diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-04-10 14:14:10 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | d1386be4d55128056e93429bbc85a821494560e9 (patch) | |
tree | 681b3de39bdedb3617f6606d000293cf55620b38 /install/tools | |
parent | baa665fe4043615f3e5a653e6894ce7457855d87 (diff) | |
download | freeipa-d1386be4d55128056e93429bbc85a821494560e9.tar.gz freeipa-d1386be4d55128056e93429bbc85a821494560e9.tar.xz freeipa-d1386be4d55128056e93429bbc85a821494560e9.zip |
Pick new CA renewal master when deleting a replica.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'install/tools')
-rwxr-xr-x | install/tools/ipa-csreplica-manage | 10 | ||||
-rwxr-xr-x | install/tools/ipa-replica-manage | 13 |
2 files changed, 20 insertions, 3 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index eb589f3f9..cfcb354f2 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -25,7 +25,8 @@ import os import krbV from ipapython.ipa_log_manager import * -from ipaserver.install import replication, installutils, bindinstance +from ipaserver.install import (replication, installutils, bindinstance, + cainstance, certs) from ipalib import api, errors, util from ipalib.constants import CACERT from ipapython import ipautil, ipaldap, version, dogtag @@ -272,7 +273,12 @@ def del_master(realm, hostname, options): except Exception, e: sys.exit("There were issues removing a connection: %s" % e) - # 6. And clean up the removed replica DNS entries if any. + # 6. Pick CA renewal master + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(hostname): + ca.set_renewal_master(options.host) + + # 7. And clean up the removed replica DNS entries if any. try: if bindinstance.dns_container_exists(options.host, api.env.basedn, dm_password=options.dirman_passwd): diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage index d468850e5..aa710953a 100755 --- a/install/tools/ipa-replica-manage +++ b/install/tools/ipa-replica-manage @@ -28,7 +28,7 @@ import socket from ipapython import ipautil from ipaserver.install import replication, dsinstance, installutils -from ipaserver.install import bindinstance +from ipaserver.install import bindinstance, cainstance, certs from ipaserver.plugins import ldap2 from ipapython import version, ipaldap from ipalib import api, errors, util @@ -665,6 +665,7 @@ def del_master(realm, hostname, options): # Check that we are not leaving the installation without CA and/or DNS this_services = [] other_services = [] + ca_hostname = None for master_cn in [m.single_value['cn'] for m in masters]: master_dn = DN(('cn', master_cn), ('cn', 'masters'), ('cn', 'ipa'), ('cn', 'etc'), ipautil.realm_to_suffix(realm)) @@ -679,6 +680,8 @@ def del_master(realm, hostname, options): this_services = services_cns else: other_services.append(services_cns) + if ca_hostname is None and 'CA' in services_cns: + ca_hostname = master_cn if 'CA' in this_services and not any(['CA' in o for o in other_services]): print "Deleting this server is not allowed as it would leave your installation without a CA." @@ -688,6 +691,14 @@ def del_master(realm, hostname, options): print "Deleting this server will leave your installation without a DNS." if not options.force and not ipautil.user_input("Continue to delete?", False): sys.exit("Deletion aborted") + + # Pick CA renewal master + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(hostname): + try: + ca.set_renewal_master(options.host) + except errors.NotFound: + ca.set_renewal_master(ca_hostname) else: print "Skipping calculation to determine if one or more masters would be orphaned." |