diff options
Diffstat (limited to 'ipaserver')
-rw-r--r-- | ipaserver/install/krbinstance.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index c74fe40fa..5f2a4b1c1 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -68,6 +68,7 @@ class KrbInstance(service.Service): self.kdc_password = None self.sub_dict = None self.pkcs12_info = None + self.master_fqdn = None suffix = ipautil.dn_attribute_property('_suffix') subject_base = ipautil.dn_attribute_property('_subject_base') @@ -359,6 +360,18 @@ class KrbInstance(service.Service): certpath = (paths.KDC_CERT, paths.KDC_KEY) try: + prev_helper = None + if self.master_fqdn is None: + ca_args = [ + paths.CERTMONGER_DOGTAG_SUBMIT, + '--ee-url', 'https://%s:8443/ca/ee/ca' % self.fqdn, + '--certfile', paths.RA_AGENT_PEM, + '--keyfile', paths.RA_AGENT_KEY, + '--cafile', paths.IPA_CA_CRT, + '--agent-submit' + ] + helper = " ".join(ca_args) + prev_helper = certmonger.modify_ca_helper('IPA', helper) certmonger.request_and_wait_for_cert( certpath, subject, @@ -372,6 +385,9 @@ class KrbInstance(service.Service): if name != 'org.fedorahosted.certmonger.duplicate': root_logger.error("Failed to initiate the request: %s", e) return + finally: + if prev_helper is not None: + certmonger.modify_ca_helper('IPA', prev_helper) # Finally copy the cacert in the krb directory so we don't # have any selinux issues with the file context |