this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf.

I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3 branch?


--
Martin^3 Babinsky
From 7953583fffab4de72384d637079790b6fcb4dc16 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 21 Jan 2016 13:39:49 +0100
Subject: [PATCH] disable RA plugins when promoting a replica from CA-less
 master

There is no point in setting 'enable_ra' to True in IPA config when the
replica is promoted from CA-less master. The installer should set
'enable_ra' to False and unset 'ra_plugin' directive in this case.
---
 ipaserver/install/server/replicainstall.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index f0f973160467b2c2b603302949e5c30a46d96953..fa6cc400abcc06e23edf72ac0590d5d3bbcc6881 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1341,13 +1341,21 @@ def promote(installer):
                               'https://%s/ipa/xml' %
                               ipautil.format_netloc(config.host_name)),
             ipaconf.setOption('ldap_uri', ldapi_uri),
-            ipaconf.setOption('mode', 'production'),
-            ipaconf.setOption('enable_ra', 'True'),
-            ipaconf.setOption('ra_plugin', 'dogtag'),
-            ipaconf.setOption('dogtag_version', '10')]
+            ipaconf.setOption('mode', 'production')
+        ]
 
-        if not options.setup_ca:
-            gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+        enable_ra = installer._ca_enabled
+        ra_plugin = 'dogtag' if installer._ca_enabled else None
+
+        gopts.extend([
+            ipaconf.setOption('enable_ra', str(enable_ra)),
+            ipaconf.setOption('ra_plugin', str(ra_plugin)),
+        ])
+        if installer._ca_enabled:
+            gopts.append(ipaconf.setOption('dogtag_version', '10'))
+
+            if not options.setup_ca:
+                gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
 
         opts = [ipaconf.setSection('global', gopts)]
 
-- 
2.5.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to