URL: https://github.com/freeipa/freeipa/pull/574 Author: stlaz Title: #574: ipa-replica-prepare fix Action: opened
PR body: """ A regression was introduced in https://github.com/freeipa/freeipa/commit/0a54fac02cecad3b9e3bf8ad0c8a44df3b701857. Fix + don't fail if either file was not created during server-cert creation. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/574/head:pr574 git checkout pr574
From 0259c560a3b3b329300e79080b5b659559a78145 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 13 Mar 2017 14:25:36 +0100 Subject: [PATCH 1/2] Fix ipa-replica-prepare server-cert creation Fixes an issue introduced in 0a54fac0, we need to specify the current master's hostname so that we know to which CA we need to connect to create the other's server Server-Cert. https://pagure.io/freeipa/issue/6755 --- ipaserver/install/ipa_replica_prepare.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index da13e74..631eaba 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -603,7 +603,8 @@ def export_certdb(self, fname, passwd_fname, is_kdc=False): try: db = certs.CertDB( - api.env.realm, nssdir=self.dir, subject_base=subject_base) + api.env.realm, nssdir=self.dir, subject_base=subject_base, + host_name=hostname) db.create_passwd_file() db.create_from_cacert() db.create_server_cert(nickname, hostname) From abdb37087de28772c740e34d9f47543e77e80f04 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka <slazn...@redhat.com> Date: Mon, 13 Mar 2017 14:40:38 +0100 Subject: [PATCH 2/2] Don't fail more if cert req/cert creation failed This should help debugging issues that could happen during server certificate creation. https://pagure.io/freeipa/issue/6755 --- ipaserver/install/certs.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 660da79..d85884e 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -368,8 +368,11 @@ def create_server_cert(self, nickname, hostname, subject=None): with open(self.certder_fname, "r") as f: dercert = f.read() finally: - os.unlink(self.certreq_fname) - os.unlink(self.certder_fname) + for fname in (self.certreq_fname, self.certder_fname): + try: + os.unlink(fname) + except Exception: + pass return dercert
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
