This patch contains several small fixes of external CA install.
https://fedorahosted.org/freeipa/ticket/1523
--
Jan Cholasta
>From 4fb87a142e41f85038160576e9b4529bd6d67600 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 26 Jul 2011 13:21:36 +0200
Subject: [PATCH] Fix external CA install.
ticket 1523
---
install/tools/ipa-server-install | 28 ++++++++++++++--------------
1 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 8f8100b..be14a02 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -214,7 +214,7 @@ def parse_options():
if ((options.external_cert_file and not options.external_ca_file) or
(not options.external_cert_file and options.external_ca_file)):
- parser.error("if either external option is used, both are required.")
+ parser.error("if either external CA option is used, both are required.")
if (options.external_ca_file and not os.path.isabs(options.external_ca_file)):
parser.error("--external-ca-file must use an absolute path")
@@ -546,7 +546,7 @@ def main():
# This will override any settings passed in on the cmdline
if ipautil.file_exists(ANSWER_CACHE):
- dm_password = read_dm_password()
+ dm_password = read_password("Directory Manager", confirm=False)
options._update_loose(read_cache(dm_password))
print "=============================================================================="
@@ -755,23 +755,21 @@ def main():
# Figure out what state we're in. See cainstance.py for more info on
# the 3 states.
if options.external_cert_file is not None and options.external_ca_file is not None:
- # These options imply this and this is required to install the CA.
- # This is needed otherwise the setup of dogtag will fail.
- options.external_ca = True
- external = 0
- if options.external_ca:
- external = 1
- if external and ipautil.file_exists("/root/ipa.csr"):
external = 2
- if options.external_cert_file is None or options.external_ca_file is None:
+ elif options.external_ca:
+ if ipautil.file_exists("/root/ipa.csr"):
print "You already have a CA signing request for this server (/root/ipa.csr), you need to include --external_cert_file and --external_ca_file"
- sys.exit(1);
+ sys.exit(1)
+ external = 1
+ else:
+ external = 0
+
if external and options.external_cert_file and not ipautil.file_exists(options.external_cert_file):
print "%s does not exist" % options.external_cert_file
- sys.exit(1);
+ sys.exit(1)
if external and options.external_ca_file and not ipautil.file_exists(options.external_ca_file):
print "%s does not exist" % options.external_ca_file
- sys.exit(1);
+ sys.exit(1)
cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
if not cs.is_configured():
@@ -787,8 +785,10 @@ def main():
options.master_password = master_password
options.dm_password = dm_password
options.admin_password = admin_password
- options.host_name = host_default
+ options.host_name = host_name
options.unattended = True
+ options.forwarders = dns_forwarders
+ options.reverse_zone = reverse_zone
write_cache(options)
ca.configure_instance(host_name, dm_password, dm_password,
csr_file="/root/ipa.csr",
--
1.7.4.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
