summaryrefslogtreecommitdiffstats
path: root/install/tools
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools')
-rwxr-xr-xinstall/tools/ipa-ca-install6
-rwxr-xr-xinstall/tools/ipa-csreplica-manage3
-rwxr-xr-xinstall/tools/ipa-replica-install4
-rwxr-xr-xinstall/tools/ipa-replica-prepare5
-rwxr-xr-xinstall/tools/ipa-server-install21
-rw-r--r--install/tools/ipa-upgradeconfig12
6 files changed, 38 insertions, 13 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index d52832239..1c1b96a91 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -37,6 +37,7 @@ from ipapython import version
from ipalib import api, util
from ipapython.config import IPAOptionParser
from ipapython import sysrestore
+from ipapython import dogtag
from ipapython.ipa_log_manager import *
log_file_name = "/var/log/ipareplica-ca-install.log"
@@ -156,10 +157,11 @@ def main():
# We need to restart apache as we drop a new config file in there
ipaservices.knownservices.httpd.restart(capture_output=True)
- #update dogtag version in config file to denote new instance
+ #update dogtag version in config file
try:
fd = open("/etc/ipa/default.conf", "a")
- fd.write("dogtag_version=10\n")
+ fd.write(
+ "dogtag_version=%s\n" % dogtag.install_constants.DOGTAG_VERSION)
fd.close()
except IOError, e:
print "Failed to update /etc/ipa/default.conf"
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index 884956fd1..39cfa5851 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -29,6 +29,7 @@ from ipapython import ipautil
from ipaserver.install import replication, installutils
from ipaserver import ipaldap
from ipapython import version
+from ipapython import dogtag
from ipalib import api, errors, util
from ipapython.dn import DN
@@ -80,7 +81,7 @@ class CSReplicationManager(replication.ReplicationManager):
"""
dn = None
cn = None
- instance_name = 'pki-tomcat'
+ instance_name = dogtag.configured_constants(api).PKI_INSTANCE_NAME
# if master is not None we know what dn to return:
if master is not None:
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index a7b34cf1b..0378827d5 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -42,6 +42,7 @@ from ipapython.config import IPAOptionParser
from ipapython import sysrestore
from ipapython import services as ipaservices
from ipapython.ipa_log_manager import *
+from ipapython import dogtag
from ipapython.dn import DN
log_file_name = "/var/log/ipareplica-install.log"
@@ -376,7 +377,8 @@ def main():
if ipautil.file_exists(config.dir + "/cacert.p12"):
fd.write("enable_ra=True\n")
fd.write("ra_plugin=dogtag\n")
- fd.write("dogtag_version=10\n")
+ fd.write("dogtag_version=%s\n" %
+ dogtag.install_constants.DOGTAG_VERSION)
fd.write("mode=production\n")
fd.close()
finally:
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index ce25681f4..56f132a38 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -33,6 +33,7 @@ from ipaserver.install.replication import enable_replication_version_checking
from ipaserver.install.installutils import resolve_host, BadHostError, HostLookupError
from ipaserver.plugins.ldap2 import ldap2
from ipapython import version
+from ipapython import dogtag
from ipapython.config import IPAOptionParser
from ipalib import api, errors, util
from ipapython.dn import DN
@@ -304,7 +305,9 @@ def main():
if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address):
sys.exit(1)
- if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki/pki-tomcat/conf/ca/CS.cfg") and not options.dirsrv_pin:
+ if (not certs.ipa_self_signed() and
+ not ipautil.file_exists(dogtag.configured_constants().CS_CFG_PATH) and
+ not options.dirsrv_pin):
sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.")
check_ipa_configuration(api.env.realm)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 639a72701..201e2fb18 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -58,6 +58,7 @@ from ipaserver.plugins.ldap2 import ldap2
from ipapython import sysrestore
from ipapython.ipautil import *
from ipapython import ipautil
+from ipapython import dogtag
from ipalib import api, errors, util
from ipapython.config import IPAOptionParser
from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
@@ -465,6 +466,9 @@ def uninstall():
except Exception, e:
pass
+ # Need to get dogtag info before /etc/ipa/default.conf is removed
+ dogtag_constants = dogtag.configured_constants()
+
print "Removing IPA client configuration"
try:
(stdout, stderr, rc) = run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--uninstall"], raiseonerr=False)
@@ -477,10 +481,13 @@ def uninstall():
print "ipa-client-install returned: " + str(e)
ntpinstance.NTPInstance(fstore).uninstall()
- if cainstance.CADSInstance().is_configured():
- cainstance.CADSInstance().uninstall()
- if cainstance.CAInstance(api.env.realm, certs.NSS_DIR).is_configured():
- cainstance.CAInstance(api.env.realm, certs.NSS_DIR).uninstall()
+ cads_instance = cainstance.CADSInstance(dogtag_constants=dogtag_constants)
+ if cads_instance.is_configured():
+ cads_instance.uninstall()
+ ca_instance = cainstance.CAInstance(
+ api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants)
+ if ca_instance.is_configured():
+ ca_instance.uninstall()
bindinstance.BindInstance(fstore).uninstall()
httpinstance.HTTPInstance(fstore).uninstall()
krbinstance.KrbInstance(fstore).uninstall()
@@ -853,7 +860,8 @@ def main():
fd.write("enable_ra=True\n")
if not options.selfsign:
fd.write("ra_plugin=dogtag\n")
- fd.write("dogtag_version=10\n")
+ fd.write("dogtag_version=%s\n" %
+ dogtag.install_constants.DOGTAG_VERSION)
fd.write("mode=production\n")
fd.close()
@@ -916,7 +924,8 @@ def main():
cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
if not cs.is_configured():
cs.create_instance(realm_name, host_name, domain_name, dm_password, subject_base=options.subject)
- ca = cainstance.CAInstance(realm_name, certs.NSS_DIR)
+ ca = cainstance.CAInstance(realm_name, certs.NSS_DIR,
+ dogtag_constants=dogtag.install_constants)
if external == 0:
ca.configure_instance(host_name, dm_password, dm_password,
subject_base=options.subject)
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3041cb60b..6c0437180 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -29,6 +29,7 @@ try:
from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import *
from ipapython import certmonger
+ from ipapython import dogtag
from ipaserver.install import installutils
from ipaserver.install import dsinstance
from ipaserver.install import httpinstance
@@ -458,7 +459,7 @@ def enable_certificate_renewal(realm):
ca.configure_agent_renewal()
ca.track_servercert()
sysupgrade.set_upgrade_state('dogtag', 'renewal_configured', True)
- ca.restart(cainstance.PKI_INSTANCE_NAME)
+ ca.restart(dogtag.configured_constants().PKI_INSTANCE_NAME)
root_logger.debug('CA subsystem certificate renewal enabled')
def main():
@@ -495,7 +496,14 @@ def main():
check_certs()
auto_redirect = find_autoredirect(fqdn)
- sub_dict = { "REALM" : api.env.realm, "FQDN": fqdn, "AUTOREDIR": '' if auto_redirect else '#'}
+ configured_constants = dogtag.configured_constants()
+ sub_dict = dict(
+ REALM=api.env.realm,
+ FQDN=fqdn,
+ AUTOREDIR='' if auto_redirect else '#',
+ CRL_PUBLISH_PATH=configured_constants.CRL_PUBLISH_PATH,
+ DOGTAG_PORT=configured_constants.AJP_PORT,
+ )
upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
generated by cgit (git 2.34.1) at 2024-09-24 11:08:49 +0000