diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-06-30 12:16:56 +0200 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-06-30 13:41:00 +0200 |
| commit | b2f0a018b6f2226106ec811cf01f9bcebb770126 (patch) | |
| tree | ccb7aba1b2d294baffad8665b17d871f58f64c69 /ipaserver | |
| parent | 37729936dd6fe9c3396cbb8a682a4674af8b5537 (diff) | |
| download | freeipa-b2f0a018b6f2226106ec811cf01f9bcebb770126.tar.gz freeipa-b2f0a018b6f2226106ec811cf01f9bcebb770126.tar.xz freeipa-b2f0a018b6f2226106ec811cf01f9bcebb770126.zip | |
Sanitize CA replica install
Check if cafile exist first.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 069c46fc1..b2dc3dd75 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -391,6 +391,9 @@ def install_check(installer): installutils.verify_fqdn(config.master_host_name, options.no_host_dns) cafile = config.dir + "/ca.crt" + if not ipautil.file_exists(cafile): + raise RuntimeError("CA cert file is not available. Please run " + "ipa-replica-prepare to create a new replica file.") ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) remote_api = create_api(mode=None) @@ -510,10 +513,6 @@ def install_check(installer): config.master_host_name, config.host_name, config.realm_name, options.setup_ca, config.ca_ds_port, options.admin_password) - if not ipautil.file_exists(cafile): - raise RuntimeError("CA cert file is not available. Please run " - "ipa-replica-prepare to create a new replica file.") - installer._remote_api = remote_api installer._fstore = fstore installer._sstore = sstore @@ -574,15 +573,14 @@ def install(installer): otpd.create_instance('OTPD', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) - if ipautil.file_exists(cafile): - CA = cainstance.CAInstance( - config.realm_name, certs.NSS_DIR, - dogtag_constants=dogtag_constants) - CA.dm_password = config.dirman_password + CA = cainstance.CAInstance( + config.realm_name, certs.NSS_DIR, + dogtag_constants=dogtag_constants) + CA.dm_password = config.dirman_password - CA.configure_certmonger_renewal() - CA.import_ra_cert(config.dir + "/ra.p12") - CA.fix_ra_perms() + CA.configure_certmonger_renewal() + CA.import_ra_cert(config.dir + "/ra.p12") + CA.fix_ra_perms() # The DS instance is created before the keytab, add the SSL cert we # generated |