diff options
author | Stanislav Laznicka <slaznick@redhat.com> | 2016-11-07 12:42:15 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:17:25 +0100 |
commit | 835923750bff4f26d9b90df9870a961d16728488 (patch) | |
tree | 900c6daebfa95f1c81b66caf5c2fcda46b5d9bfd /ipaserver/install/server/replicainstall.py | |
parent | 606cac1c9e85633f54b1cc1c9fc1351e6d1a545f (diff) | |
download | freeipa-835923750bff4f26d9b90df9870a961d16728488.tar.gz freeipa-835923750bff4f26d9b90df9870a961d16728488.tar.xz freeipa-835923750bff4f26d9b90df9870a961d16728488.zip |
Take advantage of the ca/kra code cleanup in replica installation
The recent cleanup of ca/kra installation code can be used to
greatly reduce the number of differences between DL0 and DL1
in replica installation.
This change also allows to move Custodia instance creation after
Kerberos and httpd instances installation.
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 38 |
1 files changed, 11 insertions, 27 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index e6a64fccd..054513d85 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1407,18 +1407,6 @@ def install(installer): # To config certmonger would try to connect to local server create_ipa_conf(fstore, config, ca_enabled) - if promote: - custodia = custodiainstance.CustodiaInstance(config.host_name, - config.realm_name) - custodia.create_replica(config.master_host_name) - else: - options.dm_password = config.dirman_password - if ca_enabled: - options.realm_name = config.realm_name - options.domain_name = config.domain_name - options.host_name = config.host_name - ca.install_step_0(False, config, options) - krb = install_krb( config, setup_pkinit=not options.no_pkinit, @@ -1436,23 +1424,21 @@ def install(installer): otpd.create_instance('OTPD', config.host_name, ipautil.realm_to_suffix(config.realm_name)) + custodia = custodiainstance.CustodiaInstance(config.host_name, + config.realm_name) if promote: - if ca_enabled: - options.realm_name = config.realm_name - options.domain_name = config.domain_name - options.host_name = config.host_name - options.dm_password = config.dirman_password - ca.install(False, config, options) + custodia.create_replica(config.master_host_name) + custodia.import_dm_password(config.master_host_name) else: - if ca_enabled: - # Done after install_krb() because lightweight CA key - # retrieval setup needs to create kerberos principal. - ca.install_step_1(False, config, options) - - custodia = custodiainstance.CustodiaInstance(config.host_name, - config.realm_name) custodia.create_instance() + if ca_enabled: + options.realm_name = config.realm_name + options.domain_name = config.domain_name + options.host_name = config.host_name + options.dm_password = config.dirman_password + ca.install(False, config, options) + # Apply any LDAP updates. Needs to be done after the replica is synced-up service.print_msg("Applying LDAP updates") ds.apply_updates() @@ -1464,8 +1450,6 @@ def install(installer): krb.restart() if promote: - custodia.import_dm_password(config.master_host_name) - promote_sssd(config.host_name) promote_openldap_conf(config.host_name, config.master_host_name) |