install: drop support for Dogtag 9

Dogtag 9 CA and CA DS install and uninstall code was removed. Existing Dogtag 9 CA and CA DS instances are disabled on upgrade. Creating a replica of a Dogtag 9 IPA master is still supported. https://fedorahosted.org/freeipa/ticket/5197 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2015-11-09 18:28:47 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2015-11-25 09:12:25 +0100
commit: aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0 (patch)
tree: 302b9ef0c8d4afbccc141f4f4b68a42295542cd8 /install
parent: 5427e7a8c7216b0aa54159a668951d71fb009139 (diff)
download: freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.tar.gz
freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.tar.xz
freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.zip
4 files changed, 13 insertions, 22 deletions
diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index 8ad0473b5..5f8646860 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -27,7 +27,7 @@ import tempfile
 import shutil
 import traceback
 
-from ipapython import dogtag, ipautil
+from ipapython import ipautil
 from ipapython.dn import DN
 from ipalib import api, errors, x509, certstore
 from ipaserver.install import certs, cainstance, installutils
@@ -42,20 +42,17 @@ def _main():
     api.bootstrap(context='restart')
     api.finalize()
 
-    configured_constants = dogtag.configured_constants(api)
-    alias_dir = configured_constants.ALIAS_DIR
-    dogtag_service = services.knownservices[configured_constants.SERVICE_NAME]
-    dogtag_instance = configured_constants.PKI_INSTANCE_NAME
+    dogtag_service = services.knownservices['pki_tomcatd']
 
     # dogtag opens its NSS database in read/write mode so we need it
     # shut down so certmonger can open it read/write mode. This avoids
     # database corruption. It should already be stopped by the pre-command
     # but lets be sure.
-    if dogtag_service.is_running(dogtag_instance):
+    if dogtag_service.is_running('pki-tomcat'):
         syslog.syslog(
             syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name)
         try:
-            dogtag_service.stop(dogtag_instance)
+            dogtag_service.stop('pki-tomcat')
         except Exception as e:
             syslog.syslog(
                 syslog.LOG_ERR,
@@ -65,7 +62,7 @@ def _main():
                 syslog.LOG_NOTICE, "Stopped %s" % dogtag_service.service_name)
 
     # Fetch the new certificate
-    db = certs.CertDB(api.env.realm, nssdir=alias_dir)
+    db = certs.CertDB(api.env.realm, nssdir=paths.PKI_TOMCAT_ALIAS_DIR)
     cert = db.get_cert_from_db(nickname, pem=False)
     if not cert:
         syslog.syslog(syslog.LOG_ERR, 'No certificate %s found.' % nickname)
@@ -79,7 +76,7 @@ def _main():
         os.environ['KRB5CCNAME'] = ccache_filename
 
         ca = cainstance.CAInstance(host_name=api.env.host, ldapi=False)
-        ca.update_cert_config(nickname, cert, configured_constants)
+        ca.update_cert_config(nickname, cert)
         if ca.is_renewal_master():
             cainstance.update_people_entry(cert)
 
@@ -100,7 +97,7 @@ def _main():
                     (nickname, db.secdir))
         elif nickname == 'caSigningCert cert-pki-ca':
             # Update CS.cfg
-            cfg_path = configured_constants.CS_CFG_PATH
+            cfg_path = paths.CA_CS_CFG_PATH
             config = installutils.get_directive(
                 cfg_path, 'subsystem.select', '=')
             if config == 'New':
@@ -203,7 +200,7 @@ def _main():
         syslog.LOG_NOTICE,
         'Starting %s' % dogtag_service.service_name)
     try:
-        dogtag_service.start(dogtag_instance)
+        dogtag_service.start('pki-tomcat')
     except Exception as e:
         syslog.syslog(
             syslog.LOG_ERR,
diff --git a/install/restart_scripts/stop_pkicad b/install/restart_scripts/stop_pkicad
index 7a238706d..22d492012 100644
--- a/install/restart_scripts/stop_pkicad
+++ b/install/restart_scripts/stop_pkicad
@@ -22,7 +22,6 @@
 import sys
 import syslog
 import traceback
-from ipapython import dogtag
 from ipalib import api
 from ipaplatform import services
 from ipaserver.install import certs
@@ -32,15 +31,13 @@ def main():
     api.bootstrap(context='restart')
     api.finalize()
 
-    configured_constants = dogtag.configured_constants(api)
-    dogtag_service = services.knownservices[configured_constants.SERVICE_NAME]
-    dogtag_instance = configured_constants.PKI_INSTANCE_NAME
+    dogtag_service = services.knownservices['pki_tomcatd']
 
     certs.renewal_lock.acquire('renew_ca_cert')
 
     syslog.syslog(syslog.LOG_NOTICE, "Stopping %s" % dogtag_service.service_name)
     try:
-        dogtag_service.stop(dogtag_instance)
+        dogtag_service.stop('pki-tomcat')
     except Exception as e:
         syslog.syslog(
             syslog.LOG_ERR, "Cannot stop %s: %s" % (dogtag_service.service_name, e))
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 4c778d950..fafd5d091 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -30,7 +30,6 @@ from ipaserver.install.installutils import create_replica_config
 from ipaserver.install.installutils import check_creds, ReplicaConfig
 from ipaserver.install import dsinstance, ca
 from ipaserver.install import cainstance, custodiainstance, service
-from ipapython import dogtag
 from ipapython import version
 from ipalib import api
 from ipalib.constants import DOMAIN_LEVEL_0
@@ -144,7 +143,7 @@ def install_replica(safe_options, options, filename):
         config.host_name = api.env.host
         config.domain_name = api.env.domain
         config.dirman_password = dirman_password
-        config.ca_ds_port = dogtag.install_constants.DS_PORT
+        config.ca_ds_port = 389
         config.top_dir = tempfile.mkdtemp("ipa")
         config.dir = config.top_dir
     else:
@@ -184,7 +183,6 @@ def install_replica(safe_options, options, filename):
         custodia.get_ca_keys(config.ca_host_name, ca_data[0], ca_data[1])
 
         CA = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
-                                   dogtag_constants=dogtag.install_constants,
                                    host_name=config.host_name,
                                    dm_password=config.dirman_password)
         CA.configure_replica(config.ca_host_name,
diff --git a/install/tools/ipa-replica-conncheck b/install/tools/ipa-replica-conncheck
index e4c259b7e..a67837c54 100755
--- a/install/tools/ipa-replica-conncheck
+++ b/install/tools/ipa-replica-conncheck
@@ -23,7 +23,6 @@ from __future__ import print_function
 from ipapython.config import IPAOptionParser
 from ipapython import version
 from ipapython import ipautil
-from ipapython import dogtag
 from ipapython.ipautil import CalledProcessError
 from ipaserver.install import installutils
 import ipaclient.ipachangeconf
@@ -325,8 +324,8 @@ def main():
     if options.check_ca:
         # Check old Dogtag CA replication port
         # New installs with unified databases use main DS port (checked above)
-        required_ports.append(CheckedPort(dogtag.Dogtag9Constants.DS_PORT,
-            SOCK_STREAM, "PKI-CA: Directory Service port"))
+        required_ports.append(CheckedPort(7389, SOCK_STREAM,
+                                          "PKI-CA: Directory Service port"))
 
     if options.replica:
         print_info("Check connection from master to remote replica '%s':" % options.replica)
author	Jan Cholasta <jcholast@redhat.com>	2015-11-09 18:28:47 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2015-11-25 09:12:25 +0100
commit	aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0 (patch)
tree	302b9ef0c8d4afbccc141f4f4b68a42295542cd8 /install
parent	5427e7a8c7216b0aa54159a668951d71fb009139 (diff)
download	freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.tar.gz freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.tar.xz freeipa-aeffe2da42734655cbaedb2c4d4f9e28bd2df1c0.zip