From 6ff20ca2d979f481ce91f013469e53d74a95dd48 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Mon, 25 Feb 2013 17:15:23 +0100
Subject: Fix installing server with external CA

Reorganize ipa-server-instal so that DS (and NTP server) installation
only happens in step one.

Change CAInstance to behave correctly in two-step install.

Add an `init_info` method to DSInstance that includes common
attribute/sub_dict initialization from create_instance and create_replica.
Use it in ipa-server-install to get a properly configured DSInstance
for later tasks.

https://fedorahosted.org/freeipa/ticket/3459
---
 ipaserver/install/cainstance.py | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

(limited to 'ipaserver/install/cainstance.py')

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index a1107cee..cba5fc9f 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -238,8 +238,10 @@ def get_crl_files(path=None):
 def is_step_one_done():
     '''Read CS.cfg and determine if step one of an external CA install is done
     '''
-    test = installutils.get_directive(
-        dogtag.install_constants.CS_CFG_PATH, 'preop.ca.type', '=')
+    path = dogtag.install_constants.CS_CFG_PATH
+    if not os.path.exists(path):
+        return False
+    test = installutils.get_directive(path, 'preop.ca.type', '=')
     if test == "otherca":
         return True
     return False
@@ -736,16 +738,16 @@ class CAInstance(service.Service):
         finally:
             os.remove(cfg_file)
 
-        if not self.clone:
-            shutil.move("/root/.pki/pki-tomcat/ca_admin_cert.p12", \
-                        "/root/ca-agent.p12")
-        shutil.move("/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12", \
-                    "/root/cacert.p12")
-
         if self.external == 1:
             print "The next step is to get %s signed by your CA and re-run ipa-server-install as:" % self.csr_file
             print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate"
             sys.exit(0)
+        else:
+            if not self.clone:
+                shutil.move("/root/.pki/pki-tomcat/ca_admin_cert.p12", \
+                            "/root/ca-agent.p12")
+            shutil.move("/var/lib/pki/pki-tomcat/alias/ca_backup_keys.p12", \
+                        "/root/cacert.p12")
 
         root_logger.debug("completed creating ca instance")
 
-- 
cgit