Move CACERT definition to a single place.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2013-09-11 08:27:34 +0000
committer: Petr Viktorin <pviktori@redhat.com> 2014-03-25 16:54:54 +0100
commit: fea7163e87ef7b2e46fa18dc77836ec9ee92ce02 (patch)
tree: 0d687ebd9cf6120beafad04efd86ff9b785caf8c
parent: 4c761108e871ae029b5e1a16aaf35f9e78a3c02e (diff)
download: freeipa-fea7163e87ef7b2e46fa18dc77836ec9ee92ce02.tar.gz
freeipa-fea7163e87ef7b2e46fa18dc77836ec9ee92ce02.tar.xz
freeipa-fea7163e87ef7b2e46fa18dc77836ec9ee92ce02.zip
17 files changed, 24 insertions, 23 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage
index 276eec964..eb589f3f9 100755
--- a/install/tools/ipa-csreplica-manage
+++ b/install/tools/ipa-csreplica-manage
@@ -27,11 +27,10 @@ from ipapython.ipa_log_manager import *
 
 from ipaserver.install import replication, installutils, bindinstance
 from ipalib import api, errors, util
+from ipalib.constants import CACERT
 from ipapython import ipautil, ipaldap, version, dogtag
 from ipapython.dn import DN
 
-CACERT = "/etc/ipa/ca.crt"
-
 # dict of command name and tuples of min/max num of args needed
 commands = {
     "list":(0, 1, "[master fqdn]", ""),
diff --git a/install/tools/ipa-managed-entries b/install/tools/ipa-managed-entries
index 458339e92..85ef597ca 100755
--- a/install/tools/ipa-managed-entries
+++ b/install/tools/ipa-managed-entries
@@ -25,11 +25,10 @@ from optparse import OptionParser
 from ipapython import ipautil, config, ipaldap
 from ipaserver.install import installutils
 from ipalib import api, errors
+from ipalib.constants import CACERT
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 
-CACERT = "/etc/ipa/ca.crt"
-
 def parse_options():
     usage = "%prog [options] <status|enable|disable>\n"
     usage += "%prog [options]\n"
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 9f420aef6..f5e7197b5 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -42,6 +42,7 @@ from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info,
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
 from ipalib import api, errors, util
+from ipalib.constants import CACERT
 from ipapython import version
 from ipapython.config import IPAOptionParser
 from ipapython import sysrestore
@@ -52,7 +53,6 @@ from ipapython.dn import DN
 import ipaclient.ntpconf
 
 log_file_name = "/var/log/ipareplica-install.log"
-CACERT = "/etc/ipa/ca.crt"
 REPLICA_INFO_TOP_DIR = None
 DIRMAN_DN = DN(('cn', 'directory manager'))
 
diff --git a/install/tools/ipa-replica-manage b/install/tools/ipa-replica-manage
index 684000599..ee7aef881 100755
--- a/install/tools/ipa-replica-manage
+++ b/install/tools/ipa-replica-manage
@@ -32,14 +32,13 @@ from ipaserver.install import bindinstance
 from ipaserver.plugins import ldap2
 from ipapython import version, ipaldap
 from ipalib import api, errors, util
+from ipalib.constants import CACERT
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 from ipapython.config import IPAOptionParser
 from ipaclient import ipadiscovery
 from xmlrpclib import MAXINT
 
-CACERT = "/etc/ipa/ca.crt"
-
 # dict of command name and tuples of min/max num of args needed
 commands = {
     "list":(0, 1, "[master fqdn]", ""),
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 7ca34e2cf..fa1396b49 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -72,6 +72,7 @@ from ipalib import api, errors, util, x509
 from ipapython.config import IPAOptionParser
 from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
 from ipalib.util import validate_domain_name
+from ipalib.constants import CACERT
 from ipapython import services as ipaservices
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
@@ -1101,7 +1102,7 @@ def main():
                                   subject_base=options.subject)
 
         # Now put the CA cert where other instances exepct it
-        ca.publish_ca_cert("/etc/ipa/ca.crt")
+        ca.publish_ca_cert(CACERT)
 
     # we now need to enable ssl on the ds
     ds.enable_ssl()
@@ -1129,7 +1130,7 @@ def main():
             'External CA cert', 'CT,,', options.root_ca_file)
 
         # Put a CA cert where other instances expect it
-        with open('/etc/ipa/ca.crt', 'wb') as f:
+        with open(CACERT, 'wb') as f:
             f.write(pem_cert)
 
         # Install the CA cert for the HTTP server
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 22bf2a183..c376ff27a 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -36,7 +36,6 @@ try:
 
     from ipapython.ipa_log_manager import standard_logging_setup, root_logger
     from ipaclient import ipadiscovery
-    from ipaclient.ipadiscovery import CACERT
     import ipaclient.ipachangeconf
     import ipaclient.ntpconf
     from ipapython.ipautil import (
@@ -48,6 +47,7 @@ try:
     from ipapython.config import IPAOptionParser
     from ipalib import api, errors
     from ipalib import x509
+    from ipalib.constants import CACERT
     from ipapython.dn import DN
     from ipapython.ssh import SSHPublicKey
     from ipalib.rpc import delete_persistent_client_session_data
diff --git a/ipa-client/ipaclient/ipadiscovery.py b/ipa-client/ipaclient/ipadiscovery.py
index 88445eb1e..d5004c6bf 100644
--- a/ipa-client/ipaclient/ipadiscovery.py
+++ b/ipa-client/ipaclient/ipadiscovery.py
@@ -29,8 +29,6 @@ from ipapython import ipaldap
 from ipapython.ipautil import valid_ip, get_ipa_basedn, realm_to_suffix
 from ipapython.dn import DN
 
-CACERT = '/etc/ipa/ca.crt'
-
 NOT_FQDN = -1
 NO_LDAP_SERVER = -2
 REALM_NOT_FOUND = -3
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 5a304daeb..8fc04afcd 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -32,6 +32,9 @@ except:
     except:
         FQDN = None
 
+# Path to CA certificate bundle
+CACERT = '/etc/ipa/ca.crt'
+
 # regular expression NameSpace member names must match:
 NAME_REGEX = r'^[a-z][_a-z0-9]*[a-z0-9]$|^[a-z]$'
 
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 908807a1c..613af5c91 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -38,6 +38,7 @@ from ipalib import api, errors
 from ipalib.util import (validate_zonemgr, normalize_zonemgr,
         get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
         normalize_zone, get_reverse_zone_default, zone_is_reverse)
+from ipalib.constants import CACERT
 
 NAMED_CONF = '/etc/named.conf'
 RESOLV_CONF = '/etc/resolv.conf'
@@ -206,7 +207,7 @@ def dns_container_exists(fqdn, suffix, dm_password=None, ldapi=False, realm=None
         if ldapi:
             conn = ipaldap.IPAdmin(host=fqdn, ldapi=True, realm=realm)
         else:
-            conn = ipaldap.IPAdmin(host=fqdn, port=636, cacert=service.CACERT)
+            conn = ipaldap.IPAdmin(host=fqdn, port=636, cacert=CACERT)
 
         if dm_password:
             conn.do_simple_bind(bindpw=dm_password)
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 8fa900f8d..835589d88 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -40,11 +40,11 @@ from ipaserver.install import ldapupdate
 from ipaserver.install import replication
 from ipaserver.install import sysupgrade
 from ipalib import errors
+from ipalib.constants import CACERT
 from ipapython.dn import DN
 
 SERVER_ROOT_64 = "/usr/lib64/dirsrv"
 SERVER_ROOT_32 = "/usr/lib/dirsrv"
-CACERT="/etc/ipa/ca.crt"
 
 DS_USER = 'dirsrv'
 DS_GROUP = 'dirsrv'
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 34e58fbb8..28a83ff04 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -35,6 +35,7 @@ from ipapython import dogtag
 from ipapython.ipa_log_manager import *
 from ipaserver.install import sysupgrade
 from ipalib import api
+from ipalib.constants import CACERT
 
 HTTPD_DIR = "/etc/httpd"
 SSL_CONF = HTTPD_DIR + "/conf.d/ssl.conf"
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 32272794a..302a5bd90 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -38,6 +38,7 @@ from ipaserver.install import installutils
 from ipapython import services as ipaservices
 from ipapython import ipaldap
 from ipalib.session import ISO8601_DATETIME_FMT
+from ipalib.constants import CACERT
 from ConfigParser import SafeConfigParser
 
 """
@@ -149,7 +150,7 @@ class Backup(admintool.AdminTool):
         '/etc/krb5.conf',
         '/etc/group',
         '/etc/passwd',
-        '/etc/ipa/ca.crt',
+        CACERT,
         '/etc/ipa/default.conf',
         '/etc/dirsrv/ds.keytab',
         '/etc/ntp.conf',
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index c786569e2..e71dd22e4 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -34,6 +34,7 @@ from ipapython.dn import DN
 from ipapython import version
 from ipalib import api
 from ipalib import errors
+from ipalib.constants import CACERT
 
 
 class ReplicaPrepare(admintool.AdminTool):
@@ -139,7 +140,7 @@ class ReplicaPrepare(admintool.AdminTool):
     def check_pkcs12(self, pkcs12_file, pkcs12_pin):
         installutils.check_pkcs12(
             pkcs12_info=(pkcs12_file, pkcs12_pin),
-            ca_file='/etc/ipa/ca.crt',
+            ca_file=CACERT,
             hostname=self.replica_fqdn)
 
     def ask_for_options(self):
@@ -356,7 +357,7 @@ class ReplicaPrepare(admintool.AdminTool):
     def copy_misc_files(self):
         self.log.info("Copying additional files")
 
-        self.copy_info_file("/etc/ipa/ca.crt", "ca.crt")
+        self.copy_info_file(CACERT, "ca.crt")
         preferences_filename = "/usr/share/ipa/html/preferences.html"
         if ipautil.file_exists(preferences_filename):
             self.copy_info_file(preferences_filename, "preferences.html")
diff --git a/ipaserver/install/ipa_server_certinstall.py b/ipaserver/install/ipa_server_certinstall.py
index 08b27e38a..a1c7c8e91 100644
--- a/ipaserver/install/ipa_server_certinstall.py
+++ b/ipaserver/install/ipa_server_certinstall.py
@@ -28,11 +28,10 @@ from ipapython import admintool
 from ipapython.dn import DN
 from ipapython.ipautil import user_input, write_tmp_file
 from ipalib import api, errors
+from ipalib.constants import CACERT
 from ipaserver.install import certs, dsinstance, httpinstance, installutils
 from ipaserver.plugins.ldap2 import ldap2
 
-CACERT = "/etc/ipa/ca.crt"
-
 class ServerCertInstall(admintool.AdminTool):
     command_name = 'ipa-server-certinstall'
 
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
index 80d1addb4..caa70a447 100644
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -33,6 +33,7 @@ from ipapython import ipautil
 from ipapython import services as ipaservices
 from ipapython import kernel_keyring
 from ipalib import errors
+from ipalib.constants import CACERT
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 
@@ -435,7 +436,7 @@ class KrbInstance(service.Service):
 
         # Finally copy the cacert in the krb directory so we don't
         # have any selinux issues with the file context
-        shutil.copyfile("/etc/ipa/ca.crt", "/var/kerberos/krb5kdc/cacert.pem")
+        shutil.copyfile(CACERT, "/var/kerberos/krb5kdc/cacert.pem")
 
     def __add_anonymous_pkinit_principal(self):
         princ = "WELLKNOWN/ANONYMOUS"
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
index 4fa8cb8aa..f295fb305 100644
--- a/ipaserver/install/replication.py
+++ b/ipaserver/install/replication.py
@@ -25,12 +25,12 @@ import os
 import ldap
 
 from ipalib import api, errors
+from ipalib.constants import CACERT
 from ipapython import services as ipaservices
 from ipapython.ipa_log_manager import *
 from ipapython import ipautil, dogtag, ipaldap
 from ipapython.dn import DN
 
-CACERT = "/etc/ipa/ca.crt"
 # the default container used by AD for user entries
 WIN_USER_CONTAINER = DN(('cn', 'Users'))
 # the default container used by IPA for user entries
diff --git a/ipaserver/install/service.py b/ipaserver/install/service.py
index 5d5db966f..ba6bc35ce 100644
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -30,8 +30,6 @@ from ipapython.dn import DN
 from ipapython.ipa_log_manager import *
 from ipalib import errors
 
-CACERT = "/etc/ipa/ca.crt"
-
 # Autobind modes
 AUTO = 1
 ENABLED = 2
author	Jan Cholasta <jcholast@redhat.com>	2013-09-11 08:27:34 +0000
committer	Petr Viktorin <pviktori@redhat.com>	2014-03-25 16:54:54 +0100
commit	fea7163e87ef7b2e46fa18dc77836ec9ee92ce02 (patch)
tree	0d687ebd9cf6120beafad04efd86ff9b785caf8c
parent	4c761108e871ae029b5e1a16aaf35f9e78a3c02e (diff)
download	freeipa-fea7163e87ef7b2e46fa18dc77836ec9ee92ce02.tar.gz freeipa-fea7163e87ef7b2e46fa18dc77836ec9ee92ce02.tar.xz freeipa-fea7163e87ef7b2e46fa18dc77836ec9ee92ce02.zip