On 10/02/2014 12:42 PM, Martin Kosek wrote:
On 09/29/2014 04:48 PM, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/4564

Looks and works OK. The port checking should be ideally refactored in 4.2 and
*instance.py should use some common hooks to define which ports should be
checked, but your way be enough for now.

What about ipa-replica-install? It could be also run with --setup-ca option.

I missed that one. git grep I used did not return it. Thanks.


Martin


--
David Kupka
From b7fceebaf2f8d87c24a12c892484ec70b4992374 Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Mon, 29 Sep 2014 04:27:30 -0400
Subject: [PATCH] Check that port 8443 is available when installing PKI.

https://fedorahosted.org/freeipa/ticket/4564
---
 install/tools/ipa-ca-install      | 9 +++++++++
 install/tools/ipa-replica-install | 5 +++++
 install/tools/ipa-server-install  | 5 +++++
 ipaserver/install/cainstance.py   | 8 ++++++++
 4 files changed, 27 insertions(+)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index fc89412486a288568de85761742dbf32e8a63c65..8ace1cd5d5600f1406f1fdd4ddf37e784ed27270 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -98,6 +98,11 @@ def parse_options():
 def get_dirman_password():
     return installutils.read_password("Directory Manager (existing master)", confirm=False, validate=False)
 
+def check_ca():
+    if not cainstance.check_port():
+        print "IPA requires port 8443 for PKI but it is currently in use."
+        sys.exit(1)
+
 def install_dns_records(config, options):
 
     if not bindinstance.dns_container_exists(config.master_host_name,
@@ -198,6 +203,8 @@ def install_replica(safe_options, options, filename):
     else:
         cainstance.replica_ca_install_check(config)
 
+    check_ca()
+
     # Configure the CA if necessary
     CA = cainstance.install_replica_ca(config, postinstall=True)
 
@@ -291,6 +298,8 @@ def install_master(safe_options, options):
     domain_name = api.env.domain
     host_name = api.env.host
 
+    check_ca()
+
     dirname = dsinstance.config_dirname(
         dsinstance.realm_to_serverid(realm_name))
     cadb = certs.CertDB(realm_name, subject_base=subject_base)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c3475dbee55c8bc8f03af26af3255336f6e0411d..47df25c02903d63057727ad3ee8e6389c738c155 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -473,6 +473,11 @@ def main():
 
     check_dirsrv()
 
+    if options.setup_ca:
+        if not cainstance.check_port():
+            print "IPA requires port 8443 for PKI but it is currently in use."
+            sys.exit("Aborting installation")
+
     if options.conf_ntp:
         try:
             ipaclient.ntpconf.check_timedate_services()
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 7d60d27bcfae9a89ad7c5d811d3f9d8a9fda60cb..520cfda43cc0bf2a85fab3db0c23aa60cc2d7372 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -795,6 +795,11 @@ def main():
         # Make sure the 389-ds ports are available
         check_dirsrv(options.unattended)
 
+    if setup_ca:
+        if not cainstance.check_port():
+            print "IPA requires port 8443 for PKI but it is currently in use."
+            sys.exit("Aborting installation")
+
     if options.conf_ntp:
         try:
             ipaclient.ntpconf.check_timedate_services()
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 04968d411fc5bc1073e86fab42743fc65f7b828a..164d67b69a489af077ef4929958fb4027761e96a 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -105,6 +105,14 @@ def check_inst():
 
     return True
 
+def check_port():
+    """
+    Check that dogtag port (8443) is available.
+
+    Returns True when the port is free, False if it's taken.
+    """
+    return not ipautil.host_port_open(None, 8443)
+
 def get_preop_pin(instance_root, instance_name):
     # Only used for Dogtag 9
     preop_pin = None
-- 
1.9.3

From fe4e1bc83785ae310fe4bef8ce52af4dbad63a9a Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Mon, 29 Sep 2014 04:27:30 -0400
Subject: [PATCH] Check that port 8443 is available when installing PKI.

https://fedorahosted.org/freeipa/ticket/4564
---
 install/tools/ipa-ca-install      | 9 +++++++++
 install/tools/ipa-replica-install | 5 +++++
 install/tools/ipa-server-install  | 5 +++++
 ipaserver/install/cainstance.py   | 8 ++++++++
 4 files changed, 27 insertions(+)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index c984bf4778403f1a152afed2df567c8399e65809..bd30b27ae6ddfc9cfc55800b749d0cdfe90c1a97 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -95,6 +95,11 @@ def get_dirman_password():
         "Directory Manager (existing master)", confirm=False, validate=False)
 
 
+def check_ca():
+    if not cainstance.check_port():
+        print "IPA requires port 8443 for PKI but it is currently in use."
+        sys.exit(1)
+
 def install_dns_records(config, options):
 
     if not bindinstance.dns_container_exists(config.master_host_name,
@@ -172,6 +177,8 @@ def install_replica(safe_options, options, filename):
     else:
         cainstance.replica_ca_install_check(config)
 
+    check_ca()
+
     # Configure the CA if necessary
     CA = cainstance.install_replica_ca(config, postinstall=True)
 
@@ -262,6 +269,8 @@ def install_master(safe_options, options):
     domain_name = api.env.domain
     host_name = api.env.host
 
+    check_ca()
+
     dirname = dsinstance.config_dirname(
         dsinstance.realm_to_serverid(realm_name))
     cadb = certs.CertDB(realm_name, subject_base=subject_base)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 74781d00d5432ae352bf01b3da834846a4cd5016..0e0fa17881d8643c54967fe5b89b64b54d87694c 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -476,6 +476,11 @@ def main():
 
     check_dirsrv()
 
+    if options.setup_ca:
+        if not cainstance.check_port():
+            print "IPA requires port 8443 for PKI but it is currently in use."
+            sys.exit("Aborting installation")
+
     if options.conf_ntp:
         try:
             ipaclient.ntpconf.check_timedate_services()
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 89d73304fbf7797c73f4f6251ff96c17a761d8af..c53eedc87660179b8d55995568e075ca3e8bb4ef 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -848,6 +848,11 @@ def main():
         # Make sure the 389-ds ports are available
         check_dirsrv(options.unattended)
 
+    if setup_ca:
+        if not cainstance.check_port():
+            print "IPA requires port 8443 for PKI but it is currently in use."
+            sys.exit("Aborting installation")
+
     if options.conf_ntp:
         try:
             ipaclient.ntpconf.check_timedate_services()
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 3a296f58964f23f273044b91b02ffd43251f8b3b..a030792963fdec23e70d340139f7e989679e2437 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -87,6 +87,14 @@ ConfigFile = /usr/share/pki/ca/conf/database.ldif
 """
 
 
+def check_port():
+    """
+    Check that dogtag port (8443) is available.
+
+    Returns True when the port is free, False if it's taken.
+    """
+    return not ipautil.host_port_open(None, 8443)
+
 def get_preop_pin(instance_root, instance_name):
     # Only used for Dogtag 9
     preop_pin = None
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to