KRA: don't add KRA container when KRA replica

This fixes regression caused by c56256e2a29f076e6afa559225a66f58b0773eb5 """ [9/11]: add vault container ipa : CRITICAL Failed to load vault.ldif: Command '/usr/bin/ldapmodify -v -f /tmp/tmpxxO9IC -H ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -x -D cn=Directory Manager -y /tmp/tmpVKinCZ' returned non-zero exit status 68 [10/11]: apply LDAP updates """ and removes unneded steps during installation of KRA replica, because KRA container must be there since installation of first KRA instance. Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2016-11-11 15:45:17 +0100
committer: Martin Basti <mbasti@redhat.com> 2016-11-21 17:58:49 +0100
commit: 61094a2a20f5cacdb7c87940d0db8d8593a87505 (patch)
tree: 87e2b54f97c67d31e719fbded6a27462178b9922
parent: 5862eaa1a0e3fbced79d6c209016c1138e692888 (diff)
download: freeipa-61094a2a20f5cacdb7c87940d0db8d8593a87505.tar.gz
freeipa-61094a2a20f5cacdb7c87940d0db8d8593a87505.tar.xz
freeipa-61094a2a20f5cacdb7c87940d0db8d8593a87505.zip
1 files changed, 4 insertions, 10 deletions
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 90b1369d8..38245847c 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -51,7 +51,6 @@ ADMIN_GROUPS = [
     'Security Domain Administrators'
 ]
 
-LDAPMOD_ERR_ALREADY_EXISTS = 68
 
 class KRAInstance(DogtagInstance):
     """
@@ -126,7 +125,8 @@ class KRAInstance(DogtagInstance):
             self.step("configure certificate renewals", self.configure_renewal)
             self.step("configure HTTP to proxy connections",
                       self.http_proxy)
-            self.step("add vault container", self.__add_vault_container)
+            if not self.clone:
+                self.step("add vault container", self.__add_vault_container)
             self.step("apply LDAP updates", self.__apply_updates)
 
             self.step("enabling KRA instance", self.__enable_instance)
@@ -316,14 +316,8 @@ class KRAInstance(DogtagInstance):
         conn.disconnect()
 
     def __add_vault_container(self):
-        try:
-            self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
-                           raise_on_err=True)
-        except ipautil.CalledProcessError as e:
-            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
-                self.log.debug("Vault container already exists")
-            else:
-                self.log.error("Failed to add vault container: {0}".format(e))
+        self._ldap_mod(
+            'vault.ldif', {'SUFFIX': self.suffix}, raise_on_err=True)
 
     def __apply_updates(self):
         sub_dict = {
author	Martin Basti <mbasti@redhat.com>	2016-11-11 15:45:17 +0100
committer	Martin Basti <mbasti@redhat.com>	2016-11-21 17:58:49 +0100
commit	61094a2a20f5cacdb7c87940d0db8d8593a87505 (patch)
tree	87e2b54f97c67d31e719fbded6a27462178b9922
parent	5862eaa1a0e3fbced79d6c209016c1138e692888 (diff)
download	freeipa-61094a2a20f5cacdb7c87940d0db8d8593a87505.tar.gz freeipa-61094a2a20f5cacdb7c87940d0db8d8593a87505.tar.xz freeipa-61094a2a20f5cacdb7c87940d0db8d8593a87505.zip