https://fedorahosted.org/freeipa/ticket/5460

I tested just master, I will test ipa-4-2 later.
patch attached.
From f70d98047318b075cef35d74da949a9742615770 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Mon, 23 Nov 2015 13:43:53 +0100
Subject: [PATCH] ipa-kra-install: allow to install first KRA on replica

https://fedorahosted.org/freeipa/ticket/5460
---
 ipaserver/install/krainstance.py | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index d58bcc659c11ae689a69f0ad2db5eadb814b79d3..6589bb54eadf9bc5017ef99cdfbf3c46dabc27c6 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -219,18 +219,13 @@ class KRAInstance(DogtagInstance):
             str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca'))))
 
         _p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP)
+
         if self.clone:
             krafile = self.pkcs12_info[0]
             shutil.copy(krafile, p12_tmpfile_name)
             pent = pwd.getpwnam(PKI_USER)
             os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid)
 
-            # FIXME
-            # # create admin cert file if it does not exist
-            # cert = DogtagInstance.get_admin_cert(self)
-            # with open(paths.ADMIN_CERT_PATH, "w") as admin_path:
-            #     admin_path.write(cert)
-
             # Security domain registration
             config.set("KRA", "pki_security_domain_hostname", self.master_host)
             config.set("KRA", "pki_security_domain_https_port", "443")
@@ -246,6 +241,11 @@ class KRAInstance(DogtagInstance):
             config.set(
                 "KRA", "pki_clone_uri",
                 "https://%s"; % ipautil.format_netloc(self.master_host, 443))
+        else:
+            # the admin cert file is needed for the first instance of KRA
+            cert = DogtagInstance.get_admin_cert(self)
+            with open(paths.ADMIN_CERT_PATH, "w") as admin_path:
+                admin_path.write(cert)
 
         # Generate configuration file
         with open(cfg_file, "wb") as f:
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to