Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master

Thu, 21 Jan 2016 06:06:02 -0800 

On 01/21/2016 02:51 PM, Jan Cholasta wrote:

On 21.1.2016 14:45, Martin Babinsky wrote:

On 01/21/2016 02:21 PM, Petr Vobornik wrote:

On 01/21/2016 01:53 PM, Martin Babinsky wrote:

this patch ensures that promoted replicas in CA-less topology have
correct settings in their default.conf.

I couldn't find any ticket for this issue, should I file one so that
this patch can land in 4-3 branch?



yes


New ticket here: https://fedorahosted.org/freeipa/ticket/5626

I have also attached the ticket URL to the commit message.


Why so much code for such a simple change? Please keep the style
consistent with the code in install.install() and replicainstall.install().
It did not occur to me as much code, the logic was equivalent to the stuff other installers do but bit more concise. 

But attaching updated patch in common style anyway.

--
Martin^3 Babinsky

From 7812cf9e579306189c32950534b0dc445b8bc686 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Thu, 21 Jan 2016 13:39:49 +0100
Subject: [PATCH] disable RA plugins when promoting a replica from CA-less
 master

There is no point in setting 'enable_ra' to True in IPA config when the
replica is promoted from CA-less master. The installer should set
'enable_ra' to False and unset 'ra_plugin' directive in this case.

https://fedorahosted.org/freeipa/ticket/5626
---
 ipaserver/install/server/replicainstall.py | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index bd7da87ff69939b35dcafbafa95a75c12de02648..33fd2816656788239c2d6c6c29d604c0fd326bad 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1350,13 +1350,23 @@ def promote(installer):
                               'https://%s/ipa/xml' %
                               ipautil.format_netloc(config.host_name)),
             ipaconf.setOption('ldap_uri', ldapi_uri),
-            ipaconf.setOption('mode', 'production'),
-            ipaconf.setOption('enable_ra', 'True'),
-            ipaconf.setOption('ra_plugin', 'dogtag'),
-            ipaconf.setOption('dogtag_version', '10')]
+            ipaconf.setOption('mode', 'production')
+        ]
 
-        if not options.setup_ca:
-            gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+        if installer._ca_enabled:
+            gopts.extend([
+                ipaconf.setOption('enable_ra', 'True'),
+                ipaconf.setOption('ra_plugin', 'dogtag'),
+                ipaconf.setOption('dogtag_version', '10')
+            ])
+
+            if not options.setup_ca:
+                gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+        else:
+            gopts.extend([
+                ipaconf.setOption('enable_ra', 'False'),
+                ipaconf.setOption('ra_plugin', 'None')
+            ])
 
         opts = [ipaconf.setSection('global', gopts)]
 
-- 
2.5.0


-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to