On 08/14/2014 10:53 AM, Martin Kosek wrote:
On 08/13/2014 09:54 PM, Ade Lee wrote:
In Dogtag, we have decided to revert the name of the DRM to the old name KRA.
DRM was really only used in docs/marketing, whereas KRA is all over the code.
Soon, the code and the marketing/docs will match.

The following patch changes all references to the DRM to KRA.
so for example, you need to run ipa-kra-install etc.

Please apply this on top of the previous patch.  I'll go ahead and squash them
before commit.

Thanks,
Ade

Ah, thanks for unifying that one. I changed DRM component in FreeIPA Trac to
KRA and assigned respective tickets to that. Let us use the KRA term for the
Vault then.

Martin


ipa_drm_install.py: No newline at end of file
ipa_drm_install.DRMInstaller.FAIL_MESSAGE: the command is ipa-drm-install (with hyphens)


The error I got previously was when running ipa-kra-install on a replica that didn't have CA yet. It would be nice to provide a better message for this case.


On a replica with KRA, I get:
    $ sudo ipa-kra-install --uninstall
    Usage: ipa-kra-install [options] [replica_file]

ipa-kra-install: error: Cannot uninstall. There is no KRA installed on this system.

I tested the kra plugin with this Python script:

    from ipalib import api
    api.bootstrap(context='server', kra_host='localhost')
    api.finalize()
    api.Backend.kra.store_secret('test', 'tkey')

which gives me:

    Traceback (most recent call last):
      File "<stdin>", line 1, in <module>
      File "ipaserver/plugins/dogtag.py", line 2012, in store_secret
        self._setup()
      File "ipaserver/plugins/dogtag.py", line 1965, in _setup
connection = PKIConnection('https', self.kra_host, self.kra_port, 'kra') File "/usr/lib/python2.7/site-packages/pki/client.py", line 36, in __init__
        self.hostname + ':' + self.port + '/' + \
    TypeError: coercing to Unicode: need string or buffer, int found


Apparently, PKIConnection requires the port to be a string, but we pass an int. I'd consider this an issue in pki.


The kra_host='localhost' option to api.bootstrap is necessary because kra_host is not added to default.conf on install. How is this planned to work when the plugin is done?


--
PetrĀ³

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to