diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2015-06-18 10:35:09 +0000 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-06-18 14:48:31 +0200 |
| commit | c3a3d789b5da353a6abf2722932df4f5fc05dbe5 (patch) | |
| tree | 9c8a89719edf14e37ffd03789d9d0523cfbc5589 /ipaserver/install | |
| parent | 3ababb763b93af4012705d59d2f55801d172835c (diff) | |
| download | freeipa-c3a3d789b5da353a6abf2722932df4f5fc05dbe5.tar.gz freeipa-c3a3d789b5da353a6abf2722932df4f5fc05dbe5.tar.xz freeipa-c3a3d789b5da353a6abf2722932df4f5fc05dbe5.zip | |
install: Fix ipa-replica-install not installing RA cert
https://fedorahosted.org/freeipa/ticket/4468
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipaserver/install')
| -rw-r--r-- | ipaserver/install/ca.py | 8 | ||||
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 15 |
2 files changed, 14 insertions, 9 deletions
diff --git a/ipaserver/install/ca.py b/ipaserver/install/ca.py index 1ef8b2c41..b84756922 100644 --- a/ipaserver/install/ca.py +++ b/ipaserver/install/ca.py @@ -122,13 +122,7 @@ def install_step_0(standalone, replica_config, options): postinstall = True else: postinstall = False - ca = cainstance.install_replica_ca(replica_config, postinstall) - - if not standalone: - ca.configure_certmonger_renewal() - ca.import_ra_cert(replica_config.dir + "/ra.p12") - ca.fix_ra_perms() - + cainstance.install_replica_ca(replica_config, postinstall) return if options.external_cert_files: diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 34580ce19..303d0bcf2 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -24,8 +24,9 @@ from ipaplatform.paths import paths from ipalib import api, certstore, constants, create_api, errors, x509 import ipaclient.ntpconf from ipaserver.install import ( - bindinstance, ca, dns, dsinstance, httpinstance, installutils, kra, - krbinstance, memcacheinstance, ntpinstance, otpdinstance, service) + bindinstance, ca, cainstance, certs, dns, dsinstance, httpinstance, + installutils, kra, krbinstance, memcacheinstance, ntpinstance, + otpdinstance, service) from ipaserver.install.installutils import create_replica_config from ipaserver.install.replication import ( ReplicationManager, replica_conn_check) @@ -579,6 +580,16 @@ def install(installer): otpd.create_instance('OTPD', config.host_name, config.dirman_password, ipautil.realm_to_suffix(config.realm_name)) + if ipautil.file_exists(cafile): + CA = cainstance.CAInstance( + config.realm_name, certs.NSS_DIR, + dogtag_constants=dogtag_constants) + CA.dm_password = config.dirman_password + + CA.configure_certmonger_renewal() + CA.import_ra_cert(config.dir + "/ra.p12") + CA.fix_ra_perms() + # The DS instance is created before the keytab, add the SSL cert we # generated ds.add_cert_to_service() |