https://fedorahosted.org/freeipa/ticket/5460
I tested just master, I will test ipa-4-2 later. patch attached.
From f70d98047318b075cef35d74da949a9742615770 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Mon, 23 Nov 2015 13:43:53 +0100 Subject: [PATCH] ipa-kra-install: allow to install first KRA on replica https://fedorahosted.org/freeipa/ticket/5460 --- ipaserver/install/krainstance.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index d58bcc659c11ae689a69f0ad2db5eadb814b79d3..6589bb54eadf9bc5017ef99cdfbf3c46dabc27c6 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -219,18 +219,13 @@ class KRAInstance(DogtagInstance): str(DN(('uid', 'pkidbuser'), ('ou', 'people'), ('o', 'ipaca')))) _p12_tmpfile_handle, p12_tmpfile_name = tempfile.mkstemp(dir=paths.TMP) + if self.clone: krafile = self.pkcs12_info[0] shutil.copy(krafile, p12_tmpfile_name) pent = pwd.getpwnam(PKI_USER) os.chown(p12_tmpfile_name, pent.pw_uid, pent.pw_gid) - # FIXME - # # create admin cert file if it does not exist - # cert = DogtagInstance.get_admin_cert(self) - # with open(paths.ADMIN_CERT_PATH, "w") as admin_path: - # admin_path.write(cert) - # Security domain registration config.set("KRA", "pki_security_domain_hostname", self.master_host) config.set("KRA", "pki_security_domain_https_port", "443") @@ -246,6 +241,11 @@ class KRAInstance(DogtagInstance): config.set( "KRA", "pki_clone_uri", "https://%s"; % ipautil.format_netloc(self.master_host, 443)) + else: + # the admin cert file is needed for the first instance of KRA + cert = DogtagInstance.get_admin_cert(self) + with open(paths.ADMIN_CERT_PATH, "w") as admin_path: + admin_path.write(cert) # Generate configuration file with open(cfg_file, "wb") as f: -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
