From a155f692e7ad7807a5ea28250d1e72b3e821991e Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 29 Jun 2016 19:49:43 +0200
Subject: Fix replica install with CA

The incorrect api was used, and CA record updated was duplicated.

https://fedorahosted.org/freeipa/ticket/5966

Reviewed-By: Petr Spacek <pspacek@redhat.com>
---
 install/tools/ipa-ca-install    |  7 ++++++-
 ipaserver/install/cainstance.py | 10 ----------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install
index 1bc5def03..ed685920c 100755
--- a/install/tools/ipa-ca-install
+++ b/install/tools/ipa-ca-install
@@ -28,7 +28,7 @@ from ipaserver.install import installutils
 from ipaserver.install import certs
 from ipaserver.install.installutils import create_replica_config
 from ipaserver.install.installutils import check_creds, ReplicaConfig
-from ipaserver.install import dsinstance, ca
+from ipaserver.install import bindinstance, dsinstance, ca
 from ipaserver.install import cainstance, custodiainstance, service
 from ipapython import version
 from ipalib import api
@@ -195,6 +195,11 @@ def install_replica(safe_options, options, filename):
         CA.configure_replica(config.ca_host_name,
                              subject_base=config.subject_base,
                              ca_cert_bundle=ca_data)
+        # Install CA DNS records
+        if bindinstance.dns_container_exists(api.env.host, api.env.basedn,
+                                             ldapi=True, realm=api.env.realm):
+            bind = bindinstance.BindInstance(ldapi=True)
+            bind.update_system_records()
     else:
         ca.install(True, config, options)
 
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index ef69c898b..18e3902a5 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -63,7 +63,6 @@ from ipapython.ipa_log_manager import log_mgr,\
 from ipapython.secrets.kem import IPAKEMKeys
 
 from ipaserver.install import certs
-from ipaserver.install import bindinstance
 from ipaserver.install import dsinstance
 from ipaserver.install import installutils
 from ipaserver.install import ldapupdate
@@ -1298,14 +1297,6 @@ class CAInstance(DogtagInstance):
         basedn = ipautil.realm_to_suffix(self.realm)
         self.ldap_enable('CA', self.fqdn, None, basedn)
 
-    def __update_ca_records(self):
-        # Install CA DNS records
-        if bindinstance.dns_container_exists(
-            api.env.host, api.env.basedn, ldapi=True, realm=api.env.realm
-        ):
-            bind = bindinstance.BindInstance(ldapi=True)
-            bind.update_system_records()
-
     def configure_replica(self, master_host, subject_base=None,
                           ca_cert_bundle=None, ca_signing_algorithm=None,
                           ca_type=None):
@@ -1376,7 +1367,6 @@ class CAInstance(DogtagInstance):
                   self.__restart_http_instance)
 
         self.step("enabling CA instance", self.__enable_instance)
-        self.step("Updating DNS CA records", self.__update_ca_records)
 
         self.start_creation(runtime=210)
 
-- 
cgit