[Freeipa-devel] [PATCH] - Add DRM to IPA
Petr Viktorin
pviktori at redhat.com
Thu Aug 14 12:29:00 UTC 2014
On 08/14/2014 10:53 AM, Martin Kosek wrote:
> On 08/13/2014 09:54 PM, Ade Lee wrote:
>> In Dogtag, we have decided to revert the name of the DRM to the old name KRA.
>> DRM was really only used in docs/marketing, whereas KRA is all over the code.
>> Soon, the code and the marketing/docs will match.
>>
>> The following patch changes all references to the DRM to KRA.
>> so for example, you need to run ipa-kra-install etc.
>>
>> Please apply this on top of the previous patch. I'll go ahead and squash them
>> before commit.
>>
>> Thanks,
>> Ade
>
> Ah, thanks for unifying that one. I changed DRM component in FreeIPA Trac to
> KRA and assigned respective tickets to that. Let us use the KRA term for the
> Vault then.
>
> Martin
>
ipa_drm_install.py: No newline at end of file
ipa_drm_install.DRMInstaller.FAIL_MESSAGE: the command is
ipa-drm-install (with hyphens)
The error I got previously was when running ipa-kra-install on a replica
that didn't have CA yet. It would be nice to provide a better message
for this case.
On a replica with KRA, I get:
$ sudo ipa-kra-install --uninstall
Usage: ipa-kra-install [options] [replica_file]
ipa-kra-install: error: Cannot uninstall. There is no KRA
installed on this system.
I tested the kra plugin with this Python script:
from ipalib import api
api.bootstrap(context='server', kra_host='localhost')
api.finalize()
api.Backend.kra.store_secret('test', 'tkey')
which gives me:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "ipaserver/plugins/dogtag.py", line 2012, in store_secret
self._setup()
File "ipaserver/plugins/dogtag.py", line 1965, in _setup
connection = PKIConnection('https', self.kra_host,
self.kra_port, 'kra')
File "/usr/lib/python2.7/site-packages/pki/client.py", line 36,
in __init__
self.hostname + ':' + self.port + '/' + \
TypeError: coercing to Unicode: need string or buffer, int found
Apparently, PKIConnection requires the port to be a string, but we pass
an int. I'd consider this an issue in pki.
The kra_host='localhost' option to api.bootstrap is necessary because
kra_host is not added to default.conf on install. How is this planned to
work when the plugin is done?
--
Petr³
More information about the Freeipa-devel
mailing list