[Freeipa-devel] [freeipa PR#212][synchronized] KRA: don't add KRA container when KRA replica

Fri, 11 Nov 2016 06:47:19 -0800 

   URL: https://github.com/freeipa/freeipa/pull/212
Author: mbasti-rh
 Title: #212: KRA: don't add KRA container when KRA replica
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/212/head:pr212
git checkout pr212

From 72cff95f89bed424e21f9eef4e5c1df719b64b64 Mon Sep 17 00:00:00 2001
From: Martin Basti <mba...@redhat.com>
Date: Fri, 11 Nov 2016 15:45:17 +0100
Subject: [PATCH] KRA: don't add KRA container when KRA replica

This fixes regression caused by c56256e2a29f076e6afa559225a66f58b0773eb5
"""
  [9/11]: add vault container
ipa         : CRITICAL Failed to load vault.ldif: Command
'/usr/bin/ldapmodify -v -f /tmp/tmpxxO9IC -H
ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -x -D cn=Directory
Manager
-y /tmp/tmpVKinCZ' returned non-zero exit status 68
  [10/11]: apply LDAP updates
"""

and removes unneded steps during installation of KRA replica,
because KRA container must be there since installation of first KRA
instance.
---
 ipaserver/install/krainstance.py | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 90b1369..3824584 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -51,7 +51,6 @@
     'Security Domain Administrators'
 ]
 
-LDAPMOD_ERR_ALREADY_EXISTS = 68
 
 class KRAInstance(DogtagInstance):
     """
@@ -126,7 +125,8 @@ def configure_instance(self, realm_name, host_name, dm_password,
             self.step("configure certificate renewals", self.configure_renewal)
             self.step("configure HTTP to proxy connections",
                       self.http_proxy)
-            self.step("add vault container", self.__add_vault_container)
+            if not self.clone:
+                self.step("add vault container", self.__add_vault_container)
             self.step("apply LDAP updates", self.__apply_updates)
 
             self.step("enabling KRA instance", self.__enable_instance)
@@ -316,14 +316,8 @@ def __create_kra_agent(self):
         conn.disconnect()
 
     def __add_vault_container(self):
-        try:
-            self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
-                           raise_on_err=True)
-        except ipautil.CalledProcessError as e:
-            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
-                self.log.debug("Vault container already exists")
-            else:
-                self.log.error("Failed to add vault container: {0}".format(e))
+        self._ldap_mod(
+            'vault.ldif', {'SUFFIX': self.suffix}, raise_on_err=True)
 
     def __apply_updates(self):
         sub_dict = {

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to