URL: https://github.com/freeipa/freeipa/pull/2119 Author: tiran Title: #2119: [Backport][ipa-4-6] replicainstall: DS SSL replica install pick right certmonger host Action: opened
PR body: """ This PR was opened automatically because PR #2115 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2119/head:pr2119 git checkout pr2119
From 6353f812a0966b3be7ae929d9bbbac2362977945 Mon Sep 17 00:00:00 2001 From: Rob Crittenden <rcrit...@redhat.com> Date: Fri, 6 Jul 2018 09:26:19 -0400 Subject: [PATCH] replicainstall: DS SSL replica install pick right certmonger host Extend fix 0f31564b35aac250456233f98730811560eda664 to also move the DS SSL setup so that the xmlrpc_uri is configured to point to the remote master we are configuring against. https://pagure.io/freeipa/issue/7566 Signed-off-by: Rob Crittenden <rcrit...@redhat.com> --- ipaserver/install/server/replicainstall.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 0bbfb2e12a..2f80d86ac3 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1448,15 +1448,12 @@ def install(installer): pkcs12_info=pkinit_pkcs12_info, promote=promote) - # we now need to enable ssl on the ds - ds.enable_ssl() - if promote: # We need to point to the master when certmonger asks for - # HTTP certificate. - # During http installation, the HTTP/hostname principal is created - # locally then the installer waits for the entry to appear on the - # master selected for the installation. + # a DS or HTTP certificate. + # During http installation, the <service>/hostname principal is + # created locally then the installer waits for the entry to appear + # on the master selected for the installation. # In a later step, the installer requests a SSL certificate through # Certmonger (and the op adds the principal if it does not exist yet). # If xmlrpc_uri points to the soon-to-be replica, @@ -1470,6 +1467,9 @@ def install(installer): create_ipa_conf(fstore, config, ca_enabled, master=config.master_host_name) + # we now need to enable ssl on the ds + ds.enable_ssl() + install_http( config, auto_redirect=not options.no_ui_redirect,
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/GEKQFOCLEHUOCK42MMCILWBZWSQK3Q6L/