We must insure as much as possible that the time is correct on the
system before installing any component to avoid bad dates in certs, ds
entries and krb keys.

Fixes bug #595

-- 
Simo Sorce * Red Hat, Inc * New York
>From a17a4c186d4b96ad71d612aa3a01474e058cb792 Mon Sep 17 00:00:00 2001
From: Simo Sorce <sso...@redhat.com>
Date: Wed, 8 Dec 2010 10:25:49 -0500
Subject: [PATCH 1/2] Move ntp configuration up top.

Also move down some dsinstance related operation close to other dsinstance
operations.

Fixes: https://fedorahosted.org/freeipa/ticket/595
---
 install/tools/ipa-server-install |   19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 2c7ae0d888d3e92a4b9e267c674db493c607431d..67c1a004e914771ee2c9242479e650911dd8cf6f 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -688,10 +688,10 @@ def main():
         print "Please wait until the prompt is returned."
         print ""
 
-    if options.dirsrv_pin:
-        [pw_fd, pw_name] = tempfile.mkstemp()
-        os.write(pw_fd, options.dirsrv_pin)
-        os.close(pw_fd)
+    # Configure ntpd
+    if options.conf_ntp:
+        ntp = ntpinstance.NTPInstance(fstore)
+        ntp.create_instance()
 
     if not options.selfsign:
         # Clean up any previous self-signed CA that may exist
@@ -735,13 +735,14 @@ def main():
         else:
             ca.configure_instance("pkiuser", host_name, dm_password, dm_password, cert_file=options.external_cert_file, cert_chain_file=options.external_ca_file, subject_base=options.subject)
 
-    # Configure ntpd
-    if options.conf_ntp:
-        ntp = ntpinstance.NTPInstance(fstore)
-        ntp.create_instance()
-
     # Create a directory server instance
     ds = dsinstance.DsInstance()
+
+    if options.dirsrv_pin:
+        [pw_fd, pw_name] = tempfile.mkstemp()
+        os.write(pw_fd, options.dirsrv_pin)
+        os.close(pw_fd)
+
     if options.dirsrv_pkcs12:
         pkcs12_info = (options.dirsrv_pkcs12, pw_name)
         try:
-- 
1.7.3.2

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to