|
 |
590d18 |
From 9d1657b3527e423e489a25fd7ee31692181f9f5b Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: "Endi S. Dewata" <edewata@redhat.com>
|
|
|
590d18 |
Date: Sat, 1 Aug 2015 02:46:26 +0200
|
|
|
590d18 |
Subject: [PATCH] Fixed missing KRA agent cert on replica.
|
|
|
590d18 |
|
|
|
590d18 |
The code that exports the KRA agent certificate has been moved
|
|
|
590d18 |
such that it will be executed both on master and replica.
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5174
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipaserver/install/krainstance.py | 17 +++++++++--------
|
|
|
590d18 |
1 file changed, 9 insertions(+), 8 deletions(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipaserver/install/krainstance.py b/ipaserver/install/krainstance.py
|
|
|
590d18 |
index 50ab424b0e59becfea9e7af4b8d43a32ccbdc823..fa50c3dec897d63b9d3522d196054163f7b3369a 100644
|
|
|
590d18 |
--- a/ipaserver/install/krainstance.py
|
|
|
590d18 |
+++ b/ipaserver/install/krainstance.py
|
|
|
590d18 |
@@ -256,6 +256,15 @@ class KRAInstance(DogtagInstance):
|
|
|
590d18 |
os.remove(cfg_file)
|
|
|
590d18 |
|
|
|
590d18 |
shutil.move(paths.KRA_BACKUP_KEYS_P12, paths.KRACERT_P12)
|
|
|
590d18 |
+
|
|
|
590d18 |
+ # export ipaCert with private key for client authentication
|
|
|
590d18 |
+ args = ["/usr/bin/pki",
|
|
|
590d18 |
+ "-d", paths.HTTPD_ALIAS_DIR,
|
|
|
590d18 |
+ "-C", paths.ALIAS_PWDFILE_TXT,
|
|
|
590d18 |
+ "client-cert-show", "ipaCert",
|
|
|
590d18 |
+ "--client-cert", paths.KRA_AGENT_PEM]
|
|
|
590d18 |
+ ipautil.run(args)
|
|
|
590d18 |
+
|
|
|
590d18 |
self.log.debug("completed creating KRA instance")
|
|
|
590d18 |
|
|
|
590d18 |
def __add_ra_user_to_agent_group(self):
|
|
|
590d18 |
@@ -330,14 +339,6 @@ class KRAInstance(DogtagInstance):
|
|
|
590d18 |
finally:
|
|
|
590d18 |
os.remove(filename)
|
|
|
590d18 |
|
|
|
590d18 |
- # export ipaCert with private key for client authentication
|
|
|
590d18 |
- args = ["/usr/bin/pki",
|
|
|
590d18 |
- "-d", paths.HTTPD_ALIAS_DIR,
|
|
|
590d18 |
- "-C", paths.ALIAS_PWDFILE_TXT,
|
|
|
590d18 |
- "client-cert-show", "ipaCert",
|
|
|
590d18 |
- "--client-cert", paths.KRA_AGENT_PEM]
|
|
|
590d18 |
- ipautil.run(args)
|
|
|
590d18 |
-
|
|
|
590d18 |
def __add_vault_container(self):
|
|
|
590d18 |
sub_dict = {
|
|
|
590d18 |
'SUFFIX': self.suffix,
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|