diff options
author | Jan Cholasta <jcholast@redhat.com> | 2016-10-26 09:44:49 +0200 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:13:56 +0100 |
commit | 0933e080aa9635bba12efc53d904d524b309027f (patch) | |
tree | d478101989c6970afcefb29c75536ead0bd2a21c /ipaserver/install/kra.py | |
parent | dc38d53de1eff71570ec5ef55db6de2c6f9b5bbd (diff) | |
download | freeipa-0933e080aa9635bba12efc53d904d524b309027f.tar.gz freeipa-0933e080aa9635bba12efc53d904d524b309027f.tar.xz freeipa-0933e080aa9635bba12efc53d904d524b309027f.zip |
install: merge all KRA install code paths into one
Merge KRA install code paths use in ipa-replica-install in either domain
level and ipa-kra-install into one.
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver/install/kra.py')
-rw-r--r-- | ipaserver/install/kra.py | 60 |
1 files changed, 38 insertions, 22 deletions
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py index 85ae57d20..ad67061b6 100644 --- a/ipaserver/install/kra.py +++ b/ipaserver/install/kra.py @@ -3,6 +3,7 @@ # import os +import shutil from ipalib import api, errors from ipaplatform import services @@ -59,38 +60,53 @@ def install_check(api, replica_config, options): def install(api, replica_config, options): - subject = dsinstance.DsInstance().find_subject_base() if replica_config is None: - kra = krainstance.KRAInstance(api.env.realm) - kra.configure_instance( - api.env.realm, api.env.host, options.dm_password, - options.dm_password, subject_base=subject) + realm_name = api.env.realm + dm_password = options.dm_password + host_name = api.env.host + subject_base = dsinstance.DsInstance().find_subject_base() + + pkcs12_info = None + master_host = None + promote = False else: + krafile = os.path.join(replica_config.dir, 'kracert.p12') if options.promote: - ca_data = (os.path.join(replica_config.dir, 'kracert.p12'), - replica_config.dirman_password) - custodia = custodiainstance.CustodiaInstance( - replica_config.host_name, replica_config.realm_name) - custodia.get_kra_keys(replica_config.kra_host_name, - ca_data[0], ca_data[1]) - - kra = krainstance.KRAInstance(replica_config.realm_name) - kra.configure_replica(replica_config.host_name, - replica_config.kra_host_name, - replica_config.dirman_password, - kra_cert_bundle=ca_data) - return - + replica_config.host_name, + replica_config.realm_name) + custodia.get_kra_keys( + replica_config.kra_host_name, + krafile, + replica_config.dirman_password) else: - kra = krainstance.install_replica_kra(replica_config) + cafile = os.path.join(replica_config.dir, 'cacert.p12') + if not ipautil.file_exists(cafile): + raise RuntimeError( + "Unable to clone KRA." + " cacert.p12 file not found in replica file") + shutil.copy(cafile, krafile) + + realm_name = replica_config.realm_name + dm_password = replica_config.dirman_password + host_name = replica_config.host_name + subject_base = replica_config.subject_base + + pkcs12_info = (krafile,) + master_host = replica_config.kra_host_name + promote = options.promote + + kra = krainstance.KRAInstance(realm_name) + kra.configure_instance(realm_name, host_name, dm_password, dm_password, + subject_base=subject_base, + pkcs12_info=pkcs12_info, + master_host=master_host, + promote=promote) service.print_msg("Restarting the directory server") ds = dsinstance.DsInstance() ds.restart() - kra.ldap_enable('KRA', api.env.host, options.dm_password, api.env.basedn) - kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH) # Restart apache for new proxy config file |