diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2016-10-24 13:17:26 +0200 |
|---|---|---|
| committer | Jan Cholasta <jcholast@redhat.com> | 2016-11-11 12:13:56 +0100 |
| commit | 0e232b5f526168af6bb0b52244f79dfacb43a9b7 (patch) | |
| tree | 451d40a3ddad1efb7a0a3cdda520ab269a75b021 /ipaserver | |
| parent | 8a7e79a7a6fad8dc87c8f148cb5098434f988ea3 (diff) | |
| download | freeipa-0e232b5f526168af6bb0b52244f79dfacb43a9b7.tar.gz freeipa-0e232b5f526168af6bb0b52244f79dfacb43a9b7.tar.xz freeipa-0e232b5f526168af6bb0b52244f79dfacb43a9b7.zip | |
replica install: use one remote KRA host name everywhere
Remote master and KRA host names may differ. Always use the remote KRA host
name and never the remote master host name in KRA replica install.
https://fedorahosted.org/freeipa/ticket/6392
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/ipa_kra_install.py | 8 | ||||
| -rw-r--r-- | ipaserver/install/krainstance.py | 2 | ||||
| -rw-r--r-- | ipaserver/install/server/replicainstall.py | 6 |
3 files changed, 8 insertions, 8 deletions
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 4f24d5871..fd22288f1 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -188,7 +188,7 @@ class KRAInstaller(KRAInstall): if self.installing_replica: if self.options.promote: config = ReplicaConfig() - config.master_host_name = None + config.kra_host_name = None config.realm_name = api.env.realm config.host_name = api.env.host config.domain_name = api.env.domain @@ -201,17 +201,15 @@ class KRAInstaller(KRAInstall): self.options.password, self.replica_file, self.options) + config.kra_host_name = config.master_host_name if config.subject_base is None: attrs = api.Backend.ldap2.get_ipa_config() config.subject_base = attrs.get('ipacertificatesubjectbase')[0] - if config.master_host_name is None: + if config.kra_host_name is None: config.kra_host_name = service.find_providing_server( 'KRA', api.Backend.ldap2, api.env.ca_host) - config.master_host_name = config.kra_host_name - else: - config.kra_host_name = config.master_host_name try: kra.install_check(api, config, self.options) diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py index 77f23c1c3..22fe38ac6 100644 --- a/ipaserver/install/krainstance.py +++ b/ipaserver/install/krainstance.py @@ -428,7 +428,7 @@ def install_replica_kra(config, postinstall=False): _kra.configure_instance(config.realm_name, config.host_name, config.dirman_password, config.dirman_password, pkcs12_info=(krafile,), - master_host=config.master_host_name, + master_host=config.kra_host_name, subject_base=config.subject_base) # Restart httpd since we changed it's config and added ipa-pki-proxy.conf diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 96f4adbfa..05718a515 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -550,6 +550,7 @@ def install_check(installer): config = create_replica_config(dirman_password, filename, options) config.ca_host_name = config.master_host_name + config.kra_host_name = config.ca_host_name config.setup_ca = options.setup_ca config.setup_kra = options.setup_kra installer._top_dir = config.top_dir @@ -1041,6 +1042,7 @@ def promote_check(installer): config.domain_name = api.env.domain config.master_host_name = api.env.server config.ca_host_name = api.env.ca_host + config.kra_host_name = config.ca_host_name config.setup_ca = options.setup_ca config.setup_kra = options.setup_kra config.dir = installer._top_dir @@ -1277,8 +1279,8 @@ def promote_check(installer): "custom certificates.") raise ScriptError(rval=3) - config.kra_host_name = service.find_providing_server('KRA', conn, - api.env.server) + config.kra_host_name = service.find_providing_server( + 'KRA', conn, config.kra_host_name) if options.setup_kra and config.kra_host_name is None: root_logger.error("There is no KRA server in the domain, can't " "setup a KRA clone") |