def install_replica_ds(config, options, ca_is_configured, remote_api, ca_file, pkcs12_info=None, fstore=None): dsinstance.check_ports() # if we have a pkcs12 file, create the cert db from # that. Otherwise the ds setup will create the CA # cert if pkcs12_info is None: pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", "dirsrv_pin.txt") if ca_is_configured: ca_subject = ca.lookup_ca_subject(remote_api, config.subject_base) else: ca_subject = installutils.default_ca_subject_dn(config.subject_base) ds = dsinstance.DsInstance( config_ldif=options.dirsrv_config_file, fstore=fstore) ds.create_replica( realm_name=config.realm_name, master_fqdn=config.master_host_name, fqdn=config.host_name, domain_name=config.domain_name, dm_password=config.dirman_password, subject_base=config.subject_base, ca_subject=ca_subject, pkcs12_info=pkcs12_info, ca_is_configured=ca_is_configured, ca_file=ca_file, api=remote_api, setup_pkinit=not options.no_pkinit, ) return ds
def check_dirsrv(unattended): (ds_unsecure, ds_secure) = dsinstance.check_ports() if not ds_unsecure or not ds_secure: msg = ("IPA requires ports 389 and 636 for the Directory Server.\n" "These are currently in use:\n") if not ds_unsecure: msg += "\t389\n" if not ds_secure: msg += "\t636\n" raise ScriptError(msg)
def check_dirsrv(unattended): (ds_unsecure, ds_secure) = dsinstance.check_ports() if not ds_unsecure or not ds_secure: print "IPA requires ports 389 and 636 for the Directory Server." print "These are currently in use:" if not ds_unsecure: print "\t389" if not ds_secure: print "\t636" sys.exit(1)
def check_dirsrv(): (ds_unsecure, ds_secure) = dsinstance.check_ports() if not ds_unsecure or not ds_secure: print("IPA requires ports 389 and 636 for the Directory Server.") print("These are currently in use:") if not ds_unsecure: print("\t389") if not ds_secure: print("\t636") sys.exit(1)
def install_replica_ds(config): dsinstance.check_ports() # if we have a pkcs12 file, create the cert db from # that. Otherwise the ds setup will create the CA # cert pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", "dirsrv_pin.txt") ds = dsinstance.DsInstance() ds.create_replica( realm_name=config.realm_name, master_fqdn=config.master_host_name, fqdn=config.host_name, domain_name=config.domain_name, dm_password=config.dirman_password, subject_base=config.subject_base, pkcs12_info=pkcs12_info, ca_is_configured=ipautil.file_exists(config.dir + "/cacert.p12"), ca_file=config.dir + "/ca.crt", ) return ds
def replica_ds_init_info(ansible_log, config, options, ca_is_configured, remote_api, ds_ca_subject, ca_file, promote=False, pkcs12_info=None): dsinstance.check_ports() # if we have a pkcs12 file, create the cert db from # that. Otherwise the ds setup will create the CA # cert if pkcs12_info is None: pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", "dirsrv_pin.txt") # during replica install, this gets invoked before local DS is # available, so use the remote api. #if ca_is_configured: # ca_subject = ca.lookup_ca_subject(_api, config.subject_base) #else: # ca_subject = installutils.default_ca_subject_dn(config.subject_base) ca_subject = ds_ca_subject ds = dsinstance.DsInstance(config_ldif=options.dirsrv_config_file) ds.set_output(ansible_log) # Source: ipaserver/install/dsinstance.py # idstart and idmax are configured so that the range is seen as # depleted by the DNA plugin and the replica will go and get a # new range from the master. # This way all servers use the initially defined range by default. idstart = 1101 idmax = 1100 with redirect_stdout(ansible_log): ds.init_info( realm_name=config.realm_name, fqdn=config.host_name, domain_name=config.domain_name, dm_password=config.dirman_password, subject_base=config.subject_base, ca_subject=ca_subject, idstart=idstart, idmax=idmax, pkcs12_info=pkcs12_info, ca_file=ca_file, setup_pkinit=not options.no_pkinit, ) ds.master_fqdn = config.master_host_name if ca_is_configured is not None: ds.ca_is_configured = ca_is_configured ds.promote = promote ds.api = remote_api # from __setup_replica # Always connect to ds over ldapi ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm) conn = ipaldap.LDAPClient(ldap_uri) conn.external_bind() return ds