diff options
author | Adam Young <ayoung@redhat.com> | 2011-10-06 20:37:18 -0400 |
---|---|---|
committer | Adam Young <ayoung@redhat.com> | 2011-10-07 14:48:21 -0400 |
commit | f30924decd4fd43d41bf747dedbd72100373b7a5 (patch) | |
tree | c6d119166fa3611ae4892676410f9a6786bc5672 | |
parent | 8dd24ba870fdcb58b4497fa8722558ae02ac57a8 (diff) | |
download | freeipa.git-f30924decd4fd43d41bf747dedbd72100373b7a5.tar.gz freeipa.git-f30924decd4fd43d41bf747dedbd72100373b7a5.tar.xz freeipa.git-f30924decd4fd43d41bf747dedbd72100373b7a5.zip |
Execute pki proxy setup when server is upgraded if needed
-rw-r--r-- | install/tools/ipa-upgradeconfig | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 1b08382e..406da939 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -25,7 +25,10 @@ Upgrade configuration files to a newer template. import sys try: - from ipapython import ipautil + from ipapython import ipautil, sysrestore + from ipaserver.install import installutils + from ipaserver.install import dsinstance + from ipaserver.install import httpinstance import krbV import re import os @@ -135,6 +138,22 @@ def check_certs(): print "Missing Certification Authority file." print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" +def upgrade_pki(): + """ + Update/add the dogtag proxy configuration. The IPA side of this is + handled in ipa-pki-proxy.conf. + + This requires enabling SSL renegotiation. + """ + fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') + http = httpinstance.HTTPInstance(fstore) + http.enable_mod_nss_renegotiate() + if not installutils.get_directive('/etc/pki-ca/CS.cfg', + 'proxy.securePort', '=') and \ + os.path.exists('/usr/bin/pki-setup-proxy'): + ipautil.run(['/usr/bin/pki-setup-proxy', '-pki_instance_root=/var/lib' + ,'-pki_instance_name=pki-ca','-subsystem_type=ca']) + def main(): """ Get some basics about the system. If getting those basics fail then @@ -162,7 +181,7 @@ def main(): upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") upgrade(sub_dict, "/etc/httpd/conf.d/ipa-pki-proxy.conf", ipautil.SHARE_DIR + "ipa-pki-proxy.conf", add=True) - + upgrade_pki() try: if __name__ == "__main__": sys.exit(main()) |