From 61094a2a20f5cacdb7c87940d0db8d8593a87505 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Fri, 11 Nov 2016 15:45:17 +0100
Subject: KRA: don't add KRA container when KRA replica

This fixes regression caused by c56256e2a29f076e6afa559225a66f58b0773eb5
"""
  [9/11]: add vault container
ipa         : CRITICAL Failed to load vault.ldif: Command
'/usr/bin/ldapmodify -v -f /tmp/tmpxxO9IC -H
ldapi://%2fvar%2frun%2fslapd-IPA-TEST.socket -x -D cn=Directory
Manager
-y /tmp/tmpVKinCZ' returned non-zero exit status 68
  [10/11]: apply LDAP updates
"""

and removes unneded steps during installation of KRA replica,
because KRA container must be there since installation of first KRA
instance.

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/krainstance.py | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
index 90b1369d8..38245847c 100644
--- a/ipaserver/install/krainstance.py
+++ b/ipaserver/install/krainstance.py
@@ -51,7 +51,6 @@ ADMIN_GROUPS = [
     'Security Domain Administrators'
 ]
 
-LDAPMOD_ERR_ALREADY_EXISTS = 68
 
 class KRAInstance(DogtagInstance):
     """
@@ -126,7 +125,8 @@ class KRAInstance(DogtagInstance):
             self.step("configure certificate renewals", self.configure_renewal)
             self.step("configure HTTP to proxy connections",
                       self.http_proxy)
-            self.step("add vault container", self.__add_vault_container)
+            if not self.clone:
+                self.step("add vault container", self.__add_vault_container)
             self.step("apply LDAP updates", self.__apply_updates)
 
             self.step("enabling KRA instance", self.__enable_instance)
@@ -316,14 +316,8 @@ class KRAInstance(DogtagInstance):
         conn.disconnect()
 
     def __add_vault_container(self):
-        try:
-            self._ldap_mod('vault.ldif', {'SUFFIX': self.suffix},
-                           raise_on_err=True)
-        except ipautil.CalledProcessError as e:
-            if e.returncode == LDAPMOD_ERR_ALREADY_EXISTS:
-                self.log.debug("Vault container already exists")
-            else:
-                self.log.error("Failed to add vault container: {0}".format(e))
+        self._ldap_mod(
+            'vault.ldif', {'SUFFIX': self.suffix}, raise_on_err=True)
 
     def __apply_updates(self):
         sub_dict = {
-- 
cgit