diff options
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 2beadae81..fb6dd46fb 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -68,6 +68,8 @@ def parse_options(): parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true", default=False, help="Do not use DNS for hostname lookup during installation") + parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", + default=True, help="disables pkinit setup steps") options, args = parser.parse_args() safe_options = parser.get_safe_opts(options) @@ -178,13 +180,21 @@ def install_ds(config): return ds -def install_krb(config): +def install_krb(config, setup_pkinit=False): krb = krbinstance.KrbInstance() ldappwd_filename = config.dir + "/ldappwd" kpasswd_filename = config.dir + "/kpasswd.keytab" + + #pkinit files + pkcs12_info = None + if ipautil.file_exists(config.dir + "/pkinitcert.p12"): + pkcs12_info = (config.dir + "/pkinitcert.p12", + config.dir + "/pkinit_pin.txt") + krb.create_replica(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password, - ldappwd_filename, kpasswd_filename) + ldappwd_filename, kpasswd_filename, + setup_pkinit, pkcs12_info) def install_ca_cert(config): if ipautil.file_exists(config.dir + "/ca.crt"): @@ -261,6 +271,11 @@ def check_bind(): print "Aborting installation" sys.exit(1) +def check_pkinit(): + if not krbinstance.check_pkinit_plugin(): + print "Aborting installation" + sys.exit(1) + def main(): safe_options, options, filename = parse_options() installutils.standard_logging_setup("/var/log/ipareplica-install.log", options.debug) @@ -269,8 +284,14 @@ def main(): if not ipautil.file_exists(filename): sys.exit("Replica file %s does not exist" % filename) + # check the bind is installed if options.setup_dns: check_bind() + + # check the pkinit plugin is installed + if options.setup_pkinit: + check_pkinit() + check_dirsrv() # get the directory manager password @@ -367,7 +388,7 @@ def main(): if ret != 0: raise RuntimeError("Failed to start replication") - install_krb(config) + install_krb(config, setup_pkinit=options.setup_pkinit) install_http(config) if CA: CA.import_ra_cert(dir + "/ra.p12") |