Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

Thu, 21 Jan 2016 05:46:43 -0800 

On 01/21/2016 02:21 PM, Petr Vobornik wrote:

On 01/21/2016 01:53 PM, Martin Babinsky wrote:

this patch ensures that promoted replicas in CA-less topology have
correct settings in their default.conf.

I couldn't find any ticket for this issue, should I file one so that
this patch can land in 4-3 branch?



yes


New ticket here: https://fedorahosted.org/freeipa/ticket/5626

I have also attached the ticket URL to the commit message.

--
Martin^3 Babinsky

From 54a6289938654fc88cc5746e8057e4452ebc0fc2 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 21 Jan 2016 13:39:49 +0100
Subject: [PATCH] disable RA plugins when promoting a replica from CA-less
 master

There is no point in setting 'enable_ra' to True in IPA config when the
replica is promoted from CA-less master. The installer should set
'enable_ra' to False and unset 'ra_plugin' directive in this case.

https://fedorahosted.org/freeipa/ticket/5626
---
 ipaserver/install/server/replicainstall.py | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index bd7da87ff69939b35dcafbafa95a75c12de02648..bb49811ccc7f56d425ec9ed469133e9305b5896c 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1350,13 +1350,21 @@ def promote(installer):
                               'https://%s/ipa/xml' %
                               ipautil.format_netloc(config.host_name)),
             ipaconf.setOption('ldap_uri', ldapi_uri),
-            ipaconf.setOption('mode', 'production'),
-            ipaconf.setOption('enable_ra', 'True'),
-            ipaconf.setOption('ra_plugin', 'dogtag'),
-            ipaconf.setOption('dogtag_version', '10')]
+            ipaconf.setOption('mode', 'production')
+        ]
 
-        if not options.setup_ca:
-            gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+        enable_ra = installer._ca_enabled
+        ra_plugin = 'dogtag' if installer._ca_enabled else None
+
+        gopts.extend([
+            ipaconf.setOption('enable_ra', str(enable_ra)),
+            ipaconf.setOption('ra_plugin', str(ra_plugin)),
+        ])
+        if installer._ca_enabled:
+            gopts.append(ipaconf.setOption('dogtag_version', '10'))
+
+            if not options.setup_ca:
+                gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
 
         opts = [ipaconf.setSection('global', gopts)]
 
-- 
2.5.0


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to