URL: https://github.com/freeipa/freeipa/pull/212 Author: mbasti-rh Title: #212: KRA: don't add KRA container when KRA replica Action: synchronized
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/212/head:pr212 git checkout pr212
From 72cff95f89bed424e21f9eef4e5c1df719b64b64 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Fri, 11 Nov 2016 15:45:17 +0100 Subject: [PATCH] KRA: don't add KRA container when KRA replica This fixes regression caused by c56256e2a29f076e6afa559225a66f58b0773eb5 """ [9/11]: add vault container ipa : CRITICAL Failed to load vault.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpxxO9IC -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -x -D cn=Directory Manager -y /tmp/tmpVKinCZ' returned non-zero exit status 68 [10/11]: apply LDAP updates """ and removes unneded steps during installation of KRA replica, because KRA container must be there since installation of first KRA instance. --- ipaserver/install/krainstance.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 90b1369..3824584 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -51,7 +51,6 @@ 'Security Domain Administrators' ] -LDAPMOD_ERR_ALREADY_EXISTS = 68 class KRAInstance(DogtagInstance): """ @@ -126,7 +125,8 @@ def configure_instance(self, realm_name, host_name, dm_password, self.step("configure certificate renewals", self.configure_renewal) self.step("configure HTTP to proxy connections", self.http_proxy) - self.step("add vault container", self.__add_vault_container) + if not self.clone: + self.step("add vault container", self.__add_vault_container) self.step("apply LDAP updates", self.__apply_updates) self.step("enabling KRA instance", self.__enable_instance) @@ -316,14 +316,8 @@ def __create_kra_agent(self): conn.disconnect() def __add_vault_container(self): - try: - self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix}, - raise_on_err=True) - except ipautil.CalledProcessError as e: - if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS: - self.log.debug("Vault container already exists") - else: - self.log.error("Failed to add vault container: {0}".format(e)) + self._ldap_mod( + 'vault.ldif', {'SUFFIX': self.suffix}, raise_on_err=True) def __apply_updates(self): sub_dict = {
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code