dsinstance: use keytab retrieval method from parent class

DS replica can now use remote API and ipa-getkeytab to create service principal and fetch the keytab in both domain levels. There is no need to use KDC installer to do it. https://fedorahosted.org/freeipa/ticket/6405 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-11-03 18:13:28 +01:00 · 2016-11-03 18:13:28 +01:00 · 3129b874a2
commit 3129b874a2
parent 6181844c0c
2 changed files with 3 additions and 21 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@ -390,8 +390,8 @@ class DsInstance(service.Service):
        self.__common_setup(enable_ssl=(not self.promote))
        self.step("restarting directory server", self.__restart_instance)

+        self.step("creating DS keytab", self._request_service_keytab)
        if self.promote:
-            self.step("creating DS keytab", self.__get_ds_keytab)
            if self.ca_is_configured:
                self.step("retrieving DS Certificate", self.__get_ds_cert)
            self.step("restarting directory server", self.__restart_instance)
@ -1224,29 +1224,14 @@ class DsInstance(service.Service):
        if self.domainlevel is not None:
            self._ldap_mod("domainlevel.ldif", self.sub_dict)

-    def __get_ds_keytab(self):
-
-        self.fstore.backup_file(self.keytab)
-        try:
-            os.unlink(self.keytab)
-        except OSError:
-            pass
-
-        installutils.install_service_keytab(self.api,
-                                            self.principal,
-                                            self.master_fqdn,
-                                            self.keytab,
-                                            force_service_add=True)
+    def _request_service_keytab(self):
+        super(DsInstance, self)._request_service_keytab()

        # Configure DS to use the keytab
        vardict = {"KRB5_KTNAME": self.keytab}
        ipautil.config_replace_variables(paths.SYSCONFIG_DIRSRV,
                                         replacevars=vardict)

-        # Keytab must be owned by DS itself
-        pent = pwd.getpwnam(self.service_user)
-        os.chown(self.keytab, pent.pw_uid, pent.pw_gid)
-
    def __get_ds_cert(self):
        subject = self.subject_base or DN(('O', self.realm))
        nssdb_dir = config_dirname(self.serverid)
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@ -177,9 +177,6 @@ class KrbInstance(service.Service):
        self.__common_setup(realm_name, host_name, domain_name, admin_password)

        self.step("configuring KDC", self.__configure_instance)
-        if not promote:
-            self.step("creating a keytab for the directory",
-                      self.__create_ds_keytab)
        self.step("adding the password extension to the directory", self.__add_pwd_extop_module)
        if setup_pkinit:
            self.step("installing X509 Certificate for PKINIT", self.__setup_pkinit)