Remove DL0 specific code from cainstance and ca in ipaserver/install

cainstance.replica_ca_install_check is only used in ca.install_check if replica_config is not None (replica installation). As it is immediately stopped if promote is not set, therefore it can be removed. The check for cafile in ca.install_check has been dropped. promote is set to True in ca.install_step_0 if replica_config is not None for cainstance.configure_instance. See: https://pagure.io/freeipa/issue/7689 Signed-off-by: Thomas Woerner <twoerner@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-09-10 14:30:44 +02:00
parent 418da605c9
commit 9af0b0949e
2 changed files with 4 additions and 47 deletions
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -58,7 +58,6 @@ from ipaplatform.tasks import tasks
 from ipapython import directivesetter
 from ipapython import dogtag
 from ipapython import ipautil
-from ipapython import ipaldap
 from ipapython.certdb import get_ca_nickname
 from ipapython.dn import DN
 from ipapython.ipa_log_manager import standard_logging_setup
@@ -1396,41 +1395,6 @@ class CAInstance(DogtagInstance):
                  )


-def replica_ca_install_check(config, promote):
-    if promote:
-        return
-
-    # Check if the master has the necessary schema in its CA instance
-    ca_ldap_url = 'ldap://%s:%s' % (config.ca_host_name, config.ca_ds_port)
-    objectclass = 'ipaObject'
-    logger.debug('Checking if IPA schema is present in %s', ca_ldap_url)
-    try:
-        with ipaldap.LDAPClient(
-                ca_ldap_url,
-                start_tls=True,
-                cacert=config.dir + "/ca.crt",
-                force_schema_updates=False) as connection:
-            connection.simple_bind(bind_dn=ipaldap.DIRMAN_DN,
-                                   bind_password=config.dirman_password)
-            rschema = connection.schema
-            result = rschema.get_obj(ldap.schema.models.ObjectClass,
-                                     objectclass)
-    except Exception:
-        logger.critical(
-            'CA DS schema check failed. Make sure the PKI service on the '
-            'remote master is operational.')
-        raise
-    if result:
-        logger.debug('Check OK')
-    else:
-        logger.critical(
-            'The master CA directory server does not have necessary schema. '
-            'Please run copy-schema-to-ca.py on all CA masters.\n'
-            'If you are certain that this is a false positive, use '
-            '--skip-schema-check.')
-        sys.exit('IPA schema missing on master CA directory server')
-
-
 def __update_entry_from_cert(make_filter, make_entry, cert):
    """
    Given a certificate and functions to make a filter based on the