IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Split install_http_certs() into two functions

Browse Source 
install_http_certs() was actually installing http service keytab
and actually installing certificates after that. Split it into
two so that the names of the new functions better reflect what's
actually happening.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
This commit is contained in:
Stanislav Laznicka 2016-11-07 12:01:28 +01:00 committed by Jan Cholasta
parent 500327b775
commit 2de43e7aca
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ipaserver/install/server/replicainstall.py
View File

@ -76,7 +76,7 @@ def make_pkcs12_info(directory, cert_name, password_name):
return None return None
def install_http_certs(config, fstore, remote_api): def install_http_keytab(config, fstore, remote_api):
# Obtain keytab for the HTTP service # Obtain keytab for the HTTP service
fstore.backup_file(paths.IPA_KEYTAB) fstore.backup_file(paths.IPA_KEYTAB)
@ -92,11 +92,14 @@ def install_http_certs(config, fstore, remote_api):
paths.IPA_KEYTAB, paths.IPA_KEYTAB,
force_service_add=True) force_service_add=True)
def install_http_certs(host_name, realm_name, subject_base):
principal = 'HTTP/%s@%s' % (host_name, realm_name)
# Obtain certificate for the HTTP service # Obtain certificate for the HTTP service
nssdir = certs.NSS_DIR nssdir = certs.NSS_DIR
subject = config.subject_base or DN(('O', config.realm_name)) subject = subject_base or DN(('O', realm_name))
db = certs.CertDB(config.realm_name, nssdir=nssdir, subject_base=subject) db = certs.CertDB(realm_name, nssdir=nssdir, subject_base=subject)
db.request_service_cert('Server-Cert', principal, config.host_name, True) db.request_service_cert('Server-Cert', principal, host_name, True)
def install_replica_ds(config, options, ca_is_configured, remote_api, def install_replica_ds(config, options, ca_is_configured, remote_api,
@ -1388,7 +1391,11 @@ def install(installer):
install_dns_records(config, options, remote_api) install_dns_records(config, options, remote_api)
if promote: if promote:
install_http_certs(config, fstore, remote_api) # we need to install http certs to setup ssl for httpd
install_http_keytab(config, fstore, remote_api)
install_http_certs(config.host_name,
config.realm_name,
config.subject_base)
ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix, ntpinstance.ntp_ldap_enable(config.host_name, ds.suffix,
remote_api.env.realm) remote_api.env.realm)