On Tue, 2011-03-29 at 16:42 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > When IPA server was configured as self-signed (--selfsign option)
> > the replica always failed to install.
> >
> > https://fedorahosted.org/freeipa/ticket/1122
> >
> 
> Why not just make install_ca return (None, None) instead if we aren't 
> installing dogtag?
> 
> rob

Good point, this will be much more readable. Sending updated patch.

Martin
>From 5fbf85224cbc03e7b97312e43fa222beee37fd29 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Fri, 25 Mar 2011 16:35:58 +0100
Subject: [PATCH] Replica installation fails for self-signed server

When IPA server was configured as self-signed (--selfsign option)
the replica always failed to install.

https://fedorahosted.org/freeipa/ticket/1122
---
 install/tools/ipa-replica-install |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2bc9a17e93804fcb435b7a8ea13495208e16f867..999b5ee77e7d46020af3226e957b38e8de924563 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -153,7 +153,8 @@ def install_ca(config):
     cafile = config.dir + "/cacert.p12"
 
     if not ipautil.file_exists(cafile):
-        return None
+        # CA not used on the server, return empty instances
+        return (None, None)
 
     try:
         from ipaserver.install import cainstance
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to