diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2015-05-15 19:02:22 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2015-05-25 16:23:32 +0000 |
commit | 6a4b428120c2e351ad0f1b4573f50b106844b1fd (patch) | |
tree | efd52a4aa59c5194c57389866310cebb319cb05f /ipaserver/install/kra.py | |
parent | 5fd8e53f66bcc96afbcf08686c345e6f2b7ee775 (diff) | |
download | freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.tar.gz freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.tar.xz freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.zip |
merge KRA installation machinery to a single module
This is a prerequisite to further refactoring of KRA install/uninstall
functionality in all IPA install scripts.
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install/kra.py')
-rw-r--r-- | ipaserver/install/kra.py | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py new file mode 100644 index 000000000..966d171dc --- /dev/null +++ b/ipaserver/install/kra.py @@ -0,0 +1,85 @@ +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +import os +from ConfigParser import RawConfigParser +from ipalib import api +from ipaplatform.paths import paths +from ipapython import dogtag +from ipaserver.install import cainstance +from ipaserver.install import krainstance +from ipaserver.install import dsinstance +from ipaserver.install import service +from ipaserver.install.installutils import read_replica_info_kra_enabled + + +def install_check(replica_config, options, enable_kra, dogtag_version): + if enable_kra: + raise RuntimeError("KRA is already installed.") + + if not options.setup_ca: + if cainstance.is_ca_installed_locally(): + if dogtag_version >= 10: + # correct dogtag version of CA installed + pass + else: + raise RuntimeError( + "Dogtag must be version 10.2 or above to install KRA") + else: + raise RuntimeError( + "Dogtag CA is not installed. Please install the CA first") + + if replica_config is not None: + if not read_replica_info_kra_enabled(replica_config.dir): + raise RuntimeError( + "Either KRA is not installed on the master system or " + "your replica file is out of date" + ) + + +def install(replica_config, options, dm_password): + subject = dsinstance.DsInstance().find_subject_base() + if replica_config is None: + kra = krainstance.KRAInstance( + api.env.realm, + dogtag_constants=dogtag.install_constants) + + kra.configure_instance( + api.env.host, api.env.domain, dm_password, + dm_password, subject_base=subject) + else: + kra = krainstance.install_replica_kra(replica_config) + + service.print_msg("Restarting the directory server") + ds = dsinstance.DsInstance() + ds.restart() + + kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH) + + # Update config file + parser = RawConfigParser() + parser.read(paths.IPA_DEFAULT_CONF) + parser.set('global', 'enable_kra', 'True') + + with open(paths.IPA_DEFAULT_CONF, 'w') as f: + parser.write(f) + + +def uninstall(): + dogtag_constants = dogtag.configured_constants() + + kra_instance = krainstance.KRAInstance( + api.env.realm, dogtag_constants=dogtag_constants) + kra_instance.stop_tracking_certificates() + if kra_instance.is_installed(): + kra_instance.uninstall() + + # Check if config file exists, then update it + if os.path.exists(paths.IPA_DEFAULT_CONF): + parser = RawConfigParser() + parser.read(paths.IPA_DEFAULT_CONF) + parser.set('global', 'enable_kra', 'False') + + with open(paths.IPA_DEFAULT_CONF, 'w') as f: + parser.write(f) |