Modifications to install scripts for dogtag 10

Dogtag 10 uses a new installer, new directory layout and new default
ports.  This patch changes the ipa install code to integrate these changes.

https://fedorahosted.org/freeipa/ticket/2846

5 files changed, 14 insertions, 2 deletions

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 4d7be217d..d52832239 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -156,6 +156,16 @@ def main():
     # We need to restart apache as we drop a new config file in there
     ipaservices.knownservices.httpd.restart(capture_output=True)
 
+    #update dogtag version in config file to denote new instance
+    try:
+        fd = open("/etc/ipa/default.conf", "a")
+        fd.write("dogtag_version=10\n")
+        fd.close()
+    except IOError, e:
+        print "Failed to update /etc/ipa/default.conf"
+        root_logger.error(str(e))
+        sys.exit(1)
+
 fail_message = '''
 Your system may be partly configured.
 Run /usr/sbin/ipa-server-install --uninstall to clean up.
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index 6eefe8d6d..884956fd1 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -80,7 +80,7 @@ class CSReplicationManager(replication.ReplicationManager):
         """
         dn = None
         cn = None
-        instance_name = 'pki-ca'
+        instance_name = 'pki-tomcat'
 
         # if master is not None we know what dn to return:
         if master is not None:
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 267a70d8b..a7b34cf1b 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -376,6 +376,7 @@ def main():
         if ipautil.file_exists(config.dir + "/cacert.p12"):
             fd.write("enable_ra=True\n")
             fd.write("ra_plugin=dogtag\n")
+            fd.write("dogtag_version=10\n")
         fd.write("mode=production\n")
         fd.close()
     finally:
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index d1ffe4e2e..ce25681f4 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -304,7 +304,7 @@ def main():
         if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address):
             sys.exit(1)
 
-    if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin:
+    if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki/pki-tomcat/conf/ca/CS.cfg") and not options.dirsrv_pin:
         sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
 
     check_ipa_configuration(api.env.realm)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index f07aeadf8..639a72701 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -853,6 +853,7 @@ def main():
     fd.write("enable_ra=True\n")
     if not options.selfsign:
         fd.write("ra_plugin=dogtag\n")
+        fd.write("dogtag_version=10\n")
     fd.write("mode=production\n")
     fd.close()