From f084ab0a6828efd8d76b4495e800f7cc7158d909 Mon Sep 17 00:00:00 2001

From: Christian Heimes <cheimes@redhat.com>

Date: Tue, 19 Jun 2018 19:10:27 +0200

Subject: [PATCH] Always set ca_host when installing replica

ipa-replica-install only set ca_host in its temporary

/etc/ipa/default.conf, when it wasn't installing a replica with CA. As a

consequence, the replica installer was picking a random CA server from

LDAP.

Always set the replication peer as ca_host. This will ensure that the

installer uses the same replication peer for CA. In case the replication

peer is not a CA master, the installer will automatically pick another

host later.

See: https://pagure.io/freeipa/issue/7566

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>

---

 ipaserver/install/server/replicainstall.py | 6 ++----

 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py

index 8668859ba5da427ea6e752ed52af057635061f23..b10f761e3f643f9fa868451192fa4550b24b6b16 100644

--- a/ipaserver/install/server/replicainstall.py

+++ b/ipaserver/install/server/replicainstall.py

@@ -236,11 +236,9 @@ def create_ipa_conf(fstore, config, ca_enabled, master=None):

         gopts.extend([

             ipaconf.setOption('enable_ra', 'True'),

             ipaconf.setOption('ra_plugin', 'dogtag'),

-            ipaconf.setOption('dogtag_version', '10')

+            ipaconf.setOption('dogtag_version', '10'),

+            ipaconf.setOption('ca_host', config.ca_host_name)

         ])

-

-        if not config.setup_ca:

-            gopts.append(ipaconf.setOption('ca_host', config.ca_host_name))

     else:

         gopts.extend([

             ipaconf.setOption('enable_ra', 'False'),

-- 

2.17.1