Dne 8.6.2015 v 08:25 Jan Cholasta napsal(a):
Dne 5.6.2015 v 14:16 David Kupka napsal(a):
On 06/03/2015 05:49 PM, David Kupka wrote:


Updated patch attached.


ACK. The patch needed a rebase and there was a bug in
ipa-replica-install, I took care of both, see attachment.

Pushed to master: 2acedb2d5d4a4c0987c670e14eb04b8bd9ffc034

There was also an unrelated problem in replicainstall.py which I also
fixed, see the other attachment.

Pushed to master under the one-liner rule:
e01095dfb33aaef0ab1babf86a71d70410b666ed

There are some more bugs in CA-less and external CA install, see the attached patches for fixes.

--
Jan Cholasta
>From bdcda90e2c0a202c94dff37a25bad3f6c97a16ee Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 8 Jun 2015 08:32:27 +0000
Subject: [PATCH 1/2] install: Fix CA-less server install

https://fedorahosted.org/freeipa/ticket/4468
---
 ipaserver/install/server/install.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 5be10f5..6f47723 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -313,6 +313,9 @@ def common_cleanup(func):
 
 @common_cleanup
 def install_check(options):
+    global dirsrv_pkcs12_file
+    global http_pkcs12_file
+    global pkinit_pkcs12_file
     global dirsrv_pkcs12_info
     global http_pkcs12_info
     global pkinit_pkcs12_info
@@ -637,6 +640,9 @@ def install_check(options):
 
 @common_cleanup
 def install(options):
+    global dirsrv_pkcs12_file
+    global http_pkcs12_file
+    global pkinit_pkcs12_file
     global dirsrv_pkcs12_info
     global http_pkcs12_info
     global pkinit_pkcs12_info
-- 
2.1.0

>From 4c5539ca6801712783863c1f1216bb1883b39977 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Mon, 8 Jun 2015 08:32:58 +0000
Subject: [PATCH 2/2] install: Fix external CA server install

https://fedorahosted.org/freeipa/ticket/4468
---
 ipaserver/install/ca.py             | 10 ++++------
 ipaserver/install/server/install.py |  5 +++--
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py
index 8a8214c..8cbfbfc 100644
--- a/ipaserver/install/ca.py
+++ b/ipaserver/install/ca.py
@@ -25,9 +25,6 @@ def install_check(standalone, replica_config, options):
     host_name = options.host_name
     subject_base = options.subject
 
-    if replica_config is None and options.external_cert_files:
-        return
-
     if replica_config is not None:
         if standalone and api.env.ra_plugin == 'selfsign':
             sys.exit('A selfsign CA can not be added')
@@ -73,9 +70,10 @@ def install_check(standalone, replica_config, options):
         external_cert_file, external_ca_file = installutils.load_external_cert(
             options.external_cert_files, options.subject)
 
-    if not cainstance.check_port():
-        print ("IPA requires port 8443 for PKI but it is currently in use.")
-        sys.exit("Aborting installation")
+    if not options.external_cert_files:
+        if not cainstance.check_port():
+            print("IPA requires port 8443 for PKI but it is currently in use.")
+            sys.exit("Aborting installation")
 
     if standalone:
         dirname = dsinstance.config_dirname(
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 6f47723..8702167 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -422,8 +422,6 @@ def install_check(options):
         # Make sure the 389-ds ports are available
         check_dirsrv(options.unattended)
 
-    ca.install_check(False, None, options)
-
     if options.conf_ntp:
         try:
             ipaclient.ntpconf.check_timedate_services()
@@ -578,6 +576,9 @@ def install_check(options):
     else:
         admin_password = options.admin_password
 
+    if setup_ca:
+        ca.install_check(False, None, options)
+
     if setup_kra:
         try:
             kra.install_check(None, options, False,
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to