diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-07-23 19:03:46 +0200 |
|---|---|---|
| committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-09-02 15:28:51 +0200 |
| commit | 774140196360c727f11c75622ace488d591ddfba (patch) | |
| tree | e83b96bae933aff446899e2a45a970c4fd06bcce /install/tools/ipa-csreplica-manage | |
| parent | a2eab057d4adfaa8da7fee07410e1a33efb7f95d (diff) | |
| download | freeipa-774140196360c727f11c75622ace488d591ddfba.tar.gz freeipa-774140196360c727f11c75622ace488d591ddfba.tar.xz freeipa-774140196360c727f11c75622ace488d591ddfba.zip | |
Allow changing CA renewal master in ipa-csreplica-manage.
https://fedorahosted.org/freeipa/ticket/4039
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/ipa-csreplica-manage')
| -rwxr-xr-x | install/tools/ipa-csreplica-manage | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index cfcb354f2..c534446d7 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -34,15 +34,16 @@ from ipapython.dn import DN # dict of command name and tuples of min/max num of args needed commands = { - "list":(0, 1, "[master fqdn]", ""), - "connect":(1, 2, "<master fqdn> [other master fqdn]", - "must provide the name of the servers to connect"), - "disconnect":(1, 2, "<master fqdn> [other master fqdn]", - "must provide the name of the server to disconnect"), - "del":(1, 1, "<master fqdn>", - "must provide hostname of master to delete"), - "re-initialize":(0, 0, "", ""), - "force-sync":(0, 0, "", "") + "list": (0, 1, "[master fqdn]", ""), + "connect": (1, 2, "<master fqdn> [other master fqdn]", + "must provide the name of the servers to connect"), + "disconnect": (1, 2, "<master fqdn> [other master fqdn]", + "must provide the name of the server to disconnect"), + "del": (1, 1, "<master fqdn>", + "must provide hostname of master to delete"), + "re-initialize": (0, 0, "", ""), + "force-sync": (0, 0, "", ""), + "set-renewal-master": (0, 1, "[master fqdn]", "") } @@ -375,6 +376,21 @@ def force_sync(realm, thishost, fromhost, dirman_passwd): except Exception, e: sys.exit(str(e)) +def set_renewal_master(realm, replica): + if not replica: + replica = installutils.get_fqdn() + + ca = cainstance.CAInstance(realm, certs.NSS_DIR) + if ca.is_renewal_master(replica): + sys.exit("%s is already the renewal master" % replica) + + try: + ca.set_renewal_master(replica) + except Exception, e: + sys.exit("Failed to set renewal master to %s: %s" % (replica, e)) + + print "%s is now the renewal master" % replica + def main(): options, args = parse_options() @@ -439,6 +455,11 @@ def main(): replica1 = host replica2 = args[1] del_link(realm, replica1, replica2, dirman_passwd, options.force) + elif args[0] == 'set-renewal-master': + replica = None + if len(args) > 1: + replica = args[1] + set_renewal_master(realm, replica) try: main() |