IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-server-upgrade now checks custodia server keys

Browse Source 
The ipa-server-upgrade command now checks for presence of ipa-custodia's
config and server keys. In case any of the files is missing, it
re-creates both files.

Partly resolves https://pagure.io/freeipa/issue/6893. The upgrader does
not auto-detect broken or mismatching keys yet.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Christian Heimes 2018-01-31 09:57:26 +01:00
parent e5a508a749
commit 387ae9fd0f
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
ipaserver/install/custodiainstance.py
View File

@ -92,7 +92,17 @@ class CustodiaInstance(SimpleServiceInstance):
keystore.generate_server_keys()
def upgrade_instance(self):
if not sysupgrade.get_upgrade_state("custodia", "installed"):
installed = sysupgrade.get_upgrade_state("custodia", "installed")
if installed:
if (not os.path.isfile(self.server_keys)
or not os.path.isfile(self.config_file)):
logger.warning(
"Custodia server keys or config are missing, forcing "
"reinstallation of ipa-custodia."
)
installed = False
if not installed:
logger.info("Custodia service is being configured")
self.create_instance()
else: