diff options
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index f5e7197b5..192dc0d42 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -38,9 +38,10 @@ from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info, read_replica_info, get_host_name, BadHostError, private_ccache, - read_replica_info_dogtag_port) + read_replica_info_dogtag_port, read_replica_info_drm_enabled) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance +from ipaserver.install import drminstance from ipalib import api, errors, util from ipalib.constants import CACERT from ipapython import version @@ -63,6 +64,8 @@ def parse_options(): basic_group = OptionGroup(parser, "basic options") basic_group.add_option("--setup-ca", dest="setup_ca", action="store_true", default=False, help="configure a dogtag CA") + basic_group.add_option("--setup-drm", dest="setup_drm", action="store_true", + default=False, help="configure a dogtag DRM") basic_group.add_option("--ip-address", dest="ip_address", type="ip", ip_local=True, help="Replica server IP Address") @@ -540,6 +543,15 @@ def main(): print 'CA cannot be installed in CA-less setup.' sys.exit(1) + config.setup_drm = options.setup_drm + if config.setup_drm: + if not config.setup_ca: + print "CA must be installed with the KRA" + sys.exit(1) + if not read_replica_info_drm_enabled(config.dir): + print "DRM is not installed on the master system" + sys.exit(1) + installutils.verify_fqdn(config.master_host_name, options.no_host_dns) # check connection @@ -573,6 +585,10 @@ def main(): else: fd.write("enable_ra=False\n") fd.write("ra_plugin=none\n") + if config.setup_drm: + fd.write("enable_drm=True\n") + else: + fd.write("enable_drm=False\n") fd.write("mode=production\n") fd.close() finally: @@ -683,7 +699,7 @@ def main(): ipautil.realm_to_suffix(config.realm_name)) # This is done within stopped_service context, which restarts CA - CA.enable_client_auth_to_db() + CA.enable_client_auth_to_db(CA.dogtag_constants.CS_CFG_PATH) krb = install_krb(config, setup_pkinit=options.setup_pkinit) http = install_http(config, auto_redirect=options.ui_redirect) @@ -706,9 +722,14 @@ def main(): service.print_msg("Applying LDAP updates") ds.apply_updates() - # Restart ds and krb after configurations have been changed - service.print_msg("Restarting the directory server") - ds.restart() + if options.setup_drm: + drm = drminstance.install_replica_drm(config) + service.print_msg("Restarting the directory server") + ds.restart() + drm.enable_client_auth_to_db(drm.dogtag_constants.DRM_CS_CFG_PATH) + else: + service.print_msg("Restarting the directory server") + ds.restart() service.print_msg("Restarting the KDC") krb.restart() |