Do better detection on status of CA DS instance when installing.

The conditional used to determine if thd CA 389-ds instance was already configured was rather poor so it was possible to pass command-line arguments in to confuse it. This would cause it to not be installed at all causing the dogtag installation to fail in a strange way.

https://fedorahosted.org/freeipa/ticket/1244

rob
>From 72edc4f44d5ecdb927a369b2615da3e9e4f0688e Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcrit...@redhat.com>
Date: Fri, 10 Jun 2011 15:28:46 -0400
Subject: [PATCH] Do better detection on status of CA DS instance when installing.

The conditional used to determine if thd CA 389-ds instance was already
configured was rather poor so it was possible to pass command-line
arguments in to confuse it. This would cause it to not be installed at
all causing the dogtag installation to fail in a strange way.

https://fedorahosted.org/freeipa/ticket/1244
---
 install/tools/ipa-server-install |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index a62aa15..f8c2b63 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -741,15 +741,15 @@ def main():
             print "%s does not exist" % options.external_ca_file
             sys.exit(1);
 
-        if options.external_cert_file is None:
-            cs = cainstance.CADSInstance()
+        cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
+        if not cs.is_configured():
             cs.create_instance(realm_name, host_name, domain_name, dm_password, subject_base=options.subject)
         ca = cainstance.CAInstance(realm_name, certs.NSS_DIR)
         if external == 0:
             ca.configure_instance(host_name, dm_password, dm_password,
                                   subject_base=options.subject)
         elif external == 1:
-            # stage 2 of external CA installation
+            # stage 1 of external CA installation
             options.realm_name = realm_name
             options.domain_name = domain_name
             options.master_password = master_password
@@ -762,11 +762,11 @@ def main():
                                   csr_file="/root/ipa.csr",
                                   subject_base=options.subject)
         else:
+            # stage 2 of external CA installation
             if not ca.is_installed():
                 # This can happen if someone passes external_ca_file without
                 # already having done the first stage of the CA install.
                 sys.exit('CA is not installed yet. To install with an external CA is a two-stage process.\nFirst run the installer with --external-ca.')
-            cs = cainstance.CADSInstance(host_name, realm_name, domain_name, dm_password)
             ca.configure_instance(host_name, dm_password, dm_password,
                                   cert_file=options.external_cert_file,
                                   cert_chain_file=options.external_ca_file,
-- 
1.7.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to