First instance of KRA should be installed only by ipa-kra-install

Patch attached.


From 7e097902dd107e5bd1d8dbb78e17e34806da53c2 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 30 Nov 2015 15:34:31 +0100
Subject: [PATCH] Remove unused code in server installer related to KRA

The first instance of KRA system should be allowed to install only by ipa-kra-install. This commit removes TODO and unneeded parts in code.
---
 ipaserver/install/server/install.py | 24 +++---------------------
 1 file changed, 3 insertions(+), 21 deletions(-)

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index c70ddac91f8c08719070874fa444e2f2430e3081..734254817c81c9dad963ca66641d6b48244d8314 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -464,16 +464,12 @@ def install_check(installer):
     # We only set up the CA if the PKCS#12 options are not given.
     if options.dirsrv_cert_files:
         setup_ca = False
-        setup_kra = False
     else:
         setup_ca = True
-        # setup_kra is set to False until Dogtag 10.2 is available for IPA to
-        # consume. Until then users that want to install the KRA need to use
-        # ipa-install-kra
-        # TODO set setup_kra = True when Dogtag 10.2 is available
-        setup_kra = False
     options.setup_ca = setup_ca
-    options.setup_kra = setup_kra
+
+    # first instance of KRA must be installed by ipa-kra-install
+    options.setup_kra = False
 
     print("======================================="
           "=======================================")
@@ -483,8 +479,6 @@ def install_check(installer):
     if setup_ca:
         print("  * Configure a stand-alone CA (dogtag) for certificate "
               "management")
-    if setup_kra:
-        print("  * Configure a stand-alone KRA (dogtag) for key storage")
     if not options.no_ntp:
         print("  * Configure the Network Time Daemon (ntpd)")
     print("  * Create and configure an instance of Directory Server")
@@ -706,13 +700,6 @@ def install_check(installer):
     if setup_ca:
         ca.install_check(False, None, options)
 
-    if setup_kra:
-        try:
-            kra.install_check(api, None, options)
-        except RuntimeError as e:
-            print(str(e))
-            sys.exit(1)
-
     if options.setup_dns:
         dns.install_check(False, False, options, host_name)
         ip_addresses = dns.ip_addresses
@@ -978,9 +965,6 @@ def install(installer):
     service.print_msg("Restarting the web server")
     http.restart()
 
-    if setup_kra:
-        kra.install(api, None, options)
-
     # Set the admin user kerberos password
     ds.change_admin_password(admin_password)
 
@@ -1042,8 +1026,6 @@ def install(installer):
     if setup_ca:
         print(("Be sure to back up the CA certificates stored in " +
               paths.CACERT_P12))
-        if setup_kra:
-            print("and the KRA certificates stored in " + paths.KRACERT_P12)
         print("These files are required to create replicas. The password for "
               "these")
         print("files is the Directory Manager password")
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to