Remove code to install Dogtag 9

Since we depend on Dogtag 10 now, there is no need to keep code that installs a Dogtag 9 CA. Support for upgraded Dogtag-9-style instances is left in. https://fedorahosted.org/freeipa/ticket/3529
author: Petr Viktorin <pviktori@redhat.com> 2012-11-15 09:38:24 -0500
committer: Petr Viktorin <pviktori@redhat.com> 2013-05-31 10:26:07 +0200
commit: 34ba1b7060a9f5271c4f59bca7bfb689335e1c47 (patch)
tree: e63ced8ce58243773f1c240d68956c944d194d79 /install
parent: b21abc76caac8b251f708e77da7c8c7046fa22a7 (diff)
download: freeipa.git-34ba1b7060a9f5271c4f59bca7bfb689335e1c47.tar.gz
freeipa.git-34ba1b7060a9f5271c4f59bca7bfb689335e1c47.tar.xz
freeipa.git-34ba1b7060a9f5271c4f59bca7bfb689335e1c47.zip
4 files changed, 11 insertions, 38 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 2046b5fb..81c11834 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -178,19 +178,15 @@ def main():
         cainstance.replica_ca_install_check(config, dogtag_master_ds_port)
 
     # Configure the CA if necessary
-    (CA, cs) = cainstance.install_replica_ca(
+    CA = cainstance.install_replica_ca(
         config, dogtag_master_ds_port, postinstall=True)
 
     # We need to ldap_enable the CA now that DS is up and running
     CA.ldap_enable('CA', config.host_name, config.dirman_password,
                    ipautil.realm_to_suffix(config.realm_name))
-    if not dogtag.install_constants.SHARED_DB:
-        cs.add_simple_service('dogtagldap/%s@%s' %
-            (config.host_name, config.realm_name))
-        cs.add_cert_to_service()
-    else:
-        CA.enable_client_auth_to_db()
-        CA.restart()
+
+    CA.enable_client_auth_to_db()
+    CA.restart()
 
     # Install CA DNS records
     install_dns_records(config, options)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2c28f37c..b194b85a 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -653,7 +653,7 @@ def main():
     ds = install_replica_ds(config)
 
     # Configure the CA if necessary
-    (CA, cs) = cainstance.install_replica_ca(config, dogtag_master_ds_port)
+    CA = cainstance.install_replica_ca(config, dogtag_master_ds_port)
 
     # Always try to install DNS records
     install_dns_records(config, options)
@@ -662,13 +662,8 @@ def main():
     if CA and config.setup_ca:
         CA.ldap_enable('CA', config.host_name, config.dirman_password,
                        ipautil.realm_to_suffix(config.realm_name))
-        if not dogtag.install_constants.SHARED_DB:
-            cs.add_simple_service('dogtagldap/%s@%s' %
-                (config.host_name, config.realm_name))
-            cs.add_cert_to_service()
-        else:
-            CA.enable_client_auth_to_db()
-            CA.restart()
+        CA.enable_client_auth_to_db()
+        CA.restart()
 
     krb = install_krb(config, setup_pkinit=options.setup_pkinit)
     http = install_http(config, auto_redirect=options.ui_redirect)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 992da90c..62adbd5b 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -1009,13 +1009,6 @@ def main():
 
 
     if setup_ca:
-        if not dogtag.install_constants.SHARED_DB:
-            cs = cainstance.CADSInstance(
-                host_name, realm_name, domain_name, dm_password)
-            if not cs.is_configured():
-                cs.create_instance(realm_name, host_name, domain_name,
-                    dm_password, subject_base=options.subject)
-
         ca = cainstance.CAInstance(realm_name, certs.NSS_DIR,
             dogtag_constants=dogtag.install_constants)
         if external == 0:
@@ -1055,17 +1048,8 @@ def main():
         # We need to ldap_enable the CA now that DS is up and running
         ca.ldap_enable('CA', host_name, dm_password,
                        ipautil.realm_to_suffix(realm_name))
-        if not dogtag.install_constants.SHARED_DB:
-            # Turn on SSL in the dogtag LDAP instance. This will get restarted
-            # later, we don't need SSL now.
-            cs.create_certdb()
-            cs.enable_ssl()
-            # Add the IPA service for storing the PKI-IPA server certificate.
-            cs.add_simple_service(cs.principal)
-            cs.add_cert_to_service()
-        else:
-            ca.enable_client_auth_to_db()
-            ca.restart()
+        ca.enable_client_auth_to_db()
+        ca.restart()
 
         # Upload the CA cert to the directory
         ds.upload_ca_cert()
diff --git a/install/tools/ipactl b/install/tools/ipactl
index 2d699880..df0d6f57 100755
--- a/install/tools/ipactl
+++ b/install/tools/ipactl
@@ -45,16 +45,14 @@ def check_IPA_configuration():
 
 def is_dirsrv_debugging_enabled():
     """
-    Check the IPA and PKI-CA 389-ds instances to see if debugging is
-    enabled. If so we suppress that in our output.
+    Check the 389-ds instance to see if debugging is enabled.
+    If so we suppress that in our output.
 
     returns True or False
     """
     debugging = False
     serverid = realm_to_serverid(api.env.realm)
     dselist = [config_dirname(serverid)]
-    if not dogtag.install_constants.SHARED_DB:
-        dselist.append('/etc/dirsrv/slapd-PKI-IPA/')
     for dse in dselist:
         try:
             fd = open(dse + 'dse.ldif', 'r')
author	Petr Viktorin <pviktori@redhat.com>	2012-11-15 09:38:24 -0500
committer	Petr Viktorin <pviktori@redhat.com>	2013-05-31 10:26:07 +0200
commit	34ba1b7060a9f5271c4f59bca7bfb689335e1c47 (patch)
tree	e63ced8ce58243773f1c240d68956c944d194d79 /install
parent	b21abc76caac8b251f708e77da7c8c7046fa22a7 (diff)
download	freeipa.git-34ba1b7060a9f5271c4f59bca7bfb689335e1c47.tar.gz freeipa.git-34ba1b7060a9f5271c4f59bca7bfb689335e1c47.tar.xz freeipa.git-34ba1b7060a9f5271c4f59bca7bfb689335e1c47.zip