Exemplo n.º 1
0
def install_replica_ds(config, options, ca_is_configured, remote_api,
                       ca_file, pkcs12_info=None, fstore=None):
    dsinstance.check_ports()

    # if we have a pkcs12 file, create the cert db from
    # that. Otherwise the ds setup will create the CA
    # cert
    if pkcs12_info is None:
        pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
                                       "dirsrv_pin.txt")

    if ca_is_configured:
        ca_subject = ca.lookup_ca_subject(remote_api, config.subject_base)
    else:
        ca_subject = installutils.default_ca_subject_dn(config.subject_base)

    ds = dsinstance.DsInstance(
        config_ldif=options.dirsrv_config_file,
        fstore=fstore)
    ds.create_replica(
        realm_name=config.realm_name,
        master_fqdn=config.master_host_name,
        fqdn=config.host_name,
        domain_name=config.domain_name,
        dm_password=config.dirman_password,
        subject_base=config.subject_base,
        ca_subject=ca_subject,
        pkcs12_info=pkcs12_info,
        ca_is_configured=ca_is_configured,
        ca_file=ca_file,
        api=remote_api,
        setup_pkinit=not options.no_pkinit,
    )

    return ds
Exemplo n.º 2
0
def install_replica_ds(config, options, ca_is_configured, remote_api,
                       ca_file, pkcs12_info=None, fstore=None):
    dsinstance.check_ports()

    # if we have a pkcs12 file, create the cert db from
    # that. Otherwise the ds setup will create the CA
    # cert
    if pkcs12_info is None:
        pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
                                       "dirsrv_pin.txt")

    if ca_is_configured:
        ca_subject = ca.lookup_ca_subject(remote_api, config.subject_base)
    else:
        ca_subject = installutils.default_ca_subject_dn(config.subject_base)

    ds = dsinstance.DsInstance(
        config_ldif=options.dirsrv_config_file,
        fstore=fstore)
    ds.create_replica(
        realm_name=config.realm_name,
        master_fqdn=config.master_host_name,
        fqdn=config.host_name,
        domain_name=config.domain_name,
        dm_password=config.dirman_password,
        subject_base=config.subject_base,
        ca_subject=ca_subject,
        pkcs12_info=pkcs12_info,
        ca_is_configured=ca_is_configured,
        ca_file=ca_file,
        api=remote_api,
        setup_pkinit=not options.no_pkinit,
    )

    return ds
Exemplo n.º 3
0
def check_dirsrv(unattended):
    (ds_unsecure, ds_secure) = dsinstance.check_ports()
    if not ds_unsecure or not ds_secure:
        msg = ("IPA requires ports 389 and 636 for the Directory Server.\n"
               "These are currently in use:\n")
        if not ds_unsecure:
            msg += "\t389\n"
        if not ds_secure:
            msg += "\t636\n"
        raise ScriptError(msg)
Exemplo n.º 4
0
def check_dirsrv(unattended):
    (ds_unsecure, ds_secure) = dsinstance.check_ports()
    if not ds_unsecure or not ds_secure:
        msg = ("IPA requires ports 389 and 636 for the Directory Server.\n"
               "These are currently in use:\n")
        if not ds_unsecure:
            msg += "\t389\n"
        if not ds_secure:
            msg += "\t636\n"
        raise ScriptError(msg)
Exemplo n.º 5
0
def check_dirsrv(unattended):
    (ds_unsecure, ds_secure) = dsinstance.check_ports()
    if not ds_unsecure or not ds_secure:
        print "IPA requires ports 389 and 636 for the Directory Server."
        print "These are currently in use:"
        if not ds_unsecure:
            print "\t389"
        if not ds_secure:
            print "\t636"
        sys.exit(1)
Exemplo n.º 6
0
def check_dirsrv():
    (ds_unsecure, ds_secure) = dsinstance.check_ports()
    if not ds_unsecure or not ds_secure:
        print("IPA requires ports 389 and 636 for the Directory Server.")
        print("These are currently in use:")
        if not ds_unsecure:
            print("\t389")
        if not ds_secure:
            print("\t636")
        sys.exit(1)
Exemplo n.º 7
0
def install_replica_ds(config):
    dsinstance.check_ports()

    # if we have a pkcs12 file, create the cert db from
    # that. Otherwise the ds setup will create the CA
    # cert
    pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12", "dirsrv_pin.txt")

    ds = dsinstance.DsInstance()
    ds.create_replica(
        realm_name=config.realm_name,
        master_fqdn=config.master_host_name,
        fqdn=config.host_name,
        domain_name=config.domain_name,
        dm_password=config.dirman_password,
        subject_base=config.subject_base,
        pkcs12_info=pkcs12_info,
        ca_is_configured=ipautil.file_exists(config.dir + "/cacert.p12"),
        ca_file=config.dir + "/ca.crt",
    )

    return ds
def replica_ds_init_info(ansible_log,
                         config,
                         options,
                         ca_is_configured,
                         remote_api,
                         ds_ca_subject,
                         ca_file,
                         promote=False,
                         pkcs12_info=None):

    dsinstance.check_ports()

    # if we have a pkcs12 file, create the cert db from
    # that. Otherwise the ds setup will create the CA
    # cert
    if pkcs12_info is None:
        pkcs12_info = make_pkcs12_info(config.dir, "dscert.p12",
                                       "dirsrv_pin.txt")

    # during replica install, this gets invoked before local DS is
    # available, so use the remote api.
    #if ca_is_configured:
    #    ca_subject = ca.lookup_ca_subject(_api, config.subject_base)
    #else:
    #    ca_subject = installutils.default_ca_subject_dn(config.subject_base)
    ca_subject = ds_ca_subject

    ds = dsinstance.DsInstance(config_ldif=options.dirsrv_config_file)
    ds.set_output(ansible_log)

    # Source: ipaserver/install/dsinstance.py

    # idstart and idmax are configured so that the range is seen as
    # depleted by the DNA plugin and the replica will go and get a
    # new range from the master.
    # This way all servers use the initially defined range by default.
    idstart = 1101
    idmax = 1100

    with redirect_stdout(ansible_log):
        ds.init_info(
            realm_name=config.realm_name,
            fqdn=config.host_name,
            domain_name=config.domain_name,
            dm_password=config.dirman_password,
            subject_base=config.subject_base,
            ca_subject=ca_subject,
            idstart=idstart,
            idmax=idmax,
            pkcs12_info=pkcs12_info,
            ca_file=ca_file,
            setup_pkinit=not options.no_pkinit,
        )
    ds.master_fqdn = config.master_host_name
    if ca_is_configured is not None:
        ds.ca_is_configured = ca_is_configured
    ds.promote = promote
    ds.api = remote_api

    # from __setup_replica

    # Always connect to ds over ldapi
    ldap_uri = ipaldap.get_ldap_uri(protocol='ldapi', realm=ds.realm)
    conn = ipaldap.LDAPClient(ldap_uri)
    conn.external_bind()

    return ds