diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-17 10:57:32 +1000 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 08:56:26 +0200 |
commit | 0334693cfc56bc2788ea3b4f3cea9547c9c00340 (patch) | |
tree | 9e2bc2d13e8e053c2a8e5d1d0f47716aedbca0a2 | |
parent | 88f7154f7fcb1ca86dcbeeaca3c220ed4b88d55f (diff) | |
download | freeipa-0334693cfc56bc2788ea3b4f3cea9547c9c00340.tar.gz freeipa-0334693cfc56bc2788ea3b4f3cea9547c9c00340.tar.xz freeipa-0334693cfc56bc2788ea3b4f3cea9547c9c00340.zip |
Split CA replica installation steps for domain level 0
Installation from replica file is broken because lightweight CA
replication setup is attempted before Kerberos is set up. To fix
the issue, explicitly execute step 1 before Kerberos setup, and
step 2 afterwards.
Part of: https://fedorahosted.org/freeipa/ticket/5963
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
-rw-r--r-- | ipaserver/install/server/replicainstall.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index e6e43024d..9d05a0be5 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -819,12 +819,17 @@ def install(installer): if ca_enabled: options.ra_p12 = config.dir + "/ra.p12" - ca.install(False, config, options) + ca.install_step_0(False, config, options) krb = install_krb(config, setup_pkinit=not options.no_pkinit) http = install_http(config, auto_redirect=not options.no_ui_redirect, ca_is_configured=ca_enabled) + if config.setup_ca: + # Done after install_krb() because lightweight CA key + # retrieval setup needs to create kerberos principal. + ca.install_step_1(False, config, options) + otpd = otpdinstance.OtpdInstance() otpd.create_instance('OTPD', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) |