diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 09:08:49 +0000 |
|---|---|---|
| committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
| commit | fd5ef28bf246f113e16d1b4e7ce5324eab455336 (patch) | |
| tree | 4436fff59efaebb007e03a7b52b31e38dc32c684 /install | |
| parent | fac6bf30b6ed91ab595e8a5e5c39a5934de6f0b6 (diff) | |
| download | freeipa-fd5ef28bf246f113e16d1b4e7ce5324eab455336.tar.gz freeipa-fd5ef28bf246f113e16d1b4e7ce5324eab455336.tar.xz freeipa-fd5ef28bf246f113e16d1b4e7ce5324eab455336.zip | |
Use the same certmonger configuration for both CA masters and clones.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install')
| -rw-r--r-- | install/tools/ipa-upgradeconfig | 14 |
1 files changed, 4 insertions, 10 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index cc0172f5f..324e45594 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -608,11 +608,8 @@ def enable_certificate_renewal(ca): if not sysupgrade.get_upgrade_state('dogtag', 'renewal_configured'): ca.configure_certmonger_renewal() - if ca.is_master(): - ca.configure_renewal() - else: - ca.configure_clone_renewal() - ca.configure_agent_renewal() + ca.configure_renewal() + ca.configure_agent_renewal() ca.track_servercert() sysupgrade.set_upgrade_state('dogtag', 'renewal_configured', True) root_logger.debug('CA subsystem certificate renewal enabled') @@ -657,11 +654,8 @@ def certificate_renewal_stop_ca(ca): # again with new configuration: cainstance.stop_tracking_certificates(dogtag.configured_constants()) ca.configure_certmonger_renewal() - if ca.is_master(): - ca.configure_renewal() - else: - ca.configure_clone_renewal() - ca.configure_agent_renewal() + ca.configure_renewal() + ca.configure_agent_renewal() ca.track_servercert() sysupgrade.set_upgrade_state('dogtag', 'stop_ca_during_renewal', True) root_logger.debug('CA subsystem certificate renewal configured to stop the CA') |