Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5226>.

Honza

--
Jan Cholasta
From bb7cd6dffd5fc2e4f2693ed114113764b28409e1 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 18 Aug 2015 12:51:26 +0200
Subject: [PATCH] install: Fix CA-less replica install

https://fedorahosted.org/freeipa/ticket/5226
---
 ipaserver/install/server/replicainstall.py | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index ac0f6a3..664a0ba 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -573,14 +573,15 @@ def install(installer):
     otpd.create_instance('OTPD', config.host_name, config.dirman_password,
                          ipautil.realm_to_suffix(config.realm_name))
 
-    CA = cainstance.CAInstance(
-        config.realm_name, certs.NSS_DIR,
-        dogtag_constants=dogtag_constants)
-    CA.dm_password = config.dirman_password
-
-    CA.configure_certmonger_renewal()
-    CA.import_ra_cert(config.dir + "/ra.p12")
-    CA.fix_ra_perms()
+    if ipautil.file_exists(config.dir + "/cacert.p12"):
+        CA = cainstance.CAInstance(
+            config.realm_name, certs.NSS_DIR,
+            dogtag_constants=dogtag_constants)
+        CA.dm_password = config.dirman_password
+
+        CA.configure_certmonger_renewal()
+        CA.import_ra_cert(config.dir + "/ra.p12")
+        CA.fix_ra_perms()
 
     # The DS instance is created before the keytab, add the SSL cert we
     # generated
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to