IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Use dogtag-ipa-ca-renew-agent to track certificates on master CA.

Browse Source 
Before, dogtag-ipa-renew-agent was used to track the certificates and the
certificates were stored to LDAP in renew_ca_cert and renew_ra_cert. Since
dogtag-ipa-ca-renew-agent can store the certificates itself, the storage code
was removed from renew_ca_cert and renew_ra_cert.

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Jan Cholasta
2013-10-16 08:40:31 +00:00
committed by Petr Viktorin
parent a356c3806b
commit 6a19738a45
4 changed files with 53 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
install/tools/ipa-upgradeconfig
View File

@@ -607,10 +607,10 @@ def enable_certificate_renewal(ca):
return False
if not sysupgrade.get_upgrade_state('dogtag', 'renewal_configured'):
ca.configure_certmonger_renewal()
if ca.is_master():
ca.configure_renewal()
else:
ca.configure_certmonger_renewal()
ca.configure_clone_renewal()
ca.configure_agent_renewal()
ca.track_servercert()
@@ -656,10 +656,10 @@ def certificate_renewal_stop_ca(ca):
# Ok, now we need to stop tracking, then we can start tracking them
# again with new configuration:
cainstance.stop_tracking_certificates(dogtag.configured_constants())
ca.configure_certmonger_renewal()
if ca.is_master():
ca.configure_renewal()
else:
ca.configure_certmonger_renewal()
ca.configure_clone_renewal()
ca.configure_agent_renewal()
ca.track_servercert()