IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

cainstance: add profile to IPA RA tracking request

Browse Source 
Profile-based renewal means we should always explicitly specify the
profile in tracking requests that use the dogtag-ipa-ca-renew-agent
renewal helper.  This includes the IPA RA agent certificate.  Update
CAInstance.configure_agent_renewal() to add the profile to the
tracking request.  This also covers the upgrade scenario (because
the same method gets invoked).

Part of: https://pagure.io/freeipa/issue/7991

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
Fraser Tweedale
2019-06-27 11:27:02 +10:00
parent fa5675582c
commit 1bf008a64f
3 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ipaserver/install/cainstance.py
View File

@@ -1047,6 +1047,7 @@ class CAInstance(DogtagInstance):
certmonger.start_tracking(
certpath=(paths.RA_AGENT_PEM, paths.RA_AGENT_KEY),
ca='dogtag-ipa-ca-renew-agent',
profile=ipalib.constants.RA_AGENT_PROFILE,
pre_command='renew_ra_cert_pre',
post_command='renew_ra_cert',
storage='FILE')