ipa-kra-install: allow to install first KRA on replica

https://fedorahosted.org/freeipa/ticket/5460 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-11-23 13:43:53 +01:00 · 2015-11-23 13:43:53 +01:00 · efeb7d54ba
commit efeb7d54ba
parent 17f9ca154b
1 changed files with 6 additions and 6 deletions
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@ -219,18 +219,13 @@ class KRAInstance(DogtagInstance):
            str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))

        _p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP)
+
        if self.clone:
            krafile = self.pkcs12_info[0]
            shutil.copy(krafile, p12_tmpfile_name)
            pent = pwd.getpwnam(PKI_USER)
            os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid)

-            # FIXME
-            # # create admin cert file if it does not exist
-            # cert = DogtagInstance.get_admin_cert(self)
-            # with open(paths.ADMIN_CERT_PATH, "w") as admin_path:
-            #     admin_path.write(cert)
-
            # Security domain registration
            config.set("KRA", "pki_security_domain_hostname", self.master_host)
            config.set("KRA", "pki_security_domain_https_port", "443")
@ -246,6 +241,11 @@ class KRAInstance(DogtagInstance):
            config.set(
                "KRA", "pki_clone_uri",
                "https://%s" % ipautil.format_netloc(self.master_host, 443))
+        else:
+            # the admin cert file is needed for the first instance of KRA
+            cert = DogtagInstance.get_admin_cert(self)
+            with open(paths.ADMIN_CERT_PATH, "w") as admin_path:
+                admin_path.write(cert)

        # Generate configuration file
        with open(cfg_file, "wb") as f: