summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xinstall/tools/ipa-replica-install1
-rwxr-xr-xinstall/tools/ipa-server-install3
-rwxr-xr-xinstall/tools/ipactl2
-rw-r--r--ipalib/config.py4
-rw-r--r--ipalib/constants.py12
-rw-r--r--ipaserver/install/cainstance.py29
-rw-r--r--ipaserver/plugins/ldap2.py4
-rw-r--r--tests/test_ipalib/test_config.py1
8 files changed, 32 insertions, 24 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 16f849567..3feb2a93d 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -447,6 +447,7 @@ def main():
try:
fd = open("/etc/ipa/default.conf", "w")
fd.write("[global]\n")
+ fd.write("host=" + config.host_name + "\n")
fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
fd.write("realm=" + config.realm_name + "\n")
fd.write("domain=" + config.domain_name + "\n")
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 019dfb1aa..09cc8a099 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -680,6 +680,7 @@ def main():
try:
fd = open("/etc/ipa/default.conf", "w")
fd.write("[global]\n")
+ fd.write("host=" + host_name + "\n")
fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
fd.write("realm=" + realm_name + "\n")
fd.write("domain=" + domain_name + "\n")
@@ -920,7 +921,7 @@ def main():
# Call client install script
try:
- run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name])
+ run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name])
except Exception, e:
sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e))
diff --git a/install/tools/ipactl b/install/tools/ipactl
index 4ce26069c..01b88a549 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -71,7 +71,7 @@ def emit_err(err):
sys.stderr.write(err + '\n')
def get_config():
- base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (socket.gethostname(),
+ base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (api.env.host,
api.env.basedn)
srcfilter = '(ipaConfigString=enabledService)'
attrs = ['cn', 'ipaConfigString']
diff --git a/ipalib/config.py b/ipalib/config.py
index 888785a26..410e5f0b2 100644
--- a/ipalib/config.py
+++ b/ipalib/config.py
@@ -447,7 +447,6 @@ class Env(object):
self.__doing('_bootstrap')
# Set run-time variables (cannot be overridden):
- self.host = getfqdn()
self.ipalib = path.dirname(path.abspath(__file__))
self.site_packages = path.dirname(self.ipalib)
self.script = path.abspath(sys.argv[0])
@@ -550,9 +549,6 @@ class Env(object):
if 'log' not in self:
self.log = self._join('logdir', '%s.log' % self.context)
- # FIXME: move into ca plugin
- if 'ca_host' not in self:
- self.ca_host = self.host
self._merge(**defaults)
def _finalize(self, **lastchance):
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 202f5fa93..23e80257d 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -21,6 +21,14 @@
"""
All constants centralised in one file.
"""
+import socket
+try:
+ FQDN = socket.getfqdn()
+except:
+ try:
+ FQDN = socket.gethostname()
+ except:
+ FQDN = None
# The parameter system treats all these values as None:
NULLS = (None, '', u'', tuple(), [])
@@ -127,7 +135,7 @@ DEFAULT_CONFIG = (
('mode', 'production'),
# CA plugin:
- ('ca_host', object), # Set in Env._finalize_core()
+ ('ca_host', FQDN), # Set in Env._finalize_core()
('ca_port', 9180),
('ca_agent_port', 9443),
('ca_ee_port', 9444),
@@ -160,7 +168,7 @@ DEFAULT_CONFIG = (
# raised.
# Non-overridable vars set in Env._bootstrap():
- ('host', object),
+ ('host', FQDN),
('ipalib', object), # The directory containing ipalib/__init__.py
('site_packages', object), # The directory contaning ipalib
('script', object), # sys.argv[0]
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 001e6eb09..928d01e47 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -519,7 +519,6 @@ class CAInstance(service.Service):
# Step 1 of external is getting a CSR so we don't need to do these
# steps until we get a cert back from the external CA.
if self.external != 1:
- self.step("restarting certificate server", self.__restart_instance)
if not self.clone:
self.step("creating CA agent PKCS#12 file in /root", self.__create_ca_agent_pkcs12)
self.step("creating RA agent certificate database", self.__create_ra_agent_db)
@@ -557,7 +556,7 @@ class CAInstance(service.Service):
'-redirect', 'conf=/etc/pki-ca',
'-redirect', 'logs=/var/log/pki-ca',
]
- ipautil.run(args)
+ ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn})
def __enable(self):
self.backup_state("enabled", self.is_enabled())
@@ -673,7 +672,7 @@ class CAInstance(service.Service):
# Define the things we don't want logged
nolog = (self.admin_password, self.dm_password,)
- ipautil.run(args, nolog=nolog)
+ ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog)
except ipautil.CalledProcessError, e:
logging.critical("failed to configure ca instance %s" % e)
raise RuntimeError('Configuration of CA failed')
@@ -683,11 +682,22 @@ class CAInstance(service.Service):
print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate"
sys.exit(0)
+ # Turn off Nonces (again)
+ if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0:
+ raise RuntimeError("Disabling nonces failed")
+ pent = pwd.getpwnam(PKI_USER)
+ os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid )
+
+ # pkisilent makes a copy of the CA PKCS#12 file for us but gives
+ # it a lousy name.
+ if ipautil.file_exists("/root/tmp-ca.p12"):
+ shutil.move("/root/tmp-ca.p12", "/root/cacert.p12")
+
try:
# After configuration the service is running and configured
# but must be restarted for configuration to take effect.
# The service status in this case will be 4.
- self.restart()
+ self.__restart_instance()
except ipautil.CalledProcessError, e:
logging.critical("failed to restart ca instance after pkisilent configuration %s" % e)
raise RuntimeError('Restarting CA after pkisilent configuration failed')
@@ -702,17 +712,6 @@ class CAInstance(service.Service):
logging.debug("completed creating ca instance")
- # Turn off Nonces (again)
- if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0:
- raise RuntimeError("Disabling nonces failed")
- pent = pwd.getpwnam(PKI_USER)
- os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid )
-
- # pkisilent makes a copy of the CA PKCS#12 file for us but gives
- # it a lousy name.
- if ipautil.file_exists("/root/tmp-ca.p12"):
- shutil.move("/root/tmp-ca.p12", "/root/cacert.p12")
-
def __restart_instance(self):
try:
self.restart()
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index e4cc72de5..c37525203 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -160,6 +160,8 @@ def get_schema(url, conn=None):
if conn is None:
conn = _ldap.initialize(url)
+ if url.startswith('ldapi://'):
+ conn.set_option(_ldap.OPT_HOST_NAME, api.env.host)
conn.sasl_interactive_bind_s('', SASL_AUTH)
schema_entry = conn.search_s(
@@ -321,6 +323,8 @@ class ldap2(CrudBackend, Encoder):
try:
conn = _ldap.initialize(self.ldap_uri)
+ if self.ldap_uri.startswith('ldapi://'):
+ conn.set_option(_ldap.OPT_HOST_NAME, api.env.host)
if ccache is not None:
os.environ['KRB5CCNAME'] = ccache
conn.sasl_interactive_bind_s('', SASL_AUTH)
diff --git a/tests/test_ipalib/test_config.py b/tests/test_ipalib/test_config.py
index 97d7548fe..e729a6284 100644
--- a/tests/test_ipalib/test_config.py
+++ b/tests/test_ipalib/test_config.py
@@ -441,7 +441,6 @@ class test_Env(ClassChecker):
(o, home) = self.new()
o._bootstrap()
ipalib = path.dirname(path.abspath(config.__file__))
- assert o.host == socket.gethostname()
assert o.ipalib == ipalib
assert o.site_packages == path.dirname(ipalib)
assert o.script == path.abspath(sys.argv[0])