summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2010-12-07 18:23:05 -0500
committerSimo Sorce <ssorce@redhat.com>2010-12-10 12:28:38 -0500
commitded15c72fff4805e9a095c5a8f82b463603f5d1b (patch)
treecb4384bcede5091446318a1220ac8f7d6917e472 /install/tools
parentfea4d3880ae78dd1e53380bc644638e4e3fc1dd5 (diff)
downloadfreeipa-ded15c72fff4805e9a095c5a8f82b463603f5d1b.tar.gz
freeipa-ded15c72fff4805e9a095c5a8f82b463603f5d1b.tar.xz
freeipa-ded15c72fff4805e9a095c5a8f82b463603f5d1b.zip
Split dsinstance configuration
This is so that master and replica creation can perform different operations as they need slightly diffeent settings to be applied.
Diffstat (limited to 'install/tools')
-rwxr-xr-xinstall/tools/ipa-replica-install59
1 files changed, 25 insertions, 34 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 65107f027..c539e7517 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -26,14 +26,14 @@ from ConfigParser import SafeConfigParser
from ipapython import ipautil
-from ipaserver.install import dsinstance, replication, installutils, krbinstance, service
+from ipaserver.install import dsinstance, installutils, krbinstance, service
from ipaserver.install import bindinstance, httpinstance, ntpinstance, certs
from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
-CACERT="/usr/share/ipa/html/ca.crt"
+CACERT="/etc/ipa/ca.crt"
class HostnameLocalhost(Exception):
pass
@@ -163,7 +163,7 @@ def install_ca(config):
return ca
-def install_ds(config):
+def install_replica_ds(config):
dsinstance.check_existing_installation()
dsinstance.check_ports()
@@ -176,13 +176,10 @@ def install_ds(config):
config.dir + "/dirsrv_pin.txt")
ds = dsinstance.DsInstance()
- # idstart and idmax are configured so that the range is seen as depleted
- # by the DNA plugin and the replica will go and get a new range from the
- # master.
- # This way all servers use the initially defined range by default.
- ds.create_instance(config.ds_user, config.realm_name, config.host_name,
- config.domain_name, config.dirman_password,
- pkcs12_info, idstart=1101, idmax=1100)
+ ds.create_replica(config.ds_user, config.realm_name,
+ config.master_host_name, config.host_name,
+ config.domain_name, config.dirman_password,
+ pkcs12_info)
return ds
@@ -203,13 +200,16 @@ def install_krb(config, setup_pkinit=False):
setup_pkinit, pkcs12_info)
def install_ca_cert(config):
- if ipautil.file_exists(config.dir + "/ca.crt"):
- try:
- shutil.copy(config.dir + "/ca.crt", CACERT)
- os.chmod(CACERT, 0444)
- except Exception, e:
- print "error copying files: " + str(e)
- sys.exit(1)
+ cafile = config.dir + "/ca.crt"
+ if not ipautil.file_exists(cafile):
+ raise RuntimeError("Ca cert file is not available")
+
+ try:
+ shutil.copy(cafile, CACERT)
+ os.chmod(CACERT, 0444)
+ except Exception, e:
+ print "error copying files: " + str(e)
+ sys.exit(1)
def install_http(config):
# if we have a pkcs12 file, create the cert db from
@@ -354,13 +354,16 @@ def main():
if options.setup_pkinit:
check_pkinit()
+ # Install CA cert so that we can do SSL connections with ldap
+ install_ca_cert(config)
+
# Try out the password
- ldapuri = 'ldap://%s' % config.master_host_name
+ ldapuri = 'ldaps://%s' % config.master_host_name
try:
conn = ldap2(shared_instance=False, ldap_uri=ldapuri, base_dn='')
- conn.connect(
- bind_dn='cn=directory manager', bind_pw=config.dirman_password
- )
+ conn.connect(bind_dn='cn=directory manager',
+ bind_pw=config.dirman_password,
+ tls_cacertfile=CACERT)
try:
entry = conn.find_entries(u'fqdn=%s' % host, ['dn', 'fqdn'], u'%s,%s' % (api.env.container_host, api.env.basedn))
print "The host %s already exists.\n" % host
@@ -377,9 +380,6 @@ def main():
except errors.LDAPError:
sys.exit("\nUnable to connect to LDAP server %s" % config.master_host_name)
- # Install CA cert so that we can do SSL connections with ldap
- install_ca_cert(config)
-
# Configure ntpd
if options.conf_ntp:
ntp = ntpinstance.NTPInstance()
@@ -389,16 +389,7 @@ def main():
CA = install_ca(config)
# Configure dirsrv
- ds = install_ds(config)
-
- try:
- repl = replication.ReplicationManager(config.host_name, config.dirman_password)
- ret = repl.setup_replication(config.master_host_name, config.realm_name)
- except Exception, e:
- logging.debug("Connection error: %s" % e)
- raise RuntimeError("Unable to connect to LDAP server %s." % config.host_name)
- if ret != 0:
- raise RuntimeError("Failed to start replication")
+ ds = install_replica_ds(config)
install_krb(config, setup_pkinit=options.setup_pkinit)
install_http(config)