Use one Custodia peer to retrieve all secrets

Fix 994f71ac8a was incomplete. Under some circumstancs the DM hash and CA keys were still retrieved from two different machines. Custodia client now uses a single remote to upload keys and download all secrets. Fixes: https://pagure.io/freeipa/issue/7518 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-06-07 18:17:20 +02:00
parent b1f368c682
commit 533307382a
7 changed files with 46 additions and 39 deletions
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -93,7 +93,6 @@ def install(api, replica_config, options, custodia):
                    paths.KRB5_KEYTAB,
                    ccache)
                custodia.get_kra_keys(
-                    replica_config.kra_host_name,
                    krafile,
                    replica_config.dirman_password)
        else: