[Freeipa-devel] [freeipa PR#291][opened] replica install: track the RA agent certificate again

Wed, 30 Nov 2016 03:40:27 -0800 

   URL: https://github.com/freeipa/freeipa/pull/291
Author: jcholast
 Title: #291: replica install: track the RA agent certificate again
Action: opened

PR body:
"""
During the rebase of commit 822e1bc82af3a6c1556546c4fbe96eeafad45762 on top
of commit 808b1436b4158cb6f926ac2b5bd0979df6ea7e9f, the call to track the
RA agent certificate with certmonger was accidentally removed from
ipa-replica-install.

Put the call back so that the certificate is tracked after replica install.

https://fedorahosted.org/freeipa/ticket/6392
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/291/head:pr291
git checkout pr291

From 0de63c3588c09bde309a409ba57fd7778663850a Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 30 Nov 2016 12:25:24 +0100
Subject: [PATCH] replica install: track the RA agent certificate again

During the rebase of commit 822e1bc82af3a6c1556546c4fbe96eeafad45762 on top
of commit 808b1436b4158cb6f926ac2b5bd0979df6ea7e9f, the call to track the
RA agent certificate with certmonger was accidentally removed from
ipa-replica-install.

Put the call back so that the certificate is tracked after replica install.

https://fedorahosted.org/freeipa/ticket/6392
---
 ipaserver/install/cainstance.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 1aa6b8d..6b2b272 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -647,7 +647,7 @@ def enable_pkix(self):
                                    'NSS_ENABLE_PKIX_VERIFY', '1',
                                    quotes=False, separator='=')
 
-    def import_ra_cert(self, rafile, configure_renewal=True):
+    def import_ra_cert(self, rafile):
         """
         Cloned RAs will use the same RA agent cert as the master so we
         need to import from a PKCS#12 file.
@@ -663,11 +663,15 @@ def import_ra_cert(self, rafile, configure_renewal=True):
         finally:
             os.remove(agent_name)
 
+        self.configure_agent_renewal()
+
     def __import_ra_key(self):
         custodia = custodiainstance.CustodiaInstance(host_name=self.fqdn,
                                                      realm=self.realm)
         custodia.import_ra_key(self.master_host)
 
+        self.configure_agent_renewal()
+
     def __create_ca_agent(self):
         """
         Create CA agent, assign a certificate, and add the user to

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to