Dne 8.10.2014 v 12:27 Jan Cholasta napsal(a):
Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4619.
Honza
Forgot to delete a line in dogtaginstance.py (thanks to David for
noticing). Updated patch attached.
--
Jan Cholasta
From f2edb5ddf291d1f14c13e155412f5154d491c84e Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 7 Oct 2014 16:46:15 +0200
Subject: [PATCH] Fix certmonger configuration in installer code
https://fedorahosted.org/freeipa/ticket/4619
---
install/tools/ipa-server-install | 5 +--
install/tools/ipa-upgradeconfig | 2 +-
ipaserver/install/cainstance.py | 87 +---
ipaserver/install/dogtaginstance.py | 77 ++-
ipaserver/install/ipa_kra_install.py | 2 +-
ipaserver/install/krainstance.py | 9 ++--
6 files changed, 78 insertions(+), 104 deletions(-)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 89d7330..f394f1e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -561,14 +561,13 @@ def uninstall():
kra_instance = krainstance.KRAInstance(
api.env.realm, dogtag_constants=dogtag_constants)
-kra_instance.stop_tracking_certificates(dogtag_constants)
+kra_instance.stop_tracking_certificates()
if kra_instance.is_installed():
kra_instance.uninstall()
ca_instance = cainstance.CAInstance(
api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants)
-ca_instance.stop_tracking_certificates(dogtag_constants)
-ca_instance.stop_tracking_agent_certificate(dogtag_constants)
+ca_instance.stop_tracking_certificates()
if ca_instance.is_configured():
ca_instance.uninstall()
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 3914eb5..339dcb9 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -727,7 +727,7 @@ def certificate_renewal_update(ca):
# Ok, now we need to stop tracking, then we can start tracking them
# again with new configuration:
-ca.stop_tracking_certificates(dogtag_constants)
+ca.stop_tracking_certificates()
if not sysupgrade.get_upgrade_state('dogtag',
'certificate_renewal_update_1'):
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 3a296f5..cbb9e2c 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -330,6 +330,12 @@ class CAInstance(DogtagInstance):
2 = have signed cert, continue installation
+tracking_reqs = (('auditSigningCert cert-pki-ca', None),
+ ('ocspSigningCert cert-pki-ca', None),
+ ('subsystemCert cert-pki-ca', None),
+ ('caSigningCert cert-pki-ca', 'ipaCACertRenewal'))
+server_cert_name = 'Server-Cert cert-pki-ca'
+
def __init__(self, realm=None, ra_db=None, dogtag_constants=None,
host_name=None, dm_password=None, ldapi=True):
if dogtag_constants is None:
@@ -363,11 +369,6 @@ class CAInstance(DogtagInstance):
self.ra_agent_pwd = None
self.ra_cert = None
self.requestId = None
-self.tracking_reqs = (('Server-Cert cert-pki-ca', None),
- ('auditSigningCert cert-pki-ca', None),
- ('ocspSigningCert cert-pki-ca', None),
- ('subsystemCert cert-pki-ca', None),
- ('caSigningCert cert-pki-ca', 'ipaCACertRenewal'))
self.log = log_mgr.get_logger(self)
def configure_instance(self, host_name, domain, dm_password,
@@ -452,7 +453,7 @@ class CAInstance(DogtagInstance):
self.step(issuing RA agent certificate, self.__issue_ra_cert)
self.step(adding RA agent as a trusted user, self.__configure_ra)
self.step(configure certmonger for renewals, self.configure_certmonger_renewal)
-self.step(configure certificate renewals, self.configure_cert_renewal)
+self.step(configure certificate renewals, self.configure_renewal)
if not self.clone:
self.step(configure RA certificate renewal, self.configure_agent_renewal)
self.step(configure Server-Cert certificate renewal, self.track_servercert)
@@ -1311,27 +1312,6 @@ class CAInstance(DogtagInstance):
fd.close()
os.chmod(location, 0444)
-@staticmethod
-def configure_certmonger_renewal():
-
-Create a new CA type for certmonger that will retrieve updated
-certificates from the dogtag master server.
-
-services.knownservices.messagebus.start()
-cmonger = services.knownservices.certmonger
-cmonger.enable()
-cmonger.start()
-
-bus = dbus.SystemBus()
-obj =