summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/ipa_kra_install.py
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2015-08-25 15:42:25 -0400
committerSimo Sorce <simo@redhat.com>2015-10-01 16:20:49 -0400
commit78c59858cddec7f5fec176eacaf318e2d77d2045 (patch)
treeb9c4a4738aba35a3014584d3f6ea694639c0f5fa /ipaserver/install/ipa_kra_install.py
parent7af795f3a2b314475ca24aae344544be91738607 (diff)
downloadfreeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.gz
freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.xz
freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.zip
Allow to install the KRA on a promoted servercustodia-review
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipaserver/install/ipa_kra_install.py')
-rwxr-xr-x[-rw-r--r--]ipaserver/install/ipa_kra_install.py55
1 files changed, 43 insertions, 12 deletions
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index ef2b2f985..7e7f60ef2 100644..100755
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -20,6 +20,8 @@
from __future__ import print_function
+import tempfile
+
from textwrap import dedent
from ipalib import api
from ipaplatform import services
@@ -28,11 +30,14 @@ from ipapython import admintool
from ipapython import dogtag
from ipapython import ipautil
from ipapython.dn import DN
+from ipaserver.install import service
from ipaserver.install import krainstance
+from ipaserver.install import dsinstance
from ipaserver.install import installutils
from ipaserver.install.installutils import create_replica_config
from ipaserver.install import dogtaginstance
from ipaserver.install import kra
+from ipaserver.install.installutils import ReplicaConfig
class KRAInstall(admintool.AdminTool):
@@ -129,8 +134,14 @@ class KRAInstaller(KRAInstall):
)
self.installing_replica = dogtaginstance.is_installing_replica("KRA")
+ self.options.promote = False
if self.installing_replica:
+ domain_level = dsinstance.get_domain_level(api)
+ if domain_level > 0:
+ self.options.promote = True
+ return
+
if not self.args:
self.option_parser.error("A replica file is required.")
if len(self.args) > 1:
@@ -161,28 +172,48 @@ class KRAInstaller(KRAInstall):
print(dedent(self.INSTALLER_START_MESSAGE))
if not self.installing_replica:
- replica_config = None
+ config = None
else:
- replica_config = create_replica_config(
- self.options.password,
- self.replica_file,
- self.options)
+ if self.options.promote:
+ config = ReplicaConfig()
+ config.master_host_name = None
+ config.realm_name = api.env.realm
+ config.host_name = api.env.host
+ config.domain_name = api.env.domain
+ config.dirman_password = self.options.password
+ config.ca_ds_port = dogtag.install_constants.DS_PORT
+ config.top_dir = tempfile.mkdtemp("ipa")
+ config.dir = config.top_dir
+ else:
+ config = create_replica_config(
+ self.options.password,
+ self.replica_file,
+ self.options)
self.options.dm_password = self.options.password
self.options.setup_ca = False
- api.Backend.ldap2.connect(bind_dn=DN('cn=Directory Manager'),
- bind_pw=self.options.dm_password)
+ conn = api.Backend.ldap2
+ conn.connect(bind_dn=DN(('cn', 'Directory Manager')),
+ bind_pw=self.options.password)
+
+ if config.subject_base is None:
+ attrs = conn.get_ipa_config()
+ config.subject_base = attrs.get('ipacertificatesubjectbase')[0]
+
+ if config.master_host_name is None:
+ config.kra_host_name = \
+ service.find_providing_server('KRA', conn, api.env.ca_host)
+ config.master_host_name = config.kra_host_name
+ else:
+ config.kra_host_name = config.master_host_name
try:
- kra.install_check(api, replica_config, self.options)
+ kra.install_check(api, config, self.options)
except RuntimeError as e:
raise admintool.ScriptError(str(e))
- kra.install(api, replica_config, self.options)
-
- # Restart apache for new proxy config file
- services.knownservices.httpd.restart(capture_output=True)
+ kra.install(api, config, self.options)
def run(self):
try: