2015-05-15 12:02:22 -05:00
|
|
|
#
|
|
|
|
|
# Copyright (C) 2015 FreeIPA Contributors see COPYING for license
|
|
|
|
|
#
|
|
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
from ipalib import api, errors
|
2015-05-15 12:02:22 -05:00
|
|
|
from ipapython import dogtag
|
2015-06-10 03:50:42 -05:00
|
|
|
from ipapython.dn import DN
|
2015-05-15 12:02:22 -05:00
|
|
|
from ipaserver.install import cainstance
|
|
|
|
|
from ipaserver.install import krainstance
|
|
|
|
|
from ipaserver.install import dsinstance
|
|
|
|
|
from ipaserver.install import service
|
|
|
|
|
|
|
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
def install_check(api, replica_config, options):
|
|
|
|
|
dogtag_constants = dogtag.configured_constants(api=api)
|
|
|
|
|
kra = krainstance.KRAInstance(api.env.realm,
|
|
|
|
|
dogtag_constants=dogtag_constants)
|
|
|
|
|
if kra.is_installed():
|
2015-05-15 12:02:22 -05:00
|
|
|
raise RuntimeError("KRA is already installed.")
|
|
|
|
|
|
|
|
|
|
if not options.setup_ca:
|
|
|
|
|
if cainstance.is_ca_installed_locally():
|
2015-06-10 03:50:42 -05:00
|
|
|
if api.env.dogtag_version >= 10:
|
2015-05-15 12:02:22 -05:00
|
|
|
# correct dogtag version of CA installed
|
|
|
|
|
pass
|
|
|
|
|
else:
|
|
|
|
|
raise RuntimeError(
|
|
|
|
|
"Dogtag must be version 10.2 or above to install KRA")
|
|
|
|
|
else:
|
|
|
|
|
raise RuntimeError(
|
|
|
|
|
"Dogtag CA is not installed. Please install the CA first")
|
|
|
|
|
|
|
|
|
|
if replica_config is not None:
|
2015-06-10 03:50:42 -05:00
|
|
|
if not api.Command.kra_is_enabled()['result']:
|
|
|
|
|
raise RuntimeError("KRA is not installed on the master system")
|
2015-05-15 12:02:22 -05:00
|
|
|
|
|
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
def install(api, replica_config, options):
|
2015-05-15 12:02:22 -05:00
|
|
|
subject = dsinstance.DsInstance().find_subject_base()
|
|
|
|
|
if replica_config is None:
|
|
|
|
|
kra = krainstance.KRAInstance(
|
|
|
|
|
api.env.realm,
|
|
|
|
|
dogtag_constants=dogtag.install_constants)
|
|
|
|
|
|
|
|
|
|
kra.configure_instance(
|
2015-06-10 05:35:43 -05:00
|
|
|
api.env.realm, api.env.host, api.env.domain, options.dm_password,
|
|
|
|
|
options.dm_password, subject_base=subject)
|
2015-05-15 12:02:22 -05:00
|
|
|
else:
|
|
|
|
|
kra = krainstance.install_replica_kra(replica_config)
|
|
|
|
|
|
|
|
|
|
service.print_msg("Restarting the directory server")
|
|
|
|
|
ds = dsinstance.DsInstance()
|
|
|
|
|
ds.restart()
|
|
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
kra.ldap_enable('KRA', api.env.host, options.dm_password, api.env.basedn)
|
2015-05-15 12:02:22 -05:00
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH)
|
2015-05-15 12:02:22 -05:00
|
|
|
|
|
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
def uninstall(standalone):
|
|
|
|
|
dogtag_constants = dogtag.configured_constants(api)
|
|
|
|
|
kra = krainstance.KRAInstance(api.env.realm,
|
|
|
|
|
dogtag_constants=dogtag_constants)
|
2015-05-15 12:02:22 -05:00
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
if standalone:
|
|
|
|
|
kra.ldap_connect()
|
|
|
|
|
try:
|
|
|
|
|
kra.admin_conn.delete_entry(DN(('cn', 'KRA'), ('cn', api.env.host),
|
|
|
|
|
('cn', 'masters'), ('cn', 'ipa'),
|
|
|
|
|
('cn', 'etc'), api.env.basedn))
|
|
|
|
|
except errors.NotFound:
|
|
|
|
|
pass
|
2015-05-15 12:02:22 -05:00
|
|
|
|
2015-06-10 03:50:42 -05:00
|
|
|
kra.stop_tracking_certificates()
|
|
|
|
|
if kra.is_installed():
|
|
|
|
|
kra.uninstall()
|
