diff options
author | Jan Cholasta <jcholast@redhat.com> | 2017-02-16 11:19:09 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-20 13:00:50 +0000 |
commit | 0862e320916e0123df7e8505ba61229db0cb1e4a (patch) | |
tree | 7750b11d206b426c86f3cf575b202545c701cfdc | |
parent | 97e838e10da3b42e3605d230e0b8e01b9148876f (diff) | |
download | freeipa-0862e320916e0123df7e8505ba61229db0cb1e4a.tar.gz freeipa-0862e320916e0123df7e8505ba61229db0cb1e4a.tar.xz freeipa-0862e320916e0123df7e8505ba61229db0cb1e4a.zip |
server upgrade: always upgrade KRA agent PEM file
Before the KRA agent PEM file is exported in server upgrade, the sysupgrade
state file is consulted. This causes the KRA agent PEM file not to be
exported to the new location if the upgrade was executed in the past.
Do not consult the sysupgrade state file to decide whether to upgrade the
KRA agent PEM file or not, the existence of the file is enough to make this
decision.
https://fedorahosted.org/freeipa/ticket/6675
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
-rw-r--r-- | ipaplatform/base/paths.py | 1 | ||||
-rw-r--r-- | ipaserver/install/server/upgrade.py | 7 |
2 files changed, 5 insertions, 3 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 8db9e61f5..5d5fb993f 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -39,6 +39,7 @@ class BasePathNamespace(object): HOSTS = "/etc/hosts" ETC_HTTPD_DIR = "/etc/httpd" HTTPD_ALIAS_DIR = "/etc/httpd/alias" + OLD_KRA_AGENT_PEM = "/etc/httpd/alias/kra-agent.pem" IPA_RADB_DIR = "/var/lib/ipa/radb" HTTPD_CONF_D_DIR = "/etc/httpd/conf.d/" HTTPD_IPA_KDCPROXY_CONF = "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf" diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py index e65592c19..1acad5556 100644 --- a/ipaserver/install/server/upgrade.py +++ b/ipaserver/install/server/upgrade.py @@ -1386,7 +1386,9 @@ def fix_trust_flags(): def export_kra_agent_pem(): root_logger.info('[Exporting KRA agent PEM file]') - if sysupgrade.get_upgrade_state('http', 'export_kra_agent_pem'): + sysupgrade.remove_upgrade_state('http', 'export_kra_agent_pem') + + if os.path.exists(paths.KRA_AGENT_PEM): root_logger.info("KRA agent PEM file already exported") return @@ -1395,8 +1397,7 @@ def export_kra_agent_pem(): return krainstance.export_kra_agent_pem() - - sysupgrade.set_upgrade_state('http', 'export_kra_agent_pem', True) + installutils.remove_file(paths.OLD_KRA_AGENT_PEM) def update_mod_nss_protocol(http): |