diff options
author | Simo Sorce <simo@redhat.com> | 2015-08-25 15:42:25 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-10-01 16:20:49 -0400 |
commit | 78c59858cddec7f5fec176eacaf318e2d77d2045 (patch) | |
tree | b9c4a4738aba35a3014584d3f6ea694639c0f5fa /ipaserver/install/ipa_kra_install.py | |
parent | 7af795f3a2b314475ca24aae344544be91738607 (diff) | |
download | freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.gz freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.xz freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.zip |
Allow to install the KRA on a promoted servercustodia-review
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipaserver/install/ipa_kra_install.py')
-rwxr-xr-x[-rw-r--r--] | ipaserver/install/ipa_kra_install.py | 55 |
1 files changed, 43 insertions, 12 deletions
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index ef2b2f985..7e7f60ef2 100644..100755 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -20,6 +20,8 @@ from __future__ import print_function +import tempfile + from textwrap import dedent from ipalib import api from ipaplatform import services @@ -28,11 +30,14 @@ from ipapython import admintool from ipapython import dogtag from ipapython import ipautil from ipapython.dn import DN +from ipaserver.install import service from ipaserver.install import krainstance +from ipaserver.install import dsinstance from ipaserver.install import installutils from ipaserver.install.installutils import create_replica_config from ipaserver.install import dogtaginstance from ipaserver.install import kra +from ipaserver.install.installutils import ReplicaConfig class KRAInstall(admintool.AdminTool): @@ -129,8 +134,14 @@ class KRAInstaller(KRAInstall): ) self.installing_replica = dogtaginstance.is_installing_replica("KRA") + self.options.promote = False if self.installing_replica: + domain_level = dsinstance.get_domain_level(api) + if domain_level > 0: + self.options.promote = True + return + if not self.args: self.option_parser.error("A replica file is required.") if len(self.args) > 1: @@ -161,28 +172,48 @@ class KRAInstaller(KRAInstall): print(dedent(self.INSTALLER_START_MESSAGE)) if not self.installing_replica: - replica_config = None + config = None else: - replica_config = create_replica_config( - self.options.password, - self.replica_file, - self.options) + if self.options.promote: + config = ReplicaConfig() + config.master_host_name = None + config.realm_name = api.env.realm + config.host_name = api.env.host + config.domain_name = api.env.domain + config.dirman_password = self.options.password + config.ca_ds_port = dogtag.install_constants.DS_PORT + config.top_dir = tempfile.mkdtemp("ipa") + config.dir = config.top_dir + else: + config = create_replica_config( + self.options.password, + self.replica_file, + self.options) self.options.dm_password = self.options.password self.options.setup_ca = False - api.Backend.ldap2.connect(bind_dn=DN('cn=Directory Manager'), - bind_pw=self.options.dm_password) + conn = api.Backend.ldap2 + conn.connect(bind_dn=DN(('cn', 'Directory Manager')), + bind_pw=self.options.password) + + if config.subject_base is None: + attrs = conn.get_ipa_config() + config.subject_base = attrs.get('ipacertificatesubjectbase')[0] + + if config.master_host_name is None: + config.kra_host_name = \ + service.find_providing_server('KRA', conn, api.env.ca_host) + config.master_host_name = config.kra_host_name + else: + config.kra_host_name = config.master_host_name try: - kra.install_check(api, replica_config, self.options) + kra.install_check(api, config, self.options) except RuntimeError as e: raise admintool.ScriptError(str(e)) - kra.install(api, replica_config, self.options) - - # Restart apache for new proxy config file - services.knownservices.httpd.restart(capture_output=True) + kra.install(api, config, self.options) def run(self): try: |