pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Blob Blame History Raw
From f81f6028428f232052fa372bf3b11fa1e7b3905e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 30 Sep 2015 09:05:33 +0200
Subject: [PATCH] vault: select a server with KRA for vault operations

This uses the same mechanism which is used for the CA.

https://fedorahosted.org/freeipa/ticket/5302

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipalib/constants.py         |  3 ---
 ipaserver/plugins/dogtag.py | 22 +++++++++++++++++++++-
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/ipalib/constants.py b/ipalib/constants.py
index 1509151bac7e0abca081cbba033701db410fc54c..0c5fc49456307ed261acb057ce6612274da2c453 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -167,9 +167,6 @@ DEFAULT_CONFIG = (
     ('ca_agent_install_port', None),
     ('ca_ee_install_port', None),
 
-    # KRA plugin
-    ('kra_host', FQDN),  # Set in Env._finalize_core()
-
     # Topology plugin
     ('recommended_max_agmts', 4),  # Recommended maximum number of replication
                                    # agreements
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 47279921a5428f388f84967b7bbe05d758e475bd..f5f8eb67067c87f07c06e556fb9fc73792fbbc64 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1902,6 +1902,26 @@ class kra(Backend):
 
         super(kra, self).__init__(api)
 
+    @property
+    def kra_host(self):
+        """
+        :return:   host
+                   as str
+
+        Select our KRA host.
+        """
+        ldap2 = self.api.Backend.ldap2
+        if host_has_service(api.env.ca_host, ldap2, "KRA"):
+            return api.env.ca_host
+        if api.env.host != api.env.ca_host:
+            if host_has_service(api.env.host, ldap2, "KRA"):
+                return api.env.host
+        host = select_any_master(ldap2, "KRA")
+        if host:
+            return host
+        else:
+            return api.env.ca_host
+
     def get_client(self):
         """
         Returns an authenticated KRA client to access KRA services.
@@ -1921,7 +1941,7 @@ class kra(Backend):
         # https://fedorahosted.org/freeipa/ticket/4557
         connection = PKIConnection(
             'https',
-            api.env.kra_host,
+            self.kra_host,
             str(self.kra_port),
             'kra')
 
-- 
2.4.3