mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Don't run kra.configure_instance if not necessary
If kra should not be set up, don't run the code as it would only prolong the installations. Previously, krainstance configuration would be performed just to export the client certificate and private key to authenticate to certificate server. This is now performed somewhere else therefore there's no need to run KRAInstance.configure_instance. The kra.install() method still performs actions on replicas and we're keeping it in server installer to conform to the installers design. https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
parent
2a1494c9ae
commit
1e89d28aaf
@ -69,6 +69,8 @@ def install_check(api, replica_config, options):
|
||||
|
||||
def install(api, replica_config, options):
|
||||
if replica_config is None:
|
||||
if not options.setup_kra:
|
||||
return
|
||||
realm_name = api.env.realm
|
||||
dm_password = options.dm_password
|
||||
host_name = api.env.host
|
||||
@ -76,9 +78,10 @@ def install(api, replica_config, options):
|
||||
|
||||
pkcs12_info = None
|
||||
master_host = None
|
||||
ra_only = not options.setup_kra
|
||||
promote = False
|
||||
else:
|
||||
if not replica_config.setup_kra:
|
||||
return
|
||||
krafile = os.path.join(replica_config.dir, 'kracert.p12')
|
||||
if options.promote:
|
||||
custodia = custodiainstance.CustodiaInstance(
|
||||
@ -103,7 +106,6 @@ def install(api, replica_config, options):
|
||||
|
||||
pkcs12_info = (krafile,)
|
||||
master_host = replica_config.kra_host_name
|
||||
ra_only = not replica_config.setup_kra
|
||||
promote = options.promote
|
||||
|
||||
kra = krainstance.KRAInstance(realm_name)
|
||||
@ -111,18 +113,15 @@ def install(api, replica_config, options):
|
||||
subject_base=subject_base,
|
||||
pkcs12_info=pkcs12_info,
|
||||
master_host=master_host,
|
||||
ra_only=ra_only,
|
||||
promote=promote)
|
||||
|
||||
_service.print_msg("Restarting the directory server")
|
||||
ds = dsinstance.DsInstance()
|
||||
ds.restart()
|
||||
kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH)
|
||||
|
||||
if not ra_only:
|
||||
kra.enable_client_auth_to_db(paths.KRA_CS_CFG_PATH)
|
||||
|
||||
# Restart apache for new proxy config file
|
||||
services.knownservices.httpd.restart(capture_output=True)
|
||||
# Restart apache for new proxy config file
|
||||
services.knownservices.httpd.restart(capture_output=True)
|
||||
|
||||
|
||||
def uninstall(standalone):
|
||||
|
@ -77,7 +77,7 @@ class KRAInstance(DogtagInstance):
|
||||
def configure_instance(self, realm_name, host_name, dm_password,
|
||||
admin_password, pkcs12_info=None, master_host=None,
|
||||
subject_base=None, subject=None,
|
||||
ra_only=False, promote=False):
|
||||
promote=False):
|
||||
"""Create a KRA instance.
|
||||
|
||||
To create a clone, pass in pkcs12_info.
|
||||
@ -99,38 +99,37 @@ class KRAInstance(DogtagInstance):
|
||||
self.realm = realm_name
|
||||
self.suffix = ipautil.realm_to_suffix(realm_name)
|
||||
|
||||
if not ra_only:
|
||||
# Confirm that a KRA does not already exist
|
||||
if self.is_installed():
|
||||
raise RuntimeError(
|
||||
"KRA already installed.")
|
||||
# Confirm that a Dogtag 10 CA instance already exists
|
||||
ca = cainstance.CAInstance(self.realm)
|
||||
if not ca.is_installed():
|
||||
raise RuntimeError(
|
||||
"KRA configuration failed. "
|
||||
"A Dogtag CA must be installed first")
|
||||
# Confirm that a KRA does not already exist
|
||||
if self.is_installed():
|
||||
raise RuntimeError(
|
||||
"KRA already installed.")
|
||||
# Confirm that a Dogtag 10 CA instance already exists
|
||||
ca = cainstance.CAInstance(self.realm)
|
||||
if not ca.is_installed():
|
||||
raise RuntimeError(
|
||||
"KRA configuration failed. "
|
||||
"A Dogtag CA must be installed first")
|
||||
|
||||
if promote:
|
||||
self.step("creating installation admin user", self.setup_admin)
|
||||
self.step("configuring KRA instance", self.__spawn_instance)
|
||||
if not self.clone:
|
||||
self.step("create KRA agent",
|
||||
self.__create_kra_agent)
|
||||
if not ra_only:
|
||||
if promote:
|
||||
self.step("destroying installation admin user", self.teardown_admin)
|
||||
self.step("restarting KRA", self.restart_instance)
|
||||
self.step("configure certmonger for renewals",
|
||||
self.configure_certmonger_renewal)
|
||||
self.step("configure certificate renewals", self.configure_renewal)
|
||||
self.step("configure HTTP to proxy connections",
|
||||
self.http_proxy)
|
||||
if not self.clone:
|
||||
self.step("add vault container", self.__add_vault_container)
|
||||
self.step("apply LDAP updates", self.__apply_updates)
|
||||
if promote:
|
||||
self.step("creating installation admin user", self.setup_admin)
|
||||
self.step("configuring KRA instance", self.__spawn_instance)
|
||||
if not self.clone:
|
||||
self.step("create KRA agent",
|
||||
self.__create_kra_agent)
|
||||
if promote:
|
||||
self.step("destroying installation admin user",
|
||||
self.teardown_admin)
|
||||
self.step("restarting KRA", self.restart_instance)
|
||||
self.step("configure certmonger for renewals",
|
||||
self.configure_certmonger_renewal)
|
||||
self.step("configure certificate renewals", self.configure_renewal)
|
||||
self.step("configure HTTP to proxy connections",
|
||||
self.http_proxy)
|
||||
if not self.clone:
|
||||
self.step("add vault container", self.__add_vault_container)
|
||||
self.step("apply LDAP updates", self.__apply_updates)
|
||||
|
||||
self.step("enabling KRA instance", self.__enable_instance)
|
||||
self.step("enabling KRA instance", self.__enable_instance)
|
||||
|
||||
try:
|
||||
self.start_creation(runtime=126)
|
||||
|
Loading…
Reference in New Issue
Block a user