diff options
-rw-r--r-- | install/conf/ipa-pki-proxy.conf | 2 | ||||
-rw-r--r-- | ipaserver/install/dogtaginstance.py | 4 | ||||
-rw-r--r-- | ipaserver/install/ipa_kra_install.py | 13 |
3 files changed, 10 insertions, 9 deletions
diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf index 57175390b..2370b4d7a 100644 --- a/install/conf/ipa-pki-proxy.conf +++ b/install/conf/ipa-pki-proxy.conf @@ -19,7 +19,7 @@ ProxyRequests Off </LocationMatch> # matches for agent port and eeca port -<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/kra/rest/admin/kraconnector/remove"> +<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/ca/rest/admin/kraconnector/remove"> NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate NSSVerifyClient require ProxyPassMatch ajp://localhost:$DOGTAG_PORT diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index 1e4c5fa79..174b538aa 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -335,6 +335,10 @@ class DogtagInstance(service.Service): def stop_tracking_certificates(self, dogtag_constants, reqs=None): """Stop tracking our certificates. Called on uninstall. """ + self.print_msg( + "Configuring certmonger to stop tracking system certificates " + "for %s" % self.subsystem) + cmonger = services.knownservices.certmonger services.knownservices.messagebus.start() cmonger.start() diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 2c4f2dcaa..207b8c412 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -49,6 +49,11 @@ class KRAInstall(admintool.AdminTool): super(KRAInstall, cls).add_options(parser, debug_option=True) parser.add_option( + "--no-host-dns", dest="no_host_dns", action="store_true", + default=False, + help="Do not use DNS for hostname lookup during installation") + + parser.add_option( "-p", "--password", dest="password", sensitive=True, help="Directory Manager (existing master) password") @@ -115,14 +120,6 @@ class KRAUninstaller(KRAInstall): super(KRAUninstaller, self).run() dogtag_constants = dogtag.configured_constants() - # temporarily disable uninstall until Dogtag ticket: - # https://fedorahosted.org/pki/ticket/1113 is fixed - # TODO(alee) remove this once the above ticket is fixed - raise admintool.ScriptError( - "Uninstall is temporarily disabled. To uninstall, please " - "use ipa-server-install --uninstall" - ) - kra_instance = krainstance.KRAInstance( api.env.realm, dogtag_constants=dogtag_constants) kra_instance.stop_tracking_certificates(dogtag_constants) |