diff options
author | Jan Cholasta <jcholast@redhat.com> | 2015-06-10 08:22:30 +0000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-06-10 16:17:34 +0000 |
commit | cbcd86b5001039db468b46aefd83926a2b721eb5 (patch) | |
tree | dd2c5cbee19700eeb3cb7b41e42cc244a53bf684 /ipaserver/install/server/install.py | |
parent | 81729e22d35c5313e85081b6b3e8658b3d542af1 (diff) | |
download | freeipa-cbcd86b5001039db468b46aefd83926a2b721eb5.tar.gz freeipa-cbcd86b5001039db468b46aefd83926a2b721eb5.tar.xz freeipa-cbcd86b5001039db468b46aefd83926a2b721eb5.zip |
install: Initialize API early in server and replica install
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/install/server/install.py')
-rw-r--r-- | ipaserver/install/server/install.py | 90 |
1 files changed, 47 insertions, 43 deletions
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 59a9d1e5e..89473dc02 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -301,6 +301,8 @@ def install_check(installer): external_ca_file = installer._external_ca_file http_ca_cert = installer._ca_cert + dogtag_constants = dogtag.install_constants + tasks.check_selinux_status() if options.master_password: @@ -550,6 +552,51 @@ def install_check(installer): else: admin_password = options.admin_password + # Configuration for ipalib, we will bootstrap and finalize later, after + # we are sure we have the configuration file ready. + cfg = dict( + context='installer', + in_server=True, + ) + + # Create the management framework config file and finalize api + target_fname = paths.IPA_DEFAULT_CONF + fd = open(target_fname, "w") + fd.write("[global]\n") + fd.write("host=%s\n" % host_name) + fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name)) + fd.write("realm=%s\n" % realm_name) + fd.write("domain=%s\n" % domain_name) + fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % format_netloc(host_name)) + fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % + installutils.realm_to_serverid(realm_name)) + if setup_ca: + fd.write("enable_ra=True\n") + fd.write("ra_plugin=dogtag\n") + fd.write("dogtag_version=%s\n" % dogtag_constants.DOGTAG_VERSION) + else: + fd.write("enable_ra=False\n") + fd.write("ra_plugin=none\n") + fd.write("mode=production\n") + fd.close() + + # Must be readable for everyone + os.chmod(target_fname, 0644) + + system_hostname = get_fqdn() + if host_name != system_hostname: + root_logger.debug("Chosen hostname (%s) differs from system hostname " + "(%s) - change it" % (host_name, system_hostname)) + # update `api.env.ca_host` to correct hostname + # https://fedorahosted.org/freeipa/ticket/4936 + api.env.ca_host = host_name + + api.bootstrap(**cfg) + if setup_ca: + # ensure profile backend is available + import ipaserver.plugins.dogtag + api.finalize() + if setup_ca: ca.install_check(False, None, options) @@ -656,38 +703,6 @@ def install(installer): # failure to enable root cause investigation installer._installation_cleanup = False - # Configuration for ipalib, we will bootstrap and finalize later, after - # we are sure we have the configuration file ready. - cfg = dict( - context='installer', - in_server=True, - ) - - # Create the management framework config file and finalize api - target_fname = paths.IPA_DEFAULT_CONF - fd = open(target_fname, "w") - fd.write("[global]\n") - fd.write("host=%s\n" % host_name) - fd.write("basedn=%s\n" % ipautil.realm_to_suffix(realm_name)) - fd.write("realm=%s\n" % realm_name) - fd.write("domain=%s\n" % domain_name) - fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % format_netloc(host_name)) - fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % - installutils.realm_to_serverid(realm_name)) - if setup_ca: - fd.write("enable_ra=True\n") - fd.write("ra_plugin=dogtag\n") - fd.write("dogtag_version=%s\n" % dogtag_constants.DOGTAG_VERSION) - else: - fd.write("enable_ra=False\n") - fd.write("ra_plugin=none\n") - fd.write("enable_kra=%s\n" % setup_kra) - fd.write("mode=production\n") - fd.close() - - # Must be readable for everyone - os.chmod(target_fname, 0644) - if installer.interactive: print "" print "The following operations may take some minutes to complete." @@ -696,19 +711,8 @@ def install(installer): system_hostname = get_fqdn() if host_name != system_hostname: - root_logger.debug("Chosen hostname (%s) differs from system hostname " - "(%s) - change it" % (host_name, system_hostname)) # configure /etc/sysconfig/network to contain the custom hostname tasks.backup_and_replace_hostname(fstore, sstore, host_name) - # update `api.env.ca_host` to correct hostname - # https://fedorahosted.org/freeipa/ticket/4936 - api.env.ca_host = host_name - - api.bootstrap(**cfg) - if setup_ca: - # ensure profile backend is available - import ipaserver.plugins.dogtag - api.finalize() # Create DS user/group if it doesn't exist yet dsinstance.create_ds_user() |