From aa849989e2c4ecf25e597aac94bddfa143059947 Mon Sep 17 00:00:00 2001
From: Ade Lee <alee@redhat.com>
Date: Tue, 27 May 2014 14:42:15 -0400
Subject: Formatting fixes and change in security domain api

Re-added function for rebase.
---
 install/tools/ipa-drm-install       | 25 +++++++++++++++----------
 ipaserver/install/dogtaginstance.py | 19 +++++++++++--------
 ipaserver/install/drminstance.py    | 16 ++++++++++------
 ipaserver/install/installutils.py   | 21 ++++++++++++++++++++-
 4 files changed, 56 insertions(+), 25 deletions(-)

diff --git a/install/tools/ipa-drm-install b/install/tools/ipa-drm-install
index b4b308d60..55f0cfc6e 100644
--- a/install/tools/ipa-drm-install
+++ b/install/tools/ipa-drm-install
@@ -58,7 +58,8 @@ def uninstall(realm_name):
         root_logger.error(
             "Some certificates may still be tracked by certmonger.\n"
             "This will cause re-installation to fail.\n"
-            "Start the certmonger service and list the certificates being tracked\n"
+            "Start the certmonger service and list the certificates "
+            "being tracked\n"
             "# getcert list\nThese may be untracked by executing\n"
             "# getcert stop-tracking -i <request_id>\n"
             "for each id in: %s"
@@ -72,16 +73,18 @@ def parse_options():
                       default=False, help="gather extra debugging information")
     parser.add_option("-p", "--password", dest="password", sensitive=True,
                       help="Directory Manager (existing master) password")
-    parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
-                      default=False,
-                      help="Do not use DNS for hostname lookup during installation")
+    parser.add_option(
+        "--no-host-dns", dest="no_host_dns", action="store_true",
+        default=False,
+        help="Do not use DNS for hostname lookup during installation")
     parser.add_option("-U", "--unattended", dest="unattended",
                       action="store_true", default=False,
                       help="unattended installation never prompts the user")
-    parser.add_option("", "--uninstall", dest="uninstall",
-                      action="store_true", default=False,
-                      help="uninstall an existing installation. The uninstall can "
-                           "be run with --unattended option")
+    parser.add_option(
+        "", "--uninstall", dest="uninstall",
+        action="store_true", default=False,
+        help="uninstall an existing installation. The uninstall can "
+            "be run with --unattended option")
 
     options, args = parser.parse_args()
     safe_options = parser.get_safe_opts(options)
@@ -177,7 +180,7 @@ def main():
     api.bootstrap(**cfg)
     api.finalize()
 
-    print "=============================================================================="
+    print "==================================================================="
     print "This program will setup Dogtag DRM for the FreeIPA Server."
     print ""
 
@@ -189,7 +192,9 @@ def main():
         drm.configure_instance(host_name, domain_name, dm_password,
                                dm_password, subject_base=subject)
     else:
-        replica_config = create_replica_config(dm_password, replica_file, options)
+        replica_config = create_replica_config(dm_password,
+                                               replica_file,
+                                               options)
 
         if not read_replica_info_drm_enabled(replica_config.dir):
             sys.exit("Either DRM is not installed on the master system or "
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 89e4ad4e6..64683f4f8 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -75,14 +75,14 @@ def get_security_domain():
 def is_installing_replica(sys_type):
     """
     We expect only one of each type of Dogtag subsystem in an IPA deployment.
-    That means that if a subsystem of the specified type has already been deployed -
-    and therefore appears in the security domain - then we must be installing
-    a replica.
+    That means that if a subsystem of the specified type has already been
+    deployed - and therefore appears in the security domain - then we must be
+    installing a replica.
     """
     info = get_security_domain()
     try:
         sys_list = info.systems[sys_type]
-        return len(sys_list) > 0
+        return len(sys_list.hosts) > 0
     except KeyError:
         return False
 
@@ -212,8 +212,9 @@ class DogtagInstance(service.Service):
         Path to CS.cfg config file passed in.
         """
 
-        with stopped_service(self.dogtag_constants.SERVICE_NAME,
-                             instance_name=self.dogtag_constants.PKI_INSTANCE_NAME):
+        with stopped_service(
+                self.dogtag_constants.SERVICE_NAME,
+                instance_name=self.dogtag_constants.PKI_INSTANCE_NAME):
             installutils.set_directive(
                 config,
                 'authz.instance.DirAclAuthz.ldap.ldapauth.authtype',
@@ -378,7 +379,9 @@ class DogtagInstance(service.Service):
 
         try:
             conn = ipaldap.IPAdmin(self.fqdn, self.ds_port)
-            conn.do_simple_bind(DN(('cn', 'Directory Manager')), self.dm_password)
+            conn.do_simple_bind(
+                DN(('cn', 'Directory Manager')),
+                self.dm_password)
 
             entry_attrs = conn.get_entry(self.admin_user, ['usercertificate'])
             admin_cert = entry_attrs.get('usercertificate')[0]
@@ -386,4 +389,4 @@ class DogtagInstance(service.Service):
             if conn is not None:
                 conn.unbind()
 
-        return base64.b64encode(admin_cert)
\ No newline at end of file
+        return base64.b64encode(admin_cert)
diff --git a/ipaserver/install/drminstance.py b/ipaserver/install/drminstance.py
index de98276e8..536e468df 100644
--- a/ipaserver/install/drminstance.py
+++ b/ipaserver/install/drminstance.py
@@ -106,7 +106,8 @@ class DRMInstance(DogtagInstance):
 
         self.step("configuring DRM instance", self.__spawn_instance)
         if not self.clone:
-            self.step("add RA user to DRM agent group", self.__add_ra_user_to_agent_group)
+            self.step("add RA user to DRM agent group",
+                      self.__add_ra_user_to_agent_group)
         self.step("restarting DRM", self.restart_instance)
         self.step("configure certificate renewals", self.configure_renewal)
         self.step("Configure HTTP to proxy connections",
@@ -180,8 +181,9 @@ class DRMInstance(DogtagInstance):
                    str(DN(('cn', self.fqdn), self.subject_base)))
         config.set("KRA", "pki_audit_signing_subject_dn",
                    str(DN(('cn', 'DRM Audit'), self.subject_base)))
-        config.set("KRA", "pki_transport_subject_dn",
-                   str(DN(('cn', 'DRM Transport Certificate'), self.subject_base)))
+        config.set(
+            "KRA", "pki_transport_subject_dn",
+            str(DN(('cn', 'DRM Transport Certificate'), self.subject_base)))
         config.set(
             "KRA", "pki_storage_subject_dn",
             str(DN(('cn', 'DRM Storage Certificate'), self.subject_base)))
@@ -236,8 +238,9 @@ class DRMInstance(DogtagInstance):
             config.set("KRA", "pki_clone_replication_clone_port",
                        dogtag.install_constants.DS_PORT)
             config.set("KRA", "pki_clone_replicate_schema", "False")
-            config.set("KRA", "pki_clone_uri",
-                       "https://%s" % ipautil.format_netloc(self.master_host, 443))
+            config.set(
+                "KRA", "pki_clone_uri",
+                "https://%s" % ipautil.format_netloc(self.master_host, 443))
 
         # Generate configuration file
         with open(cfg_file, "wb") as f:
@@ -261,7 +264,8 @@ class DRMInstance(DogtagInstance):
         conn.do_simple_bind(DN(('cn', 'Directory Manager')), self.dm_password)
 
         entry_dn = DN(('uid', "ipara"), ('ou', 'People'), ('o', 'ipaca'))
-        dn = DN(('cn', 'Data Recovery Manager Agents'), ('ou', 'groups'), self.basedn)
+        dn = DN(('cn', 'Data Recovery Manager Agents'), ('ou', 'groups'),
+                self.basedn)
         modlist = [(0, 'uniqueMember', '%s' % entry_dn)]
         conn.modify_s(dn, modlist)
 
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 675050ce4..315848f2e 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -40,7 +40,7 @@ from ipapython.ipa_log_manager import *
 from ipalib.util import validate_hostname
 from ipapython import config
 from ipalib import errors
-from ipaserver.install import certs
+from ipaserver.install import certs, service
 from ipapython import services as ipaservices
 from ipapython import version
 
@@ -898,3 +898,22 @@ def stopped_service(service, instance_name=""):
         finally:
             root_logger.debug('Starting %s%s.', service, log_instance_name)
             ipaservices.knownservices[service].start(instance_name)
+
+
+def check_entropy():
+    '''
+    Checks if the system has enough entropy, if not, displays warning message
+    '''
+    try:
+        with open('/proc/sys/kernel/random/entropy_avail', 'r') as efname:
+            if int(efname.read()) < 200:
+                emsg = 'WARNING: Your system is running out of entropy, ' \
+                        'you may experience long delays'
+                service.print_msg(emsg)
+                root_logger.debug(emsg)
+    except IOError as e:
+        root_logger.debug(
+            "Could not open /proc/sys/kernel/random/entropy_avail: %s" % e)
+    except ValueError as e:
+        root_logger.debug(
+            "Invalid value in /proc/sys/kernel/random/entropy_avail %s" % e)
-- 
cgit