Hi,

If a first 4.3+ replica is installed in the domain, the custodia
container does not exist. Make sure it is created to avoid failures
during key generation.

https://fedorahosted.org/freeipa/ticket/5474
From bc88f695866183666aa27535d6e3fd730dc07547 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Fri, 27 Nov 2015 16:21:02 +0100
Subject: [PATCH] custodia: Make sure container is created with first custodia
 replica

If a first 4.3+ replica is installed in the domain, the custodia
container does not exist. Make sure it is created to avoid failures
during key generation.

https://fedorahosted.org/freeipa/ticket/5474
---
 ipaserver/install/custodiainstance.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index c2ecd397063db3dfe27006232831023d865aac40..df99962a7e6e8ecac044ff4e8341a4a9913e4d4d 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -7,6 +7,7 @@ from service import SimpleServiceInstance
 from ipapython import ipautil
 from ipapython.ipa_log_manager import root_logger
 from ipaserver.install import installutils
+from ipaserver.install import ldapupdate
 from ipaserver.install import sysupgrade
 from base64 import b64encode, b64decode
 from jwcrypto.common import json_decode
@@ -41,6 +42,7 @@ class CustodiaInstance(SimpleServiceInstance):
     def create_instance(self, dm_password=None):
         suffix = ipautil.realm_to_suffix(self.realm)
         self.step("Generating ipa-custodia config file", self.__config_file)
+        self.step("Making sure custodia container exists", self.__create_container)
         self.step("Generating ipa-custodia keys", self.__gen_keys)
         super(CustodiaInstance, self).create_instance(gensvc_name='KEYS',
                                                       fqdn=self.fqdn,
@@ -72,6 +74,19 @@ class CustodiaInstance(SimpleServiceInstance):
                                                       ldap_suffix=suffix,
                                                       realm=self.realm)
 
+    def __create_container(self):
+        """
+        Runs the custodia update file to ensure custodia container is present.
+        """
+
+        sub_dict = {
+            'SUFFIX': self.suffix,
+        }
+
+        updater = ldapupdate.LDAPUpdate(dm_password=self.dm_password,
+                                        sub_dict=sub_dict)
+        updater.update([os.path.join(paths.UPDATES_DIR, '73-custodia.update')])
+
     def __import_ra_key(self):
         cli = CustodiaClient(self.fqdn, self.master_host_name, self.realm)
         cli.fetch_key('ra/ipaCert')
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to