IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow changing CA renewal master in ipa-csreplica-manage.

Browse Source 
https://fedorahosted.org/freeipa/ticket/4039

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Jan Cholasta 2014-07-23 19:03:46 +02:00 committed by Petr Viktorin
parent d54d7ad1de
commit aae7848022
2 changed files with 33 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
install/tools/ipa-csreplica-manage
View File

@ -34,15 +34,16 @@ from ipapython.dn import DN
# dict of command name and tuples of min/max num of args needed # dict of command name and tuples of min/max num of args needed
commands = { commands = {
"list":(0, 1, "[master fqdn]", ""), "list": (0, 1, "[master fqdn]", ""),
"connect":(1, 2, "<master fqdn> [other master fqdn]", "connect": (1, 2, "<master fqdn> [other master fqdn]",
"must provide the name of the servers to connect"), "must provide the name of the servers to connect"),
"disconnect":(1, 2, "<master fqdn> [other master fqdn]", "disconnect": (1, 2, "<master fqdn> [other master fqdn]",
"must provide the name of the server to disconnect"), "must provide the name of the server to disconnect"),
"del":(1, 1, "<master fqdn>", "del": (1, 1, "<master fqdn>",
"must provide hostname of master to delete"), "must provide hostname of master to delete"),
"re-initialize":(0, 0, "", ""), "re-initialize": (0, 0, "", ""),
"force-sync":(0, 0, "", "") "force-sync": (0, 0, "", ""),
"set-renewal-master": (0, 1, "[master fqdn]", "")
} }
@ -375,6 +376,21 @@ def force_sync(realm, thishost, fromhost, dirman_passwd):
except Exception, e: except Exception, e:
sys.exit(str(e)) sys.exit(str(e))
def set_renewal_master(realm, replica):
if not replica:
replica = installutils.get_fqdn()
ca = cainstance.CAInstance(realm, certs.NSS_DIR)
if ca.is_renewal_master(replica):
sys.exit("%s is already the renewal master" % replica)
try:
ca.set_renewal_master(replica)
except Exception, e:
sys.exit("Failed to set renewal master to %s: %s" % (replica, e))
print "%s is now the renewal master" % replica
def main(): def main():
options, args = parse_options() options, args = parse_options()
@ -439,6 +455,11 @@ def main():
replica1 = host replica1 = host
replica2 = args[1] replica2 = args[1]
del_link(realm, replica1, replica2, dirman_passwd, options.force) del_link(realm, replica1, replica2, dirman_passwd, options.force)
elif args[0] == 'set-renewal-master':
replica = None
if len(args) > 1:
replica = args[1]
set_renewal_master(realm, replica)
try: try:
main() main()

3
install/tools/man/ipa-csreplica-manage.1
View File

@ -42,6 +42,9 @@ Manages the CA replication agreements of an IPA server.
\fBforce\-sync\fR \fBforce\-sync\fR
\- Immediately flush any data to be replicated from a server specified with the \-\-from option \- Immediately flush any data to be replicated from a server specified with the \-\-from option
.TP .TP
\fBset\-renewal\-master\fR [SERVER]
\- Set CA server which handles renewal of CA subsystem certificates to SERVER
.TP
The connect and disconnect options are used to manage the replication topology. When a replica is created it is only connected with the master that created it. The connect option may be used to connect it to other existing replicas. The connect and disconnect options are used to manage the replication topology. When a replica is created it is only connected with the master that created it. The connect option may be used to connect it to other existing replicas.
.TP .TP
The disconnect option cannot be used to remove the last link of a replica. To remove a replica from the topology use the del option. The disconnect option cannot be used to remove the last link of a replica. To remove a replica from the topology use the del option.