diff options
| author | Stanislav Laznicka <slaznick@redhat.com> | 2017-01-04 08:41:26 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2017-03-01 09:43:41 +0000 |
| commit | 1e89d28aaf3a0a4b48fc09a5d98262f1000c52a3 (patch) | |
| tree | 248502cb320ef6806399861d66b602deda792889 /ipaserver/install | |
| parent | 2a1494c9aef2e2b5c06e427e689787e5a2c4dc7f (diff) | |
| download | freeipa-1e89d28aaf3a0a4b48fc09a5d98262f1000c52a3.tar.gz freeipa-1e89d28aaf3a0a4b48fc09a5d98262f1000c52a3.tar.xz freeipa-1e89d28aaf3a0a4b48fc09a5d98262f1000c52a3.zip | |
Don't run kra.configure_instance if not necessary
If kra should not be set up, don't run the code as it would only
prolong the installations.
Previously, krainstance configuration would be performed just to
export the client certificate and private key to authenticate to
certificate server. This is now performed somewhere else therefore
there's no need to run KRAInstance.configure_instance.
The kra.install() method still performs actions on replicas and
we're keeping it in server installer to conform to the installers
design.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/install')
| -rw-r--r-- | ipaserver/install/kra.py | 15 | ||||
| -rw-r--r-- | ipaserver/install/krainstance.py | 65 |
2 files changed, 39 insertions, 41 deletions
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py index 6f5c22bc7..5a7a6ef2d 100644 --- a/ipaserver/install/kra.py +++ b/ipaserver/install/kra.py @@ -69,6 +69,8 @@ def install_check(api, replica_config, options): def install(api, replica_config, options): if replica_config is None: + if not options.setup_kra: + return realm_name = api.env.realm dm_password = options.dm_password host_name = api.env.host @@ -76,9 +78,10 @@ def install(api, replica_config, options): pkcs12_info = None master_host = None - ra_only = not options.setup_kra promote = False else: + if not replica_config.setup_kra: + return krafile = os.path.join(replica_config.dir, 'kracert.p12') if options.promote: custodia = custodiainstance.CustodiaInstance( @@ -103,7 +106,6 @@ def install(api, replica_config, options): pkcs12_info = (krafile,) master_host = replica_config.kra_host_name - ra_only = not replica_config.setup_kra promote = options.promote kra = krainstance.KRAInstance(realm_name) @@ -111,18 +113,15 @@ def install(api, replica_config, options): subject_base=subject_base, pkcs12_info=pkcs12_info, master_host=master_host, - ra_only=ra_only, promote=promote) _service.print_msg("Restarting the directory server") ds = dsinstance.DsInstance() ds.restart() + kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH) - if not ra_only: - kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH) - - # Restart apache for new proxy config file - services.knownservices.httpd.restart(capture_output=True) + # Restart apache for new proxy config file + services.knownservices.httpd.restart(capture_output=True) def uninstall(standalone): diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 7a6c2d2fa..1fc69bd68 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -77,7 +77,7 @@ class KRAInstance(DogtagInstance): def configure_instance(self, realm_name, host_name, dm_password, admin_password, pkcs12_info=None, master_host=None, subject_base=None, subject=None, - ra_only=False, promote=False): + promote=False): """Create a KRA instance. To create a clone, pass in pkcs12_info. @@ -99,38 +99,37 @@ class KRAInstance(DogtagInstance): self.realm = realm_name self.suffix = ipautil.realm_to_suffix(realm_name) - if not ra_only: - # Confirm that a KRA does not already exist - if self.is_installed(): - raise RuntimeError( - "KRA already installed.") - # Confirm that a Dogtag 10 CA instance already exists - ca = cainstance.CAInstance(self.realm) - if not ca.is_installed(): - raise RuntimeError( - "KRA configuration failed. " - "A Dogtag CA must be installed first") - - if promote: - self.step("creating installation admin user", self.setup_admin) - self.step("configuring KRA instance", self.__spawn_instance) - if not self.clone: - self.step("create KRA agent", - self.__create_kra_agent) - if not ra_only: - if promote: - self.step("destroying installation admin user", self.teardown_admin) - self.step("restarting KRA", self.restart_instance) - self.step("configure certmonger for renewals", - self.configure_certmonger_renewal) - self.step("configure certificate renewals", self.configure_renewal) - self.step("configure HTTP to proxy connections", - self.http_proxy) - if not self.clone: - self.step("add vault container", self.__add_vault_container) - self.step("apply LDAP updates", self.__apply_updates) - - self.step("enabling KRA instance", self.__enable_instance) + # Confirm that a KRA does not already exist + if self.is_installed(): + raise RuntimeError( + "KRA already installed.") + # Confirm that a Dogtag 10 CA instance already exists + ca = cainstance.CAInstance(self.realm) + if not ca.is_installed(): + raise RuntimeError( + "KRA configuration failed. " + "A Dogtag CA must be installed first") + + if promote: + self.step("creating installation admin user", self.setup_admin) + self.step("configuring KRA instance", self.__spawn_instance) + if not self.clone: + self.step("create KRA agent", + self.__create_kra_agent) + if promote: + self.step("destroying installation admin user", + self.teardown_admin) + self.step("restarting KRA", self.restart_instance) + self.step("configure certmonger for renewals", + self.configure_certmonger_renewal) + self.step("configure certificate renewals", self.configure_renewal) + self.step("configure HTTP to proxy connections", + self.http_proxy) + if not self.clone: + self.step("add vault container", self.__add_vault_container) + self.step("apply LDAP updates", self.__apply_updates) + + self.step("enabling KRA instance", self.__enable_instance) try: self.start_creation(runtime=126) |