We must insure as much as possible that the time is correct on the system before installing any component to avoid bad dates in certs, ds entries and krb keys.
Fixes bug #595 -- Simo Sorce * Red Hat, Inc * New York
>From a17a4c186d4b96ad71d612aa3a01474e058cb792 Mon Sep 17 00:00:00 2001 From: Simo Sorce <sso...@redhat.com> Date: Wed, 8 Dec 2010 10:25:49 -0500 Subject: [PATCH 1/2] Move ntp configuration up top. Also move down some dsinstance related operation close to other dsinstance operations. Fixes: https://fedorahosted.org/freeipa/ticket/595 --- install/tools/ipa-server-install | 19 ++++++++++--------- 1 files changed, 10 insertions(+), 9 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 2c7ae0d888d3e92a4b9e267c674db493c607431d..67c1a004e914771ee2c9242479e650911dd8cf6f 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -688,10 +688,10 @@ def main(): print "Please wait until the prompt is returned." print "" - if options.dirsrv_pin: - [pw_fd, pw_name] = tempfile.mkstemp() - os.write(pw_fd, options.dirsrv_pin) - os.close(pw_fd) + # Configure ntpd + if options.conf_ntp: + ntp = ntpinstance.NTPInstance(fstore) + ntp.create_instance() if not options.selfsign: # Clean up any previous self-signed CA that may exist @@ -735,13 +735,14 @@ def main(): else: ca.configure_instance("pkiuser", host_name, dm_password, dm_password, cert_file=options.external_cert_file, cert_chain_file=options.external_ca_file, subject_base=options.subject) - # Configure ntpd - if options.conf_ntp: - ntp = ntpinstance.NTPInstance(fstore) - ntp.create_instance() - # Create a directory server instance ds = dsinstance.DsInstance() + + if options.dirsrv_pin: + [pw_fd, pw_name] = tempfile.mkstemp() + os.write(pw_fd, options.dirsrv_pin) + os.close(pw_fd) + if options.dirsrv_pkcs12: pkcs12_info = (options.dirsrv_pkcs12, pw_name) try: -- 1.7.3.2
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel