URL: https://github.com/freeipa/freeipa/pull/354
Author: frasertweedale
 Title: #354: Fix DL1 replica installation in CA-less topology
Action: opened

PR body:
"""
Commit dbb98765d73519289ee22f3de1a5ccde140f6f5d changed certmonger
requests for DS and HTTP certificates during installation to raise
on error (https://fedorahosted.org/freeipa/ticket/6514).
This introduced a regression in DL1 replica installation in CA-less
topology.  A certificate was requested, but prior to the
aforementioned commit this would fail silently and installation
continued, whereas now installation fails.

Guard the certificate request with a check that the topology is
CA-ful.

Fixes: https://fedorahosted.org/freeipa/ticket/6573
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/354/head:pr354
git checkout pr354
From db6038d2bf11f349d79dddc5e10865dd9b3d333a Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Tue, 20 Dec 2016 16:45:38 +1000
Subject: [PATCH] Fix DL1 replica installation in CA-less topology

Commit dbb98765d73519289ee22f3de1a5ccde140f6f5d changed certmonger
requests for DS and HTTP certificates during installation to raise
on error (https://fedorahosted.org/freeipa/ticket/6514).
This introduced a regression in DL1 replica installation in CA-less
topology.  A certificate was requested, but prior to the
aforementioned commit this would fail silently and installation
continued, whereas now installation fails.

Guard the certificate request with a check that the topology is
CA-ful.

Fixes: https://fedorahosted.org/freeipa/ticket/6573
---
 ipaserver/install/server/replicainstall.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index b0cf28f..6e986f7 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1338,7 +1338,7 @@ def install(installer):
         # Always try to install DNS records
         install_dns_records(config, options, remote_api)
 
-        if promote:
+        if promote and ca_enabled:
             # we need to install http certs to setup ssl for httpd
             install_http_certs(config.host_name,
                                config.realm_name,
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to