Imported Debian patch 4.8.10-2

install/tools/ipa-ca-install.in

@@ -1,4 +1,4 @@
-@PYTHONSHEBANG@
+#!/usr/bin/python3
 # Authors: Rob Crittenden <rcritten@redhat.com>
 #
 # Copyright (C) 2011  Red Hat
@@ -35,8 +35,9 @@ from ipaserver.install.installutils import check_creds, ReplicaConfig
 from ipaserver.install import dsinstance, ca
 from ipaserver.install import cainstance, service
 from ipaserver.install import custodiainstance
+from ipaserver.masters import find_providing_server
 from ipapython import version
-from ipalib import api
+from ipalib import api, x509
 from ipalib.constants import DOMAIN_LEVEL_1
 from ipapython.config import IPAOptionParser
 from ipapython.ipa_log_manager import standard_logging_setup
@@ -67,13 +68,13 @@ def parse_options():
                       default=False, help="unattended installation never prompts the user")
     parser.add_option("--external-ca", dest="external_ca", action="store_true",
                       default=False, help="Generate a CSR to be signed by an external CA")
-    ext_cas = tuple(x.value for x in cainstance.ExternalCAType)
+    ext_cas = tuple(x.value for x in x509.ExternalCAType)
     parser.add_option("--external-ca-type", dest="external_ca_type",
                       type="choice", choices=ext_cas,
                       metavar="{{{0}}}".format(",".join(ext_cas)),
                       help="Type of the external CA. Default: generic")
     parser.add_option("--external-ca-profile", dest="external_ca_profile",
-                      type='constructor', constructor=cainstance.ExternalCAProfile,
+                      type='constructor', constructor=x509.ExternalCAProfile,
                       default=None, metavar="PROFILE-SPEC",
                       help="Specify the certificate profile/template to use "
                            "at the external CA")
@@ -85,6 +86,7 @@ def parse_options():
                       type="choice", choices=ca_algos,
                       metavar="{{{0}}}".format(",".join(ca_algos)),
                       help="Signing algorithm of the IPA CA certificate")
+
     parser.add_option("-P", "--principal", dest="principal", sensitive=True,
                       default=None, help="User allowed to manage replicas")
     parser.add_option("--subject-base", dest="subject_base",
@@ -100,6 +102,10 @@ def parse_options():
                           "(default CN=Certificate Authority,O=<realm-name>). "
                           "RDNs are in LDAP order (most specific RDN first)."))
 
+    parser.add_option("--pki-config-override", dest="pki_config_override",
+                      default=None,
+                      help="Path to ini file with config overrides.")
+
     options, args = parser.parse_args()
     safe_options = parser.get_safe_opts(options)
 
@@ -183,8 +189,9 @@ def install_replica(safe_options, options):
         config.subject_base = attrs.get('ipacertificatesubjectbase')[0]
 
     if config.ca_host_name is None:
-        config.ca_host_name = \
-            service.find_providing_server('CA', api.Backend.ldap2, api.env.ca_host)
+        config.ca_host_name = find_providing_server(
+            'CA', api.Backend.ldap2, [api.env.ca_host]
+        )
 
     options.realm_name = config.realm_name
     options.domain_name = config.domain_name
@@ -258,7 +265,8 @@ def install(safe_options, options):
             paths.KRB5_KEYTAB,
             ccache)
 
-        ca_host = service.find_providing_server('CA', api.Backend.ldap2)
+        ca_host = find_providing_server('CA', api.Backend.ldap2)
+
         if ca_host is None:
             install_master(safe_options, options)
         else:
@@ -303,7 +311,7 @@ def main():
     api.Backend.ldap2.connect()
 
     # Enable configured services and update DNS SRV records
-    service.enable_services(api.env.host)
+    service.sync_services_state(api.env.host)
     api.Command.dns_update_system_records()
     api.Backend.ldap2.disconnect()