IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow changing CA renewal master in ipa-csreplica-manage.

Browse Source 
https://fedorahosted.org/freeipa/ticket/4039

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Jan Cholasta 2014-07-23 19:03:46 +02:00 committed by Petr Viktorin
parent d54d7ad1de
commit aae7848022
2 changed files with 33 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
install/tools/ipa-csreplica-manage
View File

@ -34,15 +34,16 @@ from ipapython.dn import DN
# dict of command name and tuples of min/max num of args needed
commands = {
"list":(0, 1, "[master fqdn]", ""),
"connect":(1, 2, "<master fqdn> [other master fqdn]",
"must provide the name of the servers to connect"),
"disconnect":(1, 2, "<master fqdn> [other master fqdn]",
"must provide the name of the server to disconnect"),
"del":(1, 1, "<master fqdn>",
"must provide hostname of master to delete"),
"re-initialize":(0, 0, "", ""),
"force-sync":(0, 0, "", "")
"list": (0, 1, "[master fqdn]", ""),
"connect": (1, 2, "<master fqdn> [other master fqdn]",
"must provide the name of the servers to connect"),
"disconnect": (1, 2, "<master fqdn> [other master fqdn]",
"must provide the name of the server to disconnect"),
"del": (1, 1, "<master fqdn>",
"must provide hostname of master to delete"),
"re-initialize": (0, 0, "", ""),
"force-sync": (0, 0, "", ""),
"set-renewal-master": (0, 1, "[master fqdn]", "")
}
@ -375,6 +376,21 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
except Exception, e:
sys.exit(str(e))
def set_renewal_master(realm, replica):
if not replica:
replica = installutils.get_fqdn()
ca = cainstance.CAInstance(realm, certs.NSS_DIR)
if ca.is_renewal_master(replica):
sys.exit("%s is already the renewal master" % replica)
try:
ca.set_renewal_master(replica)
except Exception, e:
sys.exit("Failed to set renewal master to %s: %s" % (replica, e))
print "%s is now the renewal master" % replica
def main():
options, args = parse_options()
@ -439,6 +455,11 @@ def main():
replica1 = host
replica2 = args[1]
del_link(realm, replica1, replica2, dirman_passwd, options.force)
elif args[0] == 'set-renewal-master':
replica = None
if len(args) > 1:
replica = args[1]
set_renewal_master(realm, replica)
try:
main()

3
install/tools/man/ipa-csreplica-manage.1
View File

@ -42,6 +42,9 @@ Manages the CA replication agreements of an IPA server.
\fBforce\-sync\fR
\- Immediately flush any data to be replicated from a server specified with the \-\-from option
.TP
\fBset\-renewal\-master\fR [SERVER]
\- Set CA server which handles renewal of CA subsystem certificates to SERVER
.TP
The connect and disconnect options are used to manage the replication topology. When a replica is created it is only connected with the master that created it. The connect option may be used to connect it to other existing replicas.
.TP
The disconnect option cannot be used to remove the last link of a replica. To remove a replica from the topology use the del option.