1 files changed, 36 insertions, 6 deletions

diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index c21b4537d..f506ba163 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -1,6 +1,7 @@
 # Copyright (C) 2015 FreeIPa Project Contributors, see 'COPYING' for license.
 
 from ipapython.secrets.kem import IPAKEMKeys
+from ipapython.secrets.client import CustodiaClient
 from ipaplatform.paths import paths
 from service import SimpleServiceInstance
 from ipapython import ipautil
@@ -9,11 +10,14 @@ import os
 
 
 class CustodiaInstance(SimpleServiceInstance):
-    def __init__(self):
+    def __init__(self, host_name=None, realm=None):
         super(CustodiaInstance, self).__init__("ipa-custodia")
         self.config_file = paths.IPA_CUSTODIA_CONF
         self.server_keys = os.path.join(paths.IPA_CUSTODIA_CONF_DIR,
                                         'server.keys')
+        self.ldap_uri = None
+        self.fqdn = host_name
+        self.realm = realm
 
     def __config_file(self):
         template_file = os.path.basename(self.config_file) + '.template'
@@ -28,22 +32,48 @@ class CustodiaInstance(SimpleServiceInstance):
         fd.flush()
         fd.close()
 
-    def create_instance(self, *args, **kwargs):
+    def create_instance(self, dm_password=None):
+        suffix = ipautil.realm_to_suffix(self.realm)
         self.step("Generating ipa-custodia config file", self.__config_file)
         self.step("Generating ipa-custodia keys", self.__gen_keys)
-        super(CustodiaInstance, self).create_instance(*args, **kwargs)
+        super(CustodiaInstance, self).create_instance(gensvc_name='KEYS',
+                                                      fqdn=self.fqdn,
+                                                      dm_password=dm_password,
+                                                      ldap_suffix=suffix,
+                                                      realm=self.realm)
 
     def __gen_keys(self):
-        KeyStore = IPAKEMKeys({'server_keys': self.server_keys})
+        KeyStore = IPAKEMKeys({'server_keys': self.server_keys,
+                               'ldap_uri': self.ldap_uri})
         KeyStore.generate_server_keys()
 
-    def upgrade_instance(self, realm):
-        self.realm = realm
+    def upgrade_instance(self):
         if not os.path.exists(self.config_file):
             self.__config_file()
         if not os.path.exists(self.server_keys):
             self.__gen_keys()
 
+    def create_replica(self, master_host_name):
+        suffix = ipautil.realm_to_suffix(self.realm)
+        self.ldap_uri = 'ldap://%s' % master_host_name
+        self.master_host_name = master_host_name
+
+        self.step("Generating ipa-custodia config file", self.__config_file)
+        self.step("Generating ipa-custodia keys", self.__gen_keys)
+        self.step("Importing RA Key", self.__import_ra_key)
+        super(CustodiaInstance, self).create_instance(gensvc_name='KEYS',
+                                                      fqdn=self.fqdn,
+                                                      ldap_suffix=suffix,
+                                                      realm=self.realm)
+
+    def __import_ra_key(self):
+        cli = CustodiaClient(self.fqdn, self.master_host_name, self.realm)
+        cli.fetch_key('ra/ipaCert')
+
+    def import_dm_password(self, master_host_name):
+        cli = CustodiaClient(self.fqdn, master_host_name, self.realm)
+        cli.fetch_key('dm/DMHash')
+
     def __start(self):
         super(CustodiaInstance, self).__start()