diff options
| author | David Kupka <dkupka@redhat.com> | 2015-12-08 14:22:01 +0100 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2015-12-10 07:49:53 +0100 |
| commit | b7953cda4fc02637f6e3db574b3d7163efc78a98 (patch) | |
| tree | c4e509a3138e9f7f4fd5f23ff156b1c8f86370ad /ipaserver/install/server | |
| parent | dcb5c2a5200a797b0eec9bb809c570f9ed80f7bb (diff) | |
| download | freeipa-b7953cda4fc02637f6e3db574b3d7163efc78a98.tar.gz freeipa-b7953cda4fc02637f6e3db574b3d7163efc78a98.tar.xz freeipa-b7953cda4fc02637f6e3db574b3d7163efc78a98.zip | |
replica: Fix ipa-replica-install with replica file (domain level 0).
Attribute _ca_enabled is set in promote_check() and is not available in
install(). When installing replica in domain level 0 we can determine existence
of CA service based on existence of cacert.p12 file in provided replica-file.
https://fedorahosted.org/freeipa/ticket/5531
Reviewed-By: Oleg Fayans <ofayans@redhat.com>
Diffstat (limited to 'ipaserver/install/server')
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index a42ed7e45..4f239aacd 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -654,6 +654,8 @@ def install(installer): if installer._update_hosts_file: installutils.update_hosts_file(config.ips, config.host_name, fstore) + ca_enabled = ipautil.file_exists(config.dir + "/cacert.p12") + # Create DS user/group if it doesn't exist yet dsinstance.create_ds_user() @@ -675,7 +677,7 @@ def install(installer): ntp.create_instance() # Configure dirsrv - ds = install_replica_ds(config, options, installer._ca_enabled) + ds = install_replica_ds(config, options, ca_enabled) # Always try to install DNS records install_dns_records(config, options, remote_api) @@ -690,20 +692,20 @@ def install(installer): options.domain_name = config.domain_name options.host_name = config.host_name - if ipautil.file_exists(config.dir + "/cacert.p12"): + if ca_enabled: options.ra_p12 = config.dir + "/ra.p12" ca.install(False, config, options) krb = install_krb(config, setup_pkinit=not options.no_pkinit) http = install_http(config, auto_redirect=not options.no_ui_redirect, - ca_is_configured=installer._ca_enabled) + ca_is_configured=ca_enabled) otpd = otpdinstance.OtpdInstance() otpd.create_instance('OTPD', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) - if ipautil.file_exists(config.dir + "/cacert.p12"): + if ca_enabled: CA = cainstance.CAInstance(config.realm_name, certs.NSS_DIR) CA.dm_password = config.dirman_password |