On 09/02/2016 08:08 AM, Jan Cholasta wrote:
On 1.9.2016 19:37, Tomas Krizek wrote:
On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote:
Hi,
please find attached a patch for ipa-certupdate in CA-less deployment.
https://fedorahosted.org/freeipa/ticket/6288
Flo.
The patch is malformed, but you can simply delete the very first
character to fix it.
Other than that, patch works as expected -> ACK.
Nitpick: please avoid C-isms such as "if (ca_enabled):".
Hi all,
thanks for the review. Please find an updated patch version. Quite
difficult to get rid of typing habits...
Flo
From 55a39c48cb52265a1c3192d721be43f514366eec Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <f...@redhat.com>
Date: Thu, 1 Sep 2016 15:53:38 +0200
Subject: [PATCH] Fix ipa-certupdate for CA-less installation
In a CA-less installation, ipa-certupdate fails with the error message:
$ ipa-certupdate
trying https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json
Forwarding 'ca_is_enabled' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
Forwarding 'ca_find/1' to json server 'https://vm-180.abc.idm.lab.eng.brq.redhat.com/ipa/session/json'
CA is not configured
The ipa-certupdate command failed.
The issue happens because ipa-certupdate tries to call ca_find even on a
CA_less deployment. The fix skips the call to ca_find in this case.
https://fedorahosted.org/freeipa/ticket/6288
---
ipaclient/ipa_certupdate.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/ipaclient/ipa_certupdate.py b/ipaclient/ipa_certupdate.py
index e59047a2705eb8ccb98b5213c4c8771f55a29bc5..f340f32bcdca5f5d98177f7aa9af366b67d8dd80 100644
--- a/ipaclient/ipa_certupdate.py
+++ b/ipaclient/ipa_certupdate.py
@@ -87,9 +87,10 @@ class CertUpdate(admintool.AdminTool):
# find lightweight CAs (on renewal master only)
lwcas = []
- for ca_obj in api.Command.ca_find()['result']:
- if IPA_CA_CN not in ca_obj['cn']:
- lwcas.append(ca_obj)
+ if ca_enabled:
+ for ca_obj in api.Command.ca_find()['result']:
+ if IPA_CA_CN not in ca_obj['cn']:
+ lwcas.append(ca_obj)
api.Backend.rpcclient.disconnect()
finally:
--
2.7.4
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code