From f81f6028428f232052fa372bf3b11fa1e7b3905e Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 30 Sep 2015 09:05:33 +0200
Subject: [PATCH] vault: select a server with KRA for vault operations
This uses the same mechanism which is used for the CA.
https://fedorahosted.org/freeipa/ticket/5302
Reviewed-By: Martin Basti <mbasti@redhat.com>
---
ipalib/constants.py | 3 ---
ipaserver/plugins/dogtag.py | 22 +++++++++++++++++++++-
2 files changed, 21 insertions(+), 4 deletions(-)
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 1509151bac7e0abca081cbba033701db410fc54c..0c5fc49456307ed261acb057ce6612274da2c453 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -167,9 +167,6 @@ DEFAULT_CONFIG = (
('ca_agent_install_port', None),
('ca_ee_install_port', None),
- # KRA plugin
- ('kra_host', FQDN), # Set in Env._finalize_core()
-
# Topology plugin
('recommended_max_agmts', 4), # Recommended maximum number of replication
# agreements
diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py
index 47279921a5428f388f84967b7bbe05d758e475bd..f5f8eb67067c87f07c06e556fb9fc73792fbbc64 100644
--- a/ipaserver/plugins/dogtag.py
+++ b/ipaserver/plugins/dogtag.py
@@ -1902,6 +1902,26 @@ class kra(Backend):
super(kra, self).__init__(api)
+ @property
+ def kra_host(self):
+ """
+ :return: host
+ as str
+
+ Select our KRA host.
+ """
+ ldap2 = self.api.Backend.ldap2
+ if host_has_service(api.env.ca_host, ldap2, "KRA"):
+ return api.env.ca_host
+ if api.env.host != api.env.ca_host:
+ if host_has_service(api.env.host, ldap2, "KRA"):
+ return api.env.host
+ host = select_any_master(ldap2, "KRA")
+ if host:
+ return host
+ else:
+ return api.env.ca_host
+
def get_client(self):
"""
Returns an authenticated KRA client to access KRA services.
@@ -1921,7 +1941,7 @@ class kra(Backend):
# https://fedorahosted.org/freeipa/ticket/4557
connection = PKIConnection(
'https',
- api.env.kra_host,
+ self.kra_host,
str(self.kra_port),
'kra')
--
2.4.3