install: Fix ipa-replica-install not installing RA cert

https://fedorahosted.org/freeipa/ticket/4468 Reviewed-By: David Kupka <dkupka@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-06-18 10:35:09 +00:00 · 2015-06-18 10:35:09 +00:00 · c3a3d789b5
commit c3a3d789b5
parent 3ababb763b
2 changed files with 14 additions and 9 deletions
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@ -122,13 +122,7 @@ def install_step_0(standalone, replica_config, options):
            postinstall = True
        else:
            postinstall = False
-        ca = cainstance.install_replica_ca(replica_config, postinstall)
-
-        if not standalone:
-            ca.configure_certmonger_renewal()
-            ca.import_ra_cert(replica_config.dir + "/ra.p12")
-            ca.fix_ra_perms()
-
+        cainstance.install_replica_ca(replica_config, postinstall)
        return

    if options.external_cert_files:
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@ -24,8 +24,9 @@ from ipaplatform.paths import paths
 from ipalib import api, certstore, constants, create_api, errors, x509
 import ipaclient.ntpconf
 from ipaserver.install import (
-    bindinstance, ca, dns, dsinstance, httpinstance, installutils, kra,
-    krbinstance, memcacheinstance, ntpinstance, otpdinstance, service)
+    bindinstance, ca, cainstance, certs, dns, dsinstance, httpinstance,
+    installutils, kra, krbinstance, memcacheinstance, ntpinstance,
+    otpdinstance, service)
 from ipaserver.install.installutils import create_replica_config
 from ipaserver.install.replication import (
    ReplicationManager, replica_conn_check)
@ -579,6 +580,16 @@ def install(installer):
    otpd.create_instance('OTPD', config.host_name, config.dirman_password,
                         ipautil.realm_to_suffix(config.realm_name))

+    if ipautil.file_exists(cafile):
+        CA = cainstance.CAInstance(
+            config.realm_name, certs.NSS_DIR,
+            dogtag_constants=dogtag_constants)
+        CA.dm_password = config.dirman_password
+
+        CA.configure_certmonger_renewal()
+        CA.import_ra_cert(config.dir + "/ra.p12")
+        CA.fix_ra_perms()
+
    # The DS instance is created before the keytab, add the SSL cert we
    # generated
    ds.add_cert_to_service()