Make pkinit setup optional in ipa-replica-prepare too.

Also add fixes for ipa-replica-install as that had issues too. Fixes: https://fedorahosted.org/freeipa/ticket/527
2025-02-25 18:55:28 -06:00 · 2010-11-22 13:29:56 -05:00
parent deb94b150d
commit e1d6f9c6b9
2 changed files with 15 additions and 5 deletions
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -158,7 +158,7 @@ def install_ca(config):

    cs = cainstance.CADSInstance()
    cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password)
-    ca = cainstance.CAInstance()
+    ca = cainstance.CAInstance(config.realm_name)
    ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base)

    return ca
@@ -295,10 +295,6 @@ def main():
    if options.setup_dns:
        check_bind()

-    # check the pkinit plugin is installed
-    if options.setup_pkinit:
-        check_pkinit()
-
    check_dirsrv()

    # get the directory manager password
@@ -349,6 +345,15 @@ def main():
    api.bootstrap(in_server=True)
    api.finalize()

+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
+    # check the pkinit plugin is installed
+    if options.setup_pkinit:
+        check_pkinit()
+
    # Try out the password
    ldapuri = 'ldap://%s' % config.master_host_name
    try:
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -242,6 +242,11 @@ def main():
    api.bootstrap(in_server=True)
    api.finalize()

+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
    if options.ip_address:
        if not bindinstance.dns_container_exists(api.env.host, api.env.realm):
            print "You can't add a DNS record because DNS is not set up."