[Freeipa-devel] [PATCH] - Add DRM to IPA

Petr Viktorin pviktori at redhat.com
Thu Aug 14 12:29:00 UTC 2014 

On 08/14/2014 10:53 AM, Martin Kosek wrote:
> On 08/13/2014 09:54 PM, Ade Lee wrote:
>> In Dogtag, we have decided to revert the name of the DRM to the old name KRA.
>> DRM was really only used in docs/marketing, whereas KRA is all over the code.
>> Soon, the code and the marketing/docs will match.
>>
>> The following patch changes all references to the DRM to KRA.
>> so for example, you need to run ipa-kra-install etc.
>>
>> Please apply this on top of the previous patch.  I'll go ahead and squash them
>> before commit.
>>
>> Thanks,
>> Ade
>
> Ah, thanks for unifying that one. I changed DRM component in FreeIPA Trac to
> KRA and assigned respective tickets to that. Let us use the KRA term for the
> Vault then.
>
> Martin
>

ipa_drm_install.py: No newline at end of file
ipa_drm_install.DRMInstaller.FAIL_MESSAGE: the command is 
ipa-drm-install (with hyphens)


The error I got previously was when running ipa-kra-install on a replica 
that didn't have CA yet. It would be nice to provide a better message 
for this case.


On a replica with KRA, I get:
     $ sudo ipa-kra-install --uninstall
     Usage: ipa-kra-install [options] [replica_file]

     ipa-kra-install: error: Cannot uninstall.  There is no KRA 
installed on this system.

I tested the kra plugin with this Python script:

     from ipalib import api
     api.bootstrap(context='server', kra_host='localhost')
     api.finalize()
     api.Backend.kra.store_secret('test', 'tkey')

which gives me:

     Traceback (most recent call last):
       File "<stdin>", line 1, in <module>
       File "ipaserver/plugins/dogtag.py", line 2012, in store_secret
         self._setup()
       File "ipaserver/plugins/dogtag.py", line 1965, in _setup
         connection = PKIConnection('https', self.kra_host, 
self.kra_port, 'kra')
       File "/usr/lib/python2.7/site-packages/pki/client.py", line 36, 
in __init__
         self.hostname + ':' + self.port + '/' + \
     TypeError: coercing to Unicode: need string or buffer, int found


Apparently, PKIConnection requires the port to be a string, but we pass 
an int. I'd consider this an issue in pki.


The kra_host='localhost' option to api.bootstrap is necessary because 
kra_host is not added to default.conf on install. How is this planned to 
work when the plugin is done?


-- 
Petr³

More information about the Freeipa-devel mailing list