cainstall: add dm_password to CA installation

Installation of Certificate Server replica requires directory manager password. Specify it explicitly in function call and pass it in through an argument. https://fedorahosted.org/freeipa/ticket/6461 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Tomas Krizek <tkrizek@redhat.com> 2016-10-19 09:44:35 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-11-07 11:34:03 +0100
commit: 7a1c0db989cf59a778676635e160f73ebc610694 (patch)
tree: c69c02ed7e6db3da0dcaa4dc838ab327bb90abda
parent: 9fca820b6bc2144cd827bddba69cb53f8ba3f42a (diff)
download: freeipa-7a1c0db989cf59a778676635e160f73ebc610694.tar.gz
freeipa-7a1c0db989cf59a778676635e160f73ebc610694.tar.xz
freeipa-7a1c0db989cf59a778676635e160f73ebc610694.zip
3 files changed, 4 insertions, 1 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index bab87fa26..2d2494881 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -192,6 +192,7 @@ def install_replica(safe_options, options, filename):
         CA = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
                                    host_name=config.host_name)
         CA.configure_replica(config.ca_host_name,
+                             config.dirman_password,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)
         # Install CA DNS records
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 511a52431..99d61e430 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1317,7 +1317,7 @@ class CAInstance(DogtagInstance):
         basedn = ipautil.realm_to_suffix(self.realm)
         self.ldap_enable('CA', self.fqdn, None, basedn)
 
-    def configure_replica(self, master_host, subject_base=None,
+    def configure_replica(self, master_host, dm_password, subject_base=None,
                           ca_cert_bundle=None, ca_signing_algorithm=None,
                           ca_type=None):
         """Creates a replica CA, creating a local DS backend and using
@@ -1325,6 +1325,7 @@ class CAInstance(DogtagInstance):
         Requires domain_level >= DOMAIN_LEVEL_1 and custodia on the master.
         """
         self.master_host = master_host
+        self.dm_password = dm_password
         self.master_replication_port = 389
         if subject_base is None:
             self.subject_base = DN(('O', self.realm))
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 82afdcda3..6ae979899 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1516,6 +1516,7 @@ def promote(installer):
         ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
                                    host_name=config.host_name)
         ca.configure_replica(config.ca_host_name,
+                             config.dirman_password,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)
author	Tomas Krizek <tkrizek@redhat.com>	2016-10-19 09:44:35 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-11-07 11:34:03 +0100
commit	7a1c0db989cf59a778676635e160f73ebc610694 (patch)
tree	c69c02ed7e6db3da0dcaa4dc838ab327bb90abda
parent	9fca820b6bc2144cd827bddba69cb53f8ba3f42a (diff)
download	freeipa-7a1c0db989cf59a778676635e160f73ebc610694.tar.gz freeipa-7a1c0db989cf59a778676635e160f73ebc610694.tar.xz freeipa-7a1c0db989cf59a778676635e160f73ebc610694.zip