Move CACERT definition to a single place.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>

install/tools/ipa-csreplica-manage

@@ -27,11 +27,10 @@ from ipapython.ipa_log_manager import *
 
 from ipaserver.install import replication, installutils, bindinstance
 from ipalib import api, errors, util
+from ipalib.constants import CACERT
 from ipapython import ipautil, ipaldap, version, dogtag
 from ipapython.dn import DN
 
-CACERT = "/etc/ipa/ca.crt"
-
 # dict of command name and tuples of min/max num of args needed
 commands = {
     "list":(0, 1, "[master fqdn]", ""),

install/tools/ipa-managed-entries

@@ -25,11 +25,10 @@ from optparse import OptionParser
 from ipapython import ipautil, config, ipaldap
 from ipaserver.install import installutils
 from ipalib import api, errors
+from ipalib.constants import CACERT
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 
-CACERT = "/etc/ipa/ca.crt"
-
 def parse_options():
     usage = "%prog [options] <status|enable|disable>\n"
     usage += "%prog [options]\n"

install/tools/ipa-replica-install

@@ -42,6 +42,7 @@ from ipaserver.install.installutils import (ReplicaConfig, expand_replica_info,
 from ipaserver.plugins.ldap2 import ldap2
 from ipaserver.install import cainstance
 from ipalib import api, errors, util
+from ipalib.constants import CACERT
 from ipapython import version
 from ipapython.config import IPAOptionParser
 from ipapython import sysrestore
@@ -52,7 +53,6 @@ from ipapython.dn import DN
 import ipaclient.ntpconf
 
 log_file_name = "/var/log/ipareplica-install.log"
-CACERT = "/etc/ipa/ca.crt"
 REPLICA_INFO_TOP_DIR = None
 DIRMAN_DN = DN(('cn', 'directory manager'))
 

install/tools/ipa-replica-manage

@@ -32,14 +32,13 @@ from ipaserver.install import bindinstance
 from ipaserver.plugins import ldap2
 from ipapython import version, ipaldap
 from ipalib import api, errors, util
+from ipalib.constants import CACERT
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
 from ipapython.config import IPAOptionParser
 from ipaclient import ipadiscovery
 from xmlrpclib import MAXINT
 
-CACERT = "/etc/ipa/ca.crt"
-
 # dict of command name and tuples of min/max num of args needed
 commands = {
     "list":(0, 1, "[master fqdn]", ""),

install/tools/ipa-server-install

@@ -72,6 +72,7 @@ from ipalib import api, errors, util, x509
 from ipapython.config import IPAOptionParser
 from ipalib.x509 import load_certificate_from_file, load_certificate_chain_from_file
 from ipalib.util import validate_domain_name
+from ipalib.constants import CACERT
 from ipapython import services as ipaservices
 from ipapython.ipa_log_manager import *
 from ipapython.dn import DN
@@ -1101,7 +1102,7 @@ def main():
                                   subject_base=options.subject)
 
         # Now put the CA cert where other instances exepct it
-        ca.publish_ca_cert("/etc/ipa/ca.crt")
+        ca.publish_ca_cert(CACERT)
 
     # we now need to enable ssl on the ds
     ds.enable_ssl()
@@ -1129,7 +1130,7 @@ def main():
             'External CA cert', 'CT,,', options.root_ca_file)
 
         # Put a CA cert where other instances expect it
-        with open('/etc/ipa/ca.crt', 'wb') as f:
+        with open(CACERT, 'wb') as f:
             f.write(pem_cert)
 
         # Install the CA cert for the HTTP server