diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-08-16 17:55:07 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2010-08-19 10:50:40 -0400 |
| commit | 3e15e6ed6dd0fa6f5606fd77b5104fd067798cde (patch) | |
| tree | f094c8b5e7e70c30eccc81b2d9ceb06b25d34574 /ipaserver/install/cainstance.py | |
| parent | e466bed5453302ca41e6ab7e85fddbdd35548d2a (diff) | |
| download | freeipa-3e15e6ed6dd0fa6f5606fd77b5104fd067798cde.tar.gz freeipa-3e15e6ed6dd0fa6f5606fd77b5104fd067798cde.tar.xz freeipa-3e15e6ed6dd0fa6f5606fd77b5104fd067798cde.zip | |
Break out install into more steps, add -key_algorithm to pkisilent
Installing dogtag is quite slow and it isn't always clear that things
are working. This breaks out some restart calls into separate steps
to show some amount of progress. There are still some steps that take
more than a minute (pkicreate and pkisilent).
Add new argument to pkisilent, -key_algorithm
Update a bunch of minimum required versions in the spec file.
tickets 139 (time) and 144 (key_algorithm)
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 29 |
1 files changed, 9 insertions, 20 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 035d6315f..6babd440f 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -434,10 +434,12 @@ class CAInstance(service.Service): self.step("creating certificate server user", self.__create_ca_user) if not ipautil.dir_exists("/var/lib/pki-ca"): self.step("creating pki-ca instance", self.create_instance) + self.step("restarting certificate server", self.__restart_instance) self.step("configuring certificate server instance", self.__configure_instance) # Step 1 of external is getting a CSR so we don't need to do these # steps until we get a cert back from the external CA. if self.external != 1: + self.step("restarting certificate server", self.__restart_instance) if not self.clone: self.step("creating CA agent PKCS#12 file in /root", self.__create_ca_agent_pkcs12) self.step("creating RA agent certificate database", self.__create_ra_agent_db) @@ -497,19 +499,6 @@ class CAInstance(service.Service): self.backup_state("user_exists", user_exists) def __configure_instance(self): - # Turn off Nonces - if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: - raise RuntimeError("Disabling nonces failed") - pent = pwd.getpwnam(self.pki_user) - os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) - - logging.debug("restarting ca instance") - try: - self.restart() - logging.debug("done restarting ca instance") - except ipautil.CalledProcessError, e: - print "failed to restart ca instance", e - preop_pin = get_preop_pin(self.server_root, PKI_INSTANCE_NAME) try: @@ -535,6 +524,7 @@ class CAInstance(service.Service): "-db_name", "ipaca", "-key_size", "2048", "-key_type", "rsa", + "-key_algorithm", "SHA256withRSA", "-save_p12", "true", "-backup_pwd", self.admin_password, "-subsystem_name", self.service_name, @@ -620,13 +610,12 @@ class CAInstance(service.Service): logging.debug("completed creating ca instance") except ipautil.CalledProcessError, e: logging.critical("failed to restart ca instance %s" % e) - logging.debug("restarting ca instance") - try: - self.restart() - logging.debug("done restarting ca instance") - except ipautil.CalledProcessError, e: - print "failed to restart ca instance", e - logging.debug("failed to restart ca instance %s" % e) + + # Turn off Nonces (again) + if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: + raise RuntimeError("Disabling nonces failed") + pent = pwd.getpwnam(self.pki_user) + os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) # pkisilent makes a copy of the CA PKCS#12 file for us but gives # it a lousy name. |