mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: bede5a | patch | commitdiff
david_page
25.09.2007 804e7bcf05391ecdc76f02c0647446e4765e97a6
refs
author david_page <david_page@localhost>
Saturday, August 25, 2007 20:09 +0200
committer david_page <david_page@localhost>
Saturday, August 25, 2007 20:09 +0200
commit804e7bcf05391ecdc76f02c0647446e4765e97a6
tree 94f81dc65f22769e640f9843115542deeb83f5e5 tree | zip | gz
parent bede5a1411e22116ad06c1431665b977a92f3e22 view | diff 
Issue 466 preparation.

This is a followup to commit r2774.

Secure replication depends on ADS containing at least the instance-to-be-initialized's instance key public-key certificate in the ADS-based truststore because the existing replication domain server requires it to "trust" the new server. (The new server trusts the domain server by some future ADSContext code that will fetch the domain host's public-key certificate and write it into the new server's truststore backend - all via LDAP.)

Subsequent to commit r2774, we discovered that configuring replication results in the replication server opening its server socket and configuring it for TLS. The TLS configuration requires the local truststore to be initialized with the local instance key and the instance key of any to-be-replicated servers must be added. Hence, the Installer's ADS configuration step must be run before its replication configuration step.

In the current implementation of the ADS configuration step, ADS replication is configured and initialized (distinct from the suffixes specified by the user). These changes 1) move the ADS replication configuration and initialization from the ADS configuration step, and merge them into the code that handles configuring and initializing replication of the user specified suffixes (Installer.java); and 2) move the invocation of the ADS configuration ahead of the replication configuration (OfflineInstaller,WebStartInstaller.java).

M      src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java
M      src/quicksetup/org/opends/quicksetup/installer/Installer.java

Tests:

In addition to the precommit target, I've run the following setup scenarios using the OfflineInstaller:

1) Setup standalone server with data; setup new server as part of existing replication. Then the new server setup configures replication, ADS, and initializes suffixes on both instances.

2) Setup initial replicated server with data; setup new server as part of existing replication.

I'm not sure how to test the WebStartInstaller, but the code and changes are identical to the OfflineInstaller, so perhaps it is ok.

---
Thanks to Josu for reviewing.

3 files modified
261 ■■■■ changed files
opends/src/quicksetup/org/opends/quicksetup/installer/Installer.java 224 ●●●● diff | view | raw | blame | history
opends/src/quicksetup/org/opends/quicksetup/installer/offline/OfflineInstaller.java 17 ●●●● diff | view | raw | blame | history
opends/src/quicksetup/org/opends/quicksetup/installer/webstart/WebStartInstaller.java 20 ●●●●● diff | view | raw | blame | history