|
|
590d18 |
From c2a1e876492bc630d3d5f74a2482cf9c94be763d Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Jan Cholasta <jcholast@redhat.com>
|
|
|
590d18 |
Date: Tue, 18 Aug 2015 12:51:26 +0200
|
|
|
590d18 |
Subject: [PATCH] install: Fix replica install with custom certificates
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5226
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipaserver/install/server/replicainstall.py | 17 +++++++++--------
|
|
|
590d18 |
1 file changed, 9 insertions(+), 8 deletions(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py
|
|
|
590d18 |
index dd8bc0d4bb7d8d9835a3e3e4dc24d1f67199d28f..0725c7763e505ca0cc5a8892414a3c36c557cf1d 100644
|
|
|
590d18 |
--- a/ipaserver/install/server/replicainstall.py
|
|
|
590d18 |
+++ b/ipaserver/install/server/replicainstall.py
|
|
|
590d18 |
@@ -573,14 +573,15 @@ def install(installer):
|
|
|
590d18 |
otpd.create_instance('OTPD', config.host_name, config.dirman_password,
|
|
|
590d18 |
ipautil.realm_to_suffix(config.realm_name))
|
|
|
590d18 |
|
|
|
590d18 |
- CA = cainstance.CAInstance(
|
|
|
590d18 |
- config.realm_name, certs.NSS_DIR,
|
|
|
590d18 |
- dogtag_constants=dogtag_constants)
|
|
|
590d18 |
- CA.dm_password = config.dirman_password
|
|
|
590d18 |
-
|
|
|
590d18 |
- CA.configure_certmonger_renewal()
|
|
|
590d18 |
- CA.import_ra_cert(config.dir + "/ra.p12")
|
|
|
590d18 |
- CA.fix_ra_perms()
|
|
|
590d18 |
+ if ipautil.file_exists(config.dir + "/cacert.p12"):
|
|
|
590d18 |
+ CA = cainstance.CAInstance(
|
|
|
590d18 |
+ config.realm_name, certs.NSS_DIR,
|
|
|
590d18 |
+ dogtag_constants=dogtag_constants)
|
|
|
590d18 |
+ CA.dm_password = config.dirman_password
|
|
|
590d18 |
+
|
|
|
590d18 |
+ CA.configure_certmonger_renewal()
|
|
|
590d18 |
+ CA.import_ra_cert(config.dir + "/ra.p12")
|
|
|
590d18 |
+ CA.fix_ra_perms()
|
|
|
590d18 |
|
|
|
590d18 |
# The DS instance is created before the keytab, add the SSL cert we
|
|
|
590d18 |
# generated
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|