replica install: use one remote CA host name everywhere

Remote master and CA host names may differ. Always use the remote CA host name and never the remote master host name in CA replica install. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-10-24 13:09:11 +02:00
parent b1283c1e56
commit 8a7e79a7a6
4 changed files with 11 additions and 11 deletions
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -138,7 +138,7 @@ def install_replica(safe_options, options, filename):

    if options.promote:
        config = ReplicaConfig()
-        config.master_host_name = None
+        config.ca_host_name = None
        config.realm_name = api.env.realm
        config.host_name = api.env.host
        config.domain_name = api.env.domain
@@ -149,6 +149,7 @@ def install_replica(safe_options, options, filename):
        cafile = paths.IPA_CA_CRT
    else:
        config = create_replica_config(dirman_password, filename, options)
+        config.ca_host_name = config.master_host_name
        cafile = config.dir + '/ca.crt'

    global REPLICA_INFO_TOP_DIR
@@ -159,12 +160,9 @@ def install_replica(safe_options, options, filename):
        attrs = api.Backend.ldap2.get_ipa_config()
        config.subject_base = attrs.get('ipacertificatesubjectbase')[0]

-    if config.master_host_name is None:
+    if config.ca_host_name is None:
        config.ca_host_name = \
            service.find_providing_server('CA', api.Backend.ldap2, api.env.ca_host)
-        config.master_host_name = config.ca_host_name
-    else:
-        config.ca_host_name = config.master_host_name

    options.realm_name = config.realm_name
    options.domain_name = config.domain_name
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -38,7 +38,7 @@ def install_check(standalone, replica_config, options):
        if standalone and not options.skip_conncheck:
            principal = options.principal
            replica_conn_check(
-                replica_config.master_host_name, host_name, realm_name, True,
+                replica_config.ca_host_name, host_name, realm_name, True,
                replica_config.ca_ds_port, options.admin_password,
                principal=principal, ca_cert_file=options.ca_cert_file)

--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1349,7 +1349,7 @@ def replica_ca_install_check(config):
        return

    # Check if the master has the necessary schema in its CA instance
-    ca_ldap_url = 'ldap://%s:%s' % (config.master_host_name, config.ca_ds_port)
+    ca_ldap_url = 'ldap://%s:%s' % (config.ca_host_name, config.ca_ds_port)
    objectclass = 'ipaObject'
    root_logger.debug('Checking if IPA schema is present in %s', ca_ldap_url)
    try:
@@ -1418,7 +1418,7 @@ def install_replica_ca(config, postinstall=False, ra_p12=None):
    ca.configure_instance(config.host_name,
                          config.dirman_password, config.dirman_password,
                          pkcs12_info=(cafile,), ra_p12=ra_p12,
-                          master_host=config.master_host_name,
+                          master_host=config.ca_host_name,
                          master_replication_port=config.ca_ds_port,
                          subject_base=config.subject_base)

--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -549,9 +549,10 @@ def install_check(installer):
            raise ScriptError("Directory Manager password required")

    config = create_replica_config(dirman_password, filename, options)
-    installer._top_dir = config.top_dir
+    config.ca_host_name = config.master_host_name
    config.setup_ca = options.setup_ca
    config.setup_kra = options.setup_kra
+    installer._top_dir = config.top_dir

    ca_enabled = ipautil.file_exists(config.dir + "/cacert.p12")

@@ -576,7 +577,7 @@ def install_check(installer):
            fd.write("dogtag_version=10\n")

            if not config.setup_ca:
-                fd.write("ca_host={0}\n".format(config.master_host_name))
+                fd.write("ca_host={0}\n".format(config.ca_host_name))
        else:
            fd.write("enable_ra=False\n")
            fd.write("ra_plugin=none\n")
@@ -1258,7 +1259,8 @@ def promote_check(installer):
            config.subject_base = DN(subject_base)

        # Find if any server has a CA
-        ca_host = service.find_providing_server('CA', conn, api.env.server)
+        ca_host = service.find_providing_server(
+                'CA', conn, config.ca_host_name)
        if ca_host is not None:
            config.ca_host_name = ca_host
            ca_enabled = True