Don't run kra.configure_instance if not necessary

If kra should not be set up, don't run the code as it would only
prolong the installations.

Previously, krainstance configuration would be performed just to
export the client certificate and private key to authenticate to
certificate server. This is now performed somewhere else therefore
there's no need to run KRAInstance.configure_instance.

The kra.install() method still performs actions on replicas and
we're keeping it in server installer to conform to the installers
design.

https://fedorahosted.org/freeipa/ticket/5695

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Stanislav Laznicka 2017-01-04 08:41:26 +01:00 committed by Jan Cholasta
parent 2a1494c9ae
commit 1e89d28aaf
2 changed files with 37 additions and 39 deletions

View File

@ -69,6 +69,8 @@ def install_check(api, replica_config, options):
def install(api, replica_config, options):
if replica_config is None:
if not options.setup_kra:
return
realm_name = api.env.realm
dm_password = options.dm_password
host_name = api.env.host
@ -76,9 +78,10 @@ def install(api, replica_config, options):
pkcs12_info = None
master_host = None
ra_only = not options.setup_kra
promote = False
else:
if not replica_config.setup_kra:
return
krafile = os.path.join(replica_config.dir, 'kracert.p12')
if options.promote:
custodia = custodiainstance.CustodiaInstance(
@ -103,7 +106,6 @@ def install(api, replica_config, options):
pkcs12_info = (krafile,)
master_host = replica_config.kra_host_name
ra_only = not replica_config.setup_kra
promote = options.promote
kra = krainstance.KRAInstance(realm_name)
@ -111,18 +113,15 @@ def install(api, replica_config, options):
subject_base=subject_base,
pkcs12_info=pkcs12_info,
master_host=master_host,
ra_only=ra_only,
promote=promote)
_service.print_msg("Restarting the directory server")
ds = dsinstance.DsInstance()
ds.restart()
kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH)
if not ra_only:
kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH)
# Restart apache for new proxy config file
services.knownservices.httpd.restart(capture_output=True)
# Restart apache for new proxy config file
services.knownservices.httpd.restart(capture_output=True)
def uninstall(standalone):

View File

@ -77,7 +77,7 @@ class KRAInstance(DogtagInstance):
def configure_instance(self, realm_name, host_name, dm_password,
admin_password, pkcs12_info=None, master_host=None,
subject_base=None, subject=None,
ra_only=False, promote=False):
promote=False):
"""Create a KRA instance.
To create a clone, pass in pkcs12_info.
@ -99,38 +99,37 @@ class KRAInstance(DogtagInstance):
self.realm = realm_name
self.suffix = ipautil.realm_to_suffix(realm_name)
if not ra_only:
# Confirm that a KRA does not already exist
if self.is_installed():
raise RuntimeError(
"KRA already installed.")
# Confirm that a Dogtag 10 CA instance already exists
ca = cainstance.CAInstance(self.realm)
if not ca.is_installed():
raise RuntimeError(
"KRA configuration failed. "
"A Dogtag CA must be installed first")
# Confirm that a KRA does not already exist
if self.is_installed():
raise RuntimeError(
"KRA already installed.")
# Confirm that a Dogtag 10 CA instance already exists
ca = cainstance.CAInstance(self.realm)
if not ca.is_installed():
raise RuntimeError(
"KRA configuration failed. "
"A Dogtag CA must be installed first")
if promote:
self.step("creating installation admin user", self.setup_admin)
self.step("configuring KRA instance", self.__spawn_instance)
if not self.clone:
self.step("create KRA agent",
self.__create_kra_agent)
if not ra_only:
if promote:
self.step("destroying installation admin user", self.teardown_admin)
self.step("restarting KRA", self.restart_instance)
self.step("configure certmonger for renewals",
self.configure_certmonger_renewal)
self.step("configure certificate renewals", self.configure_renewal)
self.step("configure HTTP to proxy connections",
self.http_proxy)
if not self.clone:
self.step("add vault container", self.__add_vault_container)
self.step("apply LDAP updates", self.__apply_updates)
if promote:
self.step("creating installation admin user", self.setup_admin)
self.step("configuring KRA instance", self.__spawn_instance)
if not self.clone:
self.step("create KRA agent",
self.__create_kra_agent)
if promote:
self.step("destroying installation admin user",
self.teardown_admin)
self.step("restarting KRA", self.restart_instance)
self.step("configure certmonger for renewals",
self.configure_certmonger_renewal)
self.step("configure certificate renewals", self.configure_renewal)
self.step("configure HTTP to proxy connections",
self.http_proxy)
if not self.clone:
self.step("add vault container", self.__add_vault_container)
self.step("apply LDAP updates", self.__apply_updates)
self.step("enabling KRA instance", self.__enable_instance)
self.step("enabling KRA instance", self.__enable_instance)
try:
self.start_creation(runtime=126)