diff options
Diffstat (limited to 'ipaserver/install/drminstance.py')
-rw-r--r-- | ipaserver/install/drminstance.py | 76 |
1 files changed, 39 insertions, 37 deletions
diff --git a/ipaserver/install/drminstance.py b/ipaserver/install/drminstance.py index 6eab9d822..c4edd2cd4 100644 --- a/ipaserver/install/drminstance.py +++ b/ipaserver/install/drminstance.py @@ -41,6 +41,7 @@ from ipapython.ipa_log_manager import * # replicas with DRM configured IPA_DRM_RECORD = "ipa-drm" + class DRMInstance(DogtagInstance): """ We assume that the CA has already been installed, and we use the @@ -96,7 +97,7 @@ class DRMInstance(DogtagInstance): # Confirm that a Dogtag 10 CA instance already exists ca = cainstance.CAInstance( api.env.realm, certs.NSS_DIR, - dogtag_constants = dogtag.Dogtag10Constants) + dogtag_constants=dogtag.Dogtag10Constants) if not ca.is_installed(): raise RuntimeError( "DRM configuration failed. " @@ -168,7 +169,7 @@ class DRMInstance(DogtagInstance): config.set("KRA", "pki_admin_password", self.admin_password) config.set("KRA", "pki_admin_nickname", "ipa-ca-agent") config.set("KRA", "pki_admin_subject_dn", - str(DN(('cn', 'ipa-ca-agent'), self.subject_base))) + str(DN(('cn', 'ipa-ca-agent'), self.subject_base))) config.set("KRA", "pki_import_admin_cert", "True") config.set("KRA", "pki_admin_cert_file", "/root/.dogtag/pki-tomcat/ca_admin.cert") @@ -178,18 +179,19 @@ class DRMInstance(DogtagInstance): config.set("KRA", "pki_ds_ldap_port", str(self.ds_port)) config.set("KRA", "pki_ds_password", self.dm_password) config.set("KRA", "pki_ds_base_dn", self.basedn) - config.set("KRA", "pki_ds_database", "ipakra") + config.set("KRA", "pki_ds_database", "ipadrm") - # Certificate subject DN's + # Certificate subject DNs config.set("KRA", "pki_subsystem_subject_dn", - str(DN(('cn', 'CA Subsystem'), self.subject_base))) + str(DN(('cn', 'CA Subsystem'), self.subject_base))) config.set("KRA", "pki_ssl_server_subject_dn", - str(DN(('cn', self.fqdn), self.subject_base))) + str(DN(('cn', self.fqdn), self.subject_base))) config.set("KRA", "pki_audit_signing_subject_dn", - str(DN(('cn', 'DRM Audit'), self.subject_base))) + str(DN(('cn', 'DRM Audit'), self.subject_base))) config.set("KRA", "pki_transport_subject_dn", - str(DN(('cn', 'DRM Transport Certificate'), self.subject_base))) - config.set("KRA", "pki_storage_subject_dn", + str(DN(('cn', 'DRM Transport Certificate'), self.subject_base))) + config.set( + "KRA", "pki_storage_subject_dn", str(DN(('cn', 'DRM Storage Certificate'), self.subject_base))) # Certificate nicknames @@ -210,11 +212,11 @@ class DRMInstance(DogtagInstance): # Needed because CA and KRA share the same database # We will use the dbuser created for the CA config.set("KRA", "pki_share_db", "True") - config.set("KRA", "pki_share_dbuser_dn", - str(DN(('uid', 'pkidbuser'),('ou', 'people'),('o','ipaca')))) - + config.set( + "KRA", "pki_share_dbuser_dn", + str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca')))) - if (self.clone): + if self.clone: drmfile = self.pkcs12_info[0] shutil.copy(drmfile, "/tmp/drm.p12") pent = pwd.getpwnam(PKI_USER) @@ -233,12 +235,12 @@ class DRMInstance(DogtagInstance): config.set("KRA", "pki_clone_pkcs12_password", self.dm_password) config.set("KRA", "pki_clone_replication_security", "TLS") config.set("KRA", "pki_clone_replication_master_port", - str(self.master_replication_port)) + str(self.master_replication_port)) config.set("KRA", "pki_clone_replication_clone_port", - dogtag.install_constants.DS_PORT) + dogtag.install_constants.DS_PORT) config.set("KRA", "pki_clone_replicate_schema", "False") config.set("KRA", "pki_clone_uri", - "https://%s" % ipautil.format_netloc(self.master_host, 443)) + "https://%s" % ipautil.format_netloc(self.master_host, 443)) # Generate configuration file with open(cfg_file, "wb") as f: @@ -254,7 +256,8 @@ class DRMInstance(DogtagInstance): root_logger.debug("completed creating DRM instance") - def update_cert_config(self, nickname, cert, dogtag_constants=None): + @staticmethod + def update_cert_config(nickname, cert, dogtag_constants=None): """ When renewing a DRM subsystem certificate the configuration file needs to get the new certificate as well. @@ -274,8 +277,8 @@ class DRMInstance(DogtagInstance): 'subsystemCert cert-pki-drm': 'kra.subsystem.cert', 'Server-Cert cert-pki-ca': 'kra.sslserver.cert'} - DogtagInstance.update_cert_config( - self, nickname, cert, directives, + DogtagInstance.update_cert_cs_cfg( + nickname, cert, directives, dogtag.configured_constants().DRM_CS_CFG_PATH, dogtag_constants) @@ -299,38 +302,37 @@ def install_replica_drm(config, postinstall=False): if not ipautil.file_exists(drmfile): raise RuntimeError( - "Unable to clone DRM." - " cacert.p12 file not found in replica file") - - drm = DRMInstance(config.realm_name, - dogtag_constants=dogtag.install_constants) - drm.dm_password = config.dirman_password - drm.subject_base = config.subject_base - if drm.is_installed(): + "Unable to clone DRM." + " cacert.p12 file not found in replica file") + + _drm = DRMInstance(config.realm_name, + dogtag_constants=dogtag.install_constants) + _drm.dm_password = config.dirman_password + _drm.subject_base = config.subject_base + if _drm.is_installed(): sys.exit("A DRM is already configured on this system.") - drm.configure_instance(config.host_name, config.domain_name, - config.dirman_password, config.dirman_password, - pkcs12_info=(drmfile,), - master_host=config.master_host_name, - master_replication_port=config.ca_ds_port, - subject_base=config.subject_base) + _drm.configure_instance(config.host_name, config.domain_name, + config.dirman_password, config.dirman_password, + pkcs12_info=(drmfile,), + master_host=config.master_host_name, + master_replication_port=config.ca_ds_port, + subject_base=config.subject_base) # Restart httpd since we changed it's config and added ipa-pki-proxy.conf if postinstall: ipaservices.knownservices.httpd.restart() - # The dogtag DS instance needs to be restarted after installation. # The procedure for this is: stop dogtag, stop DS, start DS, start # dogtag service.print_msg("Restarting the directory and DRM servers") - drm.stop(dogtag.install_constants.PKI_INSTANCE_NAME) + _drm.stop(dogtag.install_constants.PKI_INSTANCE_NAME) ipaservices.knownservices.dirsrv.restart() - drm.start(dogtag.install_constants.PKI_INSTANCE_NAME) + _drm.start(dogtag.install_constants.PKI_INSTANCE_NAME) - return drm + return _drm if __name__ == "__main__": standard_logging_setup("install.log") |