1 files changed, 39 insertions, 37 deletions

diff --git a/ipaserver/install/drminstance.py b/ipaserver/install/drminstance.py
index 6eab9d822..c4edd2cd4 100644
--- a/ipaserver/install/drminstance.py
+++ b/ipaserver/install/drminstance.py
@@ -41,6 +41,7 @@ from ipapython.ipa_log_manager import *
 # replicas with DRM configured
 IPA_DRM_RECORD = "ipa-drm"
 
+
 class DRMInstance(DogtagInstance):
     """
     We assume that the CA has already been installed, and we use the
@@ -96,7 +97,7 @@ class DRMInstance(DogtagInstance):
         # Confirm that a Dogtag 10 CA instance already exists
         ca = cainstance.CAInstance(
             api.env.realm, certs.NSS_DIR,
-            dogtag_constants = dogtag.Dogtag10Constants)
+            dogtag_constants=dogtag.Dogtag10Constants)
         if not ca.is_installed():
             raise RuntimeError(
                 "DRM configuration failed.  "
@@ -168,7 +169,7 @@ class DRMInstance(DogtagInstance):
         config.set("KRA", "pki_admin_password", self.admin_password)
         config.set("KRA", "pki_admin_nickname", "ipa-ca-agent")
         config.set("KRA", "pki_admin_subject_dn",
-            str(DN(('cn', 'ipa-ca-agent'), self.subject_base)))
+                   str(DN(('cn', 'ipa-ca-agent'), self.subject_base)))
         config.set("KRA", "pki_import_admin_cert", "True")
         config.set("KRA", "pki_admin_cert_file",
                    "/root/.dogtag/pki-tomcat/ca_admin.cert")
@@ -178,18 +179,19 @@ class DRMInstance(DogtagInstance):
         config.set("KRA", "pki_ds_ldap_port", str(self.ds_port))
         config.set("KRA", "pki_ds_password", self.dm_password)
         config.set("KRA", "pki_ds_base_dn", self.basedn)
-        config.set("KRA", "pki_ds_database", "ipakra")
+        config.set("KRA", "pki_ds_database", "ipadrm")
 
-        # Certificate subject DN's
+        # Certificate subject DNs
         config.set("KRA", "pki_subsystem_subject_dn",
-            str(DN(('cn', 'CA Subsystem'), self.subject_base)))
+                   str(DN(('cn', 'CA Subsystem'), self.subject_base)))
         config.set("KRA", "pki_ssl_server_subject_dn",
-            str(DN(('cn', self.fqdn), self.subject_base)))
+                   str(DN(('cn', self.fqdn), self.subject_base)))
         config.set("KRA", "pki_audit_signing_subject_dn",
-            str(DN(('cn', 'DRM Audit'), self.subject_base)))
+                   str(DN(('cn', 'DRM Audit'), self.subject_base)))
         config.set("KRA", "pki_transport_subject_dn",
-            str(DN(('cn', 'DRM Transport Certificate'), self.subject_base)))
-        config.set("KRA", "pki_storage_subject_dn",
+                   str(DN(('cn', 'DRM Transport Certificate'), self.subject_base)))
+        config.set(
+            "KRA", "pki_storage_subject_dn",
             str(DN(('cn', 'DRM Storage Certificate'), self.subject_base)))
 
         # Certificate nicknames
@@ -210,11 +212,11 @@ class DRMInstance(DogtagInstance):
         # Needed because CA and KRA share the same database
         # We will use the dbuser created for the CA
         config.set("KRA", "pki_share_db", "True")
-        config.set("KRA", "pki_share_dbuser_dn",
-            str(DN(('uid', 'pkidbuser'),('ou', 'people'),('o','ipaca'))))
-
+        config.set(
+            "KRA", "pki_share_dbuser_dn",
+            str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))
 
-        if (self.clone):
+        if self.clone:
             drmfile = self.pkcs12_info[0]
             shutil.copy(drmfile, "/tmp/drm.p12")
             pent = pwd.getpwnam(PKI_USER)
@@ -233,12 +235,12 @@ class DRMInstance(DogtagInstance):
             config.set("KRA", "pki_clone_pkcs12_password", self.dm_password)
             config.set("KRA", "pki_clone_replication_security", "TLS")
             config.set("KRA", "pki_clone_replication_master_port",
-                    str(self.master_replication_port))
+                       str(self.master_replication_port))
             config.set("KRA", "pki_clone_replication_clone_port",
-                    dogtag.install_constants.DS_PORT)
+                       dogtag.install_constants.DS_PORT)
             config.set("KRA", "pki_clone_replicate_schema", "False")
             config.set("KRA", "pki_clone_uri",
-                    "https://%s" % ipautil.format_netloc(self.master_host, 443))
+                       "https://%s" % ipautil.format_netloc(self.master_host, 443))
 
         # Generate configuration file
         with open(cfg_file, "wb") as f:
@@ -254,7 +256,8 @@ class DRMInstance(DogtagInstance):
 
         root_logger.debug("completed creating DRM instance")
 
-    def update_cert_config(self, nickname, cert, dogtag_constants=None):
+    @staticmethod
+    def update_cert_config(nickname, cert, dogtag_constants=None):
         """
         When renewing a DRM subsystem certificate the configuration file
         needs to get the new certificate as well.
@@ -274,8 +277,8 @@ class DRMInstance(DogtagInstance):
             'subsystemCert cert-pki-drm': 'kra.subsystem.cert',
             'Server-Cert cert-pki-ca': 'kra.sslserver.cert'}
 
-        DogtagInstance.update_cert_config(
-            self, nickname, cert, directives,
+        DogtagInstance.update_cert_cs_cfg(
+            nickname, cert, directives,
             dogtag.configured_constants().DRM_CS_CFG_PATH,
             dogtag_constants)
 
@@ -299,38 +302,37 @@ def install_replica_drm(config, postinstall=False):
 
     if not ipautil.file_exists(drmfile):
         raise RuntimeError(
-                "Unable to clone DRM."
-                "  cacert.p12 file not found in replica file")
-
-    drm = DRMInstance(config.realm_name,
-        dogtag_constants=dogtag.install_constants)
-    drm.dm_password = config.dirman_password
-    drm.subject_base = config.subject_base
-    if drm.is_installed():
+            "Unable to clone DRM."
+            "  cacert.p12 file not found in replica file")
+
+    _drm = DRMInstance(config.realm_name,
+                       dogtag_constants=dogtag.install_constants)
+    _drm.dm_password = config.dirman_password
+    _drm.subject_base = config.subject_base
+    if _drm.is_installed():
         sys.exit("A DRM is already configured on this system.")
 
-    drm.configure_instance(config.host_name, config.domain_name,
-                          config.dirman_password, config.dirman_password,
-                          pkcs12_info=(drmfile,),
-                          master_host=config.master_host_name,
-                          master_replication_port=config.ca_ds_port,
-                          subject_base=config.subject_base)
+    _drm.configure_instance(config.host_name, config.domain_name,
+                            config.dirman_password, config.dirman_password,
+                            pkcs12_info=(drmfile,),
+                            master_host=config.master_host_name,
+                            master_replication_port=config.ca_ds_port,
+                            subject_base=config.subject_base)
 
     # Restart httpd since we changed it's config and added ipa-pki-proxy.conf
     if postinstall:
         ipaservices.knownservices.httpd.restart()
 
-
     # The dogtag DS instance needs to be restarted after installation.
     # The procedure for this is: stop dogtag, stop DS, start DS, start
     # dogtag
 
     service.print_msg("Restarting the directory and DRM servers")
-    drm.stop(dogtag.install_constants.PKI_INSTANCE_NAME)
+    _drm.stop(dogtag.install_constants.PKI_INSTANCE_NAME)
     ipaservices.knownservices.dirsrv.restart()
-    drm.start(dogtag.install_constants.PKI_INSTANCE_NAME)
+    _drm.start(dogtag.install_constants.PKI_INSTANCE_NAME)
 
-    return drm
+    return _drm
 
 if __name__ == "__main__":
     standard_logging_setup("install.log")