custodia: Make sure container is created with first custodia replica

If a first 4.3+ replica is installed in the domain, the custodia container does not exist. Make sure it is created to avoid failures during key generation. https://fedorahosted.org/freeipa/ticket/5474 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2015-11-27 16:21:02 +0100
committer: Tomas Babej <tbabej@redhat.com> 2015-11-30 11:54:44 +0100
commit: 79f32a6dc41f7058488f97c2fe7d5b087d003174 (patch)
tree: 23161fa761a086e5eb32819d436c92a418bbbf6e /ipaserver/install/custodiainstance.py
parent: ab8cba61c08571e4cbce1246bcbf820d3e337506 (diff)
download: freeipa-79f32a6dc41f7058488f97c2fe7d5b087d003174.tar.gz
freeipa-79f32a6dc41f7058488f97c2fe7d5b087d003174.tar.xz
freeipa-79f32a6dc41f7058488f97c2fe7d5b087d003174.zip
1 files changed, 15 insertions, 0 deletions
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index c2ecd3970..df99962a7 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -7,6 +7,7 @@ from service import SimpleServiceInstance
 from ipapython import ipautil
 from ipapython.ipa_log_manager import root_logger
 from ipaserver.install import installutils
+from ipaserver.install import ldapupdate
 from ipaserver.install import sysupgrade
 from base64 import b64encode, b64decode
 from jwcrypto.common import json_decode
@@ -41,6 +42,7 @@ class CustodiaInstance(SimpleServiceInstance):
     def create_instance(self, dm_password=None):
         suffix = ipautil.realm_to_suffix(self.realm)
         self.step("Generating ipa-custodia config file", self.__config_file)
+        self.step("Making sure custodia container exists", self.__create_container)
         self.step("Generating ipa-custodia keys", self.__gen_keys)
         super(CustodiaInstance, self).create_instance(gensvc_name='KEYS',
                                                       fqdn=self.fqdn,
@@ -72,6 +74,19 @@ class CustodiaInstance(SimpleServiceInstance):
                                                       ldap_suffix=suffix,
                                                       realm=self.realm)
 
+    def __create_container(self):
+        """
+        Runs the custodia update file to ensure custodia container is present.
+        """
+
+        sub_dict = {
+            'SUFFIX': self.suffix,
+        }
+
+        updater = ldapupdate.LDAPUpdate(dm_password=self.dm_password,
+                                        sub_dict=sub_dict)
+        updater.update([os.path.join(paths.UPDATES_DIR, '73-custodia.update')])
+
     def __import_ra_key(self):
         cli = CustodiaClient(self.fqdn, self.master_host_name, self.realm)
         cli.fetch_key('ra/ipaCert')
author	Tomas Babej <tbabej@redhat.com>	2015-11-27 16:21:02 +0100
committer	Tomas Babej <tbabej@redhat.com>	2015-11-30 11:54:44 +0100
commit	79f32a6dc41f7058488f97c2fe7d5b087d003174 (patch)
tree	23161fa761a086e5eb32819d436c92a418bbbf6e /ipaserver/install/custodiainstance.py
parent	ab8cba61c08571e4cbce1246bcbf820d3e337506 (diff)
download	freeipa-79f32a6dc41f7058488f97c2fe7d5b087d003174.tar.gz freeipa-79f32a6dc41f7058488f97c2fe7d5b087d003174.tar.xz freeipa-79f32a6dc41f7058488f97c2fe7d5b087d003174.zip