diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-08-01 02:46:26 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-10 13:04:34 +0200 |
| commit | ad6a87e05857d60cbc9c22f426397e37ef11c2ac (patch) | |
| tree | 502b71509a116a22be10daa0de9aa181cb99dd98 /ipaserver | |
| parent | 04bf609a449ce8a5b8108486b55b8cb88a2ce655 (diff) | |
| download | freeipa-ad6a87e05857d60cbc9c22f426397e37ef11c2ac.tar.gz freeipa-ad6a87e05857d60cbc9c22f426397e37ef11c2ac.tar.xz freeipa-ad6a87e05857d60cbc9c22f426397e37ef11c2ac.zip | |
Fixed missing KRA agent cert on replica.
The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/krainstance.py | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 50ab424b0..fa50c3dec 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -256,6 +256,15 @@ class KRAInstance(DogtagInstance): os.remove(cfg_file) shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12) + + # export ipaCert with private key for client authentication + args = ["/usr/bin/pki", + "-d", paths.HTTPD_ALIAS_DIR, + "-C", paths.ALIAS_PWDFILE_TXT, + "client-cert-show", "ipaCert", + "--client-cert", paths.KRA_AGENT_PEM] + ipautil.run(args) + self.log.debug("completed creating KRA instance") def __add_ra_user_to_agent_group(self): @@ -330,14 +339,6 @@ class KRAInstance(DogtagInstance): finally: os.remove(filename) - # export ipaCert with private key for client authentication - args = ["/usr/bin/pki", - "-d", paths.HTTPD_ALIAS_DIR, - "-C", paths.ALIAS_PWDFILE_TXT, - "client-cert-show", "ipaCert", - "--client-cert", paths.KRA_AGENT_PEM] - ipautil.run(args) - def __add_vault_container(self): sub_dict = { 'SUFFIX': self.suffix, |