diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2009-04-01 22:39:44 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2009-04-03 14:06:09 -0400 |
| commit | 484eff1016ab00cc7c3c3dc4be3fb0fd7179a994 (patch) | |
| tree | 65965f10a2f4b1650bbef5de667a6f6d1a882c42 /install | |
| parent | a6294ba041aa4568b414b5f25a345c00a031667e (diff) | |
| download | freeipa-484eff1016ab00cc7c3c3dc4be3fb0fd7179a994.tar.gz freeipa-484eff1016ab00cc7c3c3dc4be3fb0fd7179a994.tar.xz freeipa-484eff1016ab00cc7c3c3dc4be3fb0fd7179a994.zip | |
Implement an installer for the Dogtag certificate system.
The CA is currently not automatically installed. You have to pass in the
--ca flag to install it.
What works:
- installation
- unistallation
- cert/ra plugins can issue and retrieve server certs
What doesn't work:
- self-signed CA is still created and issues Apache and DS certs
- dogtag and python-nss not in rpm requires
- requires that CS be in the "pre" install state from pkicreate
Diffstat (limited to 'install')
| -rwxr-xr-x | install/tools/ipa-server-install | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index c0f8e7a6b..cefdbf85e 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -69,6 +69,8 @@ def parse_options(): help="admin user kerberos password") parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="print debugging information") + parser.add_option("", "--ca", dest="ca", action="store_true", + default=False, help="Configure a CA instance") parser.add_option("--hostname", dest="host_name", help="fully qualified name of server") parser.add_option("--ip-address", dest="ip_address", help="Master Server IP Address") parser.add_option("--setup-bind", dest="setup_bind", action="store_true", @@ -298,7 +300,7 @@ def check_dirsrv(unattended): print "\t636" sys.exit(1) -def uninstall(): +def uninstall(ca = False): try: run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"]) except Exception, e: @@ -307,6 +309,14 @@ def uninstall(): pass ntpinstance.NTPInstance(fstore).uninstall() + if ca: + try: + from ipaserver.install import cainstance + except ImportError: + print >> sys.stderr, "Import failed: %s" % sys.exc_value + sys.exit(1) + cainstance.CADSInstance().uninstall() + cainstance.CAInstance().uninstall() bindinstance.BindInstance(fstore).uninstall() httpinstance.HTTPInstance(fstore).uninstall() krbinstance.KrbInstance(fstore).uninstall() @@ -345,7 +355,7 @@ def main(): print "Aborting uninstall operation." sys.exit(1) - return uninstall() + return uninstall(options.ca) print "==============================================================================" print "This program will setup the FreeIPA Server." @@ -495,12 +505,26 @@ def main(): os.write(pw_fd, options.dirsrv_pin) os.close(pw_fd) + if options.ca: + try: + from ipaserver.install import cainstance + except ImportError: + print >> sys.stderr, "Import failed: %s" % sys.exc_value + sys.exit(1) + + cs = cainstance.CADSInstance() + cs.create_instance("dirsrv", realm_name, host_name, domain_name, dm_password) + ca = cainstance.CAInstance() + ca.configure_instance("pkiuser", host_name, dm_password, dm_password) + # Create a directory server instance ds = dsinstance.DsInstance() if options.dirsrv_pkcs12: pkcs12_info = (options.dirsrv_pkcs12, pw_name) - ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info) - os.remove(pw_name) + try: + ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, pkcs12_info) + finally: + os.remove(pw_name) else: ds.create_instance(ds_user, realm_name, host_name, domain_name, dm_password) @@ -540,6 +564,8 @@ def main(): fd.write("realm=" + realm_name + "\n") fd.write("domain=" + domain_name + "\n") fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name) + if options.ca: + fd.write("enable_ra=True\n") fd.close() bind = bindinstance.BindInstance(fstore) |