summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/ca.py
Commit message (Collapse)AuthorAgeFilesLines
* replica install: improvements in the handling of CA-related IPA config entriesMartin Babinsky2015-12-041-16/+0
| | | | | | | | | | | | When a CA-less replica is installed, its IPA config file should be updated so that ca_host points to nearest CA master and all certificate requests are forwarded to it. A subsequent installation of CA subsystem on the replica should clear this entry from the config so that all certificate requests are handled by freshly installed local CA. https://fedorahosted.org/freeipa/ticket/5506 Reviewed-By: Martin Basti <mbasti@redhat.com>
* install: drop support for Dogtag 9Jan Cholasta2015-11-251-23/+10
| | | | | | | | | | | Dogtag 9 CA and CA DS install and uninstall code was removed. Existing Dogtag 9 CA and CA DS instances are disabled on upgrade. Creating a replica of a Dogtag 9 IPA master is still supported. https://fedorahosted.org/freeipa/ticket/5197 Reviewed-By: David Kupka <dkupka@redhat.com>
* Add profiles and default CA ACL on migrationFraser Tweedale2015-11-241-2/+3
| | | | | | | | | | | | | | | | | | | | Profiles and the default CA ACL were not being added during replica install from pre-4.2 servers. Update ipa-replica-install to add these if they are missing. Also update the caacl plugin to prevent deletion of the default CA ACL and instruct the administrator to disable it instead. To ensure that the cainstance installation can add profiles, supply the RA certificate as part of the instance configuration. Certmonger renewal setup is avoided at this point because the NSSDB gets reinitialised later in installation procedure. Also move the addition of the default CA ACL from dsinstance installation to cainstance installation. Fixes: https://fedorahosted.org/freeipa/ticket/5459 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Check early if a CA is already installed locallySimo Sorce2015-10-271-3/+1
| | | | | | | | | | There is no reason to proceed if a CA is already installed, and the check does not involve a lot of setup, so do it early on. Ticket: https://fedorahosted.org/freeipa/ticket/5397 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Allow ipa-ca-install to use the new promotion codeSimo Sorce2015-10-221-2/+0
| | | | | | | | | | | This makes it possible to install a CA after-the-fact on a server that has been promoted (and has no replica file available). https://fedorahosted.org/freeipa/ticket/2888 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Allow to setup the CA when promoting a replicaSimo Sorce2015-10-151-3/+8
| | | | | | | | | This patch makes --setup-ca work to set upa clone CA while creating a new replica. The standalone ipa-ca-install script is not converted yet though. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use six.moves.configparser instead of ConfigParserPetr Viktorin2015-10-071-1/+2
| | | | | | | | The module name was lowercased in Python 3. Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Remove unused argumentsSimo Sorce2015-09-221-4/+3
| | | | | | | | In the dogtag/ca/kra instances self.domain is never used. Remove it. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Use the print functionPetr Viktorin2015-09-011-8/+10
| | | | | | | | | In Python 3, `print` is no longer a statement. Call it as a function everywhere, and include the future import to remove the statement in Python 2 code as well. Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Modernize 'except' clausesPetr Viktorin2015-08-121-1/+1
| | | | | | | The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com>
* ipa-ca-install: print more specific errors when CA is already installedMartin Babinsky2015-07-161-2/+10
| | | | | | | | | | | This patch implements a more thorough checking for already installed CAs during standalone CA installation using ipa-ca-install. The installer now differentiates between CA that is already installed locally and CA installed on one or more masters in topology and prints an appropriate error message. https://fedorahosted.org/freeipa/ticket/4492 Reviewed-By: Martin Basti <mbasti@redhat.com>
* ipa-ca-install fix: reconnect ldap2 after DS restartMartin Basti2015-06-181-0/+9
| | | | | | https://fedorahosted.org/freeipa/ticket/5064 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
* install: Fix ipa-replica-install not installing RA certJan Cholasta2015-06-181-7/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* install: Fix external CA server installJan Cholasta2015-06-081-17/+15
| | | | | | https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
* Move CA installation code into single module.David Kupka2015-06-081-0/+267
https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-02 11:54:34 +0000