diff options
Diffstat (limited to 'install/tools')
-rwxr-xr-x | install/tools/ipa-ca-install | 6 | ||||
-rwxr-xr-x | install/tools/ipa-csreplica-manage | 3 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 4 | ||||
-rwxr-xr-x | install/tools/ipa-replica-prepare | 5 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 21 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 12 |
6 files changed, 38 insertions, 13 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index d52832239..1c1b96a91 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -37,6 +37,7 @@ from ipapython import version from ipalib import api, util from ipapython.config import IPAOptionParser from ipapython import sysrestore +from ipapython import dogtag from ipapython.ipa_log_manager import * log_file_name = "/var/log/ipareplica-ca-install.log" @@ -156,10 +157,11 @@ def main(): # We need to restart apache as we drop a new config file in there ipaservices.knownservices.httpd.restart(capture_output=True) - #update dogtag version in config file to denote new instance + #update dogtag version in config file try: fd = open("/etc/ipa/default.conf", "a") - fd.write("dogtag_version=10\n") + fd.write( + "dogtag_version=%s\n" % dogtag.install_constants.DOGTAG_VERSION) fd.close() except IOError, e: print "Failed to update /etc/ipa/default.conf" diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index 884956fd1..39cfa5851 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -29,6 +29,7 @@ from ipapython import ipautil from ipaserver.install import replication, installutils from ipaserver import ipaldap from ipapython import version +from ipapython import dogtag from ipalib import api, errors, util from ipapython.dn import DN @@ -80,7 +81,7 @@ class CSReplicationManager(replication.ReplicationManager): """ dn = None cn = None - instance_name = 'pki-tomcat' + instance_name = dogtag.configured_constants(api).PKI_INSTANCE_NAME # if master is not None we know what dn to return: if master is not None: diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index a7b34cf1b..0378827d5 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -42,6 +42,7 @@ from ipapython.config import IPAOptionParser from ipapython import sysrestore from ipapython import services as ipaservices from ipapython.ipa_log_manager import * +from ipapython import dogtag from ipapython.dn import DN log_file_name = "/var/log/ipareplica-install.log" @@ -376,7 +377,8 @@ def main(): if ipautil.file_exists(config.dir + "/cacert.p12"): fd.write("enable_ra=True\n") fd.write("ra_plugin=dogtag\n") - fd.write("dogtag_version=10\n") + fd.write("dogtag_version=%s\n" % + dogtag.install_constants.DOGTAG_VERSION) fd.write("mode=production\n") fd.close() finally: diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index ce25681f4..56f132a38 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -33,6 +33,7 @@ from ipaserver.install.replication import enable_replication_version_checking from ipaserver.install.installutils import resolve_host, BadHostError, HostLookupError from ipaserver.plugins.ldap2 import ldap2 from ipapython import version +from ipapython import dogtag from ipapython.config import IPAOptionParser from ipalib import api, errors, util from ipapython.dn import DN @@ -304,7 +305,9 @@ def main(): if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address): sys.exit(1) - if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki/pki-tomcat/conf/ca/CS.cfg") and not options.dirsrv_pin: + if (not certs.ipa_self_signed() and + not ipautil.file_exists(dogtag.configured_constants().CS_CFG_PATH) and + not options.dirsrv_pin): sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") check_ipa_configuration(api.env.realm) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 639a72701..201e2fb18 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -58,6 +58,7 @@ from ipaserver.plugins.ldap2 import ldap2 from ipapython import sysrestore from ipapython.ipautil import * from ipapython import ipautil +from ipapython import dogtag from ipalib import api, errors, util from ipapython.config import IPAOptionParser from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file @@ -465,6 +466,9 @@ def uninstall(): except Exception, e: pass + # Need to get dogtag info before /etc/ipa/default.conf is removed + dogtag_constants = dogtag.configured_constants() + print "Removing IPA client configuration" try: (stdout, stderr, rc) = run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"], raiseonerr=False) @@ -477,10 +481,13 @@ def uninstall(): print "ipa-client-install returned: " + str(e) ntpinstance.NTPInstance(fstore).uninstall() - if cainstance.CADSInstance().is_configured(): - cainstance.CADSInstance().uninstall() - if cainstance.CAInstance(api.env.realm, certs.NSS_DIR).is_configured(): - cainstance.CAInstance(api.env.realm, certs.NSS_DIR).uninstall() + cads_instance = cainstance.CADSInstance(dogtag_constants=dogtag_constants) + if cads_instance.is_configured(): + cads_instance.uninstall() + ca_instance = cainstance.CAInstance( + api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants) + if ca_instance.is_configured(): + ca_instance.uninstall() bindinstance.BindInstance(fstore).uninstall() httpinstance.HTTPInstance(fstore).uninstall() krbinstance.KrbInstance(fstore).uninstall() @@ -853,7 +860,8 @@ def main(): fd.write("enable_ra=True\n") if not options.selfsign: fd.write("ra_plugin=dogtag\n") - fd.write("dogtag_version=10\n") + fd.write("dogtag_version=%s\n" % + dogtag.install_constants.DOGTAG_VERSION) fd.write("mode=production\n") fd.close() @@ -916,7 +924,8 @@ def main(): cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password) if not cs.is_configured(): cs.create_instance(realm_name, host_name, domain_name, dm_password, subject_base=options.subject) - ca = cainstance.CAInstance(realm_name, certs.NSS_DIR) + ca = cainstance.CAInstance(realm_name, certs.NSS_DIR, + dogtag_constants=dogtag.install_constants) if external == 0: ca.configure_instance(host_name, dm_password, dm_password, subject_base=options.subject) diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 3041cb60b..6c0437180 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -29,6 +29,7 @@ try: from ipapython.config import IPAOptionParser from ipapython.ipa_log_manager import * from ipapython import certmonger + from ipapython import dogtag from ipaserver.install import installutils from ipaserver.install import dsinstance from ipaserver.install import httpinstance @@ -458,7 +459,7 @@ def enable_certificate_renewal(realm): ca.configure_agent_renewal() ca.track_servercert() sysupgrade.set_upgrade_state('dogtag', 'renewal_configured', True) - ca.restart(cainstance.PKI_INSTANCE_NAME) + ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME) root_logger.debug('CA subsystem certificate renewal enabled') def main(): @@ -495,7 +496,14 @@ def main(): check_certs() auto_redirect = find_autoredirect(fqdn) - sub_dict = { "REALM" : api.env.realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect else '#'} + configured_constants = dogtag.configured_constants() + sub_dict = dict( + REALM=api.env.realm, + FQDN=fqdn, + AUTOREDIR='' if auto_redirect else '#', + CRL_PUBLISH_PATH=configured_constants.CRL_PUBLISH_PATH, + DOGTAG_PORT=configured_constants.AJP_PORT, + ) upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") |