diff options
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 58 |
1 files changed, 24 insertions, 34 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index dcfaaedc2..363ada675 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -771,9 +771,9 @@ def install(installer): def promote_check(installer): options = installer + installer._top_dir = tempfile.mkdtemp("ipa") + # FIXME: to implement yet - if options.setup_ca: - raise NotImplementedError if options.setup_kra: raise NotImplementedError @@ -814,8 +814,10 @@ def promote_check(installer): config.host_name = api.env.host config.domain_name = api.env.domain config.master_host_name = api.env.server + config.ca_host_name = api.env.ca_host config.setup_ca = options.setup_ca config.setup_kra = options.setup_kra + config.dir = installer._top_dir installutils.verify_fqdn(config.host_name, options.no_host_dns) installutils.verify_fqdn(config.master_host_name, options.no_host_dns) @@ -1117,14 +1119,6 @@ def promote(installer): config.realm_name) custodia.create_replica(config.master_host_name) - if config.setup_ca: - options.realm_name = config.realm_name - options.domain_name = config.domain_name - options.host_name = config.host_name - options.dm_password = config.dirman_password - - ca.install(False, config, options) - krb = install_krb(config, setup_pkinit=not options.no_pkinit, promote=True) @@ -1133,37 +1127,33 @@ def promote(installer): auto_redirect=not options.no_ui_redirect, promote=True) - otpd = otpdinstance.OtpdInstance() - otpd.create_instance('OTPD', config.host_name, config.dirman_password, - ipautil.realm_to_suffix(config.realm_name)) - - CA = cainstance.CAInstance( - config.realm_name, certs.NSS_DIR, - dogtag_constants=dogtag_constants) - CA.dm_password = config.dirman_password - CA.configure_certmonger_renewal() - CA.fix_ra_perms() - # Apply any LDAP updates. Needs to be done after the replica is synced-up service.print_msg("Applying LDAP updates") ds.apply_updates() - if options.setup_kra: - kra.install(api, config, options) - else: - service.print_msg("Restarting the directory server") - ds.restart() - - service.print_msg("Restarting the KDC") - krb.restart() + otpd = otpdinstance.OtpdInstance() + otpd.create_instance('OTPD', config.host_name, config.dirman_password, + ipautil.realm_to_suffix(config.realm_name)) if config.setup_ca: - dogtag_service = services.knownservices[dogtag_constants.SERVICE_NAME] - dogtag_service.restart(dogtag_constants.PKI_INSTANCE_NAME) + options.realm_name = config.realm_name + options.domain_name = config.domain_name + options.host_name = config.host_name + options.dm_password = config.dirman_password + ca_data = (os.path.join(config.dir, 'cacert.p12'), + config.dirman_password) + custodia.get_ca_keys(config.ca_host_name, ca_data[0], ca_data[1]) + + ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR, + dogtag_constants=dogtag.install_constants, + host_name=config.host_name, + dm_password=config.dirman_password) + ca.configure_replica(config.ca_host_name, + subject_base=config.subject_base, + ca_cert_bundle=ca_data) - # Restart httpd to pick up the new IPA configuration - service.print_msg("Restarting the web server") - http.restart() + if options.setup_kra: + kra.install(api, config, options) ds.replica_populate() |