URL: https://github.com/freeipa/freeipa/pull/445 Author: stlaz Title: #445: Remove is_fips_enabled checks in installers and ipactl Action: opened
PR body: """ https://fedorahosted.org/freeipa/ticket/5695 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/445/head:pr445 git checkout pr445
From 2895c109a64fe3f10ef762ed60671d361c9d085d Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Tue, 6 Dec 2016 08:55:56 +0100 Subject: [PATCH] Remove is_fips_enabled checks in installers and ipactl https://fedorahosted.org/freeipa/ticket/5695 --- install/tools/ipactl | 3 --- ipaclient/install/client.py | 5 ----- ipaserver/install/server/install.py | 4 ---- ipaserver/install/server/replicainstall.py | 11 ++++++----- 4 files changed, 6 insertions(+), 17 deletions(-) diff --git a/install/tools/ipactl b/install/tools/ipactl index c34f1cb..f375a87 100755 --- a/install/tools/ipactl +++ b/install/tools/ipactl @@ -543,9 +543,6 @@ def main(): elif args[0] != "start" and args[0] != "stop" and args[0] != "restart" and args[0] != "status": raise IpactlError("Unrecognized action [" + args[0] + "]", 2) - if tasks.is_fips_enabled(): - raise IpactlError("Starting IPA server in FIPS mode is not supported") - # check if IPA is configured at all try: check_IPA_configuration() diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index aa3449c..2b01b0d 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -1953,11 +1953,6 @@ def install_check(options): "You must be root to run ipa-client-install.", rval=CLIENT_INSTALL_ERROR) - if tasks.is_fips_enabled(): - raise ScriptError( - "Installing IPA client in FIPS mode is not supported", - rval=CLIENT_INSTALL_ERROR) - tasks.check_selinux_status() if is_ipa_client_installed(fstore, on_master=options.on_master): diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index ef943f7..8178d4e 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -304,10 +304,6 @@ def install_check(installer): external_ca_file = installer._external_ca_file http_ca_cert = installer._ca_cert - if tasks.is_fips_enabled(): - raise RuntimeError( - "Installing IPA server in FIPS mode is not supported") - tasks.check_selinux_status() if options.master_password: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 7d7a499..bb17878 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -527,10 +527,6 @@ def check_remote_version(api): def common_check(no_ntp): - if tasks.is_fips_enabled(): - raise RuntimeError( - "Installing IPA server in FIPS mode is not supported") - tasks.check_selinux_status() if is_ipa_configured(): @@ -659,7 +655,12 @@ def install_check(installer): filename = installer.replica_file installer._enrollment_performed = False - # check FIPS, selinux status, http and DS ports, NTP conflicting services + if tasks.is_fips_enabled(): + raise RuntimeError( + "Installing IPA server in FIPS mode on domain level 0 is not " + "supported") + + # check selinux status, http and DS ports, NTP conflicting services common_check(options.no_ntp) client_fstore = sysrestore.FileStore(paths.IPA_CLIENT_SYSRESTORE)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code