diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-12-20 16:45:38 +1000 |
|---|---|---|
| committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-12-20 10:19:15 +0100 |
| commit | 4028ad73e74fe62bd4871e842dbb69ff660125f9 (patch) | |
| tree | 5922a3399476e4d076e349df8f967e3405da85d9 /ipaserver/install/server/replicainstall.py | |
| parent | 1b85e59ceeb115dfb24e9c6bacb665b935f9543c (diff) | |
| download | freeipa-4028ad73e74fe62bd4871e842dbb69ff660125f9.tar.gz freeipa-4028ad73e74fe62bd4871e842dbb69ff660125f9.tar.xz freeipa-4028ad73e74fe62bd4871e842dbb69ff660125f9.zip | |
Fix DL1 replica installation in CA-less topology
Commit dbb98765d73519289ee22f3de1a5ccde140f6f5d changed certmonger
requests for DS and HTTP certificates during installation to raise
on error (https://fedorahosted.org/freeipa/ticket/6514).
This introduced a regression in DL1 replica installation in CA-less
topology. A certificate was requested, but prior to the
aforementioned commit this would fail silently and installation
continued, whereas now installation fails.
Guard the certificate request with a check that the topology is
CA-ful.
Fixes: https://fedorahosted.org/freeipa/ticket/6573
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaserver/install/server/replicainstall.py')
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index b0cf28f0f..6e986f7d9 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -1338,7 +1338,7 @@ def install(installer): # Always try to install DNS records install_dns_records(config, options, remote_api) - if promote: + if promote and ca_enabled: # we need to install http certs to setup ssl for httpd install_http_certs(config.host_name, config.realm_name, |