diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 9a42d8e01..7a460940b 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -423,6 +423,10 @@ class CAInstance(DogtagInstance): configure_lightweight_ca_acls) self.step("Ensure lightweight CAs container exists", ensure_lightweight_cas_container) + if self.clone and not promote: + self.step( + "Ensuring backward compatibility", + self.__dogtag10_migration) self.step("configure certificate renewals", self.configure_renewal) self.step("configure Server-Cert certificate renewal", self.track_servercert) self.step("Configure HTTP to proxy connections", @@ -1276,6 +1280,15 @@ class CAInstance(DogtagInstance): root_logger.warning( "Did not find any lightweight CAs; nothing to track") + def __dogtag10_migration(self): + ld = ldapupdate.LDAPUpdate(ldapi=True, sub_dict={ + 'SUFFIX': api.env.basedn, + 'FQDN': self.fqdn, + }) + ld.update([os.path.join(paths.UPDATES_DIR, + '50-dogtag10-migration.update')] + ) + def replica_ca_install_check(config, promote): if promote: diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 60d38dc88..b510ec20a 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -854,9 +854,6 @@ def install(installer): service.print_msg("Restarting the KDC") krb.restart() - if setup_ca: - services.knownservices['pki_tomcatd'].restart('pki-tomcat') - if options.setup_dns: dns.install(False, False, options) else: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index fb7188913..21bcd8691 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -935,9 +935,6 @@ def install(installer): service.print_msg("Restarting the KDC") krb.restart() - if config.setup_ca: - services.knownservices['pki_tomcatd'].restart('pki-tomcat') - if options.setup_dns: dns.install(False, True, options) else: