PKI installation on replica failing due to missing proxy conf

Proxy configuration was not detected correctly. Both
ipa-pki-proxy.conf and ipa.conf need to be in place and httpd
restarted to be able to check it's status.

https://fedorahosted.org/freeipa/ticket/3964

2 files changed, 5 insertions, 2 deletions

diff --git a/ipapython/platform/fedora16/service.py b/ipapython/platform/fedora16/service.py
index 297e6833..36e7a31c 100644
--- a/ipapython/platform/fedora16/service.py
+++ b/ipapython/platform/fedora16/service.py
@@ -143,7 +143,8 @@ class Fedora16CAService(Fedora16Service):
         # Unfortunately, knownservices.httpd.is_installed() can return
         # false positives, so check for existence of our configuration file.
         # TODO: Use a cleaner solution
-        if not os.path.exists('/etc/httpd/conf.d/ipa.conf'):
+        if not (os.path.exists('/etc/httpd/conf.d/ipa.conf') and
+                os.path.exists('/etc/httpd/conf.d/ipa-pki-proxy.conf')):
             root_logger.debug(
                 'The httpd proxy is not installed, skipping wait for CA')
             return
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 15d79fdb..9f0d4d4c 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1679,8 +1679,10 @@ def install_replica_ca(config, master_ds_port, postinstall=False):
                           master_replication_port=master_ds_port,
                           subject_base=config.subject_base)
 
+    # Restart httpd since we changed it's config and added ipa-pki-proxy.conf
+    # Without the restart, CA service status check would fail due to missing
+    # proxy
     if postinstall:
-        # Restart httpd since we changed its config
         ipaservices.knownservices.httpd.restart()