diff options
| author | Martin Basti <mbasti@redhat.com> | 2017-03-02 17:08:59 +0100 |
|---|---|---|
| committer | David Kupka <dkupka@redhat.com> | 2017-03-08 15:50:30 +0100 |
| commit | 4006cbbc02c368ac9e5e3721613158decb34fd37 (patch) | |
| tree | 12e723414cfb263166df5ce00d625c05f60104af /install/tools | |
| parent | ad3451067ad474ea52872913d6789b1652f9a9c4 (diff) | |
| download | freeipa-4006cbbc02c368ac9e5e3721613158decb34fd37.tar.gz freeipa-4006cbbc02c368ac9e5e3721613158decb34fd37.tar.xz freeipa-4006cbbc02c368ac9e5e3721613158decb34fd37.zip | |
KRA: add --setup-kra to ipa-server-install
This patch allows to install KRA on first IPA server in one step using
ipa-server-install
This option improves containers installation where ipa-server can be
installed with KRA using one call without need to call docker exec.
Please note the the original `kra.install()` calls in
ipaserver/install/server/install.py were empty operations as it did
nothing, so it is safe to move them out from CA block
https://pagure.io/freeipa/issue/6731
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'install/tools')
| -rw-r--r-- | install/tools/man/ipa-replica-install.1 | 6 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 5 |
2 files changed, 11 insertions, 0 deletions
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index 362ce03d7..d63912c70 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -146,6 +146,12 @@ Name of the Kerberos KDC SSL certificate to install \fB\-\-skip\-schema\-check\fR Skip check for updated CA DS schema on the remote master +.SS "SECRET MANAGEMENT OPTIONS" +.TP +\fB\-\-setup\-kra\fR +Install and configure a KRA on this replica. If a KRA is not configured then +vault operations will be forwarded to a master with a KRA installed. + .SS "DNS OPTIONS" .TP \fB\-\-setup\-dns\fR diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 81663b08e..c48bdae74 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -134,6 +134,11 @@ The subject base for certificates issued by IPA (default O=REALM.NAME). RDNs ar \fB\-\-ca\-signing\-algorithm\fR=\fIALGORITHM\fR Signing algorithm of the IPA CA certificate. Possible values are SHA1withRSA, SHA256withRSA, SHA512withRSA. Default value is SHA256withRSA. Use this option with --external-ca if the external CA does not support the default signing algorithm. +.SS "SECRET MANAGEMENT OPTIONS" +.TP +\fB\-\-setup\-kra\fR +Install and configure a KRA on this server. + .SS "DNS OPTIONS" IPA provides an integrated DNS server which can be used to simplify IPA deployment. If you decide to use it, IPA will automatically maintain SRV and other service records when you change your topology. |