dsinstance: use keytab retrieval method from parent class

DS replica can now use remote API and ipa-getkeytab to create service principal and fetch the keytab in both domain levels. There is no need to use KDC installer to do it. https://fedorahosted.org/freeipa/ticket/6405 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
author: Martin Babinsky <mbabinsk@redhat.com> 2016-11-03 18:13:28 +0100
committer: Jan Cholasta <jcholast@redhat.com> 2016-11-11 12:17:25 +0100
commit: 3129b874a2c222ff207f1302e5d85ae12df2eac9 (patch)
tree: bfb48b70953d6b45ed229e2b4bb31ab4307f0650 /ipaserver/install/dsinstance.py
parent: 6181844c0ce62b8d7d35554032346396b20ad3c0 (diff)
download: freeipa-3129b874a2c222ff207f1302e5d85ae12df2eac9.tar.gz
freeipa-3129b874a2c222ff207f1302e5d85ae12df2eac9.tar.xz
freeipa-3129b874a2c222ff207f1302e5d85ae12df2eac9.zip
1 files changed, 3 insertions, 18 deletions
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 7c5cf92c1..a604010da 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -390,8 +390,8 @@ class DsInstance(service.Service):
         self.__common_setup(enable_ssl=(not self.promote))
         self.step("restarting directory server", self.__restart_instance)
 
+        self.step("creating DS keytab", self._request_service_keytab)
         if self.promote:
-            self.step("creating DS keytab", self.__get_ds_keytab)
             if self.ca_is_configured:
                 self.step("retrieving DS Certificate", self.__get_ds_cert)
             self.step("restarting directory server", self.__restart_instance)
@@ -1224,29 +1224,14 @@ class DsInstance(service.Service):
         if self.domainlevel is not None:
             self._ldap_mod("domainlevel.ldif", self.sub_dict)
 
-    def __get_ds_keytab(self):
-
-        self.fstore.backup_file(self.keytab)
-        try:
-            os.unlink(self.keytab)
-        except OSError:
-            pass
-
-        installutils.install_service_keytab(self.api,
-                                            self.principal,
-                                            self.master_fqdn,
-                                            self.keytab,
-                                            force_service_add=True)
+    def _request_service_keytab(self):
+        super(DsInstance, self)._request_service_keytab()
 
         # Configure DS to use the keytab
         vardict = {"KRB5_KTNAME": self.keytab}
         ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
                                          replacevars=vardict)
 
-        # Keytab must be owned by DS itself
-        pent = pwd.getpwnam(self.service_user)
-        os.chown(self.keytab, pent.pw_uid, pent.pw_gid)
-
     def __get_ds_cert(self):
         subject = self.subject_base or DN(('O', self.realm))
         nssdb_dir = config_dirname(self.serverid)
author	Martin Babinsky <mbabinsk@redhat.com>	2016-11-03 18:13:28 +0100
committer	Jan Cholasta <jcholast@redhat.com>	2016-11-11 12:17:25 +0100
commit	3129b874a2c222ff207f1302e5d85ae12df2eac9 (patch)
tree	bfb48b70953d6b45ed229e2b4bb31ab4307f0650 /ipaserver/install/dsinstance.py
parent	6181844c0ce62b8d7d35554032346396b20ad3c0 (diff)
download	freeipa-3129b874a2c222ff207f1302e5d85ae12df2eac9.tar.gz freeipa-3129b874a2c222ff207f1302e5d85ae12df2eac9.tar.xz freeipa-3129b874a2c222ff207f1302e5d85ae12df2eac9.zip