IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

replica install: use one remote CA host name everywhere

Browse Source 
Remote master and CA host names may differ. Always use the remote CA host
name and never the remote master host name in CA replica install.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Jan Cholasta 2016-10-24 13:09:11 +02:00
parent b1283c1e56
commit 8a7e79a7a6
4 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
install/tools/ipa-ca-install
View File

@ -138,7 +138,7 @@ def install_replica(safe_options, options, filename):
if options.promote: if options.promote:
config = ReplicaConfig() config = ReplicaConfig()
config.master_host_name = None config.ca_host_name = None
config.realm_name = api.env.realm config.realm_name = api.env.realm
config.host_name = api.env.host config.host_name = api.env.host
config.domain_name = api.env.domain config.domain_name = api.env.domain
@ -149,6 +149,7 @@ def install_replica(safe_options, options, filename):
cafile = paths.IPA_CA_CRT cafile = paths.IPA_CA_CRT
else: else:
config = create_replica_config(dirman_password, filename, options) config = create_replica_config(dirman_password, filename, options)
config.ca_host_name = config.master_host_name
cafile = config.dir + '/ca.crt' cafile = config.dir + '/ca.crt'
global REPLICA_INFO_TOP_DIR global REPLICA_INFO_TOP_DIR
@ -159,12 +160,9 @@ def install_replica(safe_options, options, filename):
attrs = api.Backend.ldap2.get_ipa_config() attrs = api.Backend.ldap2.get_ipa_config()
config.subject_base = attrs.get('ipacertificatesubjectbase')[0] config.subject_base = attrs.get('ipacertificatesubjectbase')[0]
if config.master_host_name is None: if config.ca_host_name is None:
config.ca_host_name = \ config.ca_host_name = \
service.find_providing_server('CA', api.Backend.ldap2, api.env.ca_host) service.find_providing_server('CA', api.Backend.ldap2, api.env.ca_host)
config.master_host_name = config.ca_host_name
else:
config.ca_host_name = config.master_host_name
options.realm_name = config.realm_name options.realm_name = config.realm_name
options.domain_name = config.domain_name options.domain_name = config.domain_name

2
ipaserver/install/ca.py
View File

@ -38,7 +38,7 @@ def install_check(standalone, replica_config, options):
if standalone and not options.skip_conncheck: if standalone and not options.skip_conncheck:
principal = options.principal principal = options.principal
replica_conn_check( replica_conn_check(
replica_config.master_host_name, host_name, realm_name, True, replica_config.ca_host_name, host_name, realm_name, True,
replica_config.ca_ds_port, options.admin_password, replica_config.ca_ds_port, options.admin_password,
principal=principal, ca_cert_file=options.ca_cert_file) principal=principal, ca_cert_file=options.ca_cert_file)

4
ipaserver/install/cainstance.py
View File

@ -1349,7 +1349,7 @@ def replica_ca_install_check(config):
return return
# Check if the master has the necessary schema in its CA instance # Check if the master has the necessary schema in its CA instance
ca_ldap_url = 'ldap://%s:%s' % (config.master_host_name, config.ca_ds_port) ca_ldap_url = 'ldap://%s:%s' % (config.ca_host_name, config.ca_ds_port)
objectclass = 'ipaObject' objectclass = 'ipaObject'
root_logger.debug('Checking if IPA schema is present in %s', ca_ldap_url) root_logger.debug('Checking if IPA schema is present in %s', ca_ldap_url)
try: try:
@ -1418,7 +1418,7 @@ def install_replica_ca(config, postinstall=False, ra_p12=None):
ca.configure_instance(config.host_name, ca.configure_instance(config.host_name,
config.dirman_password, config.dirman_password, config.dirman_password, config.dirman_password,
pkcs12_info=(cafile,), ra_p12=ra_p12, pkcs12_info=(cafile,), ra_p12=ra_p12,
master_host=config.master_host_name, master_host=config.ca_host_name,
master_replication_port=config.ca_ds_port, master_replication_port=config.ca_ds_port,
subject_base=config.subject_base) subject_base=config.subject_base)

8
ipaserver/install/server/replicainstall.py
View File

@ -549,9 +549,10 @@ def install_check(installer):
raise ScriptError("Directory Manager password required") raise ScriptError("Directory Manager password required")
config = create_replica_config(dirman_password, filename, options) config = create_replica_config(dirman_password, filename, options)
installer._top_dir = config.top_dir config.ca_host_name = config.master_host_name
config.setup_ca = options.setup_ca config.setup_ca = options.setup_ca
config.setup_kra = options.setup_kra config.setup_kra = options.setup_kra
installer._top_dir = config.top_dir
ca_enabled = ipautil.file_exists(config.dir + "/cacert.p12") ca_enabled = ipautil.file_exists(config.dir + "/cacert.p12")
@ -576,7 +577,7 @@ def install_check(installer):
fd.write("dogtag_version=10\n") fd.write("dogtag_version=10\n")
if not config.setup_ca: if not config.setup_ca:
fd.write("ca_host={0}\n".format(config.master_host_name)) fd.write("ca_host={0}\n".format(config.ca_host_name))
else: else:
fd.write("enable_ra=False\n") fd.write("enable_ra=False\n")
fd.write("ra_plugin=none\n") fd.write("ra_plugin=none\n")
@ -1258,7 +1259,8 @@ def promote_check(installer):
config.subject_base = DN(subject_base) config.subject_base = DN(subject_base)
# Find if any server has a CA # Find if any server has a CA
ca_host = service.find_providing_server('CA', conn, api.env.server) ca_host = service.find_providing_server(
'CA', conn, config.ca_host_name)
if ca_host is not None: if ca_host is not None:
config.ca_host_name = ca_host config.ca_host_name = ca_host
ca_enabled = True ca_enabled = True