Implement replica promotion functionality

This patch implements a new flag --promote for the ipa-replica-install command
that allows an administrative user to 'promote' an already joined client to
become a full ipa server.

The only credentials used are that of an administrator. This code relies on
ipa-custodia being available on the peer master as well as a number of other
patches to allow a computer account to request certificates for its services.

Therefore this feature is marked to work only with domain level 1 and above
servers.

Ticket: https://fedorahosted.org/freeipa/ticket/2888

Signed-off-by: Simo Sorce <simo@redhat.com>

1 files changed, 2 insertions, 4 deletions

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index e936b6798..3164d0b94 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -814,10 +814,8 @@ def install(installer):
     otpd.create_instance('OTPD', host_name, dm_password,
                          ipautil.realm_to_suffix(realm_name))
 
-    custodia = custodiainstance.CustodiaInstance()
-    custodia.create_instance('KEYS', host_name, dm_password,
-                             ipautil.realm_to_suffix(realm_name),
-                             realm_name)
+    custodia = custodiainstance.CustodiaInstance(host_name, realm_name)
+    custodia.create_instance(dm_password)
 
     # Create a HTTP instance
     http = httpinstance.HTTPInstance(fstore)