diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-04-10 14:14:10 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-07-30 16:04:21 +0200 |
commit | d1386be4d55128056e93429bbc85a821494560e9 (patch) | |
tree | 681b3de39bdedb3617f6606d000293cf55620b38 /install/tools/ipa-csreplica-manage | |
parent | baa665fe4043615f3e5a653e6894ce7457855d87 (diff) | |
download | freeipa-d1386be4d55128056e93429bbc85a821494560e9.tar.gz freeipa-d1386be4d55128056e93429bbc85a821494560e9.tar.xz freeipa-d1386be4d55128056e93429bbc85a821494560e9.zip |
Pick new CA renewal master when deleting a replica.
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Diffstat (limited to 'install/tools/ipa-csreplica-manage')
-rwxr-xr-x | install/tools/ipa-csreplica-manage | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/install/tools/ipa-csreplica-manage b/install/tools/ipa-csreplica-manage index eb589f3f9..cfcb354f2 100755 --- a/install/tools/ipa-csreplica-manage +++ b/install/tools/ipa-csreplica-manage @@ -25,7 +25,8 @@ import os import krbV from ipapython.ipa_log_manager import * -from ipaserver.install import replication, installutils, bindinstance +from ipaserver.install import (replication, installutils, bindinstance, + cainstance, certs) from ipalib import api, errors, util from ipalib.constants import CACERT from ipapython import ipautil, ipaldap, version, dogtag @@ -272,7 +273,12 @@ def del_master(realm, hostname, options): except Exception, e: sys.exit("There were issues removing a connection: %s" % e) - # 6. And clean up the removed replica DNS entries if any. + # 6. Pick CA renewal master + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(hostname): + ca.set_renewal_master(options.host) + + # 7. And clean up the removed replica DNS entries if any. try: if bindinstance.dns_container_exists(options.host, api.env.basedn, dm_password=options.dirman_passwd): |