Call generate-rndc-key.sh during ipa-server-install

Since systemd has by default a 2 minute timeout to start
a service, the end of ipa-server-install might fail
because starting named times out. This patch ensures that
generate-rndc-key.sh runs before named service restart.

Also, warning message is displayed before KDC install and
generate-rndc-key.sh, if there is a lack of entropy, to
notify the user that the process could take more time
than expected.

Modifications done by Martin Kosek:
- removed whitespace at the end of installutils.py
- the warning in krbinstance.py moved right before the step
  requiring entropy
- slightly reworded the warning message

https://fedorahosted.org/freeipa/ticket/4210

Reviewed-By: Martin Kosek <mkosek@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 613af5c91..c5ff76726 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -523,6 +523,9 @@ class BindInstance(service.Service):
         if installutils.record_in_hosts(self.ip_address, self.fqdn) is None:
             installutils.add_record_to_hosts(self.ip_address, self.fqdn)
 
+        # Make sure generate-rndc-key.sh runs before named restart
+        self.step("generating rndc key file", self.__generate_rndc_key)
+
         if self.first_instance:
             self.step("adding DNS container", self.__setup_dns_container)
 
@@ -820,6 +823,10 @@ class BindInstance(service.Service):
         except IOError as e:
             root_logger.error('Could not write to resolv.conf: %s', e)
 
+    def __generate_rndc_key(self):
+        installutils.check_entropy()
+        ipautil.run(['/usr/libexec/generate-rndc-key.sh'])
+
     def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name,
                                reverse_zone, ntp=False, ca_configured=None):
         self.fqdn = fqdn