    # Make sure the 389-ds ports are available
-    check_dirsrv(options.unattended)
+    if external != 2:
+        # Make sure the 389-ds ports are available
+        check_dirsrv(options.unattended)
 
     if options.conf_ntp:
         try:
@@ -921,36 +931,43 @@ def main():
         except ipautil.CalledProcessError, e:
             root_logger.critical("failed to add DS group: %s" % e)
 
-    # Configure ntpd
-    if options.conf_ntp:
-        ipaclient.ntpconf.force_ntpd(sstore)
-        ntp = ntpinstance.NTPInstance(fstore)
-        if not ntp.is_configured():
-            ntp.create_instance()
-
-    # Create a directory server instance
-    ds = dsinstance.DsInstance(fstore=fstore)
-
     if options.dirsrv_pin:
         [pw_fd, pw_name] = tempfile.mkstemp()
         os.write(pw_fd, options.dirsrv_pin)
         os.close(pw_fd)
-
-    if options.dirsrv_pkcs12:
         pkcs12_info = (options.dirsrv_pkcs12, pw_name)
-        try:
+
+    if external != 2:
+        # Configure ntpd
+        if options.conf_ntp:
+            ipaclient.ntpconf.force_ntpd(sstore)
+            ntp = ntpinstance.NTPInstance(fstore)
+            if not ntp.is_configured():
+                ntp.create_instance()
+
+        # Create a directory server instance
+        ds = dsinstance.DsInstance(fstore=fstore)
+
+        if options.dirsrv_pkcs12:
+            try:
+                ds.create_instance(realm_name, host_name, domain_name,
+                                dm_password, pkcs12_info,
+                                subject_base=options.subject,
+                                hbac_allow=not options.hbac_allow)
+            finally:
+                os.remove(pw_name)
+        else:
             ds.create_instance(realm_name, host_name, domain_name,
-                               dm_password, pkcs12_info,
-                               subject_base=options.subject,
-                               hbac_allow=not options.hbac_allow)
-        finally:
-            os.remove(pw_name)
+                            dm_password, self_signed_ca=options.selfsign,
+                            idstart=options.idstart, idmax=options.idmax,
+                            subject_base=options.subject,
+                            hbac_allow=not options.hbac_allow)
     else:
-        ds.create_instance(realm_name, host_name, domain_name,
-                           dm_password, self_signed_ca=options.selfsign,
-                           idstart=options.idstart, idmax=options.idmax,
-                           subject_base=options.subject,
-                           hbac_allow=not options.hbac_allow)
+        ds = dsinstance.DsInstance(fstore=fstore)
+        ds.init_info(
+            realm_name, host_name, domain_name, dm_password,
+            options.selfsign, options.subject, 1101, 1100, None)
+
 
     if options.selfsign:
         ca = certs.CertDB(realm_name, host_name=host_name,
@@ -963,15 +980,6 @@ def main():
         except:
             pass
 
-        # Figure out what state we're in. See cainstance.py for more info on
-        # the 3 states.
-        if options.external_cert_file:
-            external = 2
-        elif options.external_ca:
-            external = 1
-        else:
-            external = 0
-
         if not dogtag.install_constants.SHARED_DB:
             cs = cainstance.CADSInstance(
                 host_name, realm_name, domain_name, dm_password)
author	Petr Viktorin <pviktori@redhat.com>	2013-02-25 17:15:23 +0100
committer	Martin Kosek <mkosek@redhat.com>	2013-03-08 15:42:20 +0100
commit	6ff20ca2d979f481ce91f013469e53d74a95dd48 (patch)
tree	d0a5938e3a02ec2df72c8028d7eda873b96620fa /install/tools/ipa-server-install
parent	9955ba0714996db7b2b97261d3eb72f281eaa2f6 (diff)
download	freeipa-6ff20ca2d979f481ce91f013469e53d74a95dd48.tar.gz freeipa-6ff20ca2d979f481ce91f013469e53d74a95dd48.tar.xz freeipa-6ff20ca2d979f481ce91f013469e53d74a95dd48.zip