diff options
| -rwxr-xr-x | install/tools/ipa-replica-install | 1 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 3 | ||||
| -rwxr-xr-x | install/tools/ipactl | 2 | ||||
| -rw-r--r-- | ipalib/config.py | 4 | ||||
| -rw-r--r-- | ipalib/constants.py | 12 | ||||
| -rw-r--r-- | ipaserver/install/cainstance.py | 29 | ||||
| -rw-r--r-- | ipaserver/plugins/ldap2.py | 4 | ||||
| -rw-r--r-- | tests/test_ipalib/test_config.py | 1 |
8 files changed, 32 insertions, 24 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 16f849567..3feb2a93d 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -447,6 +447,7 @@ def main(): try: fd = open("/etc/ipa/default.conf", "w") fd.write("[global]\n") + fd.write("host=" + config.host_name + "\n") fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") fd.write("realm=" + config.realm_name + "\n") fd.write("domain=" + config.domain_name + "\n") diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 019dfb1aa..09cc8a099 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -680,6 +680,7 @@ def main(): try: fd = open("/etc/ipa/default.conf", "w") fd.write("[global]\n") + fd.write("host=" + host_name + "\n") fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n") fd.write("realm=" + realm_name + "\n") fd.write("domain=" + domain_name + "\n") @@ -920,7 +921,7 @@ def main(): # Call client install script try: - run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name]) + run(["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", domain_name, "--server", host_name, "--realm", realm_name, "--hostname", host_name]) except Exception, e: sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e)) diff --git a/install/tools/ipactl b/install/tools/ipactl index 4ce26069c..01b88a549 100755 --- a/install/tools/ipactl +++ b/install/tools/ipactl @@ -71,7 +71,7 @@ def emit_err(err): sys.stderr.write(err + '\n') def get_config(): - base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (socket.gethostname(), + base = "cn=%s,cn=masters,cn=ipa,cn=etc,%s" % (api.env.host, api.env.basedn) srcfilter = '(ipaConfigString=enabledService)' attrs = ['cn', 'ipaConfigString'] diff --git a/ipalib/config.py b/ipalib/config.py index 888785a26..410e5f0b2 100644 --- a/ipalib/config.py +++ b/ipalib/config.py @@ -447,7 +447,6 @@ class Env(object): self.__doing('_bootstrap') # Set run-time variables (cannot be overridden): - self.host = getfqdn() self.ipalib = path.dirname(path.abspath(__file__)) self.site_packages = path.dirname(self.ipalib) self.script = path.abspath(sys.argv[0]) @@ -550,9 +549,6 @@ class Env(object): if 'log' not in self: self.log = self._join('logdir', '%s.log' % self.context) - # FIXME: move into ca plugin - if 'ca_host' not in self: - self.ca_host = self.host self._merge(**defaults) def _finalize(self, **lastchance): diff --git a/ipalib/constants.py b/ipalib/constants.py index 202f5fa93..23e80257d 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -21,6 +21,14 @@ """ All constants centralised in one file. """ +import socket +try: + FQDN = socket.getfqdn() +except: + try: + FQDN = socket.gethostname() + except: + FQDN = None # The parameter system treats all these values as None: NULLS = (None, '', u'', tuple(), []) @@ -127,7 +135,7 @@ DEFAULT_CONFIG = ( ('mode', 'production'), # CA plugin: - ('ca_host', object), # Set in Env._finalize_core() + ('ca_host', FQDN), # Set in Env._finalize_core() ('ca_port', 9180), ('ca_agent_port', 9443), ('ca_ee_port', 9444), @@ -160,7 +168,7 @@ DEFAULT_CONFIG = ( # raised. # Non-overridable vars set in Env._bootstrap(): - ('host', object), + ('host', FQDN), ('ipalib', object), # The directory containing ipalib/__init__.py ('site_packages', object), # The directory contaning ipalib ('script', object), # sys.argv[0] diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 001e6eb09..928d01e47 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -519,7 +519,6 @@ class CAInstance(service.Service): # Step 1 of external is getting a CSR so we don't need to do these # steps until we get a cert back from the external CA. if self.external != 1: - self.step("restarting certificate server", self.__restart_instance) if not self.clone: self.step("creating CA agent PKCS#12 file in /root", self.__create_ca_agent_pkcs12) self.step("creating RA agent certificate database", self.__create_ra_agent_db) @@ -557,7 +556,7 @@ class CAInstance(service.Service): '-redirect', 'conf=/etc/pki-ca', '-redirect', 'logs=/var/log/pki-ca', ] - ipautil.run(args) + ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}) def __enable(self): self.backup_state("enabled", self.is_enabled()) @@ -673,7 +672,7 @@ class CAInstance(service.Service): # Define the things we don't want logged nolog = (self.admin_password, self.dm_password,) - ipautil.run(args, nolog=nolog) + ipautil.run(args, env={'PKI_HOSTNAME':self.fqdn}, nolog=nolog) except ipautil.CalledProcessError, e: logging.critical("failed to configure ca instance %s" % e) raise RuntimeError('Configuration of CA failed') @@ -683,11 +682,22 @@ class CAInstance(service.Service): print "ipa-server-install --external_cert_file=/path/to/signed_certificate --external_ca_file=/path/to/external_ca_certificate" sys.exit(0) + # Turn off Nonces (again) + if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: + raise RuntimeError("Disabling nonces failed") + pent = pwd.getpwnam(PKI_USER) + os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) + + # pkisilent makes a copy of the CA PKCS#12 file for us but gives + # it a lousy name. + if ipautil.file_exists("/root/tmp-ca.p12"): + shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") + try: # After configuration the service is running and configured # but must be restarted for configuration to take effect. # The service status in this case will be 4. - self.restart() + self.__restart_instance() except ipautil.CalledProcessError, e: logging.critical("failed to restart ca instance after pkisilent configuration %s" % e) raise RuntimeError('Restarting CA after pkisilent configuration failed') @@ -702,17 +712,6 @@ class CAInstance(service.Service): logging.debug("completed creating ca instance") - # Turn off Nonces (again) - if installutils.update_file('/var/lib/pki-ca/conf/CS.cfg', 'ca.enableNonces=true', 'ca.enableNonces=false') != 0: - raise RuntimeError("Disabling nonces failed") - pent = pwd.getpwnam(PKI_USER) - os.chown('/var/lib/pki-ca/conf/CS.cfg', pent.pw_uid, pent.pw_gid ) - - # pkisilent makes a copy of the CA PKCS#12 file for us but gives - # it a lousy name. - if ipautil.file_exists("/root/tmp-ca.p12"): - shutil.move("/root/tmp-ca.p12", "/root/cacert.p12") - def __restart_instance(self): try: self.restart() diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py index e4cc72de5..c37525203 100644 --- a/ipaserver/plugins/ldap2.py +++ b/ipaserver/plugins/ldap2.py @@ -160,6 +160,8 @@ def get_schema(url, conn=None): if conn is None: conn = _ldap.initialize(url) + if url.startswith('ldapi://'): + conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) conn.sasl_interactive_bind_s('', SASL_AUTH) schema_entry = conn.search_s( @@ -321,6 +323,8 @@ class ldap2(CrudBackend, Encoder): try: conn = _ldap.initialize(self.ldap_uri) + if self.ldap_uri.startswith('ldapi://'): + conn.set_option(_ldap.OPT_HOST_NAME, api.env.host) if ccache is not None: os.environ['KRB5CCNAME'] = ccache conn.sasl_interactive_bind_s('', SASL_AUTH) diff --git a/tests/test_ipalib/test_config.py b/tests/test_ipalib/test_config.py index 97d7548fe..e729a6284 100644 --- a/tests/test_ipalib/test_config.py +++ b/tests/test_ipalib/test_config.py @@ -441,7 +441,6 @@ class test_Env(ClassChecker): (o, home) = self.new() o._bootstrap() ipalib = path.dirname(path.abspath(config.__file__)) - assert o.host == socket.gethostname() assert o.ipalib == ipalib assert o.site_packages == path.dirname(ipalib) assert o.script == path.abspath(sys.argv[0]) |