diff options
| author | David Kupka <dkupka@redhat.com> | 2014-09-29 04:27:30 -0400 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-10-10 11:57:44 +0200 |
| commit | 35c7bd05afd9b1c5d3f3b0049773535e65b8d080 (patch) | |
| tree | 787733fdc2c526109cb0459f7cc05bc3f74938f6 | |
| parent | 92a08266afb565bd50a8f059ef40f3d727fc2466 (diff) | |
| download | freeipa-35c7bd05afd9b1c5d3f3b0049773535e65b8d080.tar.gz freeipa-35c7bd05afd9b1c5d3f3b0049773535e65b8d080.tar.xz freeipa-35c7bd05afd9b1c5d3f3b0049773535e65b8d080.zip | |
Check that port 8443 is available when installing PKI.
https://fedorahosted.org/freeipa/ticket/4564
Reviewed-By: Martin Kosek <mkosek@redhat.com>
| -rwxr-xr-x | install/tools/ipa-ca-install | 9 | ||||
| -rwxr-xr-x | install/tools/ipa-replica-install | 5 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 5 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 8 |
4 files changed, 27 insertions, 0 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index c984bf477..bd30b27ae 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -95,6 +95,11 @@ def get_dirman_password(): "Directory Manager (existing master)", confirm=False, validate=False) +def check_ca(): + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit(1) + def install_dns_records(config, options): if not bindinstance.dns_container_exists(config.master_host_name, @@ -172,6 +177,8 @@ def install_replica(safe_options, options, filename): else: cainstance.replica_ca_install_check(config) + check_ca() + # Configure the CA if necessary CA = cainstance.install_replica_ca(config, postinstall=True) @@ -262,6 +269,8 @@ def install_master(safe_options, options): domain_name = api.env.domain host_name = api.env.host + check_ca() + dirname = dsinstance.config_dirname( dsinstance.realm_to_serverid(realm_name)) cadb = certs.CertDB(realm_name, subject_base=subject_base) diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 74781d00d..0e0fa1788 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -476,6 +476,11 @@ def main(): check_dirsrv() + if options.setup_ca: + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit("Aborting installation") + if options.conf_ntp: try: ipaclient.ntpconf.check_timedate_services() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index f394f1e3c..ffff20a27 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -847,6 +847,11 @@ def main(): # Make sure the 389-ds ports are available check_dirsrv(options.unattended) + if setup_ca: + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit("Aborting installation") + if options.conf_ntp: try: ipaclient.ntpconf.check_timedate_services() diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index cbb9e2cf0..50217086c 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -87,6 +87,14 @@ ConfigFile = /usr/share/pki/ca/conf/database.ldif """ +def check_port(): + """ + Check that dogtag port (8443) is available. + + Returns True when the port is free, False if it's taken. + """ + return not ipautil.host_port_open(None, 8443) + def get_preop_pin(instance_root, instance_name): # Only used for Dogtag 9 preop_pin = None |