URL: https://github.com/freeipa/freeipa/pull/355 Author: frasertweedale Title: #355: Set up DS TLS on replica in CA-less topology Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/355/head:pr355 git checkout pr355
From d1ff655281116b0a74f5a1c5c491c3f2247317a4 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Tue, 20 Dec 2016 23:29:22 +1000 Subject: [PATCH 1/2] Set up DS TLS on replica in CA-less topology Fixes: https://fedorahosted.org/freeipa/ticket/6226 --- ipaserver/install/dsinstance.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index bcfcb05..2ac1041 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -390,7 +390,9 @@ def create_replica(self, realm_name, master_fqdn, fqdn, self.step("creating DS keytab", self._request_service_keytab) if self.promote: - if self.ca_is_configured: + if self.pkcs12_info: + self.step("configuring ssl for ds instance", self.__enable_ssl) + else: self.step("retrieving DS Certificate", self.__get_ds_cert) self.step("restarting directory server", self.__restart_instance) From 7e347d7641a29f9e94251adc97c15a8bcee70230 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Tue, 3 Jan 2017 12:04:20 +1000 Subject: [PATCH 2/2] dsinstance: minor string fixes Fixes: https://fedorahosted.org/freeipa/ticket/6586 --- ipaserver/install/dsinstance.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 2ac1041..a0fdc4a 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -278,7 +278,7 @@ def __common_setup(self, enable_ssl=False): self.step("creating indices", self.__create_indices) self.step("enabling referential integrity plugin", self.__add_referint_module) if enable_ssl: - self.step("configuring ssl for ds instance", self.__enable_ssl) + self.step("configuring TLS for DS instance", self.__enable_ssl) self.step("configuring certmap.conf", self.__certmap_conf) self.step("configure new location for managed entries", self.__repoint_managed_entries) self.step("configure dirsrv ccache", self.configure_dirsrv_ccache) @@ -351,7 +351,7 @@ def create_instance(self, realm_name, fqdn, domain_name, def enable_ssl(self): self.steps = [] - self.step("configuring ssl for ds instance", self.__enable_ssl) + self.step("configuring TLS for DS instance", self.__enable_ssl) self.step("restarting directory server", self.__restart_instance) self.step("adding CA certificate entry", self.__upload_ca_cert) @@ -391,7 +391,7 @@ def create_replica(self, realm_name, master_fqdn, fqdn, self.step("creating DS keytab", self._request_service_keytab) if self.promote: if self.pkcs12_info: - self.step("configuring ssl for ds instance", self.__enable_ssl) + self.step("configuring TLS for DS instance", self.__enable_ssl) else: self.step("retrieving DS Certificate", self.__get_ds_cert) self.step("restarting directory server", self.__restart_instance) @@ -559,9 +559,9 @@ def __create_instance(self): root_logger.debug("calling setup-ds.pl") try: ipautil.run(args) - root_logger.debug("completed creating ds instance") + root_logger.debug("completed creating DS instance") except ipautil.CalledProcessError as e: - raise RuntimeError("failed to create ds instance %s" % e) + raise RuntimeError("failed to create DS instance %s" % e) # check for open port 389 from now on self.open_ports.append(389) @@ -1024,7 +1024,8 @@ def uninstall(self): try: services.knownservices.dirsrv.restart(ds_instance, wait=False) except Exception as e: - root_logger.error('Unable to restart ds instance %s: %s', ds_instance, e) + root_logger.error( + 'Unable to restart DS instance %s: %s', ds_instance, e) def stop_tracking_certificates(self, serverid=None): if serverid is None:
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
