server upgrade: always upgrade KRA agent PEM file

Before the KRA agent PEM file is exported in server upgrade, the sysupgrade state file is consulted. This causes the KRA agent PEM file not to be exported to the new location if the upgrade was executed in the past. Do not consult the sysupgrade state file to decide whether to upgrade the KRA agent PEM file or not, the existence of the file is enough to make this decision. https://fedorahosted.org/freeipa/ticket/6675 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2017-02-16 11:19:09 +01:00
parent 97e838e10d
commit 0862e32091
2 changed files with 5 additions and 3 deletions
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -39,6 +39,7 @@ class BasePathNamespace(object):
    HOSTS = "/etc/hosts"
    ETC_HTTPD_DIR = "/etc/httpd"
    HTTPD_ALIAS_DIR = "/etc/httpd/alias"
+    OLD_KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem"
    IPA_RADB_DIR = "/var/lib/ipa/radb"
    HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/"
    HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf"
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -1386,7 +1386,9 @@ def fix_trust_flags():
 def export_kra_agent_pem():
    root_logger.info('[Exporting KRA agent PEM file]')

-    if sysupgrade.get_upgrade_state('http', 'export_kra_agent_pem'):
+    sysupgrade.remove_upgrade_state('http', 'export_kra_agent_pem')
+
+    if os.path.exists(paths.KRA_AGENT_PEM):
        root_logger.info("KRA agent PEM file already exported")
        return

@@ -1395,8 +1397,7 @@ def export_kra_agent_pem():
        return

    krainstance.export_kra_agent_pem()
-
-    sysupgrade.set_upgrade_state('http', 'export_kra_agent_pem', True)
+    installutils.remove_file(paths.OLD_KRA_AGENT_PEM)


 def update_mod_nss_protocol(http):