ipa-ca-install: add missing --subject-base option

Part of: https://fedorahosted.org/freeipa/ticket/2614 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-11-30 16:26:15 +10:00 · 2016-11-30 16:26:15 +10:00 · 46bf0e89ae
commit 46bf0e89ae
parent 6f3eb85c30
2 changed files with 16 additions and 4 deletions
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@ -76,6 +76,11 @@ def parse_options():
                      help="Signing algorithm of the IPA CA certificate")
    parser.add_option("-P", "--principal", dest="principal", sensitive=True,
                      default=None, help="User allowed to manage replicas")
+    parser.add_option("--subject-base", dest="subject_base",
+                      default=None,
+                      help=(
+                          "The certificate subject base "
+                          "(default O=<realm-name>)"))

    options, args = parser.parse_args()
    safe_options = parser.get_safe_opts(options)
@ -194,14 +199,13 @@ def install_master(safe_options, options):
        if dm_password is None:
            sys.exit("Directory Manager password required")

-    config = api.Command['config_show']()['result']
-    subject_base = config['ipacertificatesubjectbase'][0]
-
    options.realm_name = api.env.realm
    options.domain_name = api.env.domain
    options.dm_password = dm_password
    options.host_name = api.env.host
-    options.subject_base = subject_base
+
+    if not options.subject_base:
+        options.subject_base = installutils.default_subject_base(api.env.realm)

    ca.install_check(True, None, options)
    ca.install(True, None, options)
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@ -15,6 +15,7 @@ import six

 from ipalib.install import certstore
 from ipalib.install.service import enroll_only, master_install_only, replica_install_only
+from ipaserver.install import sysupgrade
 from ipapython.install import typing
 from ipapython.install.core import knob
 from ipaserver.install import (cainstance,
@ -212,6 +213,13 @@ def install_step_0(standalone, replica_config, options):
        ra_only = not replica_config.setup_ca
        promote = options.promote

+    # if upgrading from CA-less to CA-ful, need to rewrite
+    # subject_base configuration
+    #
+    set_subject_base_in_config(subject_base)
+    sysupgrade.set_upgrade_state(
+        'certmap.conf', 'subject_base', str(subject_base))
+
    ca = cainstance.CAInstance(realm_name, certs.NSS_DIR,
                               host_name=host_name)
    ca.configure_instance(host_name, dm_password, dm_password,