replica install: fix DS restart failure during replica promotion

Since commit 0914a3aeb7, ipa config file is created before DS certificate is requested, which makes certmonger request the certificate from the local system rather than the remote master. This causes the request to fail, as local httpd is not yet configured at the time of the request. Move ipa config file creation to its original place to fix the issue. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
2024-12-28 01:41:14 -06:00 · 2016-11-07 12:56:38 +01:00 · 2016-11-07 12:56:38 +01:00 · 8cb315af62
commit 8cb315af62
parent a3c9def4e9
1 changed files with 6 additions and 2 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -1352,8 +1352,6 @@ def promote_check(installer):
                                  "--dirsrv-cert-file options to provide "
                                  "custom certificates.")
                raise ScriptError(rval=3)
-        # we now have all the information to properly setup server config
-        create_ipa_conf(fstore, config, ca_enabled)

        kra_host = service.find_providing_server(
                'KRA', conn, config.kra_host_name)
@ -1510,6 +1508,12 @@ def promote(installer):
        if conn.isconnected():
            conn.disconnect()

+        # Create the management framework config file
+        # do this regardless of the state of DS installation. Even if it fails,
+        # we need to have master-like configuration in order to perform a
+        # successful uninstallation
+        create_ipa_conf(fstore, config, ca_enabled)
+
    custodia = custodiainstance.CustodiaInstance(config.host_name,
                                                 config.realm_name)
    custodia.create_replica(config.master_host_name)