summaryrefslogtreecommitdiffstats
path: root/ipaserver/install/server/replicainstall.py
diff options
context:
space:
mode:
authorMartin Basti <mbasti@redhat.com>2015-12-10 13:46:07 +0100
committerMartin Basti <mbasti@redhat.com>2015-12-14 11:48:40 +0100
commitbf9a34f4cfc2c514ff53efea4ba56e2c0cb3033f (patch)
treece3963ed08bf6005b1108a6a01deb1a8ced19423 /ipaserver/install/server/replicainstall.py
parent099cf98307d4b2f0ace5d5e28754f264808bf59d (diff)
downloadfreeipa-bf9a34f4cfc2c514ff53efea4ba56e2c0cb3033f.tar.gz
freeipa-bf9a34f4cfc2c514ff53efea4ba56e2c0cb3033f.tar.xz
freeipa-bf9a34f4cfc2c514ff53efea4ba56e2c0cb3033f.zip
Install RA cert during replica promotion
This cert is needed with KRA to be able store and retrieve secrets. https://fedorahosted.org/freeipa/ticket/5512 Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
-rw-r--r--ipaserver/install/server/replicainstall.py8
1 files changed, 8 insertions, 0 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
index 311f0e577..1d5b528c8 100644
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -1316,6 +1316,14 @@ def promote(installer):
installer._ca_enabled)
custodia.create_replica(config.master_host_name)
+ if installer._ca_enabled:
+ CA = cainstance.CAInstance(config.realm_name, certs.NSS_DIR)
+
+ CA.configure_certmonger_renewal()
+ CA.configure_agent_renewal()
+ cainstance.export_kra_agent_pem()
+ CA.fix_ra_perms()
+
krb = install_krb(config,
setup_pkinit=not options.no_pkinit,
promote=True)
generated by cgit (git 2.34.1) at 2025-06-06 06:45:55 +0000