|
 |
ac7d03 |
From 27360b29b510d5ae92469b079569973676efd26c Mon Sep 17 00:00:00 2001
|
|
|
ac7d03 |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
ac7d03 |
Date: Mon, 3 Apr 2017 10:49:26 +0000
|
|
|
ac7d03 |
Subject: [PATCH] httpinstance: make sure NSS database is backed up
|
|
|
ac7d03 |
|
|
|
ac7d03 |
The NSS database at /etc/httpd/alias is not properly initialized and backed
|
|
|
ac7d03 |
up in CA-less replica promotion. This might cause the install to fail after
|
|
|
ac7d03 |
previous install and uninstall.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Make sure the NSS database is initialized and backed up even in CA-less
|
|
|
ac7d03 |
replica promotion to fix the issue.
|
|
|
ac7d03 |
|
|
|
ac7d03 |
https://pagure.io/freeipa/issue/4639
|
|
|
ac7d03 |
|
|
|
ac7d03 |
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
|
|
|
ac7d03 |
---
|
|
|
ac7d03 |
ipaserver/install/httpinstance.py | 3 ++-
|
|
|
ac7d03 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
ac7d03 |
|
|
|
ac7d03 |
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
|
|
|
ac7d03 |
index 3e4252cb1e907618d4aa15f7381caff5e4e868e3..079ea92606cc53f98beca1759a7e24db64bfd3f4 100644
|
|
|
ac7d03 |
--- a/ipaserver/install/httpinstance.py
|
|
|
ac7d03 |
+++ b/ipaserver/install/httpinstance.py
|
|
|
ac7d03 |
@@ -375,10 +375,11 @@ class HTTPInstance(service.Service):
|
|
|
ac7d03 |
return False
|
|
|
ac7d03 |
|
|
|
ac7d03 |
def __setup_ssl(self):
|
|
|
ac7d03 |
+ truncate = not self.promote or not self.ca_is_configured
|
|
|
ac7d03 |
db = certs.CertDB(self.realm, nssdir=paths.HTTPD_ALIAS_DIR,
|
|
|
ac7d03 |
subject_base=self.subject_base, user="root",
|
|
|
ac7d03 |
group=constants.HTTPD_GROUP,
|
|
|
ac7d03 |
- truncate=(not self.promote))
|
|
|
ac7d03 |
+ truncate=truncate)
|
|
|
ac7d03 |
self.disable_system_trust()
|
|
|
ac7d03 |
if self.pkcs12_info:
|
|
|
ac7d03 |
if self.ca_is_configured:
|
|
|
ac7d03 |
--
|
|
|
ac7d03 |
2.12.2
|
|
|
ac7d03 |
|