diff options
| author | Petr Vobornik <pvoborni@redhat.com> | 2015-07-15 11:17:14 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-10-15 14:24:33 +0200 |
| commit | fff31ca220311421f1ac8cef0888aaa892e97584 (patch) | |
| tree | 27fa5bcca4be933ce04a2d18e37bfc70f1cbcb5a /ipaserver | |
| parent | 86240938b58cd9bf85a96d34c39b55f6d59a36b8 (diff) | |
| download | freeipa-fff31ca220311421f1ac8cef0888aaa892e97584.tar.gz freeipa-fff31ca220311421f1ac8cef0888aaa892e97584.tar.xz freeipa-fff31ca220311421f1ac8cef0888aaa892e97584.zip | |
topology: manage ca replication agreements
Configure IPA so that topology plugin will manage also CA replication
agreements.
upgrades if CA is congigured:
- ipaca suffix is added to cn=topology,cn=ipa,cn=etc,$SUFFIX
- ipaReplTopoManagedSuffix: o=ipaca is added to master entry
- binddngroup is added to o=ipaca replica entry
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/cainstance.py | 10 | ||||
| -rw-r--r-- | ipaserver/install/plugins/update_ca_topology.py | 34 |
2 files changed, 44 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index b89226980..c07421371 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -63,6 +63,7 @@ from ipapython.ipa_log_manager import log_mgr,\ from ipaserver.install import certs from ipaserver.install import dsinstance from ipaserver.install import installutils +from ipaserver.install import ldapupdate from ipaserver.install import service from ipaserver.install.dogtaginstance import ( DEFAULT_DSPORT, PKI_USER, export_kra_agent_pem, DogtagInstance) @@ -806,6 +807,15 @@ class CAInstance(DogtagInstance): except Exception as e: root_logger.warning("Failed to backup CS.cfg: %s", e) + def __update_topology(self): + ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={ + 'SUFFIX': api.env.basedn, + 'FQDN': self.fqdn, + }) + rv = ld.update([paths.CA_TOPOLOGY_ULDIF]) + if not rv: + raise RuntimeError("Failed to update CA topology configuration") + def __disable_nonce(self): # Turn off Nonces update_result = installutils.update_file( diff --git a/ipaserver/install/plugins/update_ca_topology.py b/ipaserver/install/plugins/update_ca_topology.py new file mode 100644 index 000000000..ce4b5bc9a --- /dev/null +++ b/ipaserver/install/plugins/update_ca_topology.py @@ -0,0 +1,34 @@ +# +# Copyright (C) 2015 FreeIPA Contributors see COPYING for license +# + +from ipalib import api +from ipalib import Updater +from ipaserver.install import certs, cainstance +from ipaserver.install import ldapupdate +from ipaplatform.paths import paths + + +class update_ca_topology(Updater): + """ + Updates CA topology configuration entries + """ + + def execute(self, **options): + + ca = cainstance.CAInstance(self.api.env.realm, certs.NSS_DIR) + if not ca.is_configured(): + self.log.debug("CA is not configured on this host") + return False, [] + + ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={ + 'SUFFIX': self.api.env.basedn, + 'FQDN': self.api.env.host, + }) + rv = ld.update([paths.CA_TOPOLOGY_ULDIF]) + if not rv: + self.log.error("Failed to update CA topology configuration") + + return False, [] + +api.register(update_ca_topology) |