From fea7163e87ef7b2e46fa18dc77836ec9ee92ce02 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 11 Sep 2013 08:27:34 +0000
Subject: Move CACERT definition to a single place.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
---
 ipaserver/install/bindinstance.py           | 3 ++-
 ipaserver/install/dsinstance.py             | 2 +-
 ipaserver/install/httpinstance.py           | 1 +
 ipaserver/install/ipa_backup.py             | 3 ++-
 ipaserver/install/ipa_replica_prepare.py    | 5 +++--
 ipaserver/install/ipa_server_certinstall.py | 3 +--
 ipaserver/install/krbinstance.py            | 3 ++-
 ipaserver/install/replication.py            | 2 +-
 ipaserver/install/service.py                | 2 --
 9 files changed, 13 insertions(+), 11 deletions(-)

(limited to 'ipaserver/install')

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 908807a1c..613af5c91 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -38,6 +38,7 @@ from ipalib import api, errors
 from ipalib.util import (validate_zonemgr, normalize_zonemgr,
         get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
         normalize_zone, get_reverse_zone_default, zone_is_reverse)
+from ipalib.constants import CACERT
 
 NAMED_CONF = '/etc/named.conf'
 RESOLV_CONF = '/etc/resolv.conf'
@@ -206,7 +207,7 @@ def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False, realm=None
         if ldapi:
             conn = ipaldap.IPAdmin(host=fqdn, ldapi=True, realm=realm)
         else:
-            conn = ipaldap.IPAdmin(host=fqdn, port=636, cacert=service.CACERT)
+            conn = ipaldap.IPAdmin(host=fqdn, port=636, cacert=CACERT)
 
         if dm_password:
             conn.do_simple_bind(bindpw=dm_password)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 8fa900f8d..835589d88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -40,11 +40,11 @@ from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import sysupgrade
 from ipalib import errors
+from ipalib.constants import CACERT
 from ipapython.dn import DN
 
 SERVER_ROOT_64 = "/usr/lib64/dirsrv"
 SERVER_ROOT_32 = "/usr/lib/dirsrv"
-CACERT="/etc/ipa/ca.crt"
 
 DS_USER = 'dirsrv'
 DS_GROUP = 'dirsrv'
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 34e58fbb8..28a83ff04 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -35,6 +35,7 @@ from ipapython import dogtag
 from ipapython.ipa_log_manager import *
 from ipaserver.install import sysupgrade
 from ipalib import api
+from ipalib.constants import CACERT
 
 HTTPD_DIR = "/etc/httpd"
 SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 32272794a..302a5bd90 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -38,6 +38,7 @@ from ipaserver.install import installutils
 from ipapython import services as ipaservices
 from ipapython import ipaldap
 from ipalib.session import ISO8601_DATETIME_FMT
+from ipalib.constants import CACERT
 from ConfigParser import SafeConfigParser
 
 """
@@ -149,7 +150,7 @@ class Backup(admintool.AdminTool):
         '/etc/krb5.conf',
         '/etc/group',
         '/etc/passwd',
-        '/etc/ipa/ca.crt',
+        CACERT,
         '/etc/ipa/default.conf',
         '/etc/dirsrv/ds.keytab',
         '/etc/ntp.conf',
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index c786569e2..e71dd22e4 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -34,6 +34,7 @@ from ipapython.dn import DN
 from ipapython import version
 from ipalib import api
 from ipalib import errors
+from ipalib.constants import CACERT
 
 
 class ReplicaPrepare(admintool.AdminTool):
@@ -139,7 +140,7 @@ class ReplicaPrepare(admintool.AdminTool):
     def check_pkcs12(self, pkcs12_file, pkcs12_pin):
         installutils.check_pkcs12(
             pkcs12_info=(pkcs12_file, pkcs12_pin),
-            ca_file='/etc/ipa/ca.crt',
+            ca_file=CACERT,
             hostname=self.replica_fqdn)
 
     def ask_for_options(self):
@@ -356,7 +357,7 @@ class ReplicaPrepare(admintool.AdminTool):
     def copy_misc_files(self):
         self.log.info("Copying additional files")
 
-        self.copy_info_file("/etc/ipa/ca.crt", "ca.crt")
+        self.copy_info_file(CACERT, "ca.crt")
         preferences_filename = "/usr/share/ipa/html/preferences.html"
         if ipautil.file_exists(preferences_filename):
             self.copy_info_file(preferences_filename, "preferences.html")
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index 08b27e38a..a1c7c8e91 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -28,11 +28,10 @@ from ipapython import admintool
 from ipapython.dn import DN
 from ipapython.ipautil import user_input, write_tmp_file
 from ipalib import api, errors
+from ipalib.constants import CACERT
 from ipaserver.install import certs, dsinstance, httpinstance, installutils
 from ipaserver.plugins.ldap2 import ldap2
 
-CACERT = "/etc/ipa/ca.crt"
-
 class ServerCertInstall(admintool.AdminTool):
     command_name = 'ipa-server-certinstall'
 
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 80d1addb4..caa70a447 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -33,6 +33,7 @@ from ipapython import ipautil
 from ipapython import services as ipaservices
 from ipapython import kernel_keyring
 from ipalib import errors
+from ipalib.constants import CACERT
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 
@@ -435,7 +436,7 @@ class KrbInstance(service.Service):
 
         # Finally copy the cacert in the krb directory so we don't
         # have any selinux issues with the file context
-        shutil.copyfile("/etc/ipa/ca.crt", "/var/kerberos/krb5kdc/cacert.pem")
+        shutil.copyfile(CACERT, "/var/kerberos/krb5kdc/cacert.pem")
 
     def __add_anonymous_pkinit_principal(self):
         princ = "WELLKNOWN/ANONYMOUS"
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 4fa8cb8aa..f295fb305 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -25,12 +25,12 @@ import os
 import ldap
 
 from ipalib import api, errors
+from ipalib.constants import CACERT
 from ipapython import services as ipaservices
 from ipapython.ipa_log_manager import *
 from ipapython import ipautil, dogtag, ipaldap
 from ipapython.dn import DN
 
-CACERT = "/etc/ipa/ca.crt"
 # the default container used by AD for user entries
 WIN_USER_CONTAINER = DN(('cn', 'Users'))
 # the default container used by IPA for user entries
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 5d5db966f..ba6bc35ce 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -30,8 +30,6 @@ from ipapython.dn import DN
 from ipapython.ipa_log_manager import *
 from ipalib import errors
 
-CACERT = "/etc/ipa/ca.crt"
-
 # Autobind modes
 AUTO = 1
 ENABLED = 2
-- 
cgit