From 7a1c0db989cf59a778676635e160f73ebc610694 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tkrizek@redhat.com>
Date: Wed, 19 Oct 2016 09:44:35 +0200
Subject: [PATCH] cainstall: add dm_password to CA installation

Installation of Certificate Server replica requires directory manager
password. Specify it explicitly in function call and pass it in
through an argument.

https://fedorahosted.org/freeipa/ticket/6461

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
---
 install/tools/ipa-ca-install               | 1 +
 ipaserver/install/cainstance.py            | 3 ++-
 ipaserver/install/server/replicainstall.py | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index bab87fa26..2d2494881 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -192,6 +192,7 @@ def install_replica(safe_options, options, filename):
         CA = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
                                    host_name=config.host_name)
         CA.configure_replica(config.ca_host_name,
+                             config.dirman_password,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)
         # Install CA DNS records
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 511a52431..99d61e430 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1317,7 +1317,7 @@ class CAInstance(DogtagInstance):
         basedn = ipautil.realm_to_suffix(self.realm)
         self.ldap_enable('CA', self.fqdn, None, basedn)
 
-    def configure_replica(self, master_host, subject_base=None,
+    def configure_replica(self, master_host, dm_password, subject_base=None,
                           ca_cert_bundle=None, ca_signing_algorithm=None,
                           ca_type=None):
         """Creates a replica CA, creating a local DS backend and using
@@ -1325,6 +1325,7 @@ class CAInstance(DogtagInstance):
         Requires domain_level >= DOMAIN_LEVEL_1 and custodia on the master.
         """
         self.master_host = master_host
+        self.dm_password = dm_password
         self.master_replication_port = 389
         if subject_base is None:
             self.subject_base = DN(('O', self.realm))
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 82afdcda3..6ae979899 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1516,6 +1516,7 @@ def promote(installer):
         ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
                                    host_name=config.host_name)
         ca.configure_replica(config.ca_host_name,
+                             config.dirman_password,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)