diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2016-06-30 21:01:07 +1000 |
---|---|---|
committer | Petr Vobornik <pvoborni@redhat.com> | 2016-07-01 11:09:53 +0200 |
commit | 3691e39a62da5134f911f6a798f79a3a2ae0c025 (patch) | |
tree | e96031cde08ed65028266d59f882d2a85e8efa5a /ipaserver/install/server/upgrade.py | |
parent | 5e78b54d7c532bec0ee5a4ce3f1b6d6c94d17c51 (diff) | |
download | freeipa-3691e39a62da5134f911f6a798f79a3a2ae0c025.tar.gz freeipa-3691e39a62da5134f911f6a798f79a3a2ae0c025.tar.xz freeipa-3691e39a62da5134f911f6a798f79a3a2ae0c025.zip |
Fix upgrade when Dogtag also upgraded from 10.2 -> 10.3
ipa-server-upgrade from pre-lightweight CAs version fails when
Dogtag is also being upgraded from pre-lightweight CAs version,
because Dogtag needs to be restarted after adding the lightweight
CAs container, before requesting information about the host
authority.
Move the addition of the Dogtag lightweight CAs container entry a
bit earlier in the upgrade procedure, ensuring restart.
Fixes: https://fedorahosted.org/freeipa/ticket/6011
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/install/server/upgrade.py')
-rw-r--r-- | ipaserver/install/server/upgrade.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index 3955a8cb9..43427178b 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1747,6 +1747,7 @@ def upgrade_configuration(): ca_enable_pkix(ca), ca_configure_profiles_acl(ca), ca_configure_lightweight_ca_acls(ca), + ca_ensure_lightweight_cas_container(ca), ca_add_default_ocsp_uri(ca), ]) @@ -1758,7 +1759,6 @@ def upgrade_configuration(): except ipautil.CalledProcessError as e: root_logger.error("Failed to restart %s: %s", ca.service_name, e) - ca_ensure_lightweight_cas_container(ca) ca_enable_ldap_profile_subsystem(ca) # This step MUST be done after ca_enable_ldap_profile_subsystem and |