diff options
author | Jan Cholasta <jcholast@redhat.com> | 2013-10-16 08:55:17 +0000 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-03-25 16:54:55 +0100 |
commit | b5d082ec4d08712f8be5b56ea248133a76fd923a (patch) | |
tree | 8e8cec9087e7517ff057ffd99bcb200d914a5090 /install/certmonger | |
parent | c3169add3be4fdb4572d6e159766a1d3cbb7e3d8 (diff) | |
download | freeipa-b5d082ec4d08712f8be5b56ea248133a76fd923a.tar.gz freeipa-b5d082ec4d08712f8be5b56ea248133a76fd923a.tar.xz freeipa-b5d082ec4d08712f8be5b56ea248133a76fd923a.zip |
Make the default dogtag-ipa-ca-renew-agent behavior depend on CA setup.
On CA masters, a certificate is requested and stored to LDAP. On CA clones,
the certificate is retrieved from LDAP.
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'install/certmonger')
-rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index 6da7f6dbf..e39da4a21 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -36,6 +36,7 @@ from ipapython import ipautil from ipapython.dn import DN from ipalib import api, errors, pkcs10, x509 from ipaserver.plugins.ldap2 import ldap2 +from ipaserver.install import cainstance, certs # This is a certmonger CA helper script for IPA CA subsystem cert renewal. See # https://git.fedorahosted.org/cgit/certmonger.git/tree/doc/submit.txt for more @@ -256,7 +257,11 @@ def main(): if profile: handler = handlers.get(profile, request_and_store_cert) else: - handler = request_and_store_cert + ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) + if ca.is_renewal_master(): + handler = request_and_store_cert + else: + handler = retrieve_cert res = handler() for item in res[1:]: |