summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2016-06-17 10:57:32 +1000
committerMartin Basti <mbasti@redhat.com>2016-07-01 08:56:26 +0200
commit0334693cfc56bc2788ea3b4f3cea9547c9c00340 (patch)
tree9e2bc2d13e8e053c2a8e5d1d0f47716aedbca0a2
parent88f7154f7fcb1ca86dcbeeaca3c220ed4b88d55f (diff)
downloadfreeipa-0334693cfc56bc2788ea3b4f3cea9547c9c00340.zip
freeipa-0334693cfc56bc2788ea3b4f3cea9547c9c00340.tar.gz
freeipa-0334693cfc56bc2788ea3b4f3cea9547c9c00340.tar.xz
Split CA replica installation steps for domain level 0
Installation from replica file is broken because lightweight CA replication setup is attempted before Kerberos is set up. To fix the issue, explicitly execute step 1 before Kerberos setup, and step 2 afterwards. Part of: https://fedorahosted.org/freeipa/ticket/5963 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
-rw-r--r--ipaserver/install/server/replicainstall.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index e6e4302..9d05a0b 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -819,12 +819,17 @@ def install(installer):
if ca_enabled:
options.ra_p12 = config.dir + "/ra.p12"
- ca.install(False, config, options)
+ ca.install_step_0(False, config, options)
krb = install_krb(config, setup_pkinit=not options.no_pkinit)
http = install_http(config, auto_redirect=not options.no_ui_redirect,
ca_is_configured=ca_enabled)
+ if config.setup_ca:
+ # Done after install_krb() because lightweight CA key
+ # retrieval setup needs to create kerberos principal.
+ ca.install_step_1(False, config, options)
+
otpd = otpdinstance.OtpdInstance()
otpd.create_instance('OTPD', config.host_name, config.dirman_password,
ipautil.realm_to_suffix(config.realm_name))