def install_step_0(standalone, replica_config, options, custodia): realm_name = options.realm_name dm_password = options.dm_password host_name = options.host_name ca_subject = options._ca_subject subject_base = options._subject_base external_ca_profile = None if replica_config is None: ca_signing_algorithm = options.ca_signing_algorithm if options.external_ca: ca_type = options.external_ca_type external_ca_profile = options.external_ca_profile csr_file = paths.ROOT_IPA_CSR else: ca_type = None csr_file = None if options.external_cert_files: cert_file = external_cert_file.name cert_chain_file = external_ca_file.name else: cert_file = None cert_chain_file = None pkcs12_info = None master_host = None master_replication_port = None ra_p12 = None ra_only = False promote = False else: cafile = os.path.join(replica_config.dir, 'cacert.p12') custodia.get_ca_keys( cafile, replica_config.dirman_password) ca_signing_algorithm = None ca_type = None csr_file = None cert_file = None cert_chain_file = None pkcs12_info = (cafile,) master_host = replica_config.ca_host_name master_replication_port = replica_config.ca_ds_port ra_p12 = os.path.join(replica_config.dir, 'ra.p12') ra_only = not replica_config.setup_ca promote = True # if upgrading from CA-less to CA-ful, need to rewrite # certmap.conf and subject_base configuration # set_subject_base_in_config(subject_base) sysupgrade.set_upgrade_state( 'certmap.conf', 'subject_base', str(subject_base)) dsinstance.write_certmap_conf(realm_name, ca_subject) # use secure ldaps when installing a replica or upgrading to CA-ful # In both cases, 389-DS is already configured to have a trusted cert. use_ldaps = standalone or replica_config is not None ca = cainstance.CAInstance( realm=realm_name, host_name=host_name, custodia=custodia ) ca.configure_instance( host_name, dm_password, dm_password, subject_base=subject_base, ca_subject=ca_subject, ca_signing_algorithm=ca_signing_algorithm, ca_type=ca_type, external_ca_profile=external_ca_profile, csr_file=csr_file, cert_file=cert_file, cert_chain_file=cert_chain_file, pkcs12_info=pkcs12_info, master_host=master_host, master_replication_port=master_replication_port, ra_p12=ra_p12, ra_only=ra_only, promote=promote, use_ldaps=use_ldaps, pki_config_override=options.pki_config_override, )
def install_step_0(standalone, replica_config, options, custodia): realm_name = options.realm_name dm_password = options.dm_password host_name = options.host_name ca_subject = options._ca_subject subject_base = options._subject_base external_ca_profile = None if replica_config is None: ca_signing_algorithm = options.ca_signing_algorithm if options.external_ca: ca_type = options.external_ca_type external_ca_profile = options.external_ca_profile csr_file = paths.ROOT_IPA_CSR else: ca_type = None csr_file = None if options.external_cert_files: cert_file = external_cert_file.name cert_chain_file = external_ca_file.name else: cert_file = None cert_chain_file = None pkcs12_info = None master_host = None master_replication_port = None ra_p12 = None ra_only = False promote = False else: cafile = os.path.join(replica_config.dir, 'cacert.p12') custodia.get_ca_keys(cafile, replica_config.dirman_password) ca_signing_algorithm = None ca_type = None csr_file = None cert_file = None cert_chain_file = None pkcs12_info = (cafile, ) master_host = replica_config.ca_host_name master_replication_port = replica_config.ca_ds_port ra_p12 = os.path.join(replica_config.dir, 'ra.p12') ra_only = not replica_config.setup_ca promote = True # if upgrading from CA-less to CA-ful, need to rewrite # certmap.conf and subject_base configuration # set_subject_base_in_config(subject_base) sysupgrade.set_upgrade_state('certmap.conf', 'subject_base', str(subject_base)) dsinstance.write_certmap_conf(realm_name, ca_subject) # use secure ldaps when installing a replica or upgrading to CA-ful # In both cases, 389-DS is already configured to have a trusted cert. use_ldaps = standalone or replica_config is not None ca = cainstance.CAInstance(realm=realm_name, host_name=host_name, custodia=custodia) ca.configure_instance( host_name, dm_password, dm_password, subject_base=subject_base, ca_subject=ca_subject, ca_signing_algorithm=ca_signing_algorithm, ca_type=ca_type, external_ca_profile=external_ca_profile, csr_file=csr_file, cert_file=cert_file, cert_chain_file=cert_chain_file, pkcs12_info=pkcs12_info, master_host=master_host, master_replication_port=master_replication_port, ra_p12=ra_p12, ra_only=ra_only, promote=promote, use_ldaps=use_ldaps, pki_config_override=options.pki_config_override, )
def install_step_0(standalone, replica_config, options): realm_name = options.realm_name dm_password = options.dm_password host_name = options.host_name ca_subject = options._ca_subject subject_base = options._subject_base if replica_config is None: ca_signing_algorithm = options.ca_signing_algorithm if options.external_ca: ca_type = options.external_ca_type csr_file = paths.ROOT_IPA_CSR else: ca_type = None csr_file = None if options.external_cert_files: cert_file = external_cert_file.name cert_chain_file = external_ca_file.name else: cert_file = None cert_chain_file = None pkcs12_info = None master_host = None master_replication_port = None ra_p12 = None ra_only = False promote = False else: cafile = os.path.join(replica_config.dir, 'cacert.p12') if options.promote: custodia = custodiainstance.CustodiaInstance( replica_config.host_name, replica_config.realm_name) custodia.get_ca_keys(replica_config.ca_host_name, cafile, replica_config.dirman_password) ca_signing_algorithm = None ca_type = None csr_file = None cert_file = None cert_chain_file = None pkcs12_info = (cafile, ) master_host = replica_config.ca_host_name master_replication_port = replica_config.ca_ds_port ra_p12 = os.path.join(replica_config.dir, 'ra.p12') ra_only = not replica_config.setup_ca promote = options.promote # if upgrading from CA-less to CA-ful, need to rewrite # certmap.conf and subject_base configuration # set_subject_base_in_config(subject_base) sysupgrade.set_upgrade_state('certmap.conf', 'subject_base', str(subject_base)) dsinstance.write_certmap_conf(realm_name, ca_subject) ca = cainstance.CAInstance(realm_name, paths.IPA_RADB_DIR, host_name=host_name) ca.configure_instance(host_name, dm_password, dm_password, subject_base=subject_base, ca_subject=ca_subject, ca_signing_algorithm=ca_signing_algorithm, ca_type=ca_type, csr_file=csr_file, cert_file=cert_file, cert_chain_file=cert_chain_file, pkcs12_info=pkcs12_info, master_host=master_host, master_replication_port=master_replication_port, ra_p12=ra_p12, ra_only=ra_only, promote=promote, use_ldaps=standalone)