Dne 8.6.2015 v 08:25 Jan Cholasta napsal(a):
Dne 5.6.2015 v 14:16 David Kupka napsal(a):
On 06/03/2015 05:49 PM, David Kupka wrote:
Updated patch attached.
ACK. The patch needed a rebase and there was a bug in
ipa-replica-install, I took care of both, see attachment.
Pushed to master: 2acedb2d5d4a4c0987c670e14eb04b8bd9ffc034
There was also an unrelated problem in replicainstall.py which I also
fixed, see the other attachment.
Pushed to master under the one-liner rule:
e01095dfb33aaef0ab1babf86a71d70410b666ed
There are some more bugs in CA-less and external CA install, see the
attached patches for fixes.
--
Jan Cholasta
>From bdcda90e2c0a202c94dff37a25bad3f6c97a16ee Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 8 Jun 2015 08:32:27 +0000
Subject: [PATCH 1/2] install: Fix CA-less server install
https://fedorahosted.org/freeipa/ticket/4468
---
ipaserver/install/server/install.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 5be10f5..6f47723 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -313,6 +313,9 @@ def common_cleanup(func):
@common_cleanup
def install_check(options):
+ global dirsrv_pkcs12_file
+ global http_pkcs12_file
+ global pkinit_pkcs12_file
global dirsrv_pkcs12_info
global http_pkcs12_info
global pkinit_pkcs12_info
@@ -637,6 +640,9 @@ def install_check(options):
@common_cleanup
def install(options):
+ global dirsrv_pkcs12_file
+ global http_pkcs12_file
+ global pkinit_pkcs12_file
global dirsrv_pkcs12_info
global http_pkcs12_info
global pkinit_pkcs12_info
--
2.1.0
>From 4c5539ca6801712783863c1f1216bb1883b39977 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 8 Jun 2015 08:32:58 +0000
Subject: [PATCH 2/2] install: Fix external CA server install
https://fedorahosted.org/freeipa/ticket/4468
---
ipaserver/install/ca.py | 10 ++++------
ipaserver/install/server/install.py | 5 +++--
2 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 8a8214c..8cbfbfc 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -25,9 +25,6 @@ def install_check(standalone, replica_config, options):
host_name = options.host_name
subject_base = options.subject
- if replica_config is None and options.external_cert_files:
- return
-
if replica_config is not None:
if standalone and api.env.ra_plugin == 'selfsign':
sys.exit('A selfsign CA can not be added')
@@ -73,9 +70,10 @@ def install_check(standalone, replica_config, options):
external_cert_file, external_ca_file = installutils.load_external_cert(
options.external_cert_files, options.subject)
- if not cainstance.check_port():
- print ("IPA requires port 8443 for PKI but it is currently in use.")
- sys.exit("Aborting installation")
+ if not options.external_cert_files:
+ if not cainstance.check_port():
+ print("IPA requires port 8443 for PKI but it is currently in use.")
+ sys.exit("Aborting installation")
if standalone:
dirname = dsinstance.config_dirname(
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 6f47723..8702167 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -422,8 +422,6 @@ def install_check(options):
# Make sure the 389-ds ports are available
check_dirsrv(options.unattended)
- ca.install_check(False, None, options)
-
if options.conf_ntp:
try:
ipaclient.ntpconf.check_timedate_services()
@@ -578,6 +576,9 @@ def install_check(options):
else:
admin_password = options.admin_password
+ if setup_ca:
+ ca.install_check(False, None, options)
+
if setup_kra:
try:
kra.install_check(None, options, False,
--
2.1.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code