On 30.06.2016 13:20, Martin Basti wrote:


On 30.06.2016 13:18, Petr Spacek wrote:
On 30.6.2016 13:04, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5966

This only for master branch, ipa-4-3 fix will be different (soon)

Patch attached
ACK

Pushed to master: a155f692e7ad7807a5ea28250d1e72b3e821991e


And 4.3 patch attached.
From 675549ac8ebcc3749e2d6aab43ad966f32f18f6c Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Thu, 30 Jun 2016 16:00:08 +0200
Subject: [PATCH] Fix replica install with CA

The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966
---
 ipaserver/install/bindinstance.py          | 3 +++
 ipaserver/install/cainstance.py            | 5 +++--
 ipaserver/install/server/replicainstall.py | 3 ++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index abd1452efb39f2ac42bf2628d7caf355408444e7..0068ff3a16398fc2d07e1c1944168c1cdb81d0f4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -1082,6 +1082,9 @@ class BindInstance(service.Service):
         self.__add_ipa_ca_record()
 
     def add_ipa_ca_dns_records(self, fqdn, domain_name, ca_configured=True):
+        if not self.api.Backend.ldap2.isconnected():
+            self.api.Backend.ldap2.connect(autobind=True)
+
         host, zone = fqdn.split(".", 1)
         if dns_zone_exists(zone, self.api):
             addrs = get_fwd_rr(zone, host, api=self.api)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index fa92aec95be4e812b5764d98e0e331870b9fc90d..3d6c1c07fccffee7265024868e377b2f10002912 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -309,7 +309,7 @@ class CAInstance(DogtagInstance):
     server_cert_name = 'Server-Cert cert-pki-ca'
 
     def __init__(self, realm=None, ra_db=None, host_name=None,
-                 dm_password=None, ldapi=True):
+                 dm_password=None, ldapi=True, api=api):
         super(CAInstance, self).__init__(
             realm=realm,
             subsystem="CA",
@@ -325,6 +325,7 @@ class CAInstance(DogtagInstance):
         self.cert_file = None
         self.cert_chain_file = None
         self.create_ra_agent_db = True
+        self.api = api
 
         if realm is not None:
             self.canickname = get_ca_nickname(realm)
@@ -1294,7 +1295,7 @@ class CAInstance(DogtagInstance):
         if bindinstance.dns_container_exists(
             api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm
         ):
-            bind = bindinstance.BindInstance(ldapi=True)
+            bind = bindinstance.BindInstance(ldapi=True, api=self.api)
             bind.add_ipa_ca_dns_records(api.env.host, api.env.domain)
 
     def configure_replica(self, master_host, subject_base=None,
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 9ed6ef4bdeab22847774fd9197604f923079b745..7601ce19e31b435a48af899ef83235355f6acb90 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1477,7 +1477,8 @@ def promote(installer):
 
         ca = cainstance.CAInstance(config.realm_name, certs.NSS_DIR,
                                    host_name=config.host_name,
-                                   dm_password=config.dirman_password)
+                                   dm_password=config.dirman_password,
+                                   api=remote_api)
         ca.configure_replica(config.ca_host_name,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)
-- 
2.5.5

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to