diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-06-23 02:06:49 -0400 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-06-23 02:11:34 -0400 |
commit | 8810758c11df8afb5fb7ddf97a71c55a431edfd2 (patch) | |
tree | 15065108a07fcd2d22527691b268b61a66b33fee /ipaserver/install/cainstance.py | |
parent | 975e2bfa2b48c60bba99e2f2e4f106e031230bd3 (diff) | |
download | freeipa-8810758c11df8afb5fb7ddf97a71c55a431edfd2.tar.gz freeipa-8810758c11df8afb5fb7ddf97a71c55a431edfd2.tar.xz freeipa-8810758c11df8afb5fb7ddf97a71c55a431edfd2.zip |
Let the framework be able to override the hostname.
The hostname is passed in during the server installation. We should use
this hostname for the resulting server as well. It was being discarded
and we always used the system hostname value.
Important changes:
- configure ipa_hostname in sssd on masters
- set PKI_HOSTNAME so the hostname is passed to dogtag installer
- set the hostname when doing ldapi binds
This also reorders some things in the dogtag installer to eliminate an
unnecessary restart. We were restarting the service twice in a row with
very little time in between and this could result in a slew of reported
errors, though the server installed ok.
ticket 1052
Diffstat (limited to 'ipaserver/install/cainstance.py')
-rw-r--r-- | ipaserver/install/cainstance.py | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 001e6eb09..928d01e47 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -519,7 +519,6 @@ class CAInstance(service.Service): # Step 1 of external is getting a CSR so we don't need to do these # steps until we get a cert back from the external CA. if self.external != 1: - self.step("restarting certificate server", self.__restart_instance) if not self.clone: self.step("creating CA agent PKCS#12 file in /root", self.__create_ca_agent_pkcs12) self.step("creating RA agent certificate database", self.__create_ra_agent_db) @@ -557,7 +556,7 @@ class CAInstance(service.Service): '-redirect', 'conf=/etc/pki-ca', '-redirect', 'logs=/var/log/pki-ca', ] - ipautil.run(args) + ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}) def __enable(self): self.backup_state("enabled", self.is_enabled()) @@ -673,7 +672,7 @@ class CAInstance(service.Service): # Define the things we don't want logged nolog = (self.admin_password, self.dm_password,) - ipautil.run(args, nolog=nolog) + ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog) except ipautil.CalledProcessError, e: logging.critical("failed to configure ca instance %s" % e) raise RuntimeError('Configuration of CA failed') @@ -683,11 +682,22 @@ class CAInstance(service.Service): print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" sys.exit(0) + # Turn off Nonces (again) + if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: + raise RuntimeError("Disabling nonces failed") + pent = pwd.getpwnam(PKI_USER) + os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) + + # pkisilent makes a copy of the CA PKCS#12 file for us but gives + # it a lousy name. + if ipautil.file_exists("/root/tmp-ca.p12"): + shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") + try: # After configuration the service is running and configured # but must be restarted for configuration to take effect. # The service status in this case will be 4. - self.restart() + self.__restart_instance() except ipautil.CalledProcessError, e: logging.critical("failed to restart ca instance after pkisilent configuration %s" % e) raise RuntimeError('Restarting CA after pkisilent configuration failed') @@ -702,17 +712,6 @@ class CAInstance(service.Service): logging.debug("completed creating ca instance") - # Turn off Nonces (again) - if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: - raise RuntimeError("Disabling nonces failed") - pent = pwd.getpwnam(PKI_USER) - os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) - - # pkisilent makes a copy of the CA PKCS#12 file for us but gives - # it a lousy name. - if ipautil.file_exists("/root/tmp-ca.p12"): - shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") - def __restart_instance(self): try: self.restart() |