IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize CA replica install

Browse Source 
Check if cafile exist first.

https://fedorahosted.org/freeipa/ticket/4468

Reviewed-By: Tomas Babej <tbabej@redhat.com>
This commit is contained in:
Martin Basti 2015-06-30 12:16:56 +02:00 committed by Tomas Babej
parent 37729936dd
commit b2f0a018b6
1 changed files with 10 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
ipaserver/install/server/replicainstall.py
View File

@ -391,6 +391,9 @@ def install_check(installer):
installutils.verify_fqdn(config.master_host_name, options.no_host_dns) installutils.verify_fqdn(config.master_host_name, options.no_host_dns)
cafile = config.dir + "/ca.crt" cafile = config.dir + "/ca.crt"
if not ipautil.file_exists(cafile):
raise RuntimeError("CA cert file is not available. Please run "
"ipa-replica-prepare to create a new replica file.")
ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name) ldapuri = 'ldaps://%s' % ipautil.format_netloc(config.master_host_name)
remote_api = create_api(mode=None) remote_api = create_api(mode=None)
@ -510,10 +513,6 @@ def install_check(installer):
config.master_host_name, config.host_name, config.realm_name, config.master_host_name, config.host_name, config.realm_name,
options.setup_ca, config.ca_ds_port, options.admin_password) options.setup_ca, config.ca_ds_port, options.admin_password)
if not ipautil.file_exists(cafile):
raise RuntimeError("CA cert file is not available. Please run "
"ipa-replica-prepare to create a new replica file.")
installer._remote_api = remote_api installer._remote_api = remote_api
installer._fstore = fstore installer._fstore = fstore
installer._sstore = sstore installer._sstore = sstore
@ -574,15 +573,14 @@ def install(installer):
otpd.create_instance('OTPD', config.host_name, config.dirman_password, otpd.create_instance('OTPD', config.host_name, config.dirman_password,
ipautil.realm_to_suffix(config.realm_name)) ipautil.realm_to_suffix(config.realm_name))
if ipautil.file_exists(cafile): CA = cainstance.CAInstance(
CA = cainstance.CAInstance( config.realm_name, certs.NSS_DIR,
config.realm_name, certs.NSS_DIR, dogtag_constants=dogtag_constants)
dogtag_constants=dogtag_constants) CA.dm_password = config.dirman_password
CA.dm_password = config.dirman_password
CA.configure_certmonger_renewal() CA.configure_certmonger_renewal()
CA.import_ra_cert(config.dir + "/ra.p12") CA.import_ra_cert(config.dir + "/ra.p12")
CA.fix_ra_perms() CA.fix_ra_perms()
# The DS instance is created before the keytab, add the SSL cert we # The DS instance is created before the keytab, add the SSL cert we
# generated # generated