From 1de92b13266b7ac748581f963d8fe7bdb87d1563 Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Fri, 1 Jul 2016 10:21:06 +0200
Subject: RedHatCAService should wait for local Dogtag instance

RedHatCAService.wait_until_running() uses dogtag.ca_status() to make a
HTTP(s) request to Dogtag in order to check if /ca/admin/ca/getStatus
returns OK. The ca_status() function defaults to api.env.ca_host as
host.

On a replica without CA ca_host is a remote host (e.g. master's
FQDN). ipa-ca-install waits for master:8080 instead of replica:8080,
which might be blocked by a firewall.

https://fedorahosted.org/freeipa/ticket/6016

Reviewed-By: Petr Spacek <pspacek@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipaplatform/redhat/services.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'ipaplatform')

diff --git a/ipaplatform/redhat/services.py b/ipaplatform/redhat/services.py
index 849737059..24325347c 100644
--- a/ipaplatform/redhat/services.py
+++ b/ipaplatform/redhat/services.py
@@ -199,7 +199,8 @@ class RedHatCAService(RedHatService):
         op_timeout = time.time() + timeout
         while time.time() < op_timeout:
             try:
-                status = dogtag.ca_status()
+                # check status of CA instance on this host, not remote ca_host
+                status = dogtag.ca_status(api.env.host)
             except Exception as e:
                 status = 'check interrupted due to error: %s' % e
             root_logger.debug('The CA status is: %s' % status)
-- 
cgit