vault: Fix ipa-kra-install

Use state in LDAP rather than local state to check if KRA is installed.
Use correct log file names.

https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: David Kupka <dkupka@redhat.com>

2 files changed, 18 insertions, 22 deletions

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 89473dc02..bde348518 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -602,8 +602,7 @@ def install_check(installer):
 
     if setup_kra:
         try:
-            kra.install_check(None, options, False,
-                              dogtag.install_constants.DOGTAG_VERSION)
+            kra.install_check(api, None, options)
         except RuntimeError as e:
             print str(e)
             sys.exit(1)
@@ -865,7 +864,7 @@ def install(installer):
     http.restart()
 
     if setup_kra:
-        kra.install(None, options, dm_password)
+        kra.install(api, None, options)
 
     # Set the admin user kerberos password
     ds.change_admin_password(admin_password)
@@ -1060,7 +1059,7 @@ def uninstall(installer):
 
     ntpinstance.NTPInstance(fstore).uninstall()
 
-    kra.uninstall()
+    kra.uninstall(False)
 
     ca.uninstall(dogtag_constants)
 
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 0429a4057..34580ce19 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -379,8 +379,6 @@ def install_check(installer):
             fd.write("enable_ra=False\n")
             fd.write("ra_plugin=none\n")
 
-        fd.write("enable_kra=%s\n" % config.setup_kra)
-
         fd.write("mode=production\n")
         fd.close()
     finally:
@@ -480,6 +478,18 @@ def install_check(installer):
             root_logger.debug('No IPA DNS servers, '
                               'skipping forward/reverse resolution check')
 
+        if options.setup_ca:
+            options.realm_name = config.realm_name
+            options.host_name = config.host_name
+            options.subject = config.subject_base
+            ca.install_check(False, config, options)
+
+        if config.setup_kra:
+            try:
+                kra.install_check(remote_api, config, options)
+            except RuntimeError as e:
+                print str(e)
+                sys.exit(1)
     except errors.ACIError:
         sys.exit("\nThe password provided is incorrect for LDAP server "
                  "%s" % config.master_host_name)
@@ -492,20 +502,6 @@ def install_check(installer):
         if conn.isconnected():
             conn.disconnect()
 
-    if options.setup_ca:
-        options.realm_name = config.realm_name
-        options.host_name = config.host_name
-        options.subject = config.subject_base
-        ca.install_check(False, config, options)
-
-    if config.setup_kra:
-        try:
-            kra.install_check(config, options, False,
-                              dogtag.install_constants.DOGTAG_VERSION)
-        except RuntimeError as e:
-            print str(e)
-            sys.exit(1)
-
     if options.setup_dns:
         dns.install_check(False, True, options, config.host_name)
     else:
@@ -567,10 +563,11 @@ def install(installer):
         if conn.isconnected():
             conn.disconnect()
 
+    options.dm_password = config.dirman_password
+
     if config.setup_ca:
         options.realm_name = config.realm_name
         options.domain_name = config.domain_name
-        options.dm_password = config.dirman_password
         options.host_name = config.host_name
 
         ca.install(False, config, options)
@@ -591,7 +588,7 @@ def install(installer):
     ds.apply_updates()
 
     if options.setup_kra:
-        kra.install(config, options, config.dirman_password)
+        kra.install(api, config, options)
     else:
         service.print_msg("Restarting the directory server")
         ds.restart()