Use Dogtag 10 only when it is available

Put the changes from Ade's dogtag 10 patch into namespaced constants in
dogtag.py, which are then referenced in the code.

Make ipaserver.install.CAInstance use the service name specified in the
configuration. Uninstallation, where config is removed before CA uninstall,
also uses the (previously) configured value.

This and Ade's patch address https://fedorahosted.org/freeipa/ticket/2846

2 files changed, 12 insertions, 14 deletions

diff --git a/install/restart_scripts/renew_ca_cert b/install/restart_scripts/renew_ca_cert
index 4c3af9775..5317835fc 100644
--- a/install/restart_scripts/renew_ca_cert
+++ b/install/restart_scripts/renew_ca_cert
@@ -32,6 +32,7 @@ from ipapython.dn import DN
 from ipalib import errors
 from ipapython import services as ipaservices
 from ipapython import ipautil
+from ipapython import dogtag
 from ipaserver.install import certs
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install.cainstance import update_cert_config
@@ -45,11 +46,9 @@ nickname = sys.argv[1]
 api.bootstrap(context='restart')
 api.finalize()
 
-alias_dir = '/etc/pki/pki-tomcat/alias'
-dogtag_instance = 'pki-tomcat'
-if 'dogtag_version' not in api.env:
-    alias_dir = '/var/lib/pki-ca/alias'
-    dogtag_instance = 'pki-ca'
+configured_constants = dogtag.configured_constants(api)
+alias_dir = configured_constants.ALIAS_DIR
+dogtag_instance = configured_constants.PKI_INSTANCE_NAME
 
 # Fetch the new certificate
 db = certs.CertDB(api.env.realm, nssdir=alias_dir)
@@ -112,5 +111,5 @@ time.sleep(pause)
 try:
     ipaservices.knownservices.pki_cad.restart(dogtag_instance)
 except Exception, e:
-    syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" % \
+    syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" %
                   (dogtag_instance, str(e)))
diff --git a/install/restart_scripts/restart_pkicad b/install/restart_scripts/restart_pkicad
index c21fb802f..0b6040a9d 100644
--- a/install/restart_scripts/restart_pkicad
+++ b/install/restart_scripts/restart_pkicad
@@ -22,6 +22,7 @@
 import sys
 import syslog
 from ipapython import services as ipaservices
+from ipapython import dogtag
 from ipaserver.install import certs
 from ipalib import api
 
@@ -30,18 +31,16 @@ nickname = sys.argv[1]
 api.bootstrap(context='restart')
 api.finalize()
 
-alias_dir = '/etc/pki/pki-tomcat/alias'
-dogtag_instance = 'pki-tomcat'
-if 'dogtag_version' not in api.env:
-    alias_dir = '/var/lib/pki-ca/alias'
-    dogtag_instance = 'pki-ca'
+configured_constants = dogtag.configured_constants(api)
+alias_dir = configured_constants.ALIAS_DIR
+dogtag_instance = configured_constants.PKI_INSTANCE_NAME
 
-syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted %sd, nickname '%s'" % \
+syslog.syslog(syslog.LOG_NOTICE, "certmonger restarted %sd, nickname '%s'" %
               (dogtag_instance, nickname))
 
 # Fix permissions on the audit cert if we're updating it
 if nickname == 'auditSigningCert cert-pki-ca':
-    db = certs.CertDB(api.env.realm, nssdir = alias_dir )
+    db = certs.CertDB(api.env.realm, nssdir=alias_dir)
     args = ['-M',
             '-n', nickname,
             '-t', 'u,u,Pu',
@@ -54,5 +53,5 @@ try:
     ipaservices.knownservices.pki_cad.stop(dogtag_instance)
     ipaservices.knownservices.pki_cad.start(dogtag_instance)
 except Exception, e:
-    syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" % \
+    syslog.syslog(syslog.LOG_ERR, "Cannot restart %sd: %s" %
                   (dogtag_instance, str(e)))