URL: https://github.com/freeipa/freeipa/pull/198 Author: stlaz Title: #198: Fix missing file that fails DL1 replica installation Action: opened
PR body: """ Replica installation on DL1 would fail to create a httpd instance due to missing '/etc/httpd/alias/cacert.asc'. Create this file in the setup_ssl step to avoid the error. https://fedorahosted.org/freeipa/ticket/6442 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/198/head:pr198 git checkout pr198
From 26b2e1c6d03035d6cafa329949cb74445aa0ffe7 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 31 Oct 2016 16:51:49 +0100 Subject: [PATCH] Fix missing file that fails DL1 replica installation Replica installation on DL1 would fail to create a httpd instance due to missing '/etc/httpd/alias/cacert.asc'. Create this file in the setup_ssl step to avoid the error. https://fedorahosted.org/freeipa/ticket/6442 --- ipaserver/install/httpinstance.py | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index 5c56f11..8401634 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -340,13 +340,22 @@ def __setup_ssl(self): self.__set_mod_nss_nickname(nickname) self.add_cert_to_service() - elif not self.promote: - db.create_password_conf() - self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn, - ca_db) - db.track_server_cert(self.cert_nickname, self.principal, - db.passwd_fname, 'restart_httpd') - self.add_cert_to_service() + else: + if not self.promote: + db.create_password_conf() + self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn, + ca_db) + db.track_server_cert(self.cert_nickname, self.principal, + db.passwd_fname, 'restart_httpd') + self.add_cert_to_service() + + server_certs = db.find_server_certs() + if len(server_certs) == 0: + raise RuntimeError("Could not find a suitable server cert.") + + # We only handle one server cert + nickname = server_certs[0][0] + db.export_ca_cert(nickname) # Fix the database permissions os.chmod(certs.NSS_DIR + "/cert8.db", 0o660)
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code