disable RA plugins when promoting a replica from CA-less master

There is no point in setting 'enable_ra' to True in IPA config when the replica is promoted from CA-less master. The installer should set 'enable_ra' to False and unset 'ra_plugin' directive in this case. https://fedorahosted.org/freeipa/ticket/5626 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-01-21 13:39:49 +01:00
parent ec75b01f17
commit 7dae5c09d5
1 changed files with 16 additions and 6 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1303,13 +1303,23 @@ def promote(installer):
                              'https://%s/ipa/xml' %
                              ipautil.format_netloc(config.host_name)),
            ipaconf.setOption('ldap_uri', ldapi_uri),
-            ipaconf.setOption('mode', 'production'),
-            ipaconf.setOption('enable_ra', 'True'),
-            ipaconf.setOption('ra_plugin', 'dogtag'),
-            ipaconf.setOption('dogtag_version', '10')]
+            ipaconf.setOption('mode', 'production')
+        ]

-        if not options.setup_ca:
-            gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+        if installer._ca_enabled:
+            gopts.extend([
+                ipaconf.setOption('enable_ra', 'True'),
+                ipaconf.setOption('ra_plugin', 'dogtag'),
+                ipaconf.setOption('dogtag_version', '10')
+            ])
+
+            if not options.setup_ca:
+                gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+        else:
+            gopts.extend([
+                ipaconf.setOption('enable_ra', 'False'),
+                ipaconf.setOption('ra_plugin', 'None')
+            ])

        opts = [ipaconf.setSection('global', gopts)]