Check LDAP instead of local configuration to see if IPA CA is enabled

The check is done using a new hidden command ca_is_enabled. https://fedorahosted.org/freeipa/ticket/4621 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-10-13 14:30:15 +0200
committer: Martin Kosek <mkosek@redhat.com> 2014-10-17 12:53:11 +0200
commit: 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch)
tree: 4e1e34c392d56672d22c7d8d00c0794163048119 /install/tools
parent: 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff)
download: freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz
freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz
freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip
4 files changed, 27 insertions, 15 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 0ea8cf24d..3934b0372 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -234,9 +234,6 @@ def install_master(safe_options, options):
     api.bootstrap(in_server=True)
     api.finalize()
 
-    if api.env.enable_ra:
-        sys.exit("CA is already installed.\n")
-
     dm_password = options.password
     if not dm_password:
         if options.unattended:
@@ -251,6 +248,9 @@ def install_master(safe_options, options):
     api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')),
                               bind_pw=dm_password)
 
+    if api.Command.ca_is_enabled()['result']:
+        sys.exit("CA is already installed.\n")
+
     config = api.Command['config_show']()['result']
     subject_base = config['ipacertificatesubjectbase'][0]
 
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 0e0fa1788..df0e5d565 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -238,7 +238,8 @@ def install_http(config, auto_redirect):
     http.create_instance(
         config.realm_name, config.host_name, config.domain_name,
         config.dirman_password, False, pkcs12_info,
-        auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt")
+        auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt",
+        ca_is_configured=ipautil.file_exists(config.dir + "/cacert.p12"))
 
     # Now copy the autoconfiguration files
     try:
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 39c13547c..3fa7bd72a 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1231,11 +1231,13 @@ def main():
         http.create_instance(
             realm_name, host_name, domain_name, dm_password,
             pkcs12_info=http_pkcs12_info, subject_base=options.subject,
-            auto_redirect=options.ui_redirect)
+            auto_redirect=options.ui_redirect,
+            ca_is_configured=setup_ca)
     else:
         http.create_instance(
             realm_name, host_name, domain_name, dm_password,
-            subject_base=options.subject, auto_redirect=options.ui_redirect)
+            subject_base=options.subject, auto_redirect=options.ui_redirect,
+            ca_is_configured=setup_ca)
     tasks.restore_context(paths.CACHE_IPA_SESSIONS)
 
     # Export full CA chain
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 945a6f663..03eb08c64 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -980,11 +980,13 @@ def add_ca_dns_records():
         root_logger.info('IPA CA DNS records already processed')
         return
 
-    try:
-        api.Backend.ldap2.connect(autobind=True)
-    except ipalib.errors.PublicError, e:
-        root_logger.error("Cannot connect to LDAP to add DNS records: %s", e)
-        return
+    if not api.Backend.ldap2.isconnected():
+        try:
+            api.Backend.ldap2.connect(autobind=True)
+        except ipalib.errors.PublicError, e:
+            root_logger.error(
+                "Cannot connect to LDAP to add DNS records: %s", e)
+            return
 
     ret = api.Command['dns_is_enabled']()
     if not ret['result']:
@@ -1131,12 +1133,19 @@ def remove_ds_ra_cert(subject_base):
 def fix_trust_flags():
     root_logger.info('[Fixing trust flags in %s]' % paths.HTTPD_ALIAS_DIR)
 
-    if not api.env.enable_ra:
-        root_logger.info("CA is not enabled")
+    if sysupgrade.get_upgrade_state('http', 'fix_trust_flags'):
+        root_logger.info("Trust flags already processed")
         return
 
-    if sysupgrade.get_upgrade_state(service, 'fix_trust_flags'):
-        root_logger.info("Trust flags already fixed")
+    if not api.Backend.ldap2.isconnected():
+        try:
+            api.Backend.ldap2.connect(autobind=True)
+        except ipalib.errors.PublicError, e:
+            root_logger.error("Cannot connect to LDAP: %s", e)
+            return
+
+    if not api.Command.ca_is_enabled()['result']:
+        root_logger.info("CA is not enabled")
         return
 
     db = certs.CertDB(api.env.realm)
author	Jan Cholasta <jcholast@redhat.com>	2014-10-13 14:30:15 +0200
committer	Martin Kosek <mkosek@redhat.com>	2014-10-17 12:53:11 +0200
commit	608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch)
tree	4e1e34c392d56672d22c7d8d00c0794163048119 /install/tools
parent	6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff)
download	freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip