diff options
author | Martin Kosek <mkosek@redhat.com> | 2014-03-11 16:28:19 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-03-11 17:10:28 +0100 |
commit | 0be66e9a67e433d36b9e4c00a17b45393d51a888 (patch) | |
tree | ed83d5a17979cd764a77e603dc62c950f5bedf81 /install/tools/ipa-replica-install | |
parent | 740298d1208e92c264ef5752ac3fe6adf1240790 (diff) | |
download | freeipa-0be66e9a67e433d36b9e4c00a17b45393d51a888.tar.gz freeipa-0be66e9a67e433d36b9e4c00a17b45393d51a888.tar.xz freeipa-0be66e9a67e433d36b9e4c00a17b45393d51a888.zip |
ipa-replica-install never checks for 7389 port
When creating replica from a Dogtag 9 based IPA server, the port 7389
which is required for the installation is never checked by
ipa-replica-conncheck even though it knows that it is being installed
from the Dogtag 9 based FreeIPA. If the 7389 port would be blocked by
firewall, installation would stuck with no hint to user.
Make sure that the port configuration parsed from replica info file
is used consistently in the installers.
https://fedorahosted.org/freeipa/ticket/4240
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 0979cde0e..cebcbf1a4 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -37,8 +37,8 @@ from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info, - read_replica_info ,get_host_name, - BadHostError, private_ccache) + read_replica_info, get_host_name, BadHostError, private_ccache, + read_replica_info_dogtag_port) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance from ipalib import api, errors, util @@ -534,6 +534,7 @@ def main(): sys.exit(0) config.dir = dir config.setup_ca = options.setup_ca + config.ca_ds_port = read_replica_info_dogtag_port(config.dir) if config.setup_ca and not ipautil.file_exists(config.dir + "/cacert.p12"): print 'CA cannot be installed in CA-less setup.' @@ -541,18 +542,11 @@ def main(): installutils.verify_fqdn(config.master_host_name, options.no_host_dns) - portfile = config.dir + "/dogtag_directory_port.txt" - if not ipautil.file_exists(portfile): - dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT) - else: - with open(portfile) as fd: - dogtag_master_ds_port = fd.read() - # check connection if not options.skip_conncheck: replica_conn_check( config.master_host_name, config.host_name, config.realm_name, - options.setup_ca, dogtag_master_ds_port, options.admin_password) + options.setup_ca, config.ca_ds_port, options.admin_password) # check replica host IP resolution @@ -666,7 +660,7 @@ def main(): if options.skip_schema_check: root_logger.info("Skipping CA DS schema check") else: - cainstance.replica_ca_install_check(config, dogtag_master_ds_port) + cainstance.replica_ca_install_check(config) # Configure ntpd if options.conf_ntp: @@ -678,7 +672,7 @@ def main(): ds = install_replica_ds(config) # Configure the CA if necessary - CA = cainstance.install_replica_ca(config, dogtag_master_ds_port) + CA = cainstance.install_replica_ca(config) # Always try to install DNS records install_dns_records(config, options) |