replica install: use one remote KRA host name everywhere

Remote master and KRA host names may differ. Always use the remote KRA host
name and never the remote master host name in KRA replica install.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>

ipaserver/install/ipa_kra_install.py

@@ -188,7 +188,7 @@ class KRAInstaller(KRAInstall):
         if self.installing_replica:
             if self.options.promote:
                 config = ReplicaConfig()
-                config.master_host_name = None
+                config.kra_host_name = None
                 config.realm_name = api.env.realm
                 config.host_name = api.env.host
                 config.domain_name = api.env.domain
@@ -201,17 +201,15 @@ class KRAInstaller(KRAInstall):
                     self.options.password,
                     self.replica_file,
                     self.options)
+                config.kra_host_name = config.master_host_name
 
             if config.subject_base is None:
                 attrs = api.Backend.ldap2.get_ipa_config()
                 config.subject_base = attrs.get('ipacertificatesubjectbase')[0]
 
-            if config.master_host_name is None:
+            if config.kra_host_name is None:
                 config.kra_host_name = service.find_providing_server(
                     'KRA', api.Backend.ldap2, api.env.ca_host)
-                config.master_host_name = config.kra_host_name
-            else:
-                config.kra_host_name = config.master_host_name
 
         try:
             kra.install_check(api, config, self.options)

ipaserver/install/krainstance.py

@@ -428,7 +428,7 @@ def install_replica_kra(config, postinstall=False):
     _kra.configure_instance(config.realm_name, config.host_name,
                             config.dirman_password, config.dirman_password,
                             pkcs12_info=(krafile,),
-                            master_host=config.master_host_name,
+                            master_host=config.kra_host_name,
                             subject_base=config.subject_base)
 
     # Restart httpd since we changed it's config and added ipa-pki-proxy.conf

ipaserver/install/server/replicainstall.py

@@ -550,6 +550,7 @@ def install_check(installer):
 
     config = create_replica_config(dirman_password, filename, options)
     config.ca_host_name = config.master_host_name
+    config.kra_host_name = config.ca_host_name
     config.setup_ca = options.setup_ca
     config.setup_kra = options.setup_kra
     installer._top_dir = config.top_dir
@@ -1041,6 +1042,7 @@ def promote_check(installer):
     config.domain_name = api.env.domain
     config.master_host_name = api.env.server
     config.ca_host_name = api.env.ca_host
+    config.kra_host_name = config.ca_host_name
     config.setup_ca = options.setup_ca
     config.setup_kra = options.setup_kra
     config.dir = installer._top_dir
@@ -1277,8 +1279,8 @@ def promote_check(installer):
                                   "custom certificates.")
                 raise ScriptError(rval=3)
 
-        config.kra_host_name = service.find_providing_server('KRA', conn,
-                                                             api.env.server)
+        config.kra_host_name = service.find_providing_server(
+                'KRA', conn, config.kra_host_name)
         if options.setup_kra and config.kra_host_name is None:
             root_logger.error("There is no KRA server in the domain, can't "
                               "setup a KRA clone")