diff options
Diffstat (limited to 'install/tools/ipa-server-install')
| -rwxr-xr-x | install/tools/ipa-server-install | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 34393b7df..46e5f180a 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -3,7 +3,7 @@ # Simo Sorce <ssorce@redhat.com> # Rob Crittenden <rcritten@redhat.com> # -# Copyright (C) 2007-2010 Red Hat +# Copyright (C) 2007-2014 Red Hat # see file 'COPYING' for use and warranty information # # This program is free software; you can redistribute it and/or modify @@ -53,6 +53,7 @@ from ipaserver.install import httpinstance from ipaserver.install import ntpinstance from ipaserver.install import certs from ipaserver.install import cainstance +from ipaserver.install import drminstance from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install import sysupgrade @@ -492,11 +493,19 @@ def uninstall(): dogtag_constants=dogtag_constants) if cads_instance.is_configured(): cads_instance.uninstall() - cainstance.stop_tracking_certificates(dogtag_constants) + + drm_instance = drminstance.DRMInstance( + api.env.realm, dogtag_constants=dogtag_constants) + drm_instance.stop_tracking_certificates(dogtag_constants) + if drm_instance.is_installed(): + drm_instance.uninstall() + ca_instance = cainstance.CAInstance( api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants) + ca_instance.stop_tracking_certificates(dogtag_constants) if ca_instance.is_configured(): ca_instance.uninstall() + bindinstance.BindInstance(fstore).uninstall() httpinstance.HTTPInstance(fstore).uninstall() krbinstance.KrbInstance(fstore).uninstall() @@ -754,6 +763,7 @@ def main(): setup_ca = False else: setup_ca = True + setup_drm = True # Figure out what external CA step we're in. See cainstance.py for more # info on the 3 states. @@ -770,6 +780,8 @@ def main(): print "This includes:" if setup_ca: print " * Configure a stand-alone CA (dogtag) for certificate management" + if setup_drm: + print " * Configure a stand-alone DRM (dogtag) for key storage" if options.conf_ntp: print " * Configure the Network Time Daemon (ntpd)" print " * Create and configure an instance of Directory Server" @@ -1016,6 +1028,7 @@ def main(): else: fd.write("enable_ra=False\n") fd.write("ra_plugin=none\n") + fd.write("enable_drm=%s\n" % setup_drm) fd.write("mode=production\n") fd.close() @@ -1117,7 +1130,7 @@ def main(): ipautil.realm_to_suffix(realm_name), ['caRenewalMaster']) # This is done within stopped_service context, which restarts CA - ca.enable_client_auth_to_db() + ca.enable_client_auth_to_db(ca.dogtag_constants.CS_CFG_PATH) krb = krbinstance.KrbInstance(fstore) if options.pkinit_pkcs12: @@ -1194,6 +1207,17 @@ def main(): service.print_msg("Restarting the web server") http.restart() + if setup_drm: + # code to create drm here + drm = drminstance.DRMInstance(realm_name, + dogtag_constants=dogtag.install_constants) + drm.configure_instance(host_name, domain_name, dm_password, + dm_password, subject_base=options.subject) + + # This is done within stopped_service context, which restarts DRM + ds.restart() + drm.enable_client_auth_to_db(drm.dogtag_constants.DRM_CS_CFG_PATH) + # Set the admin user kerberos password ds.change_admin_password(admin_password) @@ -1246,9 +1270,10 @@ def main(): print "" if setup_ca: - print "Be sure to back up the CA certificate stored in /root/cacert.p12" - print "This file is required to create replicas. The password for this" - print "file is the Directory Manager password" + print "Be sure to back up the CA certificates stored in /root/cacert.p12" + print "and the DRM certificates stored in /root/drmcert.p12" + print "These files are required to create replicas. The password for these" + print "files is the Directory Manager password" else: print "In order for Firefox autoconfiguration to work you will need to" print "use a SSL signing certificate. See the IPA documentation for more details." |