IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix replica install with CA

Browse Source 
The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966

Reviewed-By: Petr Spacek <pspacek@redhat.com>
This commit is contained in:
Martin Basti 2016-06-29 19:49:43 +02:00
parent 0399110240
commit a155f692e7
2 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
install/tools/ipa-ca-install
View File

@ -28,7 +28,7 @@ from ipaserver.install import installutils
from ipaserver.install import certs from ipaserver.install import certs
from ipaserver.install.installutils import create_replica_config from ipaserver.install.installutils import create_replica_config
from ipaserver.install.installutils import check_creds, ReplicaConfig from ipaserver.install.installutils import check_creds, ReplicaConfig
from ipaserver.install import dsinstance, ca from ipaserver.install import bindinstance, dsinstance, ca
from ipaserver.install import cainstance, custodiainstance, service from ipaserver.install import cainstance, custodiainstance, service
from ipapython import version from ipapython import version
from ipalib import api from ipalib import api
@ -195,6 +195,11 @@ def install_replica(safe_options, options, filename):
CA.configure_replica(config.ca_host_name, CA.configure_replica(config.ca_host_name,
subject_base=config.subject_base, subject_base=config.subject_base,
ca_cert_bundle=ca_data) ca_cert_bundle=ca_data)
# Install CA DNS records
if bindinstance.dns_container_exists(api.env.host, api.env.basedn,
ldapi=True, realm=api.env.realm):
bind = bindinstance.BindInstance(ldapi=True)
bind.update_system_records()
else: else:
ca.install(True, config, options) ca.install(True, config, options)

10
ipaserver/install/cainstance.py
View File

@ -63,7 +63,6 @@ from ipapython.ipa_log_manager import log_mgr,\
from ipapython.secrets.kem import IPAKEMKeys from ipapython.secrets.kem import IPAKEMKeys
from ipaserver.install import certs from ipaserver.install import certs
from ipaserver.install import bindinstance
from ipaserver.install import dsinstance from ipaserver.install import dsinstance
from ipaserver.install import installutils from ipaserver.install import installutils
from ipaserver.install import ldapupdate from ipaserver.install import ldapupdate
@ -1298,14 +1297,6 @@ class CAInstance(DogtagInstance):
basedn = ipautil.realm_to_suffix(self.realm) basedn = ipautil.realm_to_suffix(self.realm)
self.ldap_enable('CA', self.fqdn, None, basedn) self.ldap_enable('CA', self.fqdn, None, basedn)
def __update_ca_records(self):
# Install CA DNS records
if bindinstance.dns_container_exists(
api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm
):
bind = bindinstance.BindInstance(ldapi=True)
bind.update_system_records()
def configure_replica(self, master_host, subject_base=None, def configure_replica(self, master_host, subject_base=None,
ca_cert_bundle=None, ca_signing_algorithm=None, ca_cert_bundle=None, ca_signing_algorithm=None,
ca_type=None): ca_type=None):
@ -1376,7 +1367,6 @@ class CAInstance(DogtagInstance):
self.__restart_http_instance) self.__restart_http_instance)
self.step("enabling CA instance", self.__enable_instance) self.step("enabling CA instance", self.__enable_instance)
self.step("Updating DNS CA records", self.__update_ca_records)
self.start_creation(runtime=210) self.start_creation(runtime=210)