URL: https://github.com/freeipa/freeipa/pull/574
Author: stlaz
 Title: #574: ipa-replica-prepare fix
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/574/head:pr574
git checkout pr574
From 21a2c34e3cac0e8c32a68fb53ac1820fb143f1cd Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 13 Mar 2017 14:25:36 +0100
Subject: [PATCH 1/2] Fix ipa-replica-prepare server-cert creation

Fixes an issue introduced in 0a54fac0, we need to specify the current
master's hostname so that we know to which CA we need to connect to
create the other's server Server-Cert.

https://pagure.io/freeipa/issue/6755
---
 ipaserver/install/ipa_replica_prepare.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index da13e74..f9f2758 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -603,7 +603,8 @@ def export_certdb(self, fname, passwd_fname, is_kdc=False):
 
         try:
             db = certs.CertDB(
-                api.env.realm, nssdir=self.dir, subject_base=subject_base)
+                api.env.realm, nssdir=self.dir, subject_base=subject_base,
+                host_name=api.env.host)
             db.create_passwd_file()
             db.create_from_cacert()
             db.create_server_cert(nickname, hostname)

From 70eb74ee339c9d8b1e6c56e9d8cd7b57a90da2ee Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 13 Mar 2017 14:40:38 +0100
Subject: [PATCH 2/2] Don't fail more if cert req/cert creation failed

This should help debugging issues that could happen during server
certificate creation.

https://pagure.io/freeipa/issue/6755
---
 ipaserver/install/certs.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 660da79..d85884e 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -368,8 +368,11 @@ def create_server_cert(self, nickname, hostname, subject=None):
             with open(self.certder_fname, "r") as f:
                 dercert = f.read()
         finally:
-            os.unlink(self.certreq_fname)
-            os.unlink(self.certder_fname)
+            for fname in (self.certreq_fname, self.certder_fname):
+                try:
+                    os.unlink(fname)
+                except Exception:
+                    pass
 
         return dercert
 
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to