https://fedorahosted.org/freeipa/ticket/5966

This only for master branch, ipa-4-3 fix will be different (soon)

Patch attached

From 1324ea9584aaefc8943bed87460166c68c3bd2c1 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Wed, 29 Jun 2016 19:49:43 +0200
Subject: [PATCH] Fix replica install with CA

The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966
---
 install/tools/ipa-ca-install    |  7 ++++++-
 ipaserver/install/cainstance.py | 10 ----------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 1bc5def03bf687a1e4f9fb38a54363b5429c8fc4..ed685920cbadb9cd3fc80865afb1610ca42f8b13 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -28,7 +28,7 @@ from ipaserver.install import installutils
 from ipaserver.install import certs
 from ipaserver.install.installutils import create_replica_config
 from ipaserver.install.installutils import check_creds, ReplicaConfig
-from ipaserver.install import dsinstance, ca
+from ipaserver.install import bindinstance, dsinstance, ca
 from ipaserver.install import cainstance, custodiainstance, service
 from ipapython import version
 from ipalib import api
@@ -195,6 +195,11 @@ def install_replica(safe_options, options, filename):
         CA.configure_replica(config.ca_host_name,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)
+        # Install CA DNS records
+        if bindinstance.dns_container_exists(api.env.host, api.env.basedn,
+                                             ldapi=True, realm=api.env.realm):
+            bind = bindinstance.BindInstance(ldapi=True)
+            bind.update_system_records()
     else:
         ca.install(True, config, options)
 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index ef69c898bcd4f9d8d7e698b04117047a33c1e45f..18e3902a52b2f693bda01d67e8e514f284b1a695 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -63,7 +63,6 @@ from ipapython.ipa_log_manager import log_mgr,\
 from ipapython.secrets.kem import IPAKEMKeys
 
 from ipaserver.install import certs
-from ipaserver.install import bindinstance
 from ipaserver.install import dsinstance
 from ipaserver.install import installutils
 from ipaserver.install import ldapupdate
@@ -1298,14 +1297,6 @@ class CAInstance(DogtagInstance):
         basedn = ipautil.realm_to_suffix(self.realm)
         self.ldap_enable('CA', self.fqdn, None, basedn)
 
-    def __update_ca_records(self):
-        # Install CA DNS records
-        if bindinstance.dns_container_exists(
-            api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm
-        ):
-            bind = bindinstance.BindInstance(ldapi=True)
-            bind.update_system_records()
-
     def configure_replica(self, master_host, subject_base=None,
                           ca_cert_bundle=None, ca_signing_algorithm=None,
                           ca_type=None):
@@ -1376,7 +1367,6 @@ class CAInstance(DogtagInstance):
                   self.__restart_http_instance)
 
         self.step("enabling CA instance", self.__enable_instance)
-        self.step("Updating DNS CA records", self.__update_ca_records)
 
         self.start_creation(runtime=210)
 
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to