diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-13 14:30:15 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-17 12:53:11 +0200 |
commit | 608851d3f86a9082b394c30fe0c7a7b33d43f363 (patch) | |
tree | 4e1e34c392d56672d22c7d8d00c0794163048119 /install | |
parent | 6227ebb0cd2d8661d9233e26adb5e0bff7fe4c0d (diff) | |
download | freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.gz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.tar.xz freeipa-608851d3f86a9082b394c30fe0c7a7b33d43f363.zip |
Check LDAP instead of local configuration to see if IPA CA is enabled
The check is done using a new hidden command ca_is_enabled.
https://fedorahosted.org/freeipa/ticket/4621
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-ca-install | 6 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 3 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 6 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 27 |
4 files changed, 27 insertions, 15 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 0ea8cf24d..3934b0372 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -234,9 +234,6 @@ def install_master(safe_options, options): api.bootstrap(in_server=True) api.finalize() - if api.env.enable_ra: - sys.exit("CA is already installed.\n") - dm_password = options.password if not dm_password: if options.unattended: @@ -251,6 +248,9 @@ def install_master(safe_options, options): api.Backend.ldap2.connect(bind_dn=DN(('cn', 'Directory Manager')), bind_pw=dm_password) + if api.Command.ca_is_enabled()['result']: + sys.exit("CA is already installed.\n") + config = api.Command['config_show']()['result'] subject_base = config['ipacertificatesubjectbase'][0] diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 0e0fa1788..df0e5d565 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -238,7 +238,8 @@ def install_http(config, auto_redirect): http.create_instance( config.realm_name, config.host_name, config.domain_name, config.dirman_password, False, pkcs12_info, - auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt") + auto_redirect=auto_redirect, ca_file = config.dir + "/ca.crt", + ca_is_configured=ipautil.file_exists(config.dir + "/cacert.p12")) # Now copy the autoconfiguration files try: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 39c13547c..3fa7bd72a 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1231,11 +1231,13 @@ def main(): http.create_instance( realm_name, host_name, domain_name, dm_password, pkcs12_info=http_pkcs12_info, subject_base=options.subject, - auto_redirect=options.ui_redirect) + auto_redirect=options.ui_redirect, + ca_is_configured=setup_ca) else: http.create_instance( realm_name, host_name, domain_name, dm_password, - subject_base=options.subject, auto_redirect=options.ui_redirect) + subject_base=options.subject, auto_redirect=options.ui_redirect, + ca_is_configured=setup_ca) tasks.restore_context(paths.CACHE_IPA_SESSIONS) # Export full CA chain diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 945a6f663..03eb08c64 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -980,11 +980,13 @@ def add_ca_dns_records(): root_logger.info('IPA CA DNS records already processed') return - try: - api.Backend.ldap2.connect(autobind=True) - except ipalib.errors.PublicError, e: - root_logger.error("Cannot connect to LDAP to add DNS records: %s", e) - return + if not api.Backend.ldap2.isconnected(): + try: + api.Backend.ldap2.connect(autobind=True) + except ipalib.errors.PublicError, e: + root_logger.error( + "Cannot connect to LDAP to add DNS records: %s", e) + return ret = api.Command['dns_is_enabled']() if not ret['result']: @@ -1131,12 +1133,19 @@ def remove_ds_ra_cert(subject_base): def fix_trust_flags(): root_logger.info('[Fixing trust flags in %s]' % paths.HTTPD_ALIAS_DIR) - if not api.env.enable_ra: - root_logger.info("CA is not enabled") + if sysupgrade.get_upgrade_state('http', 'fix_trust_flags'): + root_logger.info("Trust flags already processed") return - if sysupgrade.get_upgrade_state(service, 'fix_trust_flags'): - root_logger.info("Trust flags already fixed") + if not api.Backend.ldap2.isconnected(): + try: + api.Backend.ldap2.connect(autobind=True) + except ipalib.errors.PublicError, e: + root_logger.error("Cannot connect to LDAP: %s", e) + return + + if not api.Command.ca_is_enabled()['result']: + root_logger.info("CA is not enabled") return db = certs.CertDB(api.env.realm) |