diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index 079773dbd..aaacf447d 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -138,7 +138,7 @@ def install_replica(safe_options, options, filename): if options.promote: config = ReplicaConfig() - config.master_host_name = None + config.ca_host_name = None config.realm_name = api.env.realm config.host_name = api.env.host config.domain_name = api.env.domain @@ -149,6 +149,7 @@ def install_replica(safe_options, options, filename): cafile = paths.IPA_CA_CRT else: config = create_replica_config(dirman_password, filename, options) + config.ca_host_name = config.master_host_name cafile = config.dir + '/ca.crt' global REPLICA_INFO_TOP_DIR @@ -159,12 +160,9 @@ def install_replica(safe_options, options, filename): attrs = api.Backend.ldap2.get_ipa_config() config.subject_base = attrs.get('ipacertificatesubjectbase')[0] - if config.master_host_name is None: + if config.ca_host_name is None: config.ca_host_name = \ service.find_providing_server('CA', api.Backend.ldap2, api.env.ca_host) - config.master_host_name = config.ca_host_name - else: - config.ca_host_name = config.master_host_name options.realm_name = config.realm_name options.domain_name = config.domain_name diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 921e49495..cd594c21d 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -38,7 +38,7 @@ def install_check(standalone, replica_config, options): if standalone and not options.skip_conncheck: principal = options.principal replica_conn_check( - replica_config.master_host_name, host_name, realm_name, True, + replica_config.ca_host_name, host_name, realm_name, True, replica_config.ca_ds_port, options.admin_password, principal=principal, ca_cert_file=options.ca_cert_file) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 48b66e270..d7dffbe0e 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -1349,7 +1349,7 @@ def replica_ca_install_check(config): return # Check if the master has the necessary schema in its CA instance - ca_ldap_url = 'ldap://%s:%s' % (config.master_host_name, config.ca_ds_port) + ca_ldap_url = 'ldap://%s:%s' % (config.ca_host_name, config.ca_ds_port) objectclass = 'ipaObject' root_logger.debug('Checking if IPA schema is present in %s', ca_ldap_url) try: @@ -1418,7 +1418,7 @@ def install_replica_ca(config, postinstall=False, ra_p12=None): ca.configure_instance(config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(cafile,), ra_p12=ra_p12, - master_host=config.master_host_name, + master_host=config.ca_host_name, master_replication_port=config.ca_ds_port, subject_base=config.subject_base) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 5ea93aea0..96f4adbfa 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -549,9 +549,10 @@ def install_check(installer): raise ScriptError("Directory Manager password required") config = create_replica_config(dirman_password, filename, options) - installer._top_dir = config.top_dir + config.ca_host_name = config.master_host_name config.setup_ca = options.setup_ca config.setup_kra = options.setup_kra + installer._top_dir = config.top_dir ca_enabled = ipautil.file_exists(config.dir + "/cacert.p12") @@ -576,7 +577,7 @@ def install_check(installer): fd.write("dogtag_version=10\n") if not config.setup_ca: - fd.write("ca_host={0}\n".format(config.master_host_name)) + fd.write("ca_host={0}\n".format(config.ca_host_name)) else: fd.write("enable_ra=False\n") fd.write("ra_plugin=none\n") @@ -1258,7 +1259,8 @@ def promote_check(installer): config.subject_base = DN(subject_base) # Find if any server has a CA - ca_host = service.find_providing_server('CA', conn, api.env.server) + ca_host = service.find_providing_server( + 'CA', conn, config.ca_host_name) if ca_host is not None: config.ca_host_name = ca_host ca_enabled = True