From f81f6028428f232052fa372bf3b11fa1e7b3905e Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Wed, 30 Sep 2015 09:05:33 +0200 Subject: [PATCH] vault: select a server with KRA for vault operations This uses the same mechanism which is used for the CA. https://fedorahosted.org/freeipa/ticket/5302 Reviewed-By: Martin Basti --- ipalib/constants.py | 3 --- ipaserver/plugins/dogtag.py | 22 +++++++++++++++++++++- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/ipalib/constants.py b/ipalib/constants.py index 1509151bac7e0abca081cbba033701db410fc54c..0c5fc49456307ed261acb057ce6612274da2c453 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -167,9 +167,6 @@ DEFAULT_CONFIG = ( ('ca_agent_install_port', None), ('ca_ee_install_port', None), - # KRA plugin - ('kra_host', FQDN), # Set in Env._finalize_core() - # Topology plugin ('recommended_max_agmts', 4), # Recommended maximum number of replication # agreements diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 47279921a5428f388f84967b7bbe05d758e475bd..f5f8eb67067c87f07c06e556fb9fc73792fbbc64 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1902,6 +1902,26 @@ class kra(Backend): super(kra, self).__init__(api) + @property + def kra_host(self): + """ + :return: host + as str + + Select our KRA host. + """ + ldap2 = self.api.Backend.ldap2 + if host_has_service(api.env.ca_host, ldap2, "KRA"): + return api.env.ca_host + if api.env.host != api.env.ca_host: + if host_has_service(api.env.host, ldap2, "KRA"): + return api.env.host + host = select_any_master(ldap2, "KRA") + if host: + return host + else: + return api.env.ca_host + def get_client(self): """ Returns an authenticated KRA client to access KRA services. @@ -1921,7 +1941,7 @@ class kra(Backend): # https://fedorahosted.org/freeipa/ticket/4557 connection = PKIConnection( 'https', - api.env.kra_host, + self.kra_host, str(self.kra_port), 'kra') -- 2.4.3