diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-03-11 16:28:19 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-03-11 17:10:28 +0100 |
commit | 0be66e9a67e433d36b9e4c00a17b45393d51a888 (patch) | |
tree | ed83d5a17979cd764a77e603dc62c950f5bedf81 /install/tools/ipa-ca-install | |
parent | 740298d1208e92c264ef5752ac3fe6adf1240790 (diff) | |
download | freeipa-0be66e9a67e433d36b9e4c00a17b45393d51a888.tar.gz freeipa-0be66e9a67e433d36b9e4c00a17b45393d51a888.tar.xz freeipa-0be66e9a67e433d36b9e4c00a17b45393d51a888.zip |
ipa-replica-install never checks for 7389 port
When creating replica from a Dogtag 9 based IPA server, the port 7389
which is required for the installation is never checked by
ipa-replica-conncheck even though it knows that it is being installed
from the Dogtag 9 based FreeIPA. If the 7389 port would be blocked by
firewall, installation would stuck with no hint to user.
Make sure that the port configuration parsed from replica info file
is used consistently in the installers.
https://fedorahosted.org/freeipa/ticket/4240
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/ipa-ca-install')
-rwxr-xr-x | install/tools/ipa-ca-install | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 864337c57..26f6993a0 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -30,7 +30,7 @@ from ipaserver.install import installutils, service from ipaserver.install import certs from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig, expand_replica_info, read_replica_info, get_host_name, BadHostError, - private_ccache) + private_ccache, read_replica_info_dogtag_port) from ipaserver.install import dsinstance, cainstance, bindinstance from ipaserver.install.replication import replica_conn_check from ipapython import version @@ -159,31 +159,24 @@ def main(): sys.exit(0) config.dir = dir config.setup_ca = True + config.ca_ds_port = read_replica_info_dogtag_port(config.dir) if not ipautil.file_exists(config.dir + "/cacert.p12"): print 'CA cannot be installed in CA-less setup.' sys.exit(1) - portfile = config.dir + "/dogtag_directory_port.txt" - if not ipautil.file_exists(portfile): - dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT) - else: - with open(portfile) as fd: - dogtag_master_ds_port = fd.read() - if not options.skip_conncheck: replica_conn_check( config.master_host_name, config.host_name, config.realm_name, True, - dogtag_master_ds_port, options.admin_password) + config.ca_ds_port, options.admin_password) if options.skip_schema_check: root_logger.info("Skipping CA DS schema check") else: - cainstance.replica_ca_install_check(config, dogtag_master_ds_port) + cainstance.replica_ca_install_check(config) # Configure the CA if necessary - CA = cainstance.install_replica_ca( - config, dogtag_master_ds_port, postinstall=True) + CA = cainstance.install_replica_ca(config, postinstall=True) # We need to ldap_enable the CA now that DS is up and running CA.ldap_enable('CA', config.host_name, config.dirman_password, |