diff options
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/dogtaginstance.py | 29 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 36 |
2 files changed, 65 insertions, 0 deletions
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py index 66a76c75d..89e4ad4e6 100644 --- a/ipaserver/install/dogtaginstance.py +++ b/ipaserver/install/dogtaginstance.py @@ -23,6 +23,9 @@ import shutil import tempfile import traceback +from pki.client import PKIConnection +import pki.system + from ipapython import certmonger from ipapython import dogtag from ipapython import ipaldap @@ -58,6 +61,32 @@ def check_inst(subsystem): return True +def get_security_domain(): + """ + Get the security domain from the REST interface on the local Dogtag CA + This function will succeed if the local dogtag CA is up. + """ + connection = PKIConnection() + domain_client = pki.system.SecurityDomainClient(connection) + info = domain_client.get_security_domain_info() + return info + + +def is_installing_replica(sys_type): + """ + We expect only one of each type of Dogtag subsystem in an IPA deployment. + That means that if a subsystem of the specified type has already been deployed - + and therefore appears in the security domain - then we must be installing + a replica. + """ + info = get_security_domain() + try: + sys_list = info.systems[sys_type] + return len(sys_list) > 0 + except KeyError: + return False + + class DogtagInstance(service.Service): """ This is the base class for a Dogtag 10+ instance, which uses a diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index e2d785881..675050ce4 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -42,6 +42,7 @@ from ipapython import config from ipalib import errors from ipaserver.install import certs from ipapython import services as ipaservices +from ipapython import version # Used to determine install status IPA_MODULES = [ @@ -570,6 +571,41 @@ def read_replica_info_drm_enabled(config_dir): return enable_drm +def create_replica_config(dirman_password, filename, options): + try: + top_dir, dir = expand_replica_info(filename, dirman_password) + global REPLICA_INFO_TOP_DIR + REPLICA_INFO_TOP_DIR = top_dir + except Exception, e: + print "ERROR: Failed to decrypt or open the replica file." + print "Verify you entered the correct Directory Manager password." + sys.exit(1) + config = ReplicaConfig() + read_replica_info(dir, config) + root_logger.debug('Installing replica file with version %d (0 means no version in prepared file).' % config.version) + if config.version and config.version > version.NUM_VERSION: + root_logger.error('A replica file from a newer release (%d) cannot be installed on an older version (%d)' % ( + config.version, version.NUM_VERSION)) + sys.exit(1) + config.dirman_password = dirman_password + try: + host = get_host_name(options.no_host_dns) + except BadHostError, e: + root_logger.error(str(e)) + sys.exit(1) + if config.host_name != host: + try: + print "This replica was created for '%s' but this machine is named '%s'" % (config.host_name, host) + if not ipautil.user_input("This may cause problems. Continue?", False): + sys.exit(0) + config.host_name = host + print "" + except KeyboardInterrupt: + sys.exit(0) + config.dir = dir + config.ca_ds_port = read_replica_info_dogtag_port(config.dir) + return config + def check_server_configuration(): """ Check if IPA server is configured on the system. |