Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master
On 21.1.2016 15:04, Martin Babinsky wrote: On 01/21/2016 02:51 PM, Jan Cholasta wrote: On 21.1.2016 14:45, Martin Babinsky wrote: On 01/21/2016 02:21 PM, Petr Vobornik wrote: On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3 branch? yes New ticket here: https://fedorahosted.org/freeipa/ticket/5626 I have also attached the ticket URL to the commit message. Why so much code for such a simple change? Please keep the style consistent with the code in install.install() and replicainstall.install(). It did not occur to me as much code, the logic was equivalent to the stuff other installers do but bit more concise. But attaching updated patch in common style anyway. Thanks, ACK. Pushed to: master: 7dae5c09d5a6bf084661511bef4811223da64252 ipa-4-3: b63505ef765768b7cbcfc84983c249269ab8b788 -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master
On 01/21/2016 02:51 PM, Jan Cholasta wrote:
On 21.1.2016 14:45, Martin Babinsky wrote:
On 01/21/2016 02:21 PM, Petr Vobornik wrote:
On 01/21/2016 01:53 PM, Martin Babinsky wrote:
this patch ensures that promoted replicas in CA-less topology have
correct settings in their default.conf.
I couldn't find any ticket for this issue, should I file one so that
this patch can land in 4-3 branch?
yes
New ticket here: https://fedorahosted.org/freeipa/ticket/5626
I have also attached the ticket URL to the commit message.
Why so much code for such a simple change? Please keep the style
consistent with the code in install.install() and replicainstall.install().
It did not occur to me as much code, the logic was equivalent to the
stuff other installers do but bit more concise.
But attaching updated patch in common style anyway.
--
Martin^3 Babinsky
From 7812cf9e579306189c32950534b0dc445b8bc686 Mon Sep 17 00:00:00 2001
From: Martin Babinsky
Date: Thu, 21 Jan 2016 13:39:49 +0100
Subject: [PATCH] disable RA plugins when promoting a replica from CA-less
master
There is no point in setting 'enable_ra' to True in IPA config when the
replica is promoted from CA-less master. The installer should set
'enable_ra' to False and unset 'ra_plugin' directive in this case.
https://fedorahosted.org/freeipa/ticket/5626
---
ipaserver/install/server/replicainstall.py | 22 --
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index bd7da87ff69939b35dcafbafa95a75c12de02648..33fd2816656788239c2d6c6c29d604c0fd326bad 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1350,13 +1350,23 @@ def promote(installer):
'https://%s/ipa/xml' %
ipautil.format_netloc(config.host_name)),
ipaconf.setOption('ldap_uri', ldapi_uri),
-ipaconf.setOption('mode', 'production'),
-ipaconf.setOption('enable_ra', 'True'),
-ipaconf.setOption('ra_plugin', 'dogtag'),
-ipaconf.setOption('dogtag_version', '10')]
+ipaconf.setOption('mode', 'production')
+]
-if not options.setup_ca:
-gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+if installer._ca_enabled:
+gopts.extend([
+ipaconf.setOption('enable_ra', 'True'),
+ipaconf.setOption('ra_plugin', 'dogtag'),
+ipaconf.setOption('dogtag_version', '10')
+])
+
+if not options.setup_ca:
+gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+else:
+gopts.extend([
+ipaconf.setOption('enable_ra', 'False'),
+ipaconf.setOption('ra_plugin', 'None')
+])
opts = [ipaconf.setSection('global', gopts)]
--
2.5.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master
On 21.1.2016 14:45, Martin Babinsky wrote: On 01/21/2016 02:21 PM, Petr Vobornik wrote: On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3 branch? yes New ticket here: https://fedorahosted.org/freeipa/ticket/5626 I have also attached the ticket URL to the commit message. Why so much code for such a simple change? Please keep the style consistent with the code in install.install() and replicainstall.install(). -- Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master
On 01/21/2016 02:21 PM, Petr Vobornik wrote:
On 01/21/2016 01:53 PM, Martin Babinsky wrote:
this patch ensures that promoted replicas in CA-less topology have
correct settings in their default.conf.
I couldn't find any ticket for this issue, should I file one so that
this patch can land in 4-3 branch?
yes
New ticket here: https://fedorahosted.org/freeipa/ticket/5626
I have also attached the ticket URL to the commit message.
--
Martin^3 Babinsky
From 54a6289938654fc88cc5746e8057e4452ebc0fc2 Mon Sep 17 00:00:00 2001
From: Martin Babinsky
Date: Thu, 21 Jan 2016 13:39:49 +0100
Subject: [PATCH] disable RA plugins when promoting a replica from CA-less
master
There is no point in setting 'enable_ra' to True in IPA config when the
replica is promoted from CA-less master. The installer should set
'enable_ra' to False and unset 'ra_plugin' directive in this case.
https://fedorahosted.org/freeipa/ticket/5626
---
ipaserver/install/server/replicainstall.py | 20 ++--
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index bd7da87ff69939b35dcafbafa95a75c12de02648..bb49811ccc7f56d425ec9ed469133e9305b5896c 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1350,13 +1350,21 @@ def promote(installer):
'https://%s/ipa/xml' %
ipautil.format_netloc(config.host_name)),
ipaconf.setOption('ldap_uri', ldapi_uri),
-ipaconf.setOption('mode', 'production'),
-ipaconf.setOption('enable_ra', 'True'),
-ipaconf.setOption('ra_plugin', 'dogtag'),
-ipaconf.setOption('dogtag_version', '10')]
+ipaconf.setOption('mode', 'production')
+]
-if not options.setup_ca:
-gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
+enable_ra = installer._ca_enabled
+ra_plugin = 'dogtag' if installer._ca_enabled else None
+
+gopts.extend([
+ipaconf.setOption('enable_ra', str(enable_ra)),
+ipaconf.setOption('ra_plugin', str(ra_plugin)),
+])
+if installer._ca_enabled:
+gopts.append(ipaconf.setOption('dogtag_version', '10'))
+
+if not options.setup_ca:
+gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))
opts = [ipaconf.setSection('global', gopts)]
--
2.5.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0130] disable RA plugins when promoting a replica from CA-less master
On 01/21/2016 01:53 PM, Martin Babinsky wrote: this patch ensures that promoted replicas in CA-less topology have correct settings in their default.conf. I couldn't find any ticket for this issue, should I file one so that this patch can land in 4-3 branch? yes -- Petr Vobornik -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
