https://fedorahosted.org/freeipa/ticket/5420

Patch attached.
From 0194690a93b05905efc8573fe4e7523523509aa0 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 23 Nov 2015 16:11:04 +0100
Subject: [PATCH] Install: Force service add during replica promotion

Replica does not need to have A/AAAA records during install, so we
cannot enforce it and service must be added with --force option.

https://fedorahosted.org/freeipa/ticket/5420
---
 ipaserver/install/dsinstance.py   | 3 ++-
 ipaserver/install/installutils.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index c980ebf4e01c7524e34c41d064580c17a64f5f07..16b274bcfb4f6def6e8ec84b13a5cd5b260ea2c5 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -1203,7 +1203,8 @@ class DsInstance(service.Service):
 
         installutils.install_service_keytab(self.principal,
                                             self.master_fqdn,
-                                            paths.DS_KEYTAB)
+                                            paths.DS_KEYTAB,
+                                            force_service_add=True)
 
         # Configure DS to use the keytab
         vardict = {"KRB5_KTNAME": paths.DS_KEYTAB}
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 5cad05dd46b000ae4d2ac98c1f2000484fe76cb8..aadb8e22b84562c25301a304fcc215d3d4ca4346 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -1108,7 +1108,7 @@ def enable_and_start_oddjobd(sstore):
         root_logger.critical("Unable to start oddjobd: {0}".format(str(e)))
 
 
-def install_service_keytab(principal, server, path):
+def install_service_keytab(principal, server, path, force_service_add=False):
 
     try:
         api.Backend.rpcclient.connect()
@@ -1121,6 +1121,7 @@ def install_service_keytab(principal, server, path):
         api.Backend.rpcclient.forward(
             'service_add',
             krbprincipalname=principal,
+            force=force_service_add,
             version=u'2.112'    # All the way back to 3.0 servers
         )
     except errors.DuplicateEntry:
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to