diff options
-rwxr-xr-x | install/tools/ipa-server-install | 4 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 15 |
2 files changed, 12 insertions, 7 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 288022812..dfe192a6e 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -1110,7 +1110,6 @@ def main(): # we now need to enable ssl on the ds ds.enable_ssl() - ds.restart() if setup_ca: # We need to ldap_enable the CA now that DS is up and running @@ -1120,9 +1119,6 @@ def main(): # This is done within stopped_service context, which restarts CA ca.enable_client_auth_to_db() - # Upload the CA cert to the directory - ds.upload_ca_cert() - krb = krbinstance.KrbInstance(fstore) if options.pkinit_pkcs12: krb.create_instance(realm_name, host_name, domain_name, diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index dbac794bd..be8c5c4ba 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -274,7 +274,7 @@ class DsInstance(service.Service): self.step("creating indices", self.__create_indices) self.step("enabling referential integrity plugin", self.__add_referint_module) if enable_ssl: - self.step("configuring ssl for ds instance", self.enable_ssl) + self.step("configuring ssl for ds instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) self.step("configure autobind for root", self.__root_autobind) self.step("configure new location for managed entries", self.__repoint_managed_entries) @@ -338,6 +338,15 @@ class DsInstance(service.Service): self.start_creation(runtime=60) + def enable_ssl(self): + self.steps = [] + + self.step("configuring ssl for ds instance", self.__enable_ssl) + self.step("restarting directory server", self.__restart_instance) + self.step("adding CA certificate entry", self.__upload_ca_cert) + + self.start_creation(runtime=10) + def create_replica(self, realm_name, master_fqdn, fqdn, domain_name, dm_password, subject_base, pkcs12_info=None, ca_file=None, ca_is_configured=None): @@ -609,7 +618,7 @@ class DsInstance(service.Service): def generate_random(self): return ipautil.ipa_generate_password() - def enable_ssl(self): + def __enable_ssl(self): dirname = config_dirname(self.serverid) dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base) if self.pkcs12_info: @@ -667,7 +676,7 @@ class DsInstance(service.Service): # check for open secure port 636 from now on self.open_ports.append(636) - def upload_ca_cert(self): + def __upload_ca_cert(self): """ Upload the CA certificate from the NSS database to the LDAP directory. """ |