diff options
| author | Ade Lee <alee@redhat.com> | 2014-03-18 11:23:30 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-04-14 09:45:50 -0400 |
| commit | c701cd561d7ad9086e8c2ea7023cc2abd7abc868 (patch) | |
| tree | abb381546b04d9d9379249aeead85ae0c50f43f1 /ipaserver/install/installutils.py | |
| parent | f10ec17c03dfe6bdf46903e89f68fa588664fdc0 (diff) | |
| download | freeipa-alee_drm_install.tar.gz freeipa-alee_drm_install.tar.xz freeipa-alee_drm_install.zip | |
Add a DRM to IPAalee_drm_install
This patch adds the capability of installing a Dogtag DRM
to an IPA instance. With this patch, when ipa-server-install
is run, a Dogtag CA and a Dogtag DRM are created. The DRM
shares the same tomcat instance and DS instance as the Dogtag CA.
Moreover, the same admin user/agent (and agent cert) can be used
for both subsystems. Certmonger is also confgured to monitor the
new subsystem certificates.
It is also possible to clone the DRM. When the IPA instance is
cloned, if --enable-ca and --enable-drm are specified, the DRM
is cloned as well.
Installing a DRM requires the user to have a Dogtag CA instance.
We can look into possibly relaxing that requirement in a later patch.
The install scripts have been refactored somewhat to minimize
duplication of code. A new base class dogtagintance.py has
been introduced containing code that is common to DRM and CA
installs. This will become very useful when we add more PKI
subsystems.
I am still working on patches for a ipa-drm-install script, which
would be used to add a DRM to an existing master (that includes
a dogtag CA), or an existing clone.
Diffstat (limited to 'ipaserver/install/installutils.py')
| -rw-r--r-- | ipaserver/install/installutils.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index daf81e890..d7d8160d0 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -554,6 +554,23 @@ def read_replica_info_dogtag_port(config_dir): return dogtag_master_ds_port +def read_replica_info_drm_enabled(config_dir): + """ + Check the replica info to determine if a DRM has been installed + on the master + """ + default_file = config_dir + "/default.conf" + if not ipautil.file_exists(default_file): + return False + else: + with open(default_file) as fd: + config = SafeConfigParser() + config.readfp(fd) + + enable_drm = bool(config.get("global", "enable_drm")) + return enable_drm + + def check_server_configuration(): """ Check if IPA server is configured on the system. |