diff options
| author | Petr Viktorin <pviktori@redhat.com> | 2013-02-25 17:15:23 +0100 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-03-08 15:42:20 +0100 |
| commit | 6ff20ca2d979f481ce91f013469e53d74a95dd48 (patch) | |
| tree | d0a5938e3a02ec2df72c8028d7eda873b96620fa /ipaserver/install/cainstance.py | |
| parent | 9955ba0714996db7b2b97261d3eb72f281eaa2f6 (diff) | |
| download | freeipa.git-6ff20ca2d979f481ce91f013469e53d74a95dd48.tar.gz freeipa.git-6ff20ca2d979f481ce91f013469e53d74a95dd48.tar.xz freeipa.git-6ff20ca2d979f481ce91f013469e53d74a95dd48.zip | |
Fix installing server with external CA
Reorganize ipa-server-instal so that DS (and NTP server) installation
only happens in step one.
Change CAInstance to behave correctly in two-step install.
Add an `init_info` method to DSInstance that includes common
attribute/sub_dict initialization from create_instance and create_replica.
Use it in ipa-server-install to get a properly configured DSInstance
for later tasks.
https://fedorahosted.org/freeipa/ticket/3459
Diffstat (limited to 'ipaserver/install/cainstance.py')
| -rw-r--r-- | ipaserver/install/cainstance.py | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index a1107cee..cba5fc9f 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -238,8 +238,10 @@ def get_crl_files(path=None): def is_step_one_done(): '''Read CS.cfg and determine if step one of an external CA install is done ''' - test = installutils.get_directive( - dogtag.install_constants.CS_CFG_PATH, 'preop.ca.type', '=') + path = dogtag.install_constants.CS_CFG_PATH + if not os.path.exists(path): + return False + test = installutils.get_directive(path, 'preop.ca.type', '=') if test == "otherca": return True return False @@ -736,16 +738,16 @@ class CAInstance(service.Service): finally: os.remove(cfg_file) - if not self.clone: - shutil.move("/root/.pki/pki-tomcat/ca_admin_cert.p12", \ - "/root/ca-agent.p12") - shutil.move("/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12", \ - "/root/cacert.p12") - if self.external == 1: print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" sys.exit(0) + else: + if not self.clone: + shutil.move("/root/.pki/pki-tomcat/ca_admin_cert.p12", \ + "/root/ca-agent.p12") + shutil.move("/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12", \ + "/root/cacert.p12") root_logger.debug("completed creating ca instance") |