diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-08-01 02:46:26 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-08-10 13:04:34 +0200 |
| commit | c8882f7d1c98a795195e7bd2e48323ce95edc858 (patch) | |
| tree | a19845dca60e7aec5ac0cfe5c53cb366cdf650a4 | |
| parent | c906784ded416eec70704a07e3923601fe509927 (diff) | |
| download | freeipa-c8882f7d1c98a795195e7bd2e48323ce95edc858.tar.gz freeipa-c8882f7d1c98a795195e7bd2e48323ce95edc858.tar.xz freeipa-c8882f7d1c98a795195e7bd2e48323ce95edc858.zip | |
Fixed missing KRA agent cert on replica.
The code that exports the KRA agent certificate has been moved
such that it will be executed both on master and replica.
https://fedorahosted.org/freeipa/ticket/5174
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
| -rw-r--r-- | ipaserver/install/krainstance.py | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 50ab424b0..fa50c3dec 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -256,6 +256,15 @@ class KRAInstance(DogtagInstance): os.remove(cfg_file) shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12) + + # export ipaCert with private key for client authentication + args = ["/usr/bin/pki", + "-d", paths.HTTPD_ALIAS_DIR, + "-C", paths.ALIAS_PWDFILE_TXT, + "client-cert-show", "ipaCert", + "--client-cert", paths.KRA_AGENT_PEM] + ipautil.run(args) + self.log.debug("completed creating KRA instance") def __add_ra_user_to_agent_group(self): @@ -330,14 +339,6 @@ class KRAInstance(DogtagInstance): finally: os.remove(filename) - # export ipaCert with private key for client authentication - args = ["/usr/bin/pki", - "-d", paths.HTTPD_ALIAS_DIR, - "-C", paths.ALIAS_PWDFILE_TXT, - "client-cert-show", "ipaCert", - "--client-cert", paths.KRA_AGENT_PEM] - ipautil.run(args) - def __add_vault_container(self): sub_dict = { 'SUFFIX': self.suffix, |