Fix ipa-certupdate for CA-less installation

In a CA-less installation, ipa-certupdate fails with the error message: $ ipa-certupdate trying https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json Forwarding 'ca_is_enabled' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json' Forwarding 'ca_find/1' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json' CA is not configured The ipa-certupdate command failed. The issue happens because ipa-certupdate tries to call ca_find even on a CA_less deployment. The fix skips the call to ca_find in this case. https://fedorahosted.org/freeipa/ticket/6288 Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-09-01 15:53:38 +02:00
parent 00d43095da
commit b36ee723b7
1 changed files with 4 additions and 3 deletions
--- a/ipaclient/ipa_certupdate.py
+++ b/ipaclient/ipa_certupdate.py
@@ -87,9 +87,10 @@ class CertUpdate(admintool.AdminTool):

            # find lightweight CAs (on renewal master only)
            lwcas = []
-            for ca_obj in api.Command.ca_find()['result']:
-                if IPA_CA_CN not in ca_obj['cn']:
-                    lwcas.append(ca_obj)
+            if ca_enabled:
+                for ca_obj in api.Command.ca_find()['result']:
+                    if IPA_CA_CN not in ca_obj['cn']:
+                        lwcas.append(ca_obj)

            api.Backend.rpcclient.disconnect()
        finally: