diff options
author | Simo Sorce <simo@redhat.com> | 2015-08-25 15:42:25 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-10-01 16:20:49 -0400 |
commit | 78c59858cddec7f5fec176eacaf318e2d77d2045 (patch) | |
tree | b9c4a4738aba35a3014584d3f6ea694639c0f5fa /ipaserver/install/kra.py | |
parent | 7af795f3a2b314475ca24aae344544be91738607 (diff) | |
download | freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.gz freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.tar.xz freeipa-78c59858cddec7f5fec176eacaf318e2d77d2045.zip |
Allow to install the KRA on a promoted servercustodia-review
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'ipaserver/install/kra.py')
-rw-r--r-- | ipaserver/install/kra.py | 31 |
1 files changed, 30 insertions, 1 deletions
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py index f3a0fe5c6..40c283e6d 100644 --- a/ipaserver/install/kra.py +++ b/ipaserver/install/kra.py @@ -2,11 +2,15 @@ # Copyright (C) 2015 FreeIPA Contributors see COPYING for license # +import os + from ipalib import api, errors +from ipaplatform import services from ipapython import certdb from ipapython import dogtag from ipapython import ipautil from ipapython.dn import DN +from ipaserver.install import custodiainstance from ipaserver.install import cainstance from ipaserver.install import krainstance from ipaserver.install import dsinstance @@ -36,6 +40,9 @@ def install_check(api, replica_config, options): if not api.Command.kra_is_enabled()['result']: raise RuntimeError("KRA is not installed on the master system") + if options.promote: + return + with certdb.NSSDatabase() as tmpdb: pw = ipautil.write_tmp_file(ipautil.ipa_generate_password()) tmpdb.create_db(pw.name) @@ -62,7 +69,26 @@ def install(api, replica_config, options): api.env.realm, api.env.host, options.dm_password, options.dm_password, subject_base=subject) else: - kra = krainstance.install_replica_kra(replica_config) + if options.promote: + ca_data = (os.path.join(replica_config.dir, 'kracert.p12'), + replica_config.dirman_password) + + custodia = custodiainstance.CustodiaInstance( + replica_config.host_name, replica_config.realm_name) + custodia.get_kra_keys(replica_config.kra_host_name, + ca_data[0], ca_data[1]) + + kra = krainstance.KRAInstance( + replica_config.realm_name, + dogtag_constants=dogtag.install_constants) + kra.configure_replica(replica_config.host_name, + replica_config.kra_host_name, + replica_config.dirman_password, + kra_cert_bundle=ca_data) + return + + else: + kra = krainstance.install_replica_kra(replica_config) service.print_msg("Restarting the directory server") ds = dsinstance.DsInstance() @@ -72,6 +98,9 @@ def install(api, replica_config, options): kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH) + # Restart apache for new proxy config file + services.knownservices.httpd.restart(capture_output=True) + def uninstall(standalone): dogtag_constants = dogtag.configured_constants(api) |