On Tue, 2011-03-29 at 16:42 -0400, Rob Crittenden wrote:
> Martin Kosek wrote:
> > When IPA server was configured as self-signed (--selfsign option)
> > the replica always failed to install.
> >
> > https://fedorahosted.org/freeipa/ticket/1122
> >
>
> Why not just make install_ca return (None, None) instead if we aren't
> installing dogtag?
>
> rob
Good point, this will be much more readable. Sending updated patch.
Martin
>From 5fbf85224cbc03e7b97312e43fa222beee37fd29 Mon Sep 17 00:00:00 2001
From: Martin Kosek
Date: Fri, 25 Mar 2011 16:35:58 +0100
Subject: [PATCH] Replica installation fails for self-signed server
When IPA server was configured as self-signed (--selfsign option)
the replica always failed to install.
https://fedorahosted.org/freeipa/ticket/1122
---
install/tools/ipa-replica-install |3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index 2bc9a17e93804fcb435b7a8ea13495208e16f867..999b5ee77e7d46020af3226e957b38e8de924563 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -153,7 +153,8 @@ def install_ca(config):
cafile = config.dir + "/cacert.p12"
if not ipautil.file_exists(cafile):
-return None
+# CA not used on the server, return empty instances
+return (None, None)
try:
from ipaserver.install import cainstance
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel