Re: [Freeipa-devel] [PATCH] 0010 ipa-client-install does not clean up /etc/ipa/ca.crt after a failed attempt

Wed, 16 Oct 2013 01:54:03 -0700 

On Wed, 2013-10-16 at 10:36 +0200, Martin Kosek wrote:
> On 10/16/2013 10:10 AM, Martin Basti wrote:
> > On Tue, 2013-10-15 at 11:37 +0200, Martin Basti wrote:
> >> Added warning if cert. exists (client)
> >>
> >> https://fedorahosted.org/freeipa/ticket/3944
> 
> 1) Patch subject uses wrong path to cert
> 
Fixed
> 2) The warning seems to chatty to me:
> 
> # ipa-client-install -p admin -w kokos123
> Certificate '/etc/ipa/ca.crt' exists and will be used. Make sure that
> certificate is valid (or remove it), otherwise client will not be able to 
> join.
> Discovery was successful!
> ...
> 
> We just want to notify user that we are using the cert and what is the path 
> (as
> this is something new to FreeIPA newbies), this seems easier to read to me:
> 
> # ipa-client-install -p admin -w kokos123
> Using existing certificate /etc/ipa/ca.crt
> Discovery was successful!
> ...
> 
Fixed

> Martin

-- 
Martin Basti

>From 1ba0ef838dab971f51005cae0bd8f9e39f398ee3 Mon Sep 17 00:00:00 2001
From: Martin Basti <[email protected]>
Date: Tue, 15 Oct 2013 11:31:49 +0200
Subject: [PATCH] Added warning if cert '/etc/ipa/ca.crt' exists

https://fedorahosted.org/freeipa/ticket/3944
---
 ipa-client/ipa-install/ipa-client-install | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 3c78c844b17468f347ef04198d58a12b11e4b4cb..cf27788f8c189721a1f644fa5841466abfbca54e 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1889,6 +1889,10 @@ def install(options, env, fstore, statestore):
         root_logger.warning("Option 'force-join' has no additional effect "
                             "when used with together with option 'keytab'.")
 
+    # Check if old certificate exist and show warning
+    if not options.ca_cert_file and get_cert_path(options.ca_cert_file) == CACERT:
+        root_logger.warning("Using existing certificate '%s'.", CACERT)
+
     # Create the discovery instance
     ds = ipadiscovery.IPADiscovery()
 
-- 
1.8.3.1


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to