merge KRA installation machinery to a single module

This is a prerequisite to further refactoring of KRA install/uninstall functionality in all IPA install scripts. https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-05-15 19:02:22 +02:00
parent 5fd8e53f66
commit 6a4b428120
4 changed files with 118 additions and 100 deletions
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -37,10 +37,10 @@ from ipaserver.install import memcacheinstance, dnskeysyncinstance
 from ipaserver.install import otpdinstance
 from ipaserver.install.replication import replica_conn_check, ReplicationManager
 from ipaserver.install.installutils import (
-    create_replica_config, read_replica_info_kra_enabled, private_ccache)
+    create_replica_config, private_ccache)
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
-from ipaserver.install import krainstance
+from ipaserver.install import kra
 from ipaserver.install import dns as dns_installer
 from ipalib import api, create_api, errors, util, certstore, x509
 from ipalib.constants import CACERT
@@ -473,12 +473,12 @@ def main():

    config.setup_kra = options.setup_kra
    if config.setup_kra:
-        if not config.setup_ca:
-            print "CA must be installed with the KRA"
-            sys.exit(1)
-        if not read_replica_info_kra_enabled(config.dir):
-            print "KRA is not installed on the master system"
-            sys.exit(1)
+        try:
+            kra.install_check(config, options, False,
+                              dogtag.install_constants.DOGTAG_VERSION)
+        except RuntimeError as e:
+            print str(e)
+            exit(1)

    installutils.verify_fqdn(config.master_host_name, options.no_host_dns)

@@ -660,10 +660,7 @@ def main():
    ds.apply_updates()

    if options.setup_kra:
-        kra = krainstance.install_replica_kra(config)
-        service.print_msg("Restarting the directory server")
-        ds.restart()
-        kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH)
+        kra.install(config, options, dirman_password)
    else:
        service.print_msg("Restarting the directory server")
        ds.restart()
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -53,13 +53,13 @@ from ipaserver.install import httpinstance
 from ipaserver.install import ntpinstance
 from ipaserver.install import certs
 from ipaserver.install import cainstance
-from ipaserver.install import krainstance
 from ipaserver.install import memcacheinstance
 from ipaserver.install import otpdinstance
 from ipaserver.install import sysupgrade
 from ipaserver.install import replication
 from ipaserver.install import dns as dns_installer
 from ipaserver.install import service, installutils
+from ipaserver.install import kra
 from ipapython import version
 from ipapython import certmonger
 from ipapython import ipaldap
@@ -577,11 +577,7 @@ def uninstall():
        if cads_instance.is_configured():
            cads_instance.uninstall()

-    kra_instance = krainstance.KRAInstance(
-        api.env.realm, dogtag_constants=dogtag_constants)
-    kra_instance.stop_tracking_certificates()
-    if kra_instance.is_installed():
-        kra_instance.uninstall()
+    kra.uninstall()

    ca_instance = cainstance.CAInstance(
        api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants)
@@ -1036,6 +1032,14 @@ def main():
    else:
        admin_password = options.admin_password

+    if setup_kra:
+        try:
+            kra.install_check(None, options, False,
+                              dogtag.install_constants.DOGTAG_VERSION)
+        except RuntimeError as e:
+            print str(e)
+            exit(1)
+
    if options.setup_dns:
        dns_installer.install_check(False, False, options, host_name)
        ip_addresses = dns_installer.ip_addresses
@@ -1290,18 +1294,7 @@ def main():
    http.restart()

    if setup_kra:
-        kra = krainstance.KRAInstance(realm_name,
-            dogtag_constants=dogtag.install_constants)
-        kra.configure_instance(host_name, domain_name, dm_password,
-                               dm_password, subject_base=options.subject)
-
-        # This is done within stopped_service context, which restarts KRA
-        service.print_msg("Restarting the directory server")
-        ds.restart()
-
-        service.print_msg("Enabling KRA to authenticate with the database "
-                          "using client certificates")
-        kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH)
+        kra.install(None, options, dm_password)

    # Set the admin user kerberos password
    ds.change_admin_password(admin_password)