areguera / rpms / ipa

Forked from rpms/ipa 5 years ago
Clone

Blame SOURCES/0140-vault-select-a-server-with-KRA-for-vault-operations.patch

590d18
From f81f6028428f232052fa372bf3b11fa1e7b3905e Mon Sep 17 00:00:00 2001
590d18
From: Jan Cholasta <jcholast@redhat.com>
590d18
Date: Wed, 30 Sep 2015 09:05:33 +0200
590d18
Subject: [PATCH] vault: select a server with KRA for vault operations
590d18
590d18
This uses the same mechanism which is used for the CA.
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5302
590d18
590d18
Reviewed-By: Martin Basti <mbasti@redhat.com>
590d18
---
590d18
 ipalib/constants.py         |  3 ---
590d18
 ipaserver/plugins/dogtag.py | 22 +++++++++++++++++++++-
590d18
 2 files changed, 21 insertions(+), 4 deletions(-)
590d18
590d18
diff --git a/ipalib/constants.py b/ipalib/constants.py
590d18
index 1509151bac7e0abca081cbba033701db410fc54c..0c5fc49456307ed261acb057ce6612274da2c453 100644
590d18
--- a/ipalib/constants.py
590d18
+++ b/ipalib/constants.py
590d18
@@ -167,9 +167,6 @@ DEFAULT_CONFIG = (
590d18
     ('ca_agent_install_port', None),
590d18
     ('ca_ee_install_port', None),
590d18
 
590d18
-    # KRA plugin
590d18
-    ('kra_host', FQDN),  # Set in Env._finalize_core()
590d18
-
590d18
     # Topology plugin
590d18
     ('recommended_max_agmts', 4),  # Recommended maximum number of replication
590d18
                                    # agreements
590d18
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
590d18
index 47279921a5428f388f84967b7bbe05d758e475bd..f5f8eb67067c87f07c06e556fb9fc73792fbbc64 100644
590d18
--- a/ipaserver/plugins/dogtag.py
590d18
+++ b/ipaserver/plugins/dogtag.py
590d18
@@ -1902,6 +1902,26 @@ class kra(Backend):
590d18
 
590d18
         super(kra, self).__init__(api)
590d18
 
590d18
+    @property
590d18
+    def kra_host(self):
590d18
+        """
590d18
+        :return:   host
590d18
+                   as str
590d18
+
590d18
+        Select our KRA host.
590d18
+        """
590d18
+        ldap2 = self.api.Backend.ldap2
590d18
+        if host_has_service(api.env.ca_host, ldap2, "KRA"):
590d18
+            return api.env.ca_host
590d18
+        if api.env.host != api.env.ca_host:
590d18
+            if host_has_service(api.env.host, ldap2, "KRA"):
590d18
+                return api.env.host
590d18
+        host = select_any_master(ldap2, "KRA")
590d18
+        if host:
590d18
+            return host
590d18
+        else:
590d18
+            return api.env.ca_host
590d18
+
590d18
     def get_client(self):
590d18
         """
590d18
         Returns an authenticated KRA client to access KRA services.
590d18
@@ -1921,7 +1941,7 @@ class kra(Backend):
590d18
         # https://fedorahosted.org/freeipa/ticket/4557
590d18
         connection = PKIConnection(
590d18
             'https',
590d18
-            api.env.kra_host,
590d18
+            self.kra_host,
590d18
             str(self.kra_port),
590d18
             'kra')
590d18
 
590d18
-- 
590d18
2.4.3
590d18