diff options
| author | Martin Basti <mbasti@redhat.com> | 2017-03-02 17:08:59 +0100 |
|---|---|---|
| committer | David Kupka <dkupka@redhat.com> | 2017-03-08 15:50:30 +0100 |
| commit | 4006cbbc02c368ac9e5e3721613158decb34fd37 (patch) | |
| tree | 12e723414cfb263166df5ce00d625c05f60104af /ipaserver/install | |
| parent | ad3451067ad474ea52872913d6789b1652f9a9c4 (diff) | |
| download | freeipa-4006cbbc02c368ac9e5e3721613158decb34fd37.tar.gz freeipa-4006cbbc02c368ac9e5e3721613158decb34fd37.tar.xz freeipa-4006cbbc02c368ac9e5e3721613158decb34fd37.zip | |
KRA: add --setup-kra to ipa-server-install
This patch allows to install KRA on first IPA server in one step using
ipa-server-install
This option improves containers installation where ipa-server can be
installed with KRA using one call without need to call docker exec.
Please note the the original `kra.install()` calls in
ipaserver/install/server/install.py were empty operations as it did
nothing, so it is safe to move them out from CA block
https://pagure.io/freeipa/issue/6731
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
Diffstat (limited to 'ipaserver/install')
| -rw-r--r-- | ipaserver/install/server/__init__.py | 1 | ||||
| -rw-r--r-- | ipaserver/install/server/install.py | 13 |
2 files changed, 9 insertions, 5 deletions
diff --git a/ipaserver/install/server/__init__.py b/ipaserver/install/server/__init__.py index 65dfa21c9..5a079ee95 100644 --- a/ipaserver/install/server/__init__.py +++ b/ipaserver/install/server/__init__.py @@ -533,7 +533,6 @@ class ServerMasterInstall(ServerMasterInstallInterface): host_password = None keytab = None setup_ca = True - setup_kra = False domain_name = knob( bases=ServerMasterInstallInterface.domain_name, diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 1e6aad922..1e67a1660 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -367,9 +367,9 @@ def install_check(installer): if not setup_ca and options.subject_base: raise ScriptError( "--subject-base cannot be used with CA-less installation") - - # first instance of KRA must be installed by ipa-kra-install - options.setup_kra = False + if not setup_ca and options.setup_kra: + raise ScriptError( + "--setup-kra cannot be used with CA-less installation") print("=======================================" "=======================================") @@ -384,6 +384,8 @@ def install_check(installer): print(" * Create and configure an instance of Directory Server") print(" * Create and configure a Kerberos Key Distribution Center (KDC)") print(" * Configure Apache (httpd)") + if options.setup_kra: + print(" * Configure KRA (dogtag) for secret management") if options.setup_dns: print(" * Configure DNS (bind)") if options.setup_adtrust: @@ -598,6 +600,7 @@ def install_check(installer): if setup_ca: ca.install_check(False, None, options) + if options.setup_kra: kra.install_check(api, None, options) if options.setup_dns: @@ -802,7 +805,6 @@ def install(installer): if setup_ca: ca.install_step_1(False, None, options) - kra.install(api, None, options) # The DS instance is created before the keytab, add the SSL cert we # generated @@ -842,6 +844,9 @@ def install(installer): service.print_msg("Restarting the KDC") krb.restart() + if options.setup_kra: + kra.install(api, None, options) + if options.setup_dns: dns.install(False, False, options) else: |