[Freeipa-devel] [freeipa PR#198][synchronized] Fix missing file that fails DL1 replica installation

Mon, 31 Oct 2016 09:08:49 -0700 

   URL: https://github.com/freeipa/freeipa/pull/198
Author: stlaz
 Title: #198: Fix missing file that fails DL1 replica installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/198/head:pr198
git checkout pr198

From 1bb1a41dff63c09bbe03ff6dc3d63fcd26078630 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slazn...@redhat.com>
Date: Mon, 31 Oct 2016 16:51:49 +0100
Subject: [PATCH] Fix missing file that fails DL1 replica installation

Replica installation on DL1 would fail to create a httpd instance
due to missing '/etc/httpd/alias/cacert.asc'. Create this file
in the setup_ssl step to avoid the error.

https://fedorahosted.org/freeipa/ticket/6393
---
 ipaserver/install/httpinstance.py | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 5c56f11..decf996 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -340,13 +340,22 @@ def __setup_ssl(self):
             self.__set_mod_nss_nickname(nickname)
             self.add_cert_to_service()
 
-        elif not self.promote:
-            db.create_password_conf()
-            self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn,
-                                                 ca_db)
-            db.track_server_cert(self.cert_nickname, self.principal,
-                                 db.passwd_fname, 'restart_httpd')
-            self.add_cert_to_service()
+        else:
+            if not self.promote:
+                db.create_password_conf()
+                self.dercert = db.create_server_cert(self.cert_nickname, self.fqdn,
+                                                     ca_db)
+                db.track_server_cert(self.cert_nickname, self.principal,
+                                     db.passwd_fname, 'restart_httpd')
+                self.add_cert_to_service()
+
+            server_certs = db.find_server_certs()
+            if not server_certs:
+                raise RuntimeError("Could not find a suitable server cert.")
+
+            # We only handle one server cert
+            nickname = server_certs[0][0]
+            db.export_ca_cert(nickname)
 
         # Fix the database permissions
         os.chmod(certs.NSS_DIR + "/cert8.db", 0o660)

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to