|
 |
6d47df |
From 78bf80e55dd74fc0279cf6a76345865b0d5e5d32 Mon Sep 17 00:00:00 2001
|
|
|
6d47df |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
Date: Fri, 26 Oct 2018 18:12:29 +0200
|
|
|
6d47df |
Subject: [PATCH] Keep Dogtag's client db in external CA step 1
|
|
|
6d47df |
|
|
|
6d47df |
Don't remove /root/.dogtag/pki-tomcat when performing step 1 of external
|
|
|
6d47df |
CA installation process. Dogtag 10.6.7 changed behavior and no longer
|
|
|
6d47df |
re-creates the client database in step 2.
|
|
|
6d47df |
|
|
|
6d47df |
Fixes: https://pagure.io/freeipa/issue/7742
|
|
|
6d47df |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
6d47df |
|
|
|
6d47df |
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
|
|
6d47df |
index 59c0eadf1..61ccb6dff 100644
|
|
|
6d47df |
--- a/ipaserver/install/cainstance.py
|
|
|
6d47df |
+++ b/ipaserver/install/cainstance.py
|
|
|
6d47df |
@@ -483,7 +483,12 @@ class CAInstance(DogtagInstance):
|
|
|
6d47df |
try:
|
|
|
6d47df |
self.start_creation(runtime=runtime)
|
|
|
6d47df |
finally:
|
|
|
6d47df |
- self.clean_pkispawn_files()
|
|
|
6d47df |
+ if self.external == 1:
|
|
|
6d47df |
+ # Don't remove client DB in external CA step 1
|
|
|
6d47df |
+ # https://pagure.io/freeipa/issue/7742
|
|
|
6d47df |
+ logger.debug("Keep pkispawn files for step 2")
|
|
|
6d47df |
+ else:
|
|
|
6d47df |
+ self.clean_pkispawn_files()
|
|
|
6d47df |
|
|
|
6d47df |
def __spawn_instance(self):
|
|
|
6d47df |
"""
|
|
|
6d47df |
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
|
|
|
6d47df |
index e71bf2900..142a8c0d7 100644
|
|
|
6d47df |
--- a/ipaserver/install/dogtaginstance.py
|
|
|
6d47df |
+++ b/ipaserver/install/dogtaginstance.py
|
|
|
6d47df |
@@ -167,11 +167,13 @@ class DogtagInstance(service.Service):
|
|
|
6d47df |
|
|
|
6d47df |
def clean_pkispawn_files(self):
|
|
|
6d47df |
if self.tmp_agent_db is not None:
|
|
|
6d47df |
+ logger.debug("Removing %s", self.tmp_agent_db)
|
|
|
6d47df |
shutil.rmtree(self.tmp_agent_db, ignore_errors=True)
|
|
|
6d47df |
|
|
|
6d47df |
- shutil.rmtree('/root/.dogtag/pki-tomcat/{subsystem}/'
|
|
|
6d47df |
- .format(subsystem=self.subsystem.lower()),
|
|
|
6d47df |
- ignore_errors=True)
|
|
|
6d47df |
+ client_dir = os.path.join(
|
|
|
6d47df |
+ '/root/.dogtag/pki-tomcat/', self.subsystem.lower())
|
|
|
6d47df |
+ logger.debug("Removing %s", client_dir)
|
|
|
6d47df |
+ shutil.rmtree(client_dir, ignore_errors=True)
|
|
|
6d47df |
|
|
|
6d47df |
def restart_instance(self):
|
|
|
6d47df |
self.restart('pki-tomcat')
|
|
|
6d47df |
|
|
|
6d47df |
From 6214fc51789dcfc70d4df18c0153877b92625ad2 Mon Sep 17 00:00:00 2001
|
|
|
6d47df |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
Date: Fri, 26 Oct 2018 10:11:31 +0200
|
|
|
6d47df |
Subject: [PATCH] Use tasks.install_master() in external_ca tests
|
|
|
6d47df |
|
|
|
6d47df |
The install_master() function performs additional steps besides just
|
|
|
6d47df |
installing a server. It also sets up log collection and performs
|
|
|
6d47df |
additional tests.
|
|
|
6d47df |
|
|
|
6d47df |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
6d47df |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
6d47df |
|
|
|
6d47df |
diff --git a/ipatests/pytest_ipa/integration/tasks.py b/ipatests/pytest_ipa/integration/tasks.py
|
|
|
6d47df |
index 620ed28c9..9889636ba 100644
|
|
|
6d47df |
--- a/ipatests/pytest_ipa/integration/tasks.py
|
|
|
6d47df |
+++ b/ipatests/pytest_ipa/integration/tasks.py
|
|
|
6d47df |
@@ -292,7 +292,7 @@ def set_default_ttl_for_ipa_dns_zone(host, raiseonerr=True):
|
|
|
6d47df |
|
|
|
6d47df |
def install_master(host, setup_dns=True, setup_kra=False, setup_adtrust=False,
|
|
|
6d47df |
extra_args=(), domain_level=None, unattended=True,
|
|
|
6d47df |
- stdin_text=None, raiseonerr=True):
|
|
|
6d47df |
+ external_ca=False, stdin_text=None, raiseonerr=True):
|
|
|
6d47df |
if domain_level is None:
|
|
|
6d47df |
domain_level = host.config.domain_level
|
|
|
6d47df |
check_domain_level(domain_level)
|
|
|
6d47df |
@@ -321,11 +321,14 @@ def install_master(host, setup_dns=True, setup_kra=False, setup_adtrust=False,
|
|
|
6d47df |
args.append('--setup-kra')
|
|
|
6d47df |
if setup_adtrust:
|
|
|
6d47df |
args.append('--setup-adtrust')
|
|
|
6d47df |
+ if external_ca:
|
|
|
6d47df |
+ args.append('--external-ca')
|
|
|
6d47df |
|
|
|
6d47df |
args.extend(extra_args)
|
|
|
6d47df |
result = host.run_command(args, raiseonerr=raiseonerr,
|
|
|
6d47df |
stdin_text=stdin_text)
|
|
|
6d47df |
- if result.returncode == 0:
|
|
|
6d47df |
+ if result.returncode == 0 and not external_ca:
|
|
|
6d47df |
+ # external CA step 1 doesn't have DS and KDC fully configured, yet
|
|
|
6d47df |
enable_replication_debugging(host)
|
|
|
6d47df |
setup_sssd_debugging(host)
|
|
|
6d47df |
kinit_admin(host)
|
|
|
6d47df |
diff --git a/ipatests/test_integration/test_external_ca.py b/ipatests/test_integration/test_external_ca.py
|
|
|
6d47df |
index 33ba70f98..a8e0ea0bf 100644
|
|
|
6d47df |
--- a/ipatests/test_integration/test_external_ca.py
|
|
|
6d47df |
+++ b/ipatests/test_integration/test_external_ca.py
|
|
|
6d47df |
@@ -70,24 +70,12 @@ def match_in_journal(host, string, since='today', services=('certmonger',)):
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
def install_server_external_ca_step1(host):
|
|
|
6d47df |
- """funtion for step 1 to install the ipa server with external ca"""
|
|
|
6d47df |
-
|
|
|
6d47df |
- args = ['ipa-server-install', '-U',
|
|
|
6d47df |
- '-a', host.config.admin_password,
|
|
|
6d47df |
- '-p', host.config.dirman_password,
|
|
|
6d47df |
- '--setup-dns', '--no-forwarders',
|
|
|
6d47df |
- '-n', host.domain.name,
|
|
|
6d47df |
- '-r', host.domain.realm,
|
|
|
6d47df |
- '--domain-level=%i' % host.config.domain_level,
|
|
|
6d47df |
- '--external-ca']
|
|
|
6d47df |
-
|
|
|
6d47df |
- cmd = host.run_command(args)
|
|
|
6d47df |
- return cmd
|
|
|
6d47df |
+ """Step 1 to install the ipa server with external ca"""
|
|
|
6d47df |
+ return tasks.install_master(host, external_ca=True)
|
|
|
6d47df |
|
|
|
6d47df |
|
|
|
6d47df |
def install_server_external_ca_step2(host, ipa_ca_cert, root_ca_cert):
|
|
|
6d47df |
- """funtion for step 2 to install the ipa server with external ca"""
|
|
|
6d47df |
-
|
|
|
6d47df |
+ """Step 2 to install the ipa server with external ca"""
|
|
|
6d47df |
args = ['ipa-server-install',
|
|
|
6d47df |
'-a', host.config.admin_password,
|
|
|
6d47df |
'-p', host.config.dirman_password,
|