diff options
-rwxr-xr-x | install/tools/ipa-ca-install | 17 | ||||
-rwxr-xr-x | install/tools/ipa-replica-install | 18 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 12 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 16 |
4 files changed, 32 insertions, 31 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 864337c57..26f6993a0 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -30,7 +30,7 @@ from ipaserver.install import installutils, service from ipaserver.install import certs from ipaserver.install.installutils import (HostnameLocalhost, ReplicaConfig, expand_replica_info, read_replica_info, get_host_name, BadHostError, - private_ccache) + private_ccache, read_replica_info_dogtag_port) from ipaserver.install import dsinstance, cainstance, bindinstance from ipaserver.install.replication import replica_conn_check from ipapython import version @@ -159,31 +159,24 @@ def main(): sys.exit(0) config.dir = dir config.setup_ca = True + config.ca_ds_port = read_replica_info_dogtag_port(config.dir) if not ipautil.file_exists(config.dir + "/cacert.p12"): print 'CA cannot be installed in CA-less setup.' sys.exit(1) - portfile = config.dir + "/dogtag_directory_port.txt" - if not ipautil.file_exists(portfile): - dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT) - else: - with open(portfile) as fd: - dogtag_master_ds_port = fd.read() - if not options.skip_conncheck: replica_conn_check( config.master_host_name, config.host_name, config.realm_name, True, - dogtag_master_ds_port, options.admin_password) + config.ca_ds_port, options.admin_password) if options.skip_schema_check: root_logger.info("Skipping CA DS schema check") else: - cainstance.replica_ca_install_check(config, dogtag_master_ds_port) + cainstance.replica_ca_install_check(config) # Configure the CA if necessary - CA = cainstance.install_replica_ca( - config, dogtag_master_ds_port, postinstall=True) + CA = cainstance.install_replica_ca(config, postinstall=True) # We need to ldap_enable the CA now that DS is up and running CA.ldap_enable('CA', config.host_name, config.dirman_password, diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 0979cde0e..cebcbf1a4 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -37,8 +37,8 @@ from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info, - read_replica_info ,get_host_name, - BadHostError, private_ccache) + read_replica_info, get_host_name, BadHostError, private_ccache, + read_replica_info_dogtag_port) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance from ipalib import api, errors, util @@ -534,6 +534,7 @@ def main(): sys.exit(0) config.dir = dir config.setup_ca = options.setup_ca + config.ca_ds_port = read_replica_info_dogtag_port(config.dir) if config.setup_ca and not ipautil.file_exists(config.dir + "/cacert.p12"): print 'CA cannot be installed in CA-less setup.' @@ -541,18 +542,11 @@ def main(): installutils.verify_fqdn(config.master_host_name, options.no_host_dns) - portfile = config.dir + "/dogtag_directory_port.txt" - if not ipautil.file_exists(portfile): - dogtag_master_ds_port = str(dogtag.Dogtag9Constants.DS_PORT) - else: - with open(portfile) as fd: - dogtag_master_ds_port = fd.read() - # check connection if not options.skip_conncheck: replica_conn_check( config.master_host_name, config.host_name, config.realm_name, - options.setup_ca, dogtag_master_ds_port, options.admin_password) + options.setup_ca, config.ca_ds_port, options.admin_password) # check replica host IP resolution @@ -666,7 +660,7 @@ def main(): if options.skip_schema_check: root_logger.info("Skipping CA DS schema check") else: - cainstance.replica_ca_install_check(config, dogtag_master_ds_port) + cainstance.replica_ca_install_check(config) # Configure ntpd if options.conf_ntp: @@ -678,7 +672,7 @@ def main(): ds = install_replica_ds(config) # Configure the CA if necessary - CA = cainstance.install_replica_ca(config, dogtag_master_ds_port) + CA = cainstance.install_replica_ca(config) # Always try to install DNS records install_dns_records(config, options) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 5e7cab8e0..733847c07 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1575,7 +1575,7 @@ class CAInstance(service.Service): return master == 'New' -def replica_ca_install_check(config, master_ds_port): +def replica_ca_install_check(config): if not config.setup_ca: return @@ -1584,8 +1584,6 @@ def replica_ca_install_check(config, master_ds_port): # Replica of old "self-signed" master - CA won't be installed return - master_ds_port = int(master_ds_port) - # Exit if we have an old-style (Dogtag 9) CA already installed ca = CAInstance(config.realm_name, certs.NSS_DIR, dogtag_constants=dogtag.Dogtag9Constants) @@ -1593,13 +1591,13 @@ def replica_ca_install_check(config, master_ds_port): root_logger.info('Dogtag 9 style CA instance found') sys.exit("A CA is already configured on this system.") - if master_ds_port != dogtag.Dogtag9Constants.DS_PORT: + if config.ca_ds_port != dogtag.Dogtag9Constants.DS_PORT: root_logger.debug( 'Installing CA Replica from master with a merged database') return # Check if the master has the necessary schema in its CA instance - ca_ldap_url = 'ldap://%s:%s' % (config.master_host_name, master_ds_port) + ca_ldap_url = 'ldap://%s:%s' % (config.master_host_name, config.ca_ds_port) objectclass = 'ipaObject' root_logger.debug('Checking if IPA schema is present in %s', ca_ldap_url) try: @@ -1628,7 +1626,7 @@ def replica_ca_install_check(config, master_ds_port): exit('IPA schema missing on master CA directory server') -def install_replica_ca(config, master_ds_port, postinstall=False): +def install_replica_ca(config, postinstall=False): """ Install a CA on a replica. @@ -1677,7 +1675,7 @@ def install_replica_ca(config, master_ds_port, postinstall=False): config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, - master_replication_port=master_ds_port, + master_replication_port=config.ca_ds_port, subject_base=config.subject_base) # Restart httpd since we changed it's config and added ipa-pki-proxy.conf diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 4cc33ac56..daf81e890 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -538,6 +538,22 @@ def read_replica_info(dir, rconfig): except NoOptionError: pass +def read_replica_info_dogtag_port(config_dir): + portfile = config_dir + "/dogtag_directory_port.txt" + default_port = dogtag.Dogtag9Constants.DS_PORT + if not ipautil.file_exists(portfile): + dogtag_master_ds_port = default_port + else: + with open(portfile) as fd: + try: + dogtag_master_ds_port = int(fd.read()) + except (ValueError, IOError), e: + root_logger.debug('Cannot parse dogtag DS port: %s', e) + root_logger.debug('Default to %d', default_port) + dogtag_master_ds_port = default_port + + return dogtag_master_ds_port + def check_server_configuration(): """ Check if IPA server is configured on the system. |