Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module
Dne 25.5.2015 v 16:58 Martin Babinsky napsal(a): On 05/21/2015 10:16 AM, Martin Babinsky wrote: On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it work as expected, but I hope that it's not so bad. Requires PATCH 0035 "do not check for directory manager password during KRA uninstall" to apply. Attaching rebased patch that should apply cleanly on current master without prerequisites. Attaching updated patch. Thanks, ACK. Pushed to master: 6a4b428120c2e351ad0f1b4573f50b106844b1fd -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module
On 05/21/2015 10:16 AM, Martin Babinsky wrote: On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it work as expected, but I hope that it's not so bad. Requires PATCH 0035 "do not check for directory manager password during KRA uninstall" to apply. Attaching rebased patch that should apply cleanly on current master without prerequisites. Attaching updated patch. -- Martin^3 Babinsky From bbc4fbf6831eeecb1b423fcb717db1097dc3e35b Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 15 May 2015 19:02:22 +0200 Subject: [PATCH] merge KRA installation machinery to a single module This is a prerequisite to further refactoring of KRA install/uninstall functionality in all IPA install scripts. https://fedorahosted.org/freeipa/ticket/4468 --- install/tools/ipa-replica-install| 21 - install/tools/ipa-server-install | 29 +--- ipaserver/install/ipa_kra_install.py | 83 ++- ipaserver/install/kra.py | 85 4 files changed, 118 insertions(+), 100 deletions(-) create mode 100644 ipaserver/install/kra.py diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index f68cc8cf4722264ecea2f1f50de3aa245be24ef9..c75848b1ada91254a41245df240ede24c477d5b1 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -37,10 +37,10 @@ from ipaserver.install import memcacheinstance, dnskeysyncinstance from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager from ipaserver.install.installutils import ( -create_replica_config, read_replica_info_kra_enabled, private_ccache) +create_replica_config, private_ccache) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance -from ipaserver.install import krainstance +from ipaserver.install import kra from ipaserver.install import dns as dns_installer from ipalib import api, create_api, errors, util, certstore, x509 from ipalib.constants import CACERT @@ -473,12 +473,12 @@ def main(): config.setup_kra = options.setup_kra if config.setup_kra: -if not config.setup_ca: -print "CA must be installed with the KRA" -sys.exit(1) -if not read_replica_info_kra_enabled(config.dir): -print "KRA is not installed on the master system" -sys.exit(1) +try: +kra.install_check(config, options, False, + dogtag.install_constants.DOGTAG_VERSION) +except RuntimeError as e: +print str(e) +exit(1) installutils.verify_fqdn(config.master_host_name, options.no_host_dns) @@ -660,10 +660,7 @@ def main(): ds.apply_updates() if options.setup_kra: -kra = krainstance.install_replica_kra(config) -service.print_msg("Restarting the directory server") -ds.restart() -kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH) +kra.install(config, options, dirman_password) else: service.print_msg("Restarting the directory server") ds.restart() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index cb6e1abe2016c0f8cefc35b1d685373f05b3ef89..9bb8955dc15d1682edf33d7652de0829771267f3 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -53,13 +53,13 @@ from ipaserver.install import httpinstance from ipaserver.install import ntpinstance from ipaserver.install import certs from ipaserver.install import cainstance -from ipaserver.install import krainstance from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install import sysupgrade from ipaserver.install import replication from ipaserver.install import dns as dns_installer from ipaserver.install import service, installutils +from ipaserver.install import kra from ipapython import version from ipapython import certmonger from ipapython import ipaldap @@ -577,11 +577,7 @@ def uninstall(): if cads_instance.is_configured(): cads_instance.uninstall() -kra_instance = krainstance.KRAInstance( -api.env.realm, dogtag_constants=dogtag_constants) -kra_instance.stop_tracking_certificates() -if kra_instance.is_installed(): -kra_instance.uninstall() +kra.uninstall() ca_instance = cainstance.CAInstance( api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants) @@ -1036,6 +1032,14 @@ def main(): else: admin_password = options.admin_password +if setup_kra: +try: +kra.install_check(None, options, False, + dogtag.install_constants.DOGTAG_VERSION) +excep
Re: [Freeipa-devel] [PATCH 0036] merge KRA installation machinery to a single module
On 05/19/2015 08:23 PM, Martin Babinsky wrote: This patch is required for the installer ref@#$%&ing work (https://fedorahosted.org/freeipa/ticket/4468). It required quite a bit of hacking to get it work as expected, but I hope that it's not so bad. Requires PATCH 0035 "do not check for directory manager password during KRA uninstall" to apply. Attaching rebased patch that should apply cleanly on current master without prerequisites. -- Martin^3 Babinsky From ae002f2b86eaccb5219322de2ae23e42eb713166 Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Fri, 15 May 2015 19:02:22 +0200 Subject: [PATCH] merge KRA installation machinery to a single module This is a prerequisite to further refactoring of KRA install/uninstall functionality in all IPA install scripts. https://fedorahosted.org/freeipa/ticket/4468 --- install/tools/ipa-replica-install| 21 +++ install/tools/ipa-server-install | 26 +++- ipaserver/install/ipa_kra_install.py | 108 ++-- ipaserver/install/kra.py | 116 +++ 4 files changed, 153 insertions(+), 118 deletions(-) create mode 100644 ipaserver/install/kra.py diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index f68cc8cf4722264ecea2f1f50de3aa245be24ef9..d0c4a28fcf0bf0a2693ffef10626a8f99a69c8bc 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -37,10 +37,10 @@ from ipaserver.install import memcacheinstance, dnskeysyncinstance from ipaserver.install import otpdinstance from ipaserver.install.replication import replica_conn_check, ReplicationManager from ipaserver.install.installutils import ( -create_replica_config, read_replica_info_kra_enabled, private_ccache) +create_replica_config, private_ccache) from ipaserver.plugins.ldap2 import ldap2 from ipaserver.install import cainstance -from ipaserver.install import krainstance +from ipaserver.install import kra from ipaserver.install import dns as dns_installer from ipalib import api, create_api, errors, util, certstore, x509 from ipalib.constants import CACERT @@ -473,12 +473,12 @@ def main(): config.setup_kra = options.setup_kra if config.setup_kra: -if not config.setup_ca: -print "CA must be installed with the KRA" -sys.exit(1) -if not read_replica_info_kra_enabled(config.dir): -print "KRA is not installed on the master system" -sys.exit(1) +try: +kra.check_install(options, dirman_password, + config.setup_ca, filename) +except RuntimeError as e: +print str(e) +exit(1) installutils.verify_fqdn(config.master_host_name, options.no_host_dns) @@ -660,10 +660,7 @@ def main(): ds.apply_updates() if options.setup_kra: -kra = krainstance.install_replica_kra(config) -service.print_msg("Restarting the directory server") -ds.restart() -kra.enable_client_auth_to_db(kra.dogtag_constants.KRA_CS_CFG_PATH) +kra.install(options, dirman_password, replica_file=filename) else: service.print_msg("Restarting the directory server") ds.restart() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index cb6e1abe2016c0f8cefc35b1d685373f05b3ef89..f4ef71d84d30d79f70f164c30f274d8769b3e319 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -53,13 +53,13 @@ from ipaserver.install import httpinstance from ipaserver.install import ntpinstance from ipaserver.install import certs from ipaserver.install import cainstance -from ipaserver.install import krainstance from ipaserver.install import memcacheinstance from ipaserver.install import otpdinstance from ipaserver.install import sysupgrade from ipaserver.install import replication from ipaserver.install import dns as dns_installer from ipaserver.install import service, installutils +from ipaserver.install import kra from ipapython import version from ipapython import certmonger from ipapython import ipaldap @@ -577,11 +577,12 @@ def uninstall(): if cads_instance.is_configured(): cads_instance.uninstall() -kra_instance = krainstance.KRAInstance( -api.env.realm, dogtag_constants=dogtag_constants) -kra_instance.stop_tracking_certificates() -if kra_instance.is_installed(): -kra_instance.uninstall() +try: +kra.check_uninstall() +except RuntimeError: +pass +else: +kra.uninstall() ca_instance = cainstance.CAInstance( api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants) @@ -1290,18 +1291,7 @@ def main(): http.restart() if setup_kra: -kra = krainstance.KRAInstance(realm_name, -dogtag_constants=dogtag.install_constants) -kra.configure_instance(host_name, domain_name, dm_password,