https://fedorahosted.org/freeipa/ticket/4564 -- David Kupka
From d5748822b8fac3cde01670507f80bfa9c4c04ede Mon Sep 17 00:00:00 2001 From: David Kupka <dku...@redhat.com> Date: Mon, 29 Sep 2014 04:27:30 -0400 Subject: [PATCH] Check that port 8443 is available when installing PKI.
https://fedorahosted.org/freeipa/ticket/4564 --- install/tools/ipa-ca-install | 9 +++++++++ install/tools/ipa-server-install | 5 +++++ ipaserver/install/cainstance.py | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index fc89412486a288568de85761742dbf32e8a63c65..8ace1cd5d5600f1406f1fdd4ddf37e784ed27270 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -98,6 +98,11 @@ def parse_options(): def get_dirman_password(): return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False) +def check_ca(): + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit(1) + def install_dns_records(config, options): if not bindinstance.dns_container_exists(config.master_host_name, @@ -198,6 +203,8 @@ def install_replica(safe_options, options, filename): else: cainstance.replica_ca_install_check(config) + check_ca() + # Configure the CA if necessary CA = cainstance.install_replica_ca(config, postinstall=True) @@ -291,6 +298,8 @@ def install_master(safe_options, options): domain_name = api.env.domain host_name = api.env.host + check_ca() + dirname = dsinstance.config_dirname( dsinstance.realm_to_serverid(realm_name)) cadb = certs.CertDB(realm_name, subject_base=subject_base) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 7d60d27bcfae9a89ad7c5d811d3f9d8a9fda60cb..520cfda43cc0bf2a85fab3db0c23aa60cc2d7372 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -795,6 +795,11 @@ def main(): # Make sure the 389-ds ports are available check_dirsrv(options.unattended) + if setup_ca: + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit("Aborting installation") + if options.conf_ntp: try: ipaclient.ntpconf.check_timedate_services() diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 04968d411fc5bc1073e86fab42743fc65f7b828a..164d67b69a489af077ef4929958fb4027761e96a 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -105,6 +105,14 @@ def check_inst(): return True +def check_port(): + """ + Check that dogtag port (8443) is available. + + Returns True when the port is free, False if it's taken. + """ + return not ipautil.host_port_open(None, 8443) + def get_preop_pin(instance_root, instance_name): # Only used for Dogtag 9 preop_pin = None -- 1.9.3
From a4c20f41f289bfb7b338790637089608bd80f2cd Mon Sep 17 00:00:00 2001 From: David Kupka <dku...@redhat.com> Date: Mon, 29 Sep 2014 04:27:30 -0400 Subject: [PATCH] Check that port 8443 is available when installing PKI. https://fedorahosted.org/freeipa/ticket/4564 --- install/tools/ipa-ca-install | 9 +++++++++ install/tools/ipa-server-install | 5 +++++ ipaserver/install/cainstance.py | 8 ++++++++ 3 files changed, 22 insertions(+) diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 475794bb6186725ad5ab079adfb98849c589e67e..96950efd7c68a4646deb7e90e0394d8c3dde2e77 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -98,6 +98,11 @@ def get_dirman_password(): "Directory Manager (existing master)", confirm=False, validate=False) +def check_ca(): + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit(1) + def install_dns_records(config, options): if not bindinstance.dns_container_exists(config.master_host_name, @@ -175,6 +180,8 @@ def install_replica(safe_options, options, filename): else: cainstance.replica_ca_install_check(config) + check_ca() + # Configure the CA if necessary CA = cainstance.install_replica_ca(config, postinstall=True) @@ -269,6 +276,8 @@ def install_master(safe_options, options): domain_name = api.env.domain host_name = api.env.host + check_ca() + dirname = dsinstance.config_dirname( dsinstance.realm_to_serverid(realm_name)) cadb = certs.CertDB(realm_name, subject_base=subject_base) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index e73a098df3c34794639f75460baac70b4b49480a..5321e2694992815e1bc93fe49772f11b82256f22 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -816,6 +816,11 @@ def main(): # Make sure the 389-ds ports are available check_dirsrv(options.unattended) + if setup_ca: + if not cainstance.check_port(): + print "IPA requires port 8443 for PKI but it is currently in use." + sys.exit("Aborting installation") + if options.conf_ntp: try: ipaclient.ntpconf.check_timedate_services() diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index c26046c47ebc8141624929470b4f54798db84871..1c932575ec2b61c10a4cf96935ca346ea714bd3a 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -87,6 +87,14 @@ ConfigFile = /usr/share/pki/ca/conf/database.ldif """ +def check_port(): + """ + Check that dogtag port (8443) is available. + + Returns True when the port is free, False if it's taken. + """ + return not ipautil.host_port_open(None, 8443) + def get_preop_pin(instance_root, instance_name): # Only used for Dogtag 9 preop_pin = None -- 1.9.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel