On Mon, 22 Nov 2010 14:19:44 -0500
Simo Sorce <sso...@redhat.com> wrote:
 
> A copy&paste from ipa-server-install was a bit too optimistic.
> Attached a new patch that actually works (tested).

After some more testing I find out that ipa-replica-install was broken
too.
Attaching revised patch that addresses all replica installation issues
I found so far related to the pkinit change.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
>From b9ac87b4f0995fe27680e3ba4a76fe33f6083490 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Mon, 22 Nov 2010 13:29:56 -0500
Subject: [PATCH 1/2] Make pkinit setup optional in ipa-replica-prepare too.

Also add fixes for ipa-replica-install as that had issues too.

Fixes: https://fedorahosted.org/freeipa/ticket/527
---
 install/tools/ipa-replica-install |   15 ++++++++++-----
 install/tools/ipa-replica-prepare |    5 +++++
 2 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index e58a1f3f1af579770b371fc9c18586843d297b26..ca6876c35f9da05f7336bc784ebca15ca376f947 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -158,7 +158,7 @@ def install_ca(config):
 
     cs = cainstance.CADSInstance()
     cs.create_instance(config.ds_user, config.realm_name, config.host_name, config.domain_name, config.dirman_password)
-    ca = cainstance.CAInstance()
+    ca = cainstance.CAInstance(config.realm_name)
     ca.configure_instance("pkiuser", config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), master_host=config.master_host_name, subject_base=config.subject_base)
 
     return ca
@@ -294,10 +294,6 @@ def main():
     if options.setup_dns:
         check_bind()
 
-    # check the pkinit plugin is installed
-    if options.setup_pkinit:
-        check_pkinit()
-
     check_dirsrv()
 
     # get the directory manager password
@@ -348,6 +344,15 @@ def main():
     api.bootstrap(in_server=True)
     api.finalize()
 
+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not ipautil.file_exists(config.dir + "/pkinitcert.p12") and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
+    # check the pkinit plugin is installed
+    if options.setup_pkinit:
+        check_pkinit()
+
     # Try out the password
     ldapuri = 'ldap://%s' % config.master_host_name
     try:
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index af768015510f47eacfd7643359216a9f49497020..d70741f1a1208ca6a2a1a6cad4d09ae4962b8040 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -242,6 +242,11 @@ def main():
     api.bootstrap(in_server=True)
     api.finalize()
 
+    #Automatically disable pkinit w/ dogtag until that is supported
+    #[certs.ipa_self_signed() must be called only after api.finalize()]
+    if not options.pkinit_pkcs12 and not certs.ipa_self_signed():
+        options.setup_pkinit = False
+
     if options.ip_address:
         if not bindinstance.dns_container_exists(api.env.host, api.env.realm):
             print "You can't add a DNS record because DNS is not set up."
-- 
1.7.3.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to