summaryrefslogtreecommitdiffstats
path: root/install/tools/ipa-upgradeconfig
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools/ipa-upgradeconfig')
-rw-r--r--install/tools/ipa-upgradeconfig67
1 files changed, 3 insertions, 64 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 5f751becb..b45b3179a 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -40,9 +40,10 @@ from ipapython.config import IPAOptionParser
from ipapython.ipa_log_manager import *
from ipapython import certmonger
from ipapython import dogtag
-from ipaserver.install import installutils
+
from ipaserver.install import dsinstance
from ipaserver.install import httpinstance
+from ipaserver.install import installutils
from ipaserver.install import memcacheinstance
from ipaserver.install import bindinstance
from ipaserver.install import service
@@ -51,7 +52,6 @@ from ipaserver.install import certs
from ipaserver.install import otpdinstance
from ipaserver.install import sysupgrade
-
def parse_options():
parser = IPAOptionParser(version=version.VERSION)
parser.add_option("-d", "--debug", dest="debug", action="store_true",
@@ -824,66 +824,7 @@ def find_subject_base():
3) Last resort, look in the certmap.conf itself
4) If all fails, log loudly and return None
"""
- root_logger.debug('Trying to find certificate subject base in sysupgrade')
- subject_base = sysupgrade.get_upgrade_state('certmap.conf', 'subject_base')
-
- if subject_base:
- root_logger.debug(
- 'Found certificate subject base in sysupgrade: %s',
- subject_base
- )
- return subject_base
-
- root_logger.debug('Unable to find certificate subject base in sysupgrade')
- root_logger.debug('Trying to find certificate subject base in DS')
-
- ds_is_running = services.knownservices.dirsrv.is_running()
- if not ds_is_running:
- try:
- services.knownservices.dirsrv.start()
- except ipautil.CalledProcessError as e:
- root_logger.error('Cannot start DS to find certificate '
- 'subject base: %s', e)
- else:
- ds_is_running = True
-
- if ds_is_running:
- try:
- api.Backend.ldap2.connect(autobind=True)
- except ipalib.errors.PublicError, e:
- root_logger.error('Cannot connect to DS to find certificate '
- 'subject base: %s', e)
- else:
- ret = api.Command['config_show']()
- api.Backend.ldap2.disconnect()
- subject_base = str(ret['result']['ipacertificatesubjectbase'][0])
- root_logger.debug(
- 'Found certificate subject base in DS: %s',
- subject_base
- )
-
- if not subject_base:
- root_logger.debug('Unable to find certificate subject base in DS')
- root_logger.debug('Trying to find certificate subject base in '
- 'certmap.conf')
-
- certmap_dir = dsinstance.config_dirname(
- dsinstance.realm_to_serverid(api.env.realm)
- )
- try:
- with open(os.path.join(certmap_dir, 'certmap.conf')) as f:
- for line in f:
- if line.startswith('certmap ipaca'):
- subject_base = line.strip().split(',')[-1]
- root_logger.debug(
- 'Found certificate subject base in certmap.conf: '
- '%s',
- subject_base
- )
-
- except IOError as e:
- root_logger.error('Cannot open certmap.conf to find certificate '
- 'subject base: %s', e.strerror)
+ subject_base = dsinstance.DsInstance().find_subject_base()
if subject_base:
sysupgrade.set_upgrade_state(
@@ -893,8 +834,6 @@ def find_subject_base():
)
return subject_base
- root_logger.debug('Unable to find certificate subject base in '
- 'certmap.conf')
root_logger.error('Unable to determine certificate subject base. '
'certmap.conf will not be updated.')
generated by cgit (git 2.34.1) at 2024-05-03 05:30:54 +0000