summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2016-06-29 19:49:43 +0200
committerMartin Basti <mbasti@redhat.com>2016-06-30 13:18:51 +0200
commita155f692e7ad7807a5ea28250d1e72b3e821991e (patch)
tree5f9f23e68025f04c97b3db25d0c4c670875c8c96
parent0399110240e0a064c3faae407d9d62ba07281eb9 (diff)
downloadfreeipa-a155f692e7ad7807a5ea28250d1e72b3e821991e.tar.gz
freeipa-a155f692e7ad7807a5ea28250d1e72b3e821991e.tar.xz
freeipa-a155f692e7ad7807a5ea28250d1e72b3e821991e.zip
Fix replica install with CA
The incorrect api was used, and CA record updated was duplicated. https://fedorahosted.org/freeipa/ticket/5966 Reviewed-By: Petr Spacek <pspacek@redhat.com>
-rwxr-xr-xinstall/tools/ipa-ca-install7
-rw-r--r--ipaserver/install/cainstance.py10
2 files changed, 6 insertions, 11 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 1bc5def03..ed685920c 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -28,7 +28,7 @@ from ipaserver.install import installutils
from ipaserver.install import certs
from ipaserver.install.installutils import create_replica_config
from ipaserver.install.installutils import check_creds, ReplicaConfig
-from ipaserver.install import dsinstance, ca
+from ipaserver.install import bindinstance, dsinstance, ca
from ipaserver.install import cainstance, custodiainstance, service
from ipapython import version
from ipalib import api
@@ -195,6 +195,11 @@ def install_replica(safe_options, options, filename):
CA.configure_replica(config.ca_host_name,
subject_base=config.subject_base,
ca_cert_bundle=ca_data)
+ # Install CA DNS records
+ if bindinstance.dns_container_exists(api.env.host, api.env.basedn,
+ ldapi=True, realm=api.env.realm):
+ bind = bindinstance.BindInstance(ldapi=True)
+ bind.update_system_records()
else:
ca.install(True, config, options)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index ef69c898b..18e3902a5 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -63,7 +63,6 @@ from ipapython.ipa_log_manager import log_mgr,\
from ipapython.secrets.kem import IPAKEMKeys
from ipaserver.install import certs
-from ipaserver.install import bindinstance
from ipaserver.install import dsinstance
from ipaserver.install import installutils
from ipaserver.install import ldapupdate
@@ -1298,14 +1297,6 @@ class CAInstance(DogtagInstance):
basedn = ipautil.realm_to_suffix(self.realm)
self.ldap_enable('CA', self.fqdn, None, basedn)
- def __update_ca_records(self):
- # Install CA DNS records
- if bindinstance.dns_container_exists(
- api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm
- ):
- bind = bindinstance.BindInstance(ldapi=True)
- bind.update_system_records()
-
def configure_replica(self, master_host, subject_base=None,
ca_cert_bundle=None, ca_signing_algorithm=None,
ca_type=None):
@@ -1376,7 +1367,6 @@ class CAInstance(DogtagInstance):
self.__restart_http_instance)
self.step("enabling CA instance", self.__enable_instance)
- self.step("Updating DNS CA records", self.__update_ca_records)
self.start_creation(runtime=210)