1 files changed, 26 insertions, 5 deletions

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index f5e7197b5..192dc0d42 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -38,9 +38,10 @@ from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info,
         read_replica_info, get_host_name, BadHostError, private_ccache,
-        read_replica_info_dogtag_port)
+        read_replica_info_dogtag_port, read_replica_info_drm_enabled)
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
+from ipaserver.install import drminstance
 from ipalib import api, errors, util
 from ipalib.constants import CACERT
 from ipapython import version
@@ -63,6 +64,8 @@ def parse_options():
     basic_group = OptionGroup(parser, "basic options")
     basic_group.add_option("--setup-ca", dest="setup_ca", action="store_true",
                       default=False, help="configure a dogtag CA")
+    basic_group.add_option("--setup-drm", dest="setup_drm", action="store_true",
+                      default=False, help="configure a dogtag DRM")
     basic_group.add_option("--ip-address", dest="ip_address",
                       type="ip", ip_local=True,
                       help="Replica server IP Address")
@@ -540,6 +543,15 @@ def main():
         print 'CA cannot be installed in CA-less setup.'
         sys.exit(1)
 
+    config.setup_drm = options.setup_drm
+    if config.setup_drm:
+        if not config.setup_ca:
+            print "CA must be installed with the KRA"
+            sys.exit(1)
+        if not read_replica_info_drm_enabled(config.dir):
+            print "DRM is not installed on the master system"
+            sys.exit(1)
+
     installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
 
     # check connection
@@ -573,6 +585,10 @@ def main():
         else:
             fd.write("enable_ra=False\n")
             fd.write("ra_plugin=none\n")
+        if config.setup_drm:
+            fd.write("enable_drm=True\n")
+        else:
+            fd.write("enable_drm=False\n")
         fd.write("mode=production\n")
         fd.close()
     finally:
@@ -683,7 +699,7 @@ def main():
                        ipautil.realm_to_suffix(config.realm_name))
 
         # This is done within stopped_service context, which restarts CA
-        CA.enable_client_auth_to_db()
+        CA.enable_client_auth_to_db(CA.dogtag_constants.CS_CFG_PATH)
 
     krb = install_krb(config, setup_pkinit=options.setup_pkinit)
     http = install_http(config, auto_redirect=options.ui_redirect)
@@ -706,9 +722,14 @@ def main():
     service.print_msg("Applying LDAP updates")
     ds.apply_updates()
 
-    # Restart ds and krb after configurations have been changed
-    service.print_msg("Restarting the directory server")
-    ds.restart()
+    if options.setup_drm:
+        drm = drminstance.install_replica_drm(config)
+        service.print_msg("Restarting the directory server")
+        ds.restart()
+        drm.enable_client_auth_to_db(drm.dogtag_constants.DRM_CS_CFG_PATH)
+    else:
+        service.print_msg("Restarting the directory server")
+        ds.restart()
 
     service.print_msg("Restarting the KDC")
     krb.restart()