merge KRA installation machinery to a single module

This is a prerequisite to further refactoring of KRA install/uninstall functionality in all IPA install scripts. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2015-05-15 19:02:22 +0200
committer: Jan Cholasta <jcholast@redhat.com> 2015-05-25 16:23:32 +0000
commit: 6a4b428120c2e351ad0f1b4573f50b106844b1fd (patch)
tree: efd52a4aa59c5194c57389866310cebb319cb05f /install
parent: 5fd8e53f66bcc96afbcf08686c345e6f2b7ee775 (diff)
download: freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.tar.gz
freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.tar.xz
freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.zip
2 files changed, 20 insertions, 30 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index f68cc8cf4..c75848b1a 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -37,10 +37,10 @@ from ipaserver.install import memcacheinstance, dnskeysyncinstance
 from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import (
-    create_replica_config, read_replica_info_kra_enabled, private_ccache)
+    create_replica_config, private_ccache)
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
-from ipaserver.install import krainstance
+from ipaserver.install import kra
 from ipaserver.install import dns as dns_installer
 from ipalib import api, create_api, errors, util, certstore, x509
 from ipalib.constants import CACERT
@@ -473,12 +473,12 @@ def main():
 
     config.setup_kra = options.setup_kra
     if config.setup_kra:
-        if not config.setup_ca:
-            print "CA must be installed with the KRA"
-            sys.exit(1)
-        if not read_replica_info_kra_enabled(config.dir):
-            print "KRA is not installed on the master system"
-            sys.exit(1)
+        try:
+            kra.install_check(config, options, False,
+                              dogtag.install_constants.DOGTAG_VERSION)
+        except RuntimeError as e:
+            print str(e)
+            exit(1)
 
     installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
 
@@ -660,10 +660,7 @@ def main():
     ds.apply_updates()
 
     if options.setup_kra:
-        kra = krainstance.install_replica_kra(config)
-        service.print_msg("Restarting the directory server")
-        ds.restart()
-        kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH)
+        kra.install(config, options, dirman_password)
     else:
         service.print_msg("Restarting the directory server")
         ds.restart()
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index cb6e1abe2..9bb8955dc 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -53,13 +53,13 @@ from ipaserver.install import httpinstance
 from ipaserver.install import ntpinstance
 from ipaserver.install import certs
 from ipaserver.install import cainstance
-from ipaserver.install import krainstance
 from ipaserver.install import memcacheinstance
 from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade
 from ipaserver.install import replication
 from ipaserver.install import dns as dns_installer
 from ipaserver.install import service, installutils
+from ipaserver.install import kra
 from ipapython import version
 from ipapython import certmonger
 from ipapython import ipaldap
@@ -577,11 +577,7 @@ def uninstall():
         if cads_instance.is_configured():
             cads_instance.uninstall()
 
-    kra_instance = krainstance.KRAInstance(
-        api.env.realm, dogtag_constants=dogtag_constants)
-    kra_instance.stop_tracking_certificates()
-    if kra_instance.is_installed():
-        kra_instance.uninstall()
+    kra.uninstall()
 
     ca_instance = cainstance.CAInstance(
         api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants)
@@ -1036,6 +1032,14 @@ def main():
     else:
         admin_password = options.admin_password
 
+    if setup_kra:
+        try:
+            kra.install_check(None, options, False,
+                              dogtag.install_constants.DOGTAG_VERSION)
+        except RuntimeError as e:
+            print str(e)
+            exit(1)
+
     if options.setup_dns:
         dns_installer.install_check(False, False, options, host_name)
         ip_addresses = dns_installer.ip_addresses
@@ -1290,18 +1294,7 @@ def main():
     http.restart()
 
     if setup_kra:
-        kra = krainstance.KRAInstance(realm_name,
-            dogtag_constants=dogtag.install_constants)
-        kra.configure_instance(host_name, domain_name, dm_password,
-                               dm_password, subject_base=options.subject)
-
-        # This is done within stopped_service context, which restarts KRA
-        service.print_msg("Restarting the directory server")
-        ds.restart()
-
-        service.print_msg("Enabling KRA to authenticate with the database "
-                          "using client certificates")
-        kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH)
+        kra.install(None, options, dm_password)
 
     # Set the admin user kerberos password
     ds.change_admin_password(admin_password)
author	Martin Babinsky <mbabinsk@redhat.com>	2015-05-15 19:02:22 +0200
committer	Jan Cholasta <jcholast@redhat.com>	2015-05-25 16:23:32 +0000
commit	6a4b428120c2e351ad0f1b4573f50b106844b1fd (patch)
tree	efd52a4aa59c5194c57389866310cebb319cb05f /install
parent	5fd8e53f66bcc96afbcf08686c345e6f2b7ee775 (diff)
download	freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.tar.gz freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.tar.xz freeipa-6a4b428120c2e351ad0f1b4573f50b106844b1fd.zip